SSH seems to ignore clients /etc/ssh/ssh_known_hosts, where the ltsp-update-sshkeys actually puts the keys... I had to copy it to clients /root/.ssh/known_hosts...
Is this to ment be that way? Zitat von Krzysztof Paliga <[email protected]>: > I did some more debugging... you know what I have found? > > ltsp-update-sshkeys did not do its work in my case... there was no > /opt/ltsp/i386/root/.ssh/known_hosts at all... After I have copied > servers key manually, all works just fine... > > Best, > krzychu > > Zitat von Krzysztof Paliga <[email protected]>: > >> I did some network sniffing today... I have a comparison of a >> sucessfull attempt to connect to the server via ssh invoked by myself >> from within the shell and a failed attempt to connect to the server >> via ssh invoked by ldm itself. >> >> Here the succesfull one: >> 39 7.461023 serverip clientip SSHv2 Server: Key >> Exchange Init >> 40 7.461223 clientip serverip SSHv2 Client: >> Diffie-Hellman GEX Request >> 41 7.463619 serverip clientip SSHv2 Server: >> Diffie-Hellman Key Exchange Reply >> 42 7.467867 clientip serverip SSHv2 Client: >> Diffie-Hellman GEX Init >> 43 7.475203 serverip clientip SSHv2 Server: >> Diffie-Hellman GEX Reply >> 44 7.480605 clientip serverip SSHv2 >> Client: New Keys >> 45 7.517351 serverip clientip TCP ssh > >> 57252 [ACK] Seq=1696 Ack=1016 Win=8960 Len=0 TSV=8085799 TSER=105545 >> 46 7.517422 clientip serverip SSHv2 >> Encrypted request packet len=48 >> 47 7.517575 serverip clientip TCP ssh > >> 57252 [ACK] Seq=1696 Ack=1064 Win=8960 Len=0 TSV=8085799 TSER=105555 >> 48 7.517610 serverip clientip SSHv2 >> Encrypted response packet len=48 >> 49 7.517750 clientip serverip SSHv2 >> Encrypted request packet len=64 >> 50 7.521916 serverip clientip SSHv2 >> Encrypted response packet len=64 >> 51 7.525142 clientip serverip SSH >> Encrypted response packet len=64 >> >> >> And the failed one: >> 128 24.414175 serverip clientip SSHv2 Server: >> Key Exchange Init >> 129 24.414370 clientip serverip SSHv2 Client: >> Diffie-Hellman GEX Request >> 130 24.416594 serverip clientip SSHv2 Server: >> Diffie-Hellman Key Exchange Reply >> 131 24.420876 clientip serverip SSHv2 Client: >> Diffie-Hellman GEX Init >> 132 24.428224 serverip clientip SSHv2 Server: >> Diffie-Hellman GEX Reply >> 133 24.466471 clientip serverip TCP 57253 > >> ssh [ACK] Seq=1000 Ack=1696 Win=10560 Len=0 TSV=109289 TSER=8087288 >> 157 60.469301 clientip serverip TCP 57253 > >> ssh [FIN, ACK] Seq=1000 Ack=1696 Win=10560 Len=0 TSV=118289 TSER=8087288 >> >> >> What I can see is, that in the case of the failed login attempt >> (through ldm), after the encryption algorithm has been negotiated >> (Diffie-Hellman) the client does not send its own key to the server. >> So the message "no response from server" which ldm is displaying is >> actually wrong. It is the client which does not continue to >> communicate with server. >> >> Am i right? >> >> I have absolutely no clue what I could do about it to solve the problem. >> >> Help... anybody? >> >> Its Ubuntu 10.04 >> >> Best, >> kris >> >> Zitat von Krzysztof Paliga <[email protected]>: >> >>> Hi, >>> >>> after ldm has started, the username and password has been typed in... >>> all I get is "No server response"... I did put serverside the sshd >>> daemon to DEBUG3 LogLevel... all I get is the following: >>> >>> Jul 7 13:02:07 <server> sshd[7130]: Connection from <clientip> port 45239 >>> Jul 7 13:02:07 <server> sshd[7130]: debug1: Client protocol version >>> 2.0; client software version OpenSSH_5.3p1 Debian-3ubuntu4 >>> Jul 7 13:02:07 <server> sshd[7130]: debug1: match: OpenSSH_5.3p1 >>> Debian-3ubuntu4 pat OpenSSH* >>> Jul 7 13:02:07 <server> sshd[7130]: debug1: Enabling compatibility >>> mode for protocol 2.0 >>> Jul 7 13:02:07 <server> sshd[7130]: debug1: Local version string >>> SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4 >>> Jul 7 13:02:07 <server> sshd[7130]: debug2: fd 3 setting O_NONBLOCK >>> Jul 7 13:02:07 <server> sshd[7130]: debug2: Network child is on pid 7131 >>> Jul 7 13:02:07 <server> sshd[7130]: debug3: preauth child monitor started >>> Jul 7 13:02:07 <server> sshd[7130]: debug3: mm_request_receive entering >>> Jul 7 13:02:07 <server> sshd[7130]: debug3: monitor_read: checking >>> request 0 >>> Jul 7 13:02:07 <server> sshd[7130]: debug3: mm_answer_moduli: got >>> parameters: 1024 1024 8192 >>> Jul 7 13:02:07 <server> sshd[7130]: debug3: mm_request_send >>> entering: type 1 >>> Jul 7 13:02:07 <server> sshd[7130]: debug2: monitor_read: 0 used >>> once, disabling now >>> Jul 7 13:02:07 <server> sshd[7130]: debug3: mm_request_receive entering >>> Jul 7 13:02:07 <server> sshd[7130]: debug3: monitor_read: checking >>> request 5 >>> Jul 7 13:02:07 <server> sshd[7130]: debug3: mm_answer_sign >>> Jul 7 13:02:07 <server> sshd[7130]: debug3: mm_answer_sign: signature >>> 0x7fb4df52ac40(271) >>> Jul 7 13:02:07 <server> sshd[7130]: debug3: mm_request_send >>> entering: type 6 >>> Jul 7 13:02:07 <server> sshd[7130]: debug2: monitor_read: 5 used >>> once, disabling now >>> Jul 7 13:02:07 <server> sshd[7130]: debug3: mm_request_receive entering >>> Jul 7 13:02:43 <server> sshd[7130]: debug1: do_cleanup >>> Jul 7 13:02:43 <server> sshd[7130]: debug3: PAM: >>> sshpam_thread_cleanup entering >>> >>> I have absolutely no clue... >>> >>> Thanks in advance for all kind of help... >>> >>> best, >>> krzychu >>> >>> -- >>> ________________________________________ >>> >>> Krzysztof Paliga >>> >>> Technische Universitaet Berlin >>> tubIT - Server und Systeme >>> Einsteinufer 17 >>> 10587 Berlin >>> >>> Tel : +49-30-314-21240 >>> Mail : [email protected] >>> Web : http://www.tubit.tu-berlin.de >>> ________________________________________ >>> >>> >>> ------------------------------------------------------------------------------ >>> This SF.net email is sponsored by Sprint >>> What will you do first with EVO, the first 4G phone? >>> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first >>> _____________________________________________________________________ >>> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >>> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >>> For additional LTSP help, try #ltsp channel on irc.freenode.net >>> >>> >> >> >> >> -- >> ________________________________________ >> >> Krzysztof Paliga >> >> Technische Universitaet Berlin >> tubIT - Server und Systeme >> Einsteinufer 17 >> 10587 Berlin >> >> Tel : +49-30-314-21240 >> Mail : [email protected] >> Web : http://www.tubit.tu-berlin.de >> ________________________________________ >> >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Sprint >> What will you do first with EVO, the first 4G phone? >> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first >> _____________________________________________________________________ >> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >> For additional LTSP help, try #ltsp channel on irc.freenode.net >> >> > > > > -- > ________________________________________ > > Krzysztof Paliga > > Technische Universitaet Berlin > tubIT - Server und Systeme > Einsteinufer 17 > 10587 Berlin > > Tel : +49-30-314-21240 > Mail : [email protected] > Web : http://www.tubit.tu-berlin.de > ________________________________________ > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net > > -- ________________________________________ Krzysztof Paliga Technische Universitaet Berlin tubIT - Server und Systeme Einsteinufer 17 10587 Berlin Tel : +49-30-314-21240 Mail : [email protected] Web : http://www.tubit.tu-berlin.de ________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
