Re: [Bug 874518] Re: ssh with kerberos fails after upgrade to 11.10
Hi Clint, I'm not sure if anyone is working on this, but I just wanted to let you (or whomever is working on it) that I've decided to scrap 11.10 and do a fresh install of 11.04 from scratch. After installing kerberos: sudo apt-get install krb5-user sudo apt-get install libpam-krb5 and replacing the /etc/krb5.conf with one friendly to the lab I work for, I can now again ssh into where I need to. The ticket authentication is communicated successfully via gssapi-with-mic. I hope you all are able to find this bug in 11.10 and I look forward to trying the newest version again in a few months. There were some new features I really liked in 11.10, especially the new ALT-Tab window switcher. That makes juggling a dozen emacs windows in a single workspace much easier (one of the very few downsides to the 11.04 Unity version). Thanks for the help. Jason On Sun, Oct 16, 2011 at 1:31 PM, Jason Nett jasonnet...@gmail.com wrote: Hi Clint, Your summary is correct. I tried upgrading my home desktop from 11.04 to 11.10 and one of the first things I check when I do this is whether ssh and kerberos are working properly because I often work from home on this computer. I also have a laptop with 11.04 that I have NOT upgraded to 11.10 for comparison. As far as I can tell, kerberos is functioning properly and the errors I posted earlier indicate that my destop (11.10) now cannot communicate the kerberos ticket while ssh'ing via gssapi-with-mic, whereas my laptop (11.04) does communicate the ticket successfully with gssapi-with-mic. I've scoured the files in /username/.ssh/ and in /etc/ssh/ for any discrepant settings and even tried outright replacing such files (not .ssh/known_hosts, of course, but I did try deleting and regenerating it), but nothing produces a different result. Jason On Sun, Oct 16, 2011 at 12:30 PM, Clint Byrum cl...@fewbar.com wrote: Ok Jason, thanks for all the leg work. I think at this point we need to try and reproduce your setup to try and address the bug. To be clear, Your client is on 11.10, and can obtain kerberos tickets fine, but cannot log into any SSH service that normally would accept these tickets. Is that an accurate reflection of the problem? ** Summary changed: - ssh fails after upgrade to 11.10 + ssh with kerberos fails after upgrade to 11.10 ** Changed in: openssh (Ubuntu) Status: Incomplete = New -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/874518 Title: ssh with kerberos fails after upgrade to 11.10 Status in “openssh” package in Ubuntu: New Bug description: I upgraded from 11.04 to 11.10 and upon completion found that I could no longer ssh into other computers that I routinely do so. There are several things I've checked: 1. Kerberos authentication is working fine, that's not the problem. 2. I tried restarting and reinstalling ssh, but neither helped. 3. I tried copying over all ssh related files from my laptop (with a properly function ssh in 11.04) and replace what is on my 11.10 malfunctioning OS, but that did not help. 4. I tried deleting the .ssh/known_hosts file. On my next attempt, I received the normal message about connecting somewhere for the first time, but was still refused a connection. 5. jason:~$ /usr/sbin/sshd -ddd debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 682 debug2: parse_server_config: config /etc/ssh/sshd_config len 682 debug3: /etc/ssh/sshd_config:5 setting Port 22 debug3: /etc/ssh/sshd_config:9 setting Protocol 2 debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key debug3: /etc/ssh/sshd_config:13 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600 debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768 debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120 debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no debug3: /etc/ssh/sshd_config:28 setting StrictModes yes debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication no debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10 debug3: /etc/ssh
Re: [Bug 874518] Re: ssh fails after upgrade to 11.10
Upon a fresh install of Ubuntu 11.10, I still have problems with ssh. After studying it all day, I believe that the problem has something to do with ssh not being able to communicate a valid kerberos ticket via gssapi-with-mic. The problem area of the verbose output looks like: debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information KDC can't fulfill requested option debug1: Unspecified GSS failure. Minor code may provide more information KDC can't fulfill requested option debug1: Unspecified GSS failure. Minor code may provide more information debug2: we sent a gssapi-with-mic packet, wait for reply --- where it should look like (according to the successful execution on my laptop that is still running 11.04): debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentication succeeded (gssapi-with-mic). Authenticated to name.org.gov ([1xx.xxx.xxx.xxx]:xx). -- If I look at the version numbers of the ssh packages installed with dpkg -l | grep ssh, Ubuntu 11.10 has: ii openssh-client 1:5.8p1-7ubuntu1secure shell (SSH) client, for secure access to remote machines ii ssh-askpass-gnome 1:5.8p1-7ubuntu1interactive X program to prompt users for a passphrase for ssh-add while 11.04 has ii openssh-client 1:5.8p1-1ubuntu3 secure shell (SSH) client, for secure access to remote machines ii ssh-askpass-gnome 1:5.8p1-1ubuntu3 interactive X program to prompt users for a passphrase for ssh-add I've searched through every configuration file I can find, especially those in ./ssh/ and /etc/ssh/, but have not been able to solve the problem or produce any different results. The best I can think of is that there's something about the newer versions that gssapi-with-mic is not agreeing well with. I would greatly appreciate if this bug could be fixed because it affects my ability to work remotely from home. J On Sat, Oct 15, 2011 at 11:48 AM, Jason Nett jasonnet...@gmail.com wrote: Sorry, you're absolutely right: I did a rush job and forgot to edit it. I also didn't realize that it was posted to a webpage. Is it possible for you to delete the post at: https://bugs.launchpad.net/**ubuntu/+source/openssh/+bug/**874518https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518 ? I'm going to attempt a fresh install of 11.10 rather than this upgrade version. I've run into other problems with my latex editor TexMaker as well as acroread. Jason On 10/15/2011 01:15 AM, Clint Byrum wrote: Excerpts from Jason Nett's message of Sat Oct 15 00:54:27 UTC 2011: Hi Clint, Thanks for getting back to me. Using ifconfig, my laptop's inet addr is 127.0.0.1 and ssh -vv 127.0.0.1 yields: jason:~$ ssh -vv 127.0.0.1 OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22. debug1: connect to address 127.0.0.1 port 22: Connection refused ssh: connect to host 127.0.0.1 port 22: Connection refused Despite the connection refused I see here, it does connect to where it needs to, as it always has. Meanwhile, my desktop's inet addr is 192.168.1.64 and the output here is: jason:~$ ssh -vv 192.168.1.64 OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011 debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.1.64 [192.168.1.64] port 22. debug1: Connection established. debug1: identity file /home/jason/.ssh/id_rsa type -1 debug1: identity file /home/jason/.ssh/id_rsa-cert type -1 debug1: identity file /home/jason/.ssh/id_dsa type -1 debug1: identity file /home/jason/.ssh/id_dsa-cert type -1 debug1: identity file /home/jason/.ssh/id_ecdsa type -1 debug1: identity file /home/jason/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-7ubuntu1 debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent Read from socket failed: Connection reset by peer Again, when I attempt to ssh here I get: Permission denied (gssapi-keyex,gssapi-with-mic,**keyboard-interactive). Jason, thanks for the quick response. The last line: Read from socket fialed; Connectino reset by peer means that sshd on your desktop did something to disconnect rather unexpectedly. It would help to see the contents of /var/log/auth.log from your desktop
Re: [Bug 874518] Re: ssh fails after upgrade to 11.10
Hi Clint Yes, I had checked this and the ticket itself appeared fine to me: jason@jason:~$ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: jnett80@ORG.COM Valid starting ExpiresService principal 10/16/11 08:19:12 10/17/11 10:18:56 krbtgt/ORG.COM@ORG.COM renew until 10/23/11 08:18:56 jason@jason:~$ Jason On Sun, Oct 16, 2011 at 2:36 AM, Clint Byrum cl...@fewbar.com wrote: Excerpts from Jason Nett's message of Sun Oct 16 06:46:07 UTC 2011: Upon a fresh install of Ubuntu 11.10, I still have problems with ssh. After studying it all day, I believe that the problem has something to do with ssh not being able to communicate a valid kerberos ticket via gssapi-with-mic. The problem area of the verbose output looks like: debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information KDC can't fulfill requested option debug1: Unspecified GSS failure. Minor code may provide more information KDC can't fulfill requested option debug1: Unspecified GSS failure. Minor code may provide more information debug2: we sent a gssapi-with-mic packet, wait for reply --- where it should look like (according to the successful execution on my laptop that is still running 11.04): debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentication succeeded (gssapi-with-mic). Authenticated to name.org.gov ([1xx.xxx.xxx.xxx]:xx). -- If I look at the version numbers of the ssh packages installed with dpkg -l | grep ssh, Ubuntu 11.10 has: ii openssh-client 1:5.8p1-7ubuntu1secure shell (SSH) client, for secure access to remote machines ii ssh-askpass-gnome 1:5.8p1-7ubuntu1interactive X program to prompt users for a passphrase for ssh-add while 11.04 has ii openssh-client 1:5.8p1-1ubuntu3 secure shell (SSH) client, for secure access to remote machines ii ssh-askpass-gnome 1:5.8p1-1ubuntu3 interactive X program to prompt users for a passphrase for ssh-add I've searched through every configuration file I can find, especially those in ./ssh/ and /etc/ssh/, but have not been able to solve the problem or produce any different results. The best I can think of is that there's something about the newer versions that gssapi-with-mic is not agreeing well with. I would greatly appreciate if this bug could be fixed because it affects my ability to work remotely from home. Jason, you are using kerberos auth.. can you do kinit user@KERBEROS.DOMAIN and get assigned kerberos credentials? (klist should show them) -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/874518 Title: ssh fails after upgrade to 11.10 Status in “openssh” package in Ubuntu: Incomplete Bug description: I upgraded from 11.04 to 11.10 and upon completion found that I could no longer ssh into other computers that I routinely do so. There are several things I've checked: 1. Kerberos authentication is working fine, that's not the problem. 2. I tried restarting and reinstalling ssh, but neither helped. 3. I tried copying over all ssh related files from my laptop (with a properly function ssh in 11.04) and replace what is on my 11.10 malfunctioning OS, but that did not help. 4. I tried deleting the .ssh/known_hosts file. On my next attempt, I received the normal message about connecting somewhere for the first time, but was still refused a connection. 5. jason:~$ /usr/sbin/sshd -ddd debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 682 debug2: parse_server_config: config /etc/ssh/sshd_config len 682 debug3: /etc/ssh/sshd_config:5 setting Port 22 debug3: /etc/ssh/sshd_config:9 setting Protocol 2 debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key debug3: /etc/ssh/sshd_config:13 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600 debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768 debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120 debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no debug3: /etc/ssh/sshd_config:28 setting StrictModes yes debug3:
Re: [Bug 874518] Re: ssh with kerberos fails after upgrade to 11.10
Hi Clint, Your summary is correct. I tried upgrading my home desktop from 11.04 to 11.10 and one of the first things I check when I do this is whether ssh and kerberos are working properly because I often work from home on this computer. I also have a laptop with 11.04 that I have NOT upgraded to 11.10 for comparison. As far as I can tell, kerberos is functioning properly and the errors I posted earlier indicate that my destop (11.10) now cannot communicate the kerberos ticket while ssh'ing via gssapi-with-mic, whereas my laptop (11.04) does communicate the ticket successfully with gssapi-with-mic. I've scoured the files in /username/.ssh/ and in /etc/ssh/ for any discrepant settings and even tried outright replacing such files (not .ssh/known_hosts, of course, but I did try deleting and regenerating it), but nothing produces a different result. Jason On Sun, Oct 16, 2011 at 12:30 PM, Clint Byrum cl...@fewbar.com wrote: Ok Jason, thanks for all the leg work. I think at this point we need to try and reproduce your setup to try and address the bug. To be clear, Your client is on 11.10, and can obtain kerberos tickets fine, but cannot log into any SSH service that normally would accept these tickets. Is that an accurate reflection of the problem? ** Summary changed: - ssh fails after upgrade to 11.10 + ssh with kerberos fails after upgrade to 11.10 ** Changed in: openssh (Ubuntu) Status: Incomplete = New -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/874518 Title: ssh with kerberos fails after upgrade to 11.10 Status in “openssh” package in Ubuntu: New Bug description: I upgraded from 11.04 to 11.10 and upon completion found that I could no longer ssh into other computers that I routinely do so. There are several things I've checked: 1. Kerberos authentication is working fine, that's not the problem. 2. I tried restarting and reinstalling ssh, but neither helped. 3. I tried copying over all ssh related files from my laptop (with a properly function ssh in 11.04) and replace what is on my 11.10 malfunctioning OS, but that did not help. 4. I tried deleting the .ssh/known_hosts file. On my next attempt, I received the normal message about connecting somewhere for the first time, but was still refused a connection. 5. jason:~$ /usr/sbin/sshd -ddd debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 682 debug2: parse_server_config: config /etc/ssh/sshd_config len 682 debug3: /etc/ssh/sshd_config:5 setting Port 22 debug3: /etc/ssh/sshd_config:9 setting Protocol 2 debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key debug3: /etc/ssh/sshd_config:13 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600 debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768 debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120 debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no debug3: /etc/ssh/sshd_config:28 setting StrictModes yes debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication no debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10 debug3: /etc/ssh/sshd_config:65 setting PrintMotd no debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_* debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp /usr/lib/openssh/sftp-server debug3: /etc/ssh/sshd_config:87 setting UsePAM yes debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type DSA debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: private host key: #1 type 2 DSA debug3: Incorrect RSA1 identifier
Re: [Bug 874518] Re: ssh fails after upgrade to 11.10
Sorry, you're absolutely right: I did a rush job and forgot to edit it. I also didn't realize that it was posted to a webpage. Is it possible for you to delete the post at: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518 ? I'm going to attempt a fresh install of 11.10 rather than this upgrade version. I've run into other problems with my latex editor TexMaker as well as acroread. Jason On 10/15/2011 01:15 AM, Clint Byrum wrote: Excerpts from Jason Nett's message of Sat Oct 15 00:54:27 UTC 2011: Hi Clint, Thanks for getting back to me. Using ifconfig, my laptop's inet addr is 127.0.0.1 and ssh -vv 127.0.0.1 yields: jason:~$ ssh -vv 127.0.0.1 OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22. debug1: connect to address 127.0.0.1 port 22: Connection refused ssh: connect to host 127.0.0.1 port 22: Connection refused Despite the connection refused I see here, it does connect to where it needs to, as it always has. Meanwhile, my desktop's inet addr is 192.168.1.64 and the output here is: jason:~$ ssh -vv 192.168.1.64 OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011 debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.1.64 [192.168.1.64] port 22. debug1: Connection established. debug1: identity file /home/jason/.ssh/id_rsa type -1 debug1: identity file /home/jason/.ssh/id_rsa-cert type -1 debug1: identity file /home/jason/.ssh/id_dsa type -1 debug1: identity file /home/jason/.ssh/id_dsa-cert type -1 debug1: identity file /home/jason/.ssh/id_ecdsa type -1 debug1: identity file /home/jason/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-7ubuntu1 debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent Read from socket failed: Connection reset by peer Again, when I attempt to ssh here I get: Permission denied (gssapi-keyex,gssapi-with-mic,keyboard-interactive). Jason, thanks for the quick response. The last line: Read from socket fialed; Connectino reset by peer means that sshd on your desktop did something to disconnect rather unexpectedly. It would help to see the contents of /var/log/auth.log from your desktop, though please remove any sensitive information from it before posting. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/874518 Title: ssh fails after upgrade to 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 874518] [NEW] ssh fails after upgrade to 11.10
Public bug reported: I upgraded from 11.04 to 11.10 and upon completion found that I could no longer ssh into other computers that I routinely do so. There are several things I've checked: 1. Kerberos authentication is working fine, that's not the problem. 2. I tried restarting and reinstalling ssh, but neither helped. 3. I tried copying over all ssh related files from my laptop (with a properly function ssh in 11.04) and replace what is on my 11.10 malfunctioning OS, but that did not help. 4. I tried deleting the .ssh/known_hosts file. On my next attempt, I received the normal message about connecting somewhere for the first time, but was still refused a connection. 5. jason:~$ /usr/sbin/sshd -ddd debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 682 debug2: parse_server_config: config /etc/ssh/sshd_config len 682 debug3: /etc/ssh/sshd_config:5 setting Port 22 debug3: /etc/ssh/sshd_config:9 setting Protocol 2 debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key debug3: /etc/ssh/sshd_config:13 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600 debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768 debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120 debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no debug3: /etc/ssh/sshd_config:28 setting StrictModes yes debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication no debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10 debug3: /etc/ssh/sshd_config:65 setting PrintMotd no debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_* debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp /usr/lib/openssh/sftp-server debug3: /etc/ssh/sshd_config:87 setting UsePAM yes debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type DSA debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: private host key: #1 type 2 DSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256 debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256 debug1: private host key: #2 type 3 ECDSA debug1: setgroups() failed: Operation not permitted debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug3: oom_adjust_setup Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Bind to port 22 on 0.0.0.0 failed: Permission denied. debug2: fd 3 setting O_NONBLOCK debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY debug1: Bind to port 22 on ::. Bind to port 22 on :: failed: Permission denied. Cannot bind any address. Maybe the problem is in that readout, but I'm not familiar enough with this output to know. My laptop which still has Ubuntu 11.04 still can successfully log into the computers I need to, so the problem is definitely related to the upgrade of my desktop to 11.10. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: ssh (not installed) ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4 Uname: Linux 3.0.0-12-generic-pae i686 NonfreeKernelModules: wl ApportVersion: 1.23-0ubuntu3 Architecture: i386 Date: Fri Oct 14 13:40:37 2011 InstallationMedia: Ubuntu 9.10 Karmic Koala - Release i386 (20091028.5) ProcEnviron: PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: openssh UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago) ** Affects: openssh (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug i386 oneiric running-unity -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/874518 Title:
Re: [Bug 874518] Re: ssh fails after upgrade to 11.10
Hi Clint, Thanks for getting back to me. Using ifconfig, my laptop's inet addr is 127.0.0.1 and ssh -vv 127.0.0.1 yields: jason:~$ ssh -vv 127.0.0.1 OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22. debug1: connect to address 127.0.0.1 port 22: Connection refused ssh: connect to host 127.0.0.1 port 22: Connection refused Despite the connection refused I see here, it does connect to where it needs to, as it always has. Meanwhile, my desktop's inet addr is 192.168.1.64 and the output here is: jason:~$ ssh -vv 192.168.1.64 OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011 debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.1.64 [192.168.1.64] port 22. debug1: Connection established. debug1: identity file /home/jason/.ssh/id_rsa type -1 debug1: identity file /home/jason/.ssh/id_rsa-cert type -1 debug1: identity file /home/jason/.ssh/id_dsa type -1 debug1: identity file /home/jason/.ssh/id_dsa-cert type -1 debug1: identity file /home/jason/.ssh/id_ecdsa type -1 debug1: identity file /home/jason/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-7ubuntu1 debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent Read from socket failed: Connection reset by peer Again, when I attempt to ssh here I get: Permission denied (gssapi-keyex,gssapi-with-mic,keyboard-interactive). Jason On 10/14/2011 04:42 PM, Clint Byrum wrote: Hi Jason, thanks for taking the time to file a bug report, and I'm sorry you're having trouble. The sshd -ddd needs to be run as root to be able to listen on port 22. Also, an output from your laptop of ssh -vv your.desktop.address Will help to debug this issue. ** Changed in: openssh (Ubuntu) Status: New = Incomplete ** Changed in: openssh (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/874518 Title: ssh fails after upgrade to 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 874518] Re: ssh fails after upgrade to 11.10
Hi Clint, I think I figures something out: If I do a ssh -vv jnet...@fcdflnx3.fnal.gov (the computer I'm trying to log into), towards the end of the output I get: Jason Nett11:06:38 PM debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,keyboard-interactive debug1: Next authentication method: gssapi-keyex debug1: No valid Key exchange context debug2: we did not send a packet, disable method debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply debug1: Authentication succeeded (gssapi-with-mic). Authenticated to fcdflnx3.fnal.gov ([131.225.240.129]:22). Notice that gssapi-with-mic is in the list of Authentications that can continue and is the one that succeeded. When I try on the machine that lost it's ability to ssh, this output is: debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,keyboard-interactive debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (gssapi-keyex,gssapi-with-mic,keyboard-interactive). --- So on this machine, gssapi-keyex and gssapi-with-mic are never attempted--according to the verbose output--and only keyboard-interactive is attempted. From my online searches, I gather that gssapi-with-mic has something to do with communicating my kerberos authentication, but I'm not quite sure where to go from here, at the moment. Hopefully this extra info can help us rectify the issue quickly. Jason On 10/14/2011 04:42 PM, Clint Byrum wrote: Hi Jason, thanks for taking the time to file a bug report, and I'm sorry you're having trouble. The sshd -ddd needs to be run as root to be able to listen on port 22. Also, an output from your laptop of ssh -vv your.desktop.address Will help to debug this issue. ** Changed in: openssh (Ubuntu) Status: New = Incomplete ** Changed in: openssh (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/874518 Title: ssh fails after upgrade to 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs