I am trying to ssh from Windows - > IPA server using GSS-API. I've tried
putty, which provides very little debug out. I then downloaded securecrt which
provides more output.
On the server side, I just see postponed gss-with-mic and then a failure
message. I'm attaching the output from securecrt. Any help would be greatly
appreciated.
Thanks,
Brian
{\rtf1\ansi\ansicpg1252\cocoartf1187\cocoasubrtf340
{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
{\colortbl;\red255\green255\blue255;}
\margl1440\margr1440\vieww10800\viewh8400\viewkind0
\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural
\f0\fs24 \cf0 [LOCAL] : SSH2Core version 7.0.0.480 \
[LOCAL] : Connecting to ipa1.ipa.test:22 ... \
SecureCRT - Version 7.0.3 (x64 build 480)\
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT \
[LOCAL] : Using protocol SSH2 \
[LOCAL] : RECV : Remote Identifier = 'SSH-2.0-OpenSSH_5.3' \
[LOCAL] : CAP : Remote can re-key \
[LOCAL] : CAP : Remote sends language in password change requests \
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets \
[LOCAL] : CAP : Remote sends algorithm name in public key packets \
[LOCAL] : CAP : Remote sends algorithm name in signatures \
[LOCAL] : CAP : Remote sends error text in open failure packets \
[LOCAL] : CAP : Remote sends name in service accept packets \
[LOCAL] : CAP : Remote includes port number in x11 open packets \
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC \
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages \
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions \
[LOCAL] : CAP : Remote correctly encodes OID for gssapi \
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests \
[LOCAL] : CAP : Remote can do SFTP version 4 \
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures \
[LOCAL] : CAP : Remote correctly handles z...@openssh.com \
[LOCAL] : SSPI : Requesting full delegation \
[LOCAL] : SSPI : [Kerberos] SPN : h...@ipa1.ipa.test \
[LOCAL] : SSPI : Requesting full delegation \
[LOCAL] : SSPI : [Kerberos (Group Exchange)] SPN : h...@ipa1.ipa.test \
[LOCAL] : SEND : KEXINIT \
[LOCAL] : RECV : Read kexinit \
[LOCAL] : Available Remote Kex Methods = diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 \
[LOCAL] : Selected Kex Method = diffie-hellman-group14-sha1 \
[LOCAL] : Available Remote Host Key Algos = ssh-rsa,ssh-dss \
[LOCAL] : Selected Host Key Algo = ssh-dss \
[LOCAL] : Available Remote Send Ciphers = aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se \
[LOCAL] : Selected Send Cipher = aes256-ctr \
[LOCAL] : Available Remote Recv Ciphers = aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se \
[LOCAL] : Selected Recv Cipher = aes256-ctr \
[LOCAL] : Available Remote Send Macs = hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 \
[LOCAL] : Selected Send Mac = hmac-sha1 \
[LOCAL] : Available Remote Recv Macs = hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 \
[LOCAL] : Selected Recv Mac = hmac-sha1 \
[LOCAL] : Available Remote Compressors = none,z...@openssh.com \
[LOCAL] : Selected Compressor = none \
[LOCAL] : Available Remote Decompressors = none,z...@openssh.com \
[LOCAL] : Selected Decompressor = none \
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE \
[LOCAL] : SEND : KEXDH_INIT \
[LOCAL] : RECV : KEXDH_REPLY \
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_READY_FOR_NEW_KEYS \
[LOCAL] : RECV: Remote Hostkey: 24:d9:bd:d0:4b:86:73:04:d5:b0:06:66:b4:08:7d:e1 \
[LOCAL] : SEND : NEWKEYS \
[LOCAL] : Changing state from STATE_READY_FOR_NEW_KEYS to STATE_EXPECT_NEWKEYS \
[LOCAL] : RECV : NEWKEYS \
[LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION \
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth] \
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK \
[LOCAL] : SENT : USERAUTH_REQUEST [none] \
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,gssapi-keyex,gssapi-with-mic,password] \
[LOCAL] : GSS SPN : h...@ipa1.ipa.test \
[LOCAL] : [SSPI/1.2.840.113554.1.2.2] : This mechanism might work. \
[LOCAL] : SENT : USERAUTH_REQUEST [gssapi-with-mic] \
[LOCAL] : [SSPI/1.2.840.113554.1.2.2] : Using this mechanism. \
[LOCAL] : GSS : Requesting full delegation \
[LOCAL] : SENT : USERAUTH_GSSAPI_TOKEN [3154 bytes] \
[LOCAL] : GSS : The delegation request succeeded. \
[LOCAL] : SENT : SSH_MSG_USERAUTH_GSSAPI_MIC \
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,gssapi-keyex,gssapi-with-mic,password] \
[LOCAL] : SEND: Disconnect packet: Unable to authenticate using any of the configured authentication methods. \
[LOCAL] : Changing state from STATE_CONNECTION to STATE_SEND_DISCONNECT \
[LOCAL] : RECV: TCP/IP close \
[LOCAL] : Changing state from STATE_SEND_DISCONNECT to STATE_CLOSED \
[LOCAL] : Connected for 2 seconds, 4487 bytes sent, 2057 bytes received \
[LOCAL] : Stream has closed [CLOSE_TYPE_NONSPECIFIC] : The client has disconnected from the server. Reason: Unable to authenticate using any of the configured authentication methods. \
\
The client has disconnected from the server. Reason:\
Unable to authenticate using any of the configured authentication methods. \
}_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
