from:"Jason Nett"

Re: [Bug 874518] Re: ssh with kerberos fails after upgrade to 11.10

2011-10-18 Thread Jason Nett

Hi Clint,

I'm not sure if anyone is working on this, but I just wanted to let you (or
whomever is working on it) that I've decided to scrap 11.10 and do a fresh
install of 11.04 from scratch.  After installing kerberos:

sudo apt-get install krb5-user
sudo apt-get install libpam-krb5

and replacing the /etc/krb5.conf with one friendly to the lab I work for, I
can now again ssh into where I need to.  The ticket authentication is
communicated successfully via gssapi-with-mic.

I hope you all are able to find this bug in 11.10 and I look forward to
trying the newest version again in a few months.  There were some new
features I really liked in 11.10, especially the new ALT-Tab window
switcher.  That makes juggling a dozen emacs windows in a single workspace
much easier (one of the very few downsides to the 11.04 Unity version).

Thanks for the help.


Jason

On Sun, Oct 16, 2011 at 1:31 PM, Jason Nett jasonnet...@gmail.com
wrote:

 Hi Clint,

 Your summary is correct.  I tried upgrading my home desktop from 11.04 to
 11.10 and one of the first things I check when I do this is whether ssh and
 kerberos are working properly because I often work from home on this
 computer.  I also have a laptop with 11.04 that I have NOT upgraded to 11.10
 for comparison.  As far as I can tell, kerberos is functioning properly and
 the errors I posted earlier indicate that my destop (11.10) now cannot
 communicate the kerberos ticket while ssh'ing via gssapi-with-mic, whereas
 my laptop (11.04) does communicate the ticket successfully with
 gssapi-with-mic.  I've scoured the files in /username/.ssh/ and in /etc/ssh/
 for any discrepant settings and even tried outright replacing such files
 (not .ssh/known_hosts, of course, but I did try deleting and regenerating
 it), but nothing produces a different result.


 Jason


 On Sun, Oct 16, 2011 at 12:30 PM, Clint Byrum cl...@fewbar.com wrote:

 Ok Jason, thanks for all the leg work. I think at this point we need to
 try and reproduce your setup to try and address the bug. To be clear,

 Your client is on 11.10, and can obtain kerberos tickets fine, but
 cannot log into any SSH service that normally would accept these
 tickets.

 Is that an accurate reflection of the problem?

 ** Summary changed:

 - ssh fails after upgrade to 11.10
 + ssh with kerberos fails after upgrade to 11.10

 ** Changed in: openssh (Ubuntu)
   Status: Incomplete = New

 --
 You received this bug notification because you are subscribed to the bug
 report.
 https://bugs.launchpad.net/bugs/874518

 Title:
  ssh with kerberos fails after upgrade to 11.10

 Status in “openssh” package in Ubuntu:
  New

 Bug description:
  I upgraded from 11.04 to 11.10 and upon completion found that I could no
 longer ssh into other computers that I routinely do so.  There are several
 things I've checked:
  1. Kerberos authentication is working fine, that's not the problem.
  2. I tried restarting and reinstalling ssh, but neither helped.
  3. I tried copying over all ssh related files from my laptop (with a
 properly function ssh in 11.04) and replace what is on my 11.10
 malfunctioning OS, but that did not help.
  4. I tried deleting the .ssh/known_hosts file.  On my next attempt, I
 received the normal message about connecting somewhere for the first time,
 but was still refused a connection.
  5.

  jason:~$ /usr/sbin/sshd -ddd
  debug2: load_server_config: filename /etc/ssh/sshd_config
  debug2: load_server_config: done config len = 682
  debug2: parse_server_config: config /etc/ssh/sshd_config len 682
  debug3: /etc/ssh/sshd_config:5 setting Port 22
  debug3: /etc/ssh/sshd_config:9 setting Protocol 2
  debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
  debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
  debug3: /etc/ssh/sshd_config:13 setting HostKey
 /etc/ssh/ssh_host_ecdsa_key
  debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
  debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
  debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
  debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
  debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
  debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
  debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
  debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
  debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
  debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
  debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
  debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
  debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
  debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
  debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication
 no
  debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
  debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
  debug3: /etc/ssh

Re: [Bug 874518] Re: ssh fails after upgrade to 11.10

2011-10-16 Thread Jason Nett

Upon a fresh install of Ubuntu 11.10, I still have problems with ssh.  After
studying it all day, I believe that the problem has something to do with ssh
not being able to communicate a valid kerberos ticket via gssapi-with-mic.

The problem area of the verbose output looks like:

debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
KDC can't fulfill requested option

debug1: Unspecified GSS failure.  Minor code may provide more information
KDC can't fulfill requested option

debug1: Unspecified GSS failure.  Minor code may provide more
information


debug2: we sent a gssapi-with-mic packet, wait for reply
---

where it should look like (according to the successful execution on my
laptop that is still running 11.04):


debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentication succeeded (gssapi-with-mic).
Authenticated to name.org.gov ([1xx.xxx.xxx.xxx]:xx).
--

If I look at the version numbers of the ssh packages installed with dpkg -l
| grep ssh, Ubuntu 11.10 has:

ii  openssh-client
1:5.8p1-7ubuntu1secure shell (SSH) client, for
secure access to remote machines
ii  ssh-askpass-gnome
1:5.8p1-7ubuntu1interactive X program to prompt
users for a passphrase for ssh-add

while 11.04 has

ii  openssh-client 1:5.8p1-1ubuntu3
   secure shell (SSH) client, for secure access to
remote machines
ii  ssh-askpass-gnome  1:5.8p1-1ubuntu3
   interactive X program to prompt users for a
passphrase for ssh-add


I've searched through every configuration file I can find, especially those
in ./ssh/ and /etc/ssh/, but have not been able to solve the problem or
produce any different results.  The best I can think of is that there's
something about the newer versions that gssapi-with-mic is not agreeing well
with.

I would greatly appreciate if this bug could be fixed because it affects my
ability to work remotely from home.

J


On Sat, Oct 15, 2011 at 11:48 AM, Jason Nett jasonnet...@gmail.com wrote:

 Sorry, you're absolutely right: I did a rush job and forgot to edit it.  I
 also didn't realize that it was posted to a webpage.  Is it possible for you
 to delete the post at:

 https://bugs.launchpad.net/**ubuntu/+source/openssh/+bug/**874518https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518

 ?

 I'm going to attempt a fresh install of 11.10 rather than this upgrade
 version.  I've run into other problems with my latex editor TexMaker as well
 as acroread.


 Jason



 On 10/15/2011 01:15 AM, Clint Byrum wrote:

 Excerpts from Jason Nett's message of Sat Oct 15 00:54:27 UTC 2011:

 Hi Clint,

 Thanks for getting back to me.  Using ifconfig, my laptop's inet addr
 is 127.0.0.1 and ssh -vv 127.0.0.1 yields:

 jason:~$ ssh -vv 127.0.0.1
 OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
 debug1: Reading configuration data /etc/ssh/ssh_config
 debug1: Applying options for *
 debug2: ssh_connect: needpriv 0
 debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
 debug1: connect to address 127.0.0.1 port 22: Connection refused
 ssh: connect to host 127.0.0.1 port 22: Connection refused

 Despite the connection refused I see here, it does connect to where it
 needs to, as it always has.

 Meanwhile, my desktop's inet addr is 192.168.1.64 and the output here
 is:

 jason:~$ ssh -vv 192.168.1.64
 OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
 debug2: ssh_connect: needpriv 0
 debug1: Connecting to 192.168.1.64 [192.168.1.64] port 22.
 debug1: Connection established.
 debug1: identity file /home/jason/.ssh/id_rsa type -1
 debug1: identity file /home/jason/.ssh/id_rsa-cert type -1
 debug1: identity file /home/jason/.ssh/id_dsa type -1
 debug1: identity file /home/jason/.ssh/id_dsa-cert type -1
 debug1: identity file /home/jason/.ssh/id_ecdsa type -1
 debug1: identity file /home/jason/.ssh/id_ecdsa-cert type -1
 debug1: Remote protocol version 2.0, remote software version
 OpenSSH_5.8p1 Debian-7ubuntu1
 debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH*
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
 debug2: fd 3 setting O_NONBLOCK
 debug1: SSH2_MSG_KEXINIT sent
 Read from socket failed: Connection reset by peer

 Again, when I attempt to ssh here I get:

 Permission denied (gssapi-keyex,gssapi-with-mic,**keyboard-interactive).

  Jason, thanks for the quick response.

 The last line: Read from socket fialed; Connectino reset by peer

 means that sshd on your desktop did something to disconnect rather
 unexpectedly.  It would help to see the contents of /var/log/auth.log
 from your desktop

Re: [Bug 874518] Re: ssh fails after upgrade to 11.10

2011-10-16 Thread Jason Nett

Hi Clint

Yes, I had checked this and the ticket itself appeared fine to me:

jason@jason:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: jnett80@ORG.COM

Valid starting ExpiresService principal
10/16/11 08:19:12  10/17/11 10:18:56  krbtgt/ORG.COM@ORG.COM
renew until 10/23/11 08:18:56
jason@jason:~$



Jason


On Sun, Oct 16, 2011 at 2:36 AM, Clint Byrum cl...@fewbar.com wrote:

 Excerpts from Jason Nett's message of Sun Oct 16 06:46:07 UTC 2011:
  Upon a fresh install of Ubuntu 11.10, I still have problems with ssh.
  After
  studying it all day, I believe that the problem has something to do with
 ssh
  not being able to communicate a valid kerberos ticket via
 gssapi-with-mic.
 
  The problem area of the verbose output looks like:
  
  debug1: Next authentication method: gssapi-with-mic
  debug1: Unspecified GSS failure.  Minor code may provide more information
  KDC can't fulfill requested option
 
  debug1: Unspecified GSS failure.  Minor code may provide more information
  KDC can't fulfill requested option
 
  debug1: Unspecified GSS failure.  Minor code may provide more
  information
 
 
  debug2: we sent a gssapi-with-mic packet, wait for reply
  ---
 
  where it should look like (according to the successful execution on my
  laptop that is still running 11.04):
 
  
  debug1: Next authentication method: gssapi-with-mic
  debug2: we sent a gssapi-with-mic packet, wait for reply
  debug1: Authentication succeeded (gssapi-with-mic).
  Authenticated to name.org.gov ([1xx.xxx.xxx.xxx]:xx).
  --
 
  If I look at the version numbers of the ssh packages installed with dpkg
 -l
  | grep ssh, Ubuntu 11.10 has:
 
  ii  openssh-client
  1:5.8p1-7ubuntu1secure shell (SSH) client, for
  secure access to remote machines
  ii  ssh-askpass-gnome
  1:5.8p1-7ubuntu1interactive X program to prompt
  users for a passphrase for ssh-add
 
  while 11.04 has
 
  ii  openssh-client 1:5.8p1-1ubuntu3
 secure shell (SSH) client, for secure access to
  remote machines
  ii  ssh-askpass-gnome  1:5.8p1-1ubuntu3
 interactive X program to prompt users for a
  passphrase for ssh-add
 
 
  I've searched through every configuration file I can find, especially
 those
  in ./ssh/ and /etc/ssh/, but have not been able to solve the problem or
  produce any different results.  The best I can think of is that there's
  something about the newer versions that gssapi-with-mic is not agreeing
 well
  with.
 
  I would greatly appreciate if this bug could be fixed because it affects
 my
  ability to work remotely from home.

 Jason, you are using kerberos auth.. can you do

 kinit user@KERBEROS.DOMAIN

 and get assigned kerberos credentials? (klist should show them)

 --
 You received this bug notification because you are subscribed to the bug
 report.
 https://bugs.launchpad.net/bugs/874518

 Title:
  ssh fails after upgrade to 11.10

 Status in “openssh” package in Ubuntu:
  Incomplete

 Bug description:
  I upgraded from 11.04 to 11.10 and upon completion found that I could no
 longer ssh into other computers that I routinely do so.  There are several
 things I've checked:
  1. Kerberos authentication is working fine, that's not the problem.
  2. I tried restarting and reinstalling ssh, but neither helped.
  3. I tried copying over all ssh related files from my laptop (with a
 properly function ssh in 11.04) and replace what is on my 11.10
 malfunctioning OS, but that did not help.
  4. I tried deleting the .ssh/known_hosts file.  On my next attempt, I
 received the normal message about connecting somewhere for the first time,
 but was still refused a connection.
  5.

  jason:~$ /usr/sbin/sshd -ddd
  debug2: load_server_config: filename /etc/ssh/sshd_config
  debug2: load_server_config: done config len = 682
  debug2: parse_server_config: config /etc/ssh/sshd_config len 682
  debug3: /etc/ssh/sshd_config:5 setting Port 22
  debug3: /etc/ssh/sshd_config:9 setting Protocol 2
  debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
  debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
  debug3: /etc/ssh/sshd_config:13 setting HostKey
 /etc/ssh/ssh_host_ecdsa_key
  debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
  debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
  debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
  debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
  debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
  debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
  debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
  debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
  debug3:

Re: [Bug 874518] Re: ssh with kerberos fails after upgrade to 11.10

2011-10-16 Thread Jason Nett

Hi Clint,

Your summary is correct.  I tried upgrading my home desktop from 11.04 to
11.10 and one of the first things I check when I do this is whether ssh and
kerberos are working properly because I often work from home on this
computer.  I also have a laptop with 11.04 that I have NOT upgraded to 11.10
for comparison.  As far as I can tell, kerberos is functioning properly and
the errors I posted earlier indicate that my destop (11.10) now cannot
communicate the kerberos ticket while ssh'ing via gssapi-with-mic, whereas
my laptop (11.04) does communicate the ticket successfully with
gssapi-with-mic.  I've scoured the files in /username/.ssh/ and in /etc/ssh/
for any discrepant settings and even tried outright replacing such files
(not .ssh/known_hosts, of course, but I did try deleting and regenerating
it), but nothing produces a different result.


Jason

On Sun, Oct 16, 2011 at 12:30 PM, Clint Byrum cl...@fewbar.com wrote:

 Ok Jason, thanks for all the leg work. I think at this point we need to
 try and reproduce your setup to try and address the bug. To be clear,

 Your client is on 11.10, and can obtain kerberos tickets fine, but
 cannot log into any SSH service that normally would accept these
 tickets.

 Is that an accurate reflection of the problem?

 ** Summary changed:

 - ssh fails after upgrade to 11.10
 + ssh with kerberos fails after upgrade to 11.10

 ** Changed in: openssh (Ubuntu)
   Status: Incomplete = New

 --
 You received this bug notification because you are subscribed to the bug
 report.
 https://bugs.launchpad.net/bugs/874518

 Title:
  ssh with kerberos fails after upgrade to 11.10

 Status in “openssh” package in Ubuntu:
  New

 Bug description:
  I upgraded from 11.04 to 11.10 and upon completion found that I could no
 longer ssh into other computers that I routinely do so.  There are several
 things I've checked:
  1. Kerberos authentication is working fine, that's not the problem.
  2. I tried restarting and reinstalling ssh, but neither helped.
  3. I tried copying over all ssh related files from my laptop (with a
 properly function ssh in 11.04) and replace what is on my 11.10
 malfunctioning OS, but that did not help.
  4. I tried deleting the .ssh/known_hosts file.  On my next attempt, I
 received the normal message about connecting somewhere for the first time,
 but was still refused a connection.
  5.

  jason:~$ /usr/sbin/sshd -ddd
  debug2: load_server_config: filename /etc/ssh/sshd_config
  debug2: load_server_config: done config len = 682
  debug2: parse_server_config: config /etc/ssh/sshd_config len 682
  debug3: /etc/ssh/sshd_config:5 setting Port 22
  debug3: /etc/ssh/sshd_config:9 setting Protocol 2
  debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
  debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
  debug3: /etc/ssh/sshd_config:13 setting HostKey
 /etc/ssh/ssh_host_ecdsa_key
  debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
  debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
  debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
  debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
  debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
  debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
  debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
  debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
  debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
  debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
  debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
  debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
  debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
  debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
  debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication no
  debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
  debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
  debug3: /etc/ssh/sshd_config:65 setting PrintMotd no
  debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes
  debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes
  debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_*
  debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp
 /usr/lib/openssh/sftp-server
  debug3: /etc/ssh/sshd_config:87 setting UsePAM yes
  debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
  debug3: Incorrect RSA1 identifier
  debug1: read PEM private key done: type RSA
  debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
  debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
  debug1: private host key: #0 type 1 RSA
  debug3: Incorrect RSA1 identifier
  debug1: read PEM private key done: type DSA
  debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
  debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
  debug1: private host key: #1 type 2 DSA
  debug3: Incorrect RSA1 identifier

Re: [Bug 874518] Re: ssh fails after upgrade to 11.10

2011-10-15 Thread Jason Nett

Sorry, you're absolutely right: I did a rush job and forgot to edit it.  
I also didn't realize that it was posted to a webpage.  Is it possible 
for you to delete the post at:

https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518

?

I'm going to attempt a fresh install of 11.10 rather than this upgrade 
version.  I've run into other problems with my latex editor TexMaker as 
well as acroread.


Jason


On 10/15/2011 01:15 AM, Clint Byrum wrote:
 Excerpts from Jason Nett's message of Sat Oct 15 00:54:27 UTC 2011:
 Hi Clint,

 Thanks for getting back to me.  Using ifconfig, my laptop's inet addr
 is 127.0.0.1 and ssh -vv 127.0.0.1 yields:

 jason:~$ ssh -vv 127.0.0.1
 OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
 debug1: Reading configuration data /etc/ssh/ssh_config
 debug1: Applying options for *
 debug2: ssh_connect: needpriv 0
 debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
 debug1: connect to address 127.0.0.1 port 22: Connection refused
 ssh: connect to host 127.0.0.1 port 22: Connection refused

 Despite the connection refused I see here, it does connect to where it
 needs to, as it always has.

 Meanwhile, my desktop's inet addr is 192.168.1.64 and the output here
 is:

 jason:~$ ssh -vv 192.168.1.64
 OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
 debug2: ssh_connect: needpriv 0
 debug1: Connecting to 192.168.1.64 [192.168.1.64] port 22.
 debug1: Connection established.
 debug1: identity file /home/jason/.ssh/id_rsa type -1
 debug1: identity file /home/jason/.ssh/id_rsa-cert type -1
 debug1: identity file /home/jason/.ssh/id_dsa type -1
 debug1: identity file /home/jason/.ssh/id_dsa-cert type -1
 debug1: identity file /home/jason/.ssh/id_ecdsa type -1
 debug1: identity file /home/jason/.ssh/id_ecdsa-cert type -1
 debug1: Remote protocol version 2.0, remote software version
 OpenSSH_5.8p1 Debian-7ubuntu1
 debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH*
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
 debug2: fd 3 setting O_NONBLOCK
 debug1: SSH2_MSG_KEXINIT sent
 Read from socket failed: Connection reset by peer

 Again, when I attempt to ssh here I get:

 Permission denied (gssapi-keyex,gssapi-with-mic,keyboard-interactive).

 Jason, thanks for the quick response.

 The last line: Read from socket fialed; Connectino reset by peer

 means that sshd on your desktop did something to disconnect rather
 unexpectedly.  It would help to see the contents of /var/log/auth.log
 from your desktop, though please remove any sensitive information from
 it before posting.


-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/874518

Title:
  ssh fails after upgrade to 11.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 874518] [NEW] ssh fails after upgrade to 11.10

2011-10-14 Thread Jason Nett

Public bug reported:

I upgraded from 11.04 to 11.10 and upon completion found that I could no longer 
ssh into other computers that I routinely do so.  There are several things I've 
checked:
1. Kerberos authentication is working fine, that's not the problem.
2. I tried restarting and reinstalling ssh, but neither helped.
3. I tried copying over all ssh related files from my laptop (with a properly 
function ssh in 11.04) and replace what is on my 11.10 malfunctioning OS, but 
that did not help.
4. I tried deleting the .ssh/known_hosts file.  On my next attempt, I received 
the normal message about connecting somewhere for the first time, but was still 
refused a connection.
5. 

jason:~$ /usr/sbin/sshd -ddd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 682
debug2: parse_server_config: config /etc/ssh/sshd_config len 682
debug3: /etc/ssh/sshd_config:5 setting Port 22
debug3: /etc/ssh/sshd_config:9 setting Protocol 2
debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
debug3: /etc/ssh/sshd_config:13 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
debug3: /etc/ssh/sshd_config:65 setting PrintMotd no
debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes
debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_*
debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp 
/usr/lib/openssh/sftp-server
debug3: /etc/ssh/sshd_config:87 setting UsePAM yes
debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: private host key: #2 type 3 ECDSA
debug1: setgroups() failed: Operation not permitted
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Permission denied.
debug2: fd 3 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Bind to port 22 on :: failed: Permission denied.
Cannot bind any address.

Maybe the problem is in that readout, but I'm not familiar enough with
this output to know.

My laptop which still has Ubuntu 11.04 still can successfully log into
the computers I need to, so the problem is definitely related to the
upgrade of my desktop to 11.10.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: ssh (not installed)
ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4
Uname: Linux 3.0.0-12-generic-pae i686
NonfreeKernelModules: wl
ApportVersion: 1.23-0ubuntu3
Architecture: i386
Date: Fri Oct 14 13:40:37 2011
InstallationMedia: Ubuntu 9.10 Karmic Koala - Release i386 (20091028.5)
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: openssh
UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago)

** Affects: openssh (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: apport-bug i386 oneiric running-unity

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/874518

Title:

Re: [Bug 874518] Re: ssh fails after upgrade to 11.10

2011-10-14 Thread Jason Nett

Hi Clint,

Thanks for getting back to me.  Using ifconfig, my laptop's inet addr 
is 127.0.0.1 and ssh -vv 127.0.0.1 yields:

jason:~$ ssh -vv 127.0.0.1
OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host 127.0.0.1 port 22: Connection refused

Despite the connection refused I see here, it does connect to where it 
needs to, as it always has.

Meanwhile, my desktop's inet addr is 192.168.1.64 and the output here
is:

jason:~$ ssh -vv 192.168.1.64
OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.64 [192.168.1.64] port 22.
debug1: Connection established.
debug1: identity file /home/jason/.ssh/id_rsa type -1
debug1: identity file /home/jason/.ssh/id_rsa-cert type -1
debug1: identity file /home/jason/.ssh/id_dsa type -1
debug1: identity file /home/jason/.ssh/id_dsa-cert type -1
debug1: identity file /home/jason/.ssh/id_ecdsa type -1
debug1: identity file /home/jason/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version 
OpenSSH_5.8p1 Debian-7ubuntu1
debug1: match: OpenSSH_5.8p1 Debian-7ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer

Again, when I attempt to ssh here I get:

Permission denied (gssapi-keyex,gssapi-with-mic,keyboard-interactive).


Jason


On 10/14/2011 04:42 PM, Clint Byrum wrote:
 Hi Jason, thanks for taking the time to file a bug report, and I'm sorry
 you're having trouble.

 The sshd -ddd needs to be run as root to be able to listen on port 22.

 Also, an output from your laptop of

 ssh -vv your.desktop.address

 Will help to debug this issue.

 ** Changed in: openssh (Ubuntu)
 Status: New =  Incomplete

 ** Changed in: openssh (Ubuntu)
 Importance: Undecided =  High


-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/874518

Title:
  ssh fails after upgrade to 11.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Re: [Bug 874518] Re: ssh fails after upgrade to 11.10

2011-10-14 Thread Jason Nett

Hi Clint,

I think I figures something out:

If I do a ssh -vv jnet...@fcdflnx3.fnal.gov (the computer I'm trying 
to log into), towards the end of the output I get:


Jason Nett11:06:38 PM
debug1: Authentications that can continue: 
gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentication succeeded (gssapi-with-mic).
Authenticated to fcdflnx3.fnal.gov ([131.225.240.129]:22).


Notice that gssapi-with-mic is in the list of Authentications that 
can continue and is the one that succeeded.  When I try on the machine 
that lost it's ability to ssh, this output is:

debug1: Authentications that can continue: 
gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: 
gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (gssapi-keyex,gssapi-with-mic,keyboard-interactive).
---

So on this machine, gssapi-keyex and gssapi-with-mic are never 
attempted--according to the verbose output--and only 
keyboard-interactive is attempted.  From my online searches, I gather 
that gssapi-with-mic has something to do with communicating my kerberos 
authentication, but I'm not quite sure where to go from here, at the moment.

Hopefully this extra info can help us rectify the issue quickly.


Jason


On 10/14/2011 04:42 PM, Clint Byrum wrote:
 Hi Jason, thanks for taking the time to file a bug report, and I'm sorry
 you're having trouble.

 The sshd -ddd needs to be run as root to be able to listen on port 22.

 Also, an output from your laptop of

 ssh -vv your.desktop.address

 Will help to debug this issue.

 ** Changed in: openssh (Ubuntu)
 Status: New =  Incomplete

 ** Changed in: openssh (Ubuntu)
 Importance: Undecided =  High


-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/874518

Title:
  ssh fails after upgrade to 11.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Re: [Bug 874518] Re: ssh with kerberos fails after upgrade to 11.10

Re: [Bug 874518] Re: ssh fails after upgrade to 11.10

Re: [Bug 874518] Re: ssh fails after upgrade to 11.10

Re: [Bug 874518] Re: ssh with kerberos fails after upgrade to 11.10

Re: [Bug 874518] Re: ssh fails after upgrade to 11.10

[Bug 874518] [NEW] ssh fails after upgrade to 11.10

Re: [Bug 874518] Re: ssh fails after upgrade to 11.10

Re: [Bug 874518] Re: ssh fails after upgrade to 11.10

8 matches

Site Navigation

Mail list logo

Footer information