Re: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port yyyyy: Permission denied
At Wed, 23 Nov 2016 17:24:32 +0900, my wrote: > > At Tue, 22 Nov 2016 10:47:17 -0500, > Allan Jude wrote: > > > > [1 Re: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port > > y: Permission denied ] > > [1.1 ] > > On 2016-11-22 02:37, KIRIYAMA Kazuhiko wrote: > > > Hi, all > > > > > > I've updated to HEAD(r308871) at 2 days ago, and also ports > > > too(r426562). Then all stuffs including applications have > > > been updated and tried to slogin to this host,but can't > > > connect with the message `userauth_pubkey: key type ssh-dss > > > not in PubkeyAcceptedKeyTypes [preauth]' in > > > /var/log/auth.log. I found new OpenSSH-7.* has not been > > > supported DSA and to connect from client with old ssh(lower > > > than OpenSSH-7.0),set `ssh-dss' or some values set to > > > relevant variables in /etc/ssh/sshd_config. According to [1] > > > and [2] I've set these variables as below: > > > > > > PubkeyAcceptedKeyTypes=+ssh-dss > > > HostKeyAlgorithms=+ssh-dss > > > KexAlgorithms=+diffie-hellman-group-exchange-sha256 > > > > > > and successfully slogined: > > > > > > > snip > > > > > > > > And with the message `fatal: Fssh_packet_write_poll: > > > Connection from xxx.xxx.xx.xx port y: Permission denied' > > > in /var/log/auth.log: I've tried to between *same* version(r308871) with RSA,but failed to the same message: admin@kx:~ % scp /jails/backup/hosts/201606020717/vm/wrk/* bhy:/vm/images freebsd-10r.img0%0 0.0KB/s --:-- ETAFssh_packet_write_poll: Connection to xxx.xxx.xx.xx port y: Permission denied lost connection admin@kx:~ % I found whole filesystem looks like set NFSv4 ACLs. Is this right? admin@kx:~ % getfacl / # file: / # owner: root # group: wheel owner@:rwxp--aARWcCos:---:allow group@:r-x---a-R-c--s:---:allow everyone@:r-x---a-R-c--s:---:allow admin@kx:~ % getfacl /tmp # file: /tmp # owner: root # group: wheel owner@:rwxp--aARWcCos:---:allow group@:rwxp--a-R-c--s:---:allow everyone@:rwxp--a-R-c--s:---:allow admin@kx:~ % getfacl /var/tmp # file: /var/tmp # owner: root # group: wheel owner@:rwxp--aARWcCos:---:allow group@:rwxp--a-R-c--s:---:allow everyone@:rwxp--a-R-c--s:---:allow admin@kx:~ % --- KIRIYAMA Kazuhiko ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port yyyyy: Permission denied
At Tue, 22 Nov 2016 10:47:17 -0500, Allan Jude wrote: > > [1 Re: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port > y: Permission denied ] > [1.1 ] > On 2016-11-22 02:37, KIRIYAMA Kazuhiko wrote: > > Hi, all > > > > I've updated to HEAD(r308871) at 2 days ago, and also ports > > too(r426562). Then all stuffs including applications have > > been updated and tried to slogin to this host,but can't > > connect with the message `userauth_pubkey: key type ssh-dss > > not in PubkeyAcceptedKeyTypes [preauth]' in > > /var/log/auth.log. I found new OpenSSH-7.* has not been > > supported DSA and to connect from client with old ssh(lower > > than OpenSSH-7.0),set `ssh-dss' or some values set to > > relevant variables in /etc/ssh/sshd_config. According to [1] > > and [2] I've set these variables as below: > > > > PubkeyAcceptedKeyTypes=+ssh-dss > > HostKeyAlgorithms=+ssh-dss > > KexAlgorithms=+diffie-hellman-group-exchange-sha256 > > > > and successfully slogined: > > > > snip > > > > > And with the message `fatal: Fssh_packet_write_poll: > > Connection from xxx.xxx.xx.xx port y: Permission denied' > > in /var/log/auth.log: > > > > > > Nov 22 16:07:51 kx sshd[73878]: Accepted publickey for admin from > > xxx.xxx.xx.xx port 64147 ssh2: DSA > > SHA256:6uPsONRWeNkYjlj9BU4GZYUUeH60ZbUCB25jolvrvj8 > > Nov 22 16:07:51 kx sshd[73880]: fatal: Fssh_packet_write_poll: Connection > > from xxx.xxx.xx.xx port 64147: Permission denied > > > > > > Is there any suggesions? > > My environments are as follows: > > > > - Server: > > > > admin@kx:~ % uname -a > > FreeBSD kx.truefc.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13 r308871M: Sun > > Nov 20 15:51:21 JST 2016 ad...@kx.truefc.org:/usr/obj/usr/src/sys/XIJ > > amd64 > > admin@kx:~ % ssh -V > > OpenSSH_7.2p2, OpenSSL 1.0.2j-freebsd 26 Sep 2016 > > admin@kx:~ % > > > > - Client: > > > > kiri@kazu:~[995]% uname -a > > FreeBSD kazu.pis 9.2-STABLE FreeBSD 9.2-STABLE #5 r259404M: Mon Dec 16 > > 00:12:52 JST 2013 ad...@kazu.pis:/usr/obj/usr/src/sys/GENERIC amd64 > > kiri@kazu:~[996]% ssh -V > > OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013 > > kiri@kazu:~[997]% > > > > > > Best regards. > > > > > > [1] > > https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html > > [2] > > https://lists.freebsd.org/pipermail/freebsd-current/2016-August/062853.html > > > > --- > > KIRIYAMA Kazuhiko > > ___ > > freebsd-current@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-current > > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" > > > > > Newer versions of OpenSSH, like the one shipped in 11.0 and 12-current, > do not accept DSA keys anymore. You will need to use RSA keys, or the > newer ECDSA or ED25519 key types. Yes indeed :) So I've generated RSA key and scp again,but failed: kiri@kazu:~[1012]% scp -vvv tfc:/jails/desktop/commonjail/home/kiri/projects/xemacs/xemacs-packages/sdoc-mode-1.10-pkg.tar.gz ~/projects/xemacs/xemacs-packages/sdoc-mode-1.10-pkg.tar.gz Executing: program /usr/bin/ssh host tfc, user (unspecified), command scp -v -f /jails/desktop/commonjail/home/kiri/projects/xemacs/xemacs-packages/sdoc-mode-1.10-pkg.tar.gz OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013 debug1: Reading configuration data /home/kiri/.ssh/config debug1: /home/kiri/.ssh/config line 13: Applying options for tfc debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to xx.xx.xxx [yyy.yyy.yy.yy] port z. debug1: Connection established. debug1: could not open key file '/etc/ssh/ssh_host_key': Permission denied debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': Permission denied debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': Permission denied debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied debug3: Incorrect RSA1 identifier debug3: Could not load "/home/kiri/.ssh/id_rsa" as a RSA1 public key debug1: identity file /home/kiri/.ssh/id_rsa type 1 debug1: identity file /home/kiri/.ssh/id_rsa-cert type -1 debug3: Incorrect RSA1 identifier debug3: Could not load "/home/kiri/.ssh/id_dsa" as a RSA1 public key debug1: id
Re: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port yyyyy: Permission denied
On 2016-11-22 02:37, KIRIYAMA Kazuhiko wrote: > Hi, all > > I've updated to HEAD(r308871) at 2 days ago, and also ports > too(r426562). Then all stuffs including applications have > been updated and tried to slogin to this host,but can't > connect with the message `userauth_pubkey: key type ssh-dss > not in PubkeyAcceptedKeyTypes [preauth]' in > /var/log/auth.log. I found new OpenSSH-7.* has not been > supported DSA and to connect from client with old ssh(lower > than OpenSSH-7.0),set `ssh-dss' or some values set to > relevant variables in /etc/ssh/sshd_config. According to [1] > and [2] I've set these variables as below: > > PubkeyAcceptedKeyTypes=+ssh-dss > HostKeyAlgorithms=+ssh-dss > KexAlgorithms=+diffie-hellman-group-exchange-sha256 > > and successfully slogined: > snip > > And with the message `fatal: Fssh_packet_write_poll: > Connection from xxx.xxx.xx.xx port y: Permission denied' > in /var/log/auth.log: > > > Nov 22 16:07:51 kx sshd[73878]: Accepted publickey for admin from > xxx.xxx.xx.xx port 64147 ssh2: DSA > SHA256:6uPsONRWeNkYjlj9BU4GZYUUeH60ZbUCB25jolvrvj8 > Nov 22 16:07:51 kx sshd[73880]: fatal: Fssh_packet_write_poll: Connection > from xxx.xxx.xx.xx port 64147: Permission denied > > > Is there any suggesions? > My environments are as follows: > > - Server: > > admin@kx:~ % uname -a > FreeBSD kx.truefc.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13 r308871M: Sun Nov > 20 15:51:21 JST 2016 ad...@kx.truefc.org:/usr/obj/usr/src/sys/XIJ amd64 > admin@kx:~ % ssh -V > OpenSSH_7.2p2, OpenSSL 1.0.2j-freebsd 26 Sep 2016 > admin@kx:~ % > > - Client: > > kiri@kazu:~[995]% uname -a > FreeBSD kazu.pis 9.2-STABLE FreeBSD 9.2-STABLE #5 r259404M: Mon Dec 16 > 00:12:52 JST 2013 ad...@kazu.pis:/usr/obj/usr/src/sys/GENERIC amd64 > kiri@kazu:~[996]% ssh -V > OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013 > kiri@kazu:~[997]% > > > Best regards. > > > [1] > https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html > [2] > https://lists.freebsd.org/pipermail/freebsd-current/2016-August/062853.html > > --- > KIRIYAMA Kazuhiko > ___ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" > Newer versions of OpenSSH, like the one shipped in 11.0 and 12-current, do not accept DSA keys anymore. You will need to use RSA keys, or the newer ECDSA or ED25519 key types. -- Allan Jude signature.asc Description: OpenPGP digital signature
fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port yyyyy: Permission denied
s --:-- ETAdebug2: tcpwinsz: 65894 for connection: 3 debug2: tcpwinsz: 65894 for connection: 3 debug2: tcpwinsz: 65894 for connection: 3 debug2: tcpwinsz: 65894 for connection: 3 debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1) debug1: fd 0 clearing O_NONBLOCK debug1: fd 1 clearing O_NONBLOCK Connection to xx.xx.xxx closed by remote host. Transferred: sent 3392, received 19492 bytes, in 2.6 seconds Bytes per second: sent 1308.6, received 7520.0 debug1: Exit status -1 lost connection kiri@kazu:~[1029]% And with the message `fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port y: Permission denied' in /var/log/auth.log: Nov 22 16:07:51 kx sshd[73878]: Accepted publickey for admin from xxx.xxx.xx.xx port 64147 ssh2: DSA SHA256:6uPsONRWeNkYjlj9BU4GZYUUeH60ZbUCB25jolvrvj8 Nov 22 16:07:51 kx sshd[73880]: fatal: Fssh_packet_write_poll: Connection from xxx.xxx.xx.xx port 64147: Permission denied Is there any suggesions? My environments are as follows: - Server: admin@kx:~ % uname -a FreeBSD kx.truefc.org 12.0-CURRENT FreeBSD 12.0-CURRENT #13 r308871M: Sun Nov 20 15:51:21 JST 2016 ad...@kx.truefc.org:/usr/obj/usr/src/sys/XIJ amd64 admin@kx:~ % ssh -V OpenSSH_7.2p2, OpenSSL 1.0.2j-freebsd 26 Sep 2016 admin@kx:~ % - Client: kiri@kazu:~[995]% uname -a FreeBSD kazu.pis 9.2-STABLE FreeBSD 9.2-STABLE #5 r259404M: Mon Dec 16 00:12:52 JST 2013 ad...@kazu.pis:/usr/obj/usr/src/sys/GENERIC amd64 kiri@kazu:~[996]% ssh -V OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013 kiri@kazu:~[997]% Best regards. [1] https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html [2] https://lists.freebsd.org/pipermail/freebsd-current/2016-August/062853.html --- KIRIYAMA Kazuhiko ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"