On Mar 24, 2010, at 4:55 PM, David Smith wrote: > Greetings, > > I am having an issue connecting between one of my Globus clients and my > GridFTP server using gsissh. Both are GT v5.0.0 - the client is running > Debian 5.0.3 and the server is running CentOS 5.2, both 64-bit. > > I've attached the verbose output of the command at the bottom of the message. > What is peculiar about this failure is that: > > 1) I have a valid myproxy certificate in /tmp > 2) I can successfully transfer files from the client to the server using > globus-url-copy > 3) I can connect from the client to the server over ssh using publickey > authentication > 4) A globus client on another machine can connect to the same server using > gsissh
Are you sure that you do not use public-key authentication in this case? Can you connect to the server if grid-proxy-info shows that you do not have a valid credential? Lukasz > 5) The client's ssh_config has GSSAPIAuthentication and > GSSAPIDelegateCredentials set to yes > > The failing client was compiled from source using the following commands: > > # ./configure --prefix=/usr/local/globus-5.0.0 > --with-gsi-opensshargs="--with-pam --with-md5-passwords --with-tcp-wrappers > --with-mic" > # make gsi-myproxy gsi-openssh globus-data-management-client > # make install > > There seems to be something misconfigured on the failing client, since the > server is working properly with another client. Can anyone tell from the > verbose message why the gsissh authentication is denied, or suggest anything > else I should take a look at to further investigate the problem? > > Thank you for your help! > > OpenSSH_5.2p1-hpn13v6 GLOBUS_GSSAPI_GPT_4.7 GSI, OpenSSL 0.9.8g 19 Oct 2007 > debug1: Reading configuration data /usr/local/globus-5.0.0/etc/ssh/ssh_config > debug2: ssh_connect: needpriv 0 > debug1: Connecting to chi-vm-4 [128.9.136.106] port 22. > debug1: Connection established. > debug1: identity file /home/smithd/.ssh/id_rsa type -1 > debug3: Not a RSA1 key file /home/smithd/.ssh/id_dsa. > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: missing keytype > debug2: key_type_from_name: unknown key type 'Proc-Type:' > debug3: key_read: missing keytype > debug2: key_type_from_name: unknown key type 'DEK-Info:' > debug3: key_read: missing keytype > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: missing keytype > debug1: identity file /home/smithd/.ssh/id_dsa type 2 > debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 > debug1: match: OpenSSH_4.3 pat OpenSSH_4* > debug1: Remote is NON-HPN aware > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.2p1-hpn13v6 > GLOBUS_GSSAPI_GPT_4.7 GSI > debug2: fd 3 setting O_NONBLOCK > debug3: Trying to reverse map address 128.9.136.106. > debug1: Offering GSSAPI proposal: > gss-gex-sha1-dZuIebMjgUqaxvbF7hDbAw==,gss-group1-sha1-dZuIebMjgUqaxvbF7hDbAw==,gss-group14-sha1-dZuIebMjgUqaxvbF7hDbAw== > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: AUTH STATE IS 0 > debug2: kex_parse_kexinit: > gss-gex-sha1-dZuIebMjgUqaxvbF7hDbAw==,gss-group1-sha1-dZuIebMjgUqaxvbF7hDbAw==,gss-group14-sha1-dZuIebMjgUqaxvbF7hDbAw==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,null > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected] > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,[email protected],hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,[email protected],zlib > debug2: kex_parse_kexinit: none,[email protected],zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,[email protected] > debug2: kex_parse_kexinit: none,[email protected] > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_setup: found hmac-md5 > debug1: REQUESTED ENC.NAME is 'aes128-ctr' > debug1: kex: server->client aes128-ctr hmac-md5 none > debug2: mac_setup: found hmac-md5 > debug1: REQUESTED ENC.NAME is 'aes128-ctr' > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 137/256 > debug2: bits set: 493/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: check_host_in_hostfile: filename /home/smithd/.ssh/known_hosts > debug3: check_host_in_hostfile: match line 1 > debug3: check_host_in_hostfile: filename /home/smithd/.ssh/known_hosts > debug3: check_host_in_hostfile: match line 2 > debug1: Host 'chi-vm-4' is known and matches the RSA host key. > debug1: Found key in /home/smithd/.ssh/known_hosts:1 > debug2: bits set: 510/1024 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug2: key: /home/smithd/.ssh/id_rsa ((nil)) > debug2: key: /home/smithd/.ssh/id_dsa (0x760860) > debug1: Authentications that can continue: publickey,gssapi-with-mic > debug3: start over, passed a different list publickey,gssapi-with-mic > debug3: preferred gssapi-keyex,external-keyx,gssapi-with-mic,gssapi > debug3: authmethod_lookup gssapi-with-mic > debug3: remaining preferred: gssapi > debug3: authmethod_is_enabled gssapi-with-mic > debug1: Next authentication method: gssapi-with-mic > debug2: we sent a gssapi-with-mic packet, wait for reply > debug1: Authentications that can continue: publickey,gssapi-with-mic > debug2: we did not send a packet, disable method > debug1: No more authentication methods to try. > Permission denied (publickey,gssapi-with-mic). > > >
