Trygve Laugst?l wrote:
> Hi
>
> I'm playing around with Kerberos and *think* everything is properly
> setup up. I'm running a KDC on Debian unstable (which is MIT KDC
> 1.6.something) which seems to work just fine. I can get a TGT. I'm also
> running a DNS on my LAN which is resolving all domain names to full
> domains etc.
>
> I can ssh to the Debian server just fine, but I'm unable to ssh to
> another Solaris machine. The Solaris boxes are running b90.
>
> This is the output when connecting to the Debian machine:
>
> ================================================================================
> -bash-3.2# ssh -v trygvis at kyle
> Sun_SSH_1.2, SSH protocols 1.5/2.0, OpenSSL 0x0090801f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to kyle [10.0.0.5] port 22.
> debug1: Connection established.
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version
> OpenSSH_4.3p2 Debian-9
> debug1: match: OpenSSH_4.3p2 Debian-9 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-Sun_SSH_1.2
> debug1: ssh_gssapi_init_ctx(80b9370, kyle, 0, 0, 8047b28)
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: Peer sent proposed langtags, ctos:
> debug1: Peer sent proposed langtags, stoc:
> debug1: We proposed langtags, ctos: i-default
> debug1: We proposed langtags, stoc: i-default
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 122/256
> debug1: bits set: 1004/2048
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'kyle' is known and matches the RSA host key.
> debug1: Found key in /root/.ssh/known_hosts:5
> debug1: bits set: 1052/2048
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: Authentications that can continue:
> gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
> debug1: Next authentication method: gssapi-keyex
> debug1: Next authentication method: gssapi-with-mic
> debug1: ssh_gssapi_init_ctx(8106328, kyle, 0, 0, 8047ac8)
> debug1: ssh_gssapi_init_ctx(8106208, kyle, 0, 0, 8047b58)
> debug1: ssh_gssapi_init_ctx(8106208, kyle, 0, 8047b38, 8047b40)
> debug1: Authentication succeeded (gssapi-with-mic)
> debug1: channel 0: new [client-session]
> debug1: send channel open 0
> debug1: Entering interactive session.
> debug1: ssh_session2_setup: id 0
> debug1: channel request 0: env
> debug1: channel request 0: pty-req
> debug1: channel request 0: shell
> debug1: fd 4 setting TCP_NODELAY
> debug1: channel 0: open confirm rwindow 0 rmax 32768
> Linux kyle 2.6.18-3-486 #1 Sun Dec 10 18:57:11 UTC 2006 i686
> You have new mail.
> Last login: Sat Jul 5 21:18:39 2008 from telestes.eugenies.inamo.no
> 21:19:19 up 37 days, 3:06, 7 users, load average: 0.36, 0.24, 0.18
> [21:19:20][trygvis at kyle:~]$
> ================================================================================
>
> This is the output when I'm connecting to my solaris zone:
>
> ================================================================================
> -bash-3.2# ssh -v trygvis at zone0
> Sun_SSH_1.2, SSH protocols 1.5/2.0, OpenSSL 0x0090801f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to zone0 [10.0.0.125] port 22.
> debug1: Connection established.
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.2
> debug1: match: Sun_SSH_1.2 pat Sun_SSH_1.2*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-Sun_SSH_1.2
> debug1: ssh_gssapi_init_ctx(80b9370, zone0, 0, 0, 8047b28)
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: Peer sent proposed langtags, ctos:
> ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hi-IN,hr-HR,hu-HU,is-IS,it,it-IT,ja-JP,ko,ko-KR,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,ca,cs,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,pt,sr-SP,sr-YU,th,tr,i-default
> debug1: Peer sent proposed langtags, stoc:
> ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hi-IN,hr-HR,hu-HU,is-IS,it,it-IT,ja-JP,ko,ko-KR,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,ca,cs,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,pt,sr-SP,sr-YU,th,tr,i-default
> debug1: We proposed langtags, ctos: i-default
> debug1: We proposed langtags, stoc: i-default
> debug1: Negotiated lang: i-default
> debug1: dh_gen_key: priv key bits set: 135/256
> debug1: bits set: 511/1024
> debug1: Calling gss_init_sec_context
> debug1: ssh_gssapi_init_ctx(80baa80, zone0, 0, 0, 8047b38)
> debug1: Remote: Negotiated main locale: C
> debug1: Remote: Negotiated messages locale: C
> debug1: Received KEXGSS_HOSTKEY
> Server had a GSS-API error; the connection will close (458752/2):
> No credentials were supplied, or the credentials were unavailable or
> inaccessible
> No such file or directory
>
The ssh server is tried to take the service ticket, that was forwarded
by the client, to decrypt its contents. However, it was unable to do so
given that it wasn't able to find the "host" service keys in which the
service ticket was encrypted. The host service keys are stored, by
default, in /etc/krb5/krb5.keytab. Please create this file populated
with the associated "host" keys on the ssh server.
Shawn.
--
> Use the GssKeyEx option to disable GSS-API key exchange and try again.
> Disconnecting: The server had a GSS-API error during GSS-API protected
> SSHv2 key exchange
>
> debug1: Calling cleanup 0x8075494(0x0)
> ================================================================================
>
> I'm also getting this in syslog:
>
> Jul 5 21:20:01 zone0 sshd[29054]: fatal: accept_ctx died
>
> Note that when I changed "GSSAPIKeyExchange" to "no" in
> /etc/ssh/sshd_config I got this on the client:
>
> ================================================================================
> -bash-3.2# ssh -vvv -p 220 -l trygvis zone0
> Sun_SSH_1.2, SSH protocols 1.5/2.0, OpenSSL 0x0090801f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to zone0 [10.0.0.125] port 220.
> debug1: Connection established.
> debug1: identity file /root/.ssh/identity type -1
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.2
> debug1: match: Sun_SSH_1.2 pat Sun_SSH_1.2*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-Sun_SSH_1.2
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
> debug2: kex_parse_kexinit:
> aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: i-default
> debug2: kex_parse_kexinit: i-default
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug1: ssh_gssapi_init_ctx(80a8498, zone0, 0, 0, 8047b18)
> debug3: ssh_gssapi_import_name: snprintf() returned 10, expected 11
> debug2: GSS-API Mechanism encoded as toWM5Slw5Ew8Mqkay+al2g==
> debug1: SSH2_MSG_KEXINIT sent
> debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,null
> debug2: kex_parse_kexinit:
> aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
> debug2: kex_parse_kexinit:
> aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: i-default
> debug2: kex_parse_kexinit: i-default
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
> debug2: kex_parse_kexinit:
> aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hi-IN,hr-HR,hu-HU,is-IS,it,it-IT,ja-JP,ko,ko-KR,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,ca,cs,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,pt,sr-SP,sr-YU,th,tr,i-default
> debug2: kex_parse_kexinit:
> ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hi-IN,hr-HR,hu-HU,is-IS,it,it-IT,ja-JP,ko,ko-KR,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,ca,cs,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,pt,sr-SP,sr-YU,th,tr,i-default
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: Peer sent proposed langtags, ctos:
> ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hi-IN,hr-HR,hu-HU,is-IS,it,it-IT,ja-JP,ko,ko-KR,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,ca,cs,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,pt,sr-SP,sr-YU,th,tr,i-default
> debug1: Peer sent proposed langtags, stoc:
> ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hi-IN,hr-HR,hu-HU,is-IS,it,it-IT,ja-JP,ko,ko-KR,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,ca,cs,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,pt,sr-SP,sr-YU,th,tr,i-default
> debug1: We proposed langtags, ctos: i-default
> debug1: We proposed langtags, stoc: i-default
> debug1: Negotiated lang: i-default
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: Remote: Negotiated main locale: C
> debug1: Remote: Negotiated messages locale: C
> debug1: dh_gen_key: priv key bits set: 127/256
> debug1: bits set: 1600/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 4
> debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 4
> debug1: Host 'zone0' is known and matches the RSA host key.
> debug1: Found key in /root/.ssh/known_hosts:4
> debug1: bits set: 1537/3191
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug2: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: Authentications that can continue:
> gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
> debug3: start over, passed a different list
> gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
> debug3: preferred
> gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
> debug3: authmethod_lookup gssapi-keyex
> debug3: remaining preferred:
> gssapi-with-mic,publickey,keyboard-interactive,password
> debug3: authmethod_is_enabled gssapi-keyex
> debug1: Next authentication method: gssapi-keyex
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup gssapi-with-mic
> debug3: remaining preferred: publickey,keyboard-interactive,password
> debug3: authmethod_is_enabled gssapi-with-mic
> debug1: Next authentication method: gssapi-with-mic
> debug1: ssh_gssapi_init_ctx(8105818, zone0, 0, 0, 8047ab8)
> debug3: ssh_gssapi_import_name: snprintf() returned 10, expected 11
> debug2: we sent a gssapi-with-mic packet, wait for reply
> debug1: ssh_gssapi_init_ctx(8105858, zone0, 0, 0, 8047b48)
> debug3: ssh_gssapi_import_name: snprintf() returned 10, expected 11
> Server GSSAPI Error:
> No credentials were supplied, or the credentials were unavailable or
> inaccessible
> No such file or directory
> (458752, 2)
> debug1: Authentications that can continue:
> gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /root/.ssh/identity
> debug3: no such identity: /root/.ssh/identity
> debug1: Trying private key: /root/.ssh/id_rsa
> debug3: no such identity: /root/.ssh/id_rsa
> debug1: Trying private key: /root/.ssh/id_dsa
> debug3: no such identity: /root/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug2: input_userauth_info_req
> debug2: input_userauth_info_req: num_prompts 1
> Password:
> ================================================================================
>
> which is skipping the GSS part and going directly to asking for my passord.
>
> On the server side:
>
> ================================================================================
> -bash-3.2# /usr/lib/ssh/sshd -ddd -p 220
> debug1: sshd version Sun_SSH_1.2
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> debug1: Bind to port 220 on ::.
> Server listening on :: port 220.
>
>
>
>
> debug1: Server will not fork when running in debugging mode.
> Connection from 10.0.0.199 port 59259
> debug1: Client protocol version 2.0; client software version Sun_SSH_1.2
> debug1: match: Sun_SSH_1.2 pat Sun_SSH_1.2*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-Sun_SSH_1.2
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
> debug2: kex_parse_kexinit:
> aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hi-IN,hr-HR,hu-HU,is-IS,it,it-IT,ja-JP,ko,ko-KR,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,ca,cs,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,pt,sr-SP,sr-YU,th,tr,i-default
> debug2: kex_parse_kexinit:
> ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hi-IN,hr-HR,hu-HU,is-IS,it,it-IT,ja-JP,ko,ko-KR,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,ca,cs,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,pt,sr-SP,sr-YU,th,tr,i-default
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,null
> debug2: kex_parse_kexinit:
> aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
> debug2: kex_parse_kexinit:
> aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: i-default
> debug2: kex_parse_kexinit: i-default
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: Peer sent proposed langtags, ctos: i-default
> debug1: Peer sent proposed langtags, stoc: i-default
> debug1: We proposed langtags, ctos:
> ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hi-IN,hr-HR,hu-HU,is-IS,it,it-IT,ja-JP,ko,ko-KR,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,ca,cs,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,pt,sr-SP,sr-YU,th,tr,i-default
> debug1: We proposed langtags, stoc:
> ar-EG,ar-SA,bg-BG,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-MT,en-NZ,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,he-IL,hi-IN,hr-HR,hu-HU,is-IS,it,it-IT,ja-JP,ko,ko-KR,lt-LT,lv-LV,mk-MK,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,ca,cs,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,pt,sr-SP,sr-YU,th,tr,i-default
> debug1: Negotiated main locale: C
> debug1: Negotiated messages locale: C
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug1: dh_gen_key: priv key bits set: 119/256
> debug1: bits set: 1537/3191
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug1: bits set: 1600/3191
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug2: kex_derive_keys
> debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user trygvis service ssh-connection method none
> debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
> debug2: input_userauth_request: setting up authctxt for trygvis
> debug2: input_userauth_request: try method none
> Failed none for trygvis from 10.0.0.199 port 59259 ssh2
> debug1: userauth-request for user trygvis service ssh-connection method
> gssapi-with-mic
> debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
> debug2: input_userauth_request: try method gssapi-with-mic
> debug1: Client offered gssapi userauth with { 1 2 840 113554 1 2 2 }
> (supported)
> debug1: GSS-API error while accepting security context: No credentials
> were supplied, or the credentials were unavailable or inaccessible
> No such file or directory
>
> debug2: Zero length GSS context error token output
> Failed gssapi-with-mic for trygvis from 10.0.0.199 port 59259 ssh2
> debug1: userauth-request for user trygvis service ssh-connection method
> keyboard-interactive
> debug1: attempt 2 initial attempt 0 failures 2 initial failures 0
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug2: Starting PAM service sshd-kbdint for method keyboard-interactive
> debug3: Trying to reverse map address 10.0.0.199.
> debug2: Calling pam_authenticate()
> debug2: PAM echo off prompt: Password:
> debug2: Nesting dispatch_run loop
> Connection closed by 10.0.0.199
> debug1: Calling cleanup 0x80671c0(0x80b7220)
> debug1: Calling cleanup 0x80619d0(0x80b6888)
> debug1: Calling cleanup 0x8080494(0x0)
> ================================================================================
>
> I'm not sure what that "No such file or directly" means or what it
> indicate. Can anyone give me a hint?
>
> --
> Trygve
> _______________________________________________
> kerberos-discuss mailing list
> kerberos-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/kerberos-discuss
>
>
