Re: Problems using gssapi authentication from FreeBSD to Linux machines

Mon, 18 Dec 2006 11:27:02 -0800 


On Dec 15, 2006, at 10:32 AM, Simon Wilkinson wrote:



On 15 Dec 2006, at 05:51, Quincey Koziol wrote:
Any ideas what could be causing the ssh on FreeBSD to "not send a packet"?
The server failing the authentication, for some reason. More information as to why will be in the debug logs from the server.
Whilst OpenSSH 3.9p1 is old (August 2004) - there shouldn't be any protocol changes between the GSSAPI support in it, and that in the latest releases. You don't say what variety (and versions) of Kerberos you are using on each platform - I assume that FreeBSD is Heimdal - are your Linux boxes using MIT Kerberos? What encryption types are you using?
I'm using the native Kerberos on FreeBSD (heimdal) and MIT Kerberos on the Linux machine. How do I find out the encryption types?
Finding out the error messages from the sshd will go a long why to pointing the finger of blame! 

        Well, here's the output from "sshd -d -d -d -p 2222" on the Linux box:

debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 395
debug2: parse_server_config: config /etc/ssh/sshd_config len 395
debug1: sshd version OpenSSH_3.9p1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-f'
debug1: rexec_argv[2]='/etc/ssh/sshd_config'
debug1: rexec_argv[3]='-d'
debug1: rexec_argv[4]='-d'
debug1: rexec_argv[5]='-d'
debug1: rexec_argv[6]='-p'
debug1: rexec_argv[7]='2222'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 2222 on 0.0.0.0.
Bind to port 2222 on 0.0.0.0 failed: Address already in use.
debug3: fd 4 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 395
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
Unfortunately, it's identical for both the successful login with Kerberos tickets from another Linux machine and the unsuccessful Kerberos ticket, but successful password login from the FreeBSD machine... 

        Any other ideas?

                Quincey

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to