I suddennly cannot ssh as user to one of our RH7.1 machines. I used to
be able to... I can ssh as root without a problem, but no ordinary
user can connect, either using RSA or DSA keys, or ssh 1, or just with
a password. This happens for several clients. The clients are able to
connect to other servers without a problem.

I tried to downgrade openssh on the server (to 2.9p2-10.7, then to
2.9p2-8.7), to no avail.

Here is one configuration I am trying to debug:

Client []:

Linux 2.4.9-12 i686 unknown

Server []:

Linux 2.4.2-2 i686 unknown

I am looking at the ssh -v log, and it seems to me that the connection is
established and then immediately closed.

OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 1
debug1: Connecting to <server> [] port 22.
debug1: temporarily_use_uid: 500/100 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 500/100 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/oleg/.ssh/identity type 0
debug1: identity file /home/oleg/.ssh/id_rsa type 1
debug1: identity file /home/oleg/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 119/256
debug1: bits set: 1002/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '<server>' is known and matches the RSA host key.
debug1: Found key in /home/oleg/.ssh/known_hosts2:4
debug1: bits set: 1018/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: service_accept: ssh-userauth
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try pubkey: /home/oleg/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x80889e8 hint 1
debug1: read PEM private key done: type RSA
debug1: ssh-userauth2 successful: method publickey
debug1: fd 6 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: channel request 0: shell
debug1: channel 0: open confirm rwindow 0 rmax 16384
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: rcvd close
debug1: channel 0: input open -> closed
debug1: channel 0: close_read
debug1: channel 0: obuf empty
debug1: channel 0: output drain -> closed
debug1: channel 0: close_write
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel_free: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)

debug1: channel_free: channel 0: dettaching channel user
Connection to <server> closed.
debug1: Transferred: stdin 0, stdout 0, stderr 30 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1165.0
debug1: Exit status 254

The server's /var/log/messages have an open/close pair of entries

Dec  9 12:17:25 <server> sshd(pam_unix)[8166]: session opened for user oleg by (uid=0)
Dec  9 12:17:25 <server> sshd(pam_unix)[8166]: session closed for user oleg

There is no firewall I know of between the client and the server. On
server, I have

# ipchains -L
Chain input (policy ACCEPT):
target     prot opt     source       destination           ports
DENY       tcp  ----l-  anywhere    vernon                any ->   http
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

(vernon is a machine that has nothing to do with the ssh session -
it's on a different subnet altogether).

On server, sshd is running, port 22 is open, etc, etc.

Any clues? Thanks,

Oleg Goldshmidt | [EMAIL PROTECTED] 
"If it ain't broken, it has not got enough features yet."

Seawolf-list mailing list

Reply via email to