Greetings -
Yesterday I asked about a problem I was seeing establishing a hostname
authenticated session on a host. I'm including some (hopefully relevant)
extracts from configuration and logfiles, as well as the last few lines of
a "-d 99" run of ssh2 and sshd2.
Brief reminder:
I've installed ssh-2.0.13 on a machine called tower.york.ac.uk (I gave it
the working name "fred" in yesterday's message but can't be fussed to keep
referring to it as such!). Tower is running Solaris 2.6.
* I have sshd2 running, with compatibility set up for sshd1-type
connections.
* I have a private/public hostkey set up for sshd.
* I've copied the hostkey.pub into the /etc/ssh2/knownhosts directory
under the name tower.york.ac.uk.ssh-dsa.pub
* I have set up a private/public key pair for myself, along with the
associated "authorization" and "identification" files in my $HOME/.ssh2
directory.
* My account on tower has a ".rhosts" file (read+write to me; none to
anyone else) containing:
tower.york.ac.uk
If I login to tower I can successfully do this:
ssh tower
<enter pass phrase>
<shell starts up and I'm logged in>
and also this:
ssh tower
<press Return instead of pass-phrase>
<enter my password for tower>
<shell starts up and I'm logged in>
However I really need to get hostname authentication working so I can login
without needing to enter a pass-phrase or password. When I try to use it I
get this:
ssh tower
<press Return instead of pass-phrase>
<press Return instead of my password for tower>
<hangs>
I came across a patch posted to this list in the archives which re-ordered
these tests. Basically it appeared to move the hostname test to before the
pass-phrase test ... the result was that the hang happened immiediately
rather than after first prompting me for pass-phrase and password.
I've now reverted to the as-distributed 2.0.13 version.
I _think_ I have set things up correctly as follows...
The systemwide /etc/ssh2/ssh2_config file contains this (commented out
lines omitted):
*:
Port 22
Ciphers AnyStdCipher
IdentityFile identification
AuthorizationFile authorization
RandomSeedFile random_seed
VerboseMode no
PasswordPrompt "%U's password: "
Ssh1AgentCompatibility none
Ssh1Compatibility yes
Ssh1Path /usr/local/bin/ssh1
NoDelay no
KeepAlive yes
The systemwide /etc/ssh2/sshd2_config file contains this (commented out
lines again omitted):
*:
Port 22
ListenAddress 0.0.0.0
Ciphers AnyStd
IdentityFile identification
AuthorizationFile authorization
HostKeyFile hostkey
PublicHostKeyFile hostkey.pub
RandomSeedFile random_seed
ForwardAgent yes
ForwardX11 yes
PasswordGuesses 3
MaxConnections 0
PermitRootLogin yes
AllowedAuthentications publickey,password,hostbased
ForcePTTYAllocation no
VerboseMode no
PrintMotd no
CheckMail no
UserConfigDirectory "%D/.ssh2"
SyslogFacility DAEMON
Ssh1Compatibility yes
RequireReverseMapping yes
UserKnownHosts yes
subsystem-sftp sftp-server
I've just set sshd2 running with a "-d 99", and am about to:
ssh tower
<press Return instead of pass-phrase>
<press Return instead of my password for tower>
Here goes...
ssh2 asked me for my pass-phrase: I pressed Return.
ssh2 asked my for my password on tower: I pressed Return.
ssh2 has now hung (no prompt; no error messages).
The debug output from ssh2 after my pressing the second Return is here
(apologies it is so long):
========== START OF SSH2 DEBUG OUTPUT ==========
pmb1's password:
debug: Ssh2Transport/trcommon.c:2743: ssh_tr_up_set_callback
debug: Ssh2Transport/trcommon.c:229: ssh_tr_up_signal_input
debug: SshEventLoop/sshunixeloop.c:328: Timeout registered at 954014882.
debug: Ssh2Transport/trcommon.c:238: ssh_tr_up_signal_output
debug: SshEventLoop/sshunixeloop.c:328: Timeout registered at 954014882.
debug: Ssh2Transport/trcommon.c:2595: ssh_tr_up_read
debug: Ssh2Transport/trcommon.c:2632: ssh_tr_up_write
debug: Ssh2Transport/trcommon.c:2424: ssh_tr_process_up_incoming_packet 0
debug: Ssh2Transport/trcommon.c:331: ssh_tr_send_packet 50
debug: Ssh2Transport/trcommon.c:369: ssh_tr_send_packet: length 56 pad 7
payload 44 mac 16
debug: Ssh2Transport/trcommon.c:267: ssh_tr_output_outgoing
debug: Ssh2Transport/trcommon.c:315: ssh_tr_output_outgoing: no more data
to write
debug: Ssh2Transport/trcommon.c:2595: ssh_tr_up_read
debug: SshEventLoop/sshunixeloop.c:705: Select timeout: 0 seconds, 0 usec.
debug: SshEventLoop/sshunixeloop.c:764: Select.
debug: SshEventLoop/sshunixeloop.c:651: Calling a timeout callback.
debug: Ssh2Transport/trcommon.c:207: ssh_tr_up_signal_input_proc
debug: Ssh2Transport/trcommon.c:2595: ssh_tr_up_read
debug: SshEventLoop/sshunixeloop.c:651: Calling a timeout callback.
debug: Ssh2Transport/trcommon.c:219: ssh_tr_up_signal_output_proc
debug: SshEventLoop/sshunixeloop.c:764: Select.
debug: Ssh2Transport/trcommon.c:2380: ssh_tr_callback 0
debug: Ssh2Transport/trcommon.c:2122: ssh_tr_process_input
debug: Ssh2Transport/trcommon.c:2049: ssh_tr_input_interactive
debug: Ssh2Transport/trcommon.c:1046: ssh_tr_input_packet
debug: Ssh2Transport/trcommon.c:1071: ssh_tr_input_packet: read 8 bytes
debug: Ssh2Transport/trcommon.c:1135: ssh_tr_input_packet: read 56 bytes
debug: Ssh2Transport/trcommon.c:249: ssh_tr_up_send 0
debug: Ssh2Transport/trcommon.c:229: ssh_tr_up_signal_input
debug: SshEventLoop/sshunixeloop.c:328: Timeout registered at 954014882.
debug: Ssh2Transport/trcommon.c:2049: ssh_tr_input_interactive
debug: Ssh2Transport/trcommon.c:1046: ssh_tr_input_packet
debug: Ssh2Transport/trcommon.c:1071: ssh_tr_input_packet: read -1 bytes
debug: SshEventLoop/sshunixeloop.c:651: Calling a timeout callback.
debug: Ssh2Transport/trcommon.c:207: ssh_tr_up_signal_input_proc
debug: Ssh2Transport/trcommon.c:2595: ssh_tr_up_read
debug: Ssh2Transport/trcommon.c:191: ssh_tr_wake_up_input
debug: Ssh2Transport/trcommon.c:2595: ssh_tr_up_read
debug: Ssh2Transport/trcommon.c:191: ssh_tr_wake_up_input
debug: Ssh2AuthClient/sshauthc.c:705: down_received_packet: PACKET
debug: Ssh2AuthClient/sshauthc.c:532: process_failure cont = 0
debug: Ssh2AuthClient/sshauthc.c:553: process_failure: continuations
'publickey,password,hostbased' partial 0
debug: Ssh2AuthClient/sshauthc.c:595: process_failure: productive =
publickey,password,hostbased
debug: Ssh2AuthClient/sshauthc.c:418: next method
debug: SshEventLoop/sshunixeloop.c:402: Registered signal 18.
debug: Ssh2AuthHostBasedClient/authc-hostbased.c:329: Child: Execing
ssh-signer...(path: ssh-signer2)
debug: SshEventLoop/sshunixeloop.c:495: Registered file descriptor 7.
debug: SshEventLoop/sshunixeloop.c:495: Registered file descriptor 6.
debug: Ssh2Transport/trcommon.c:2595: ssh_tr_up_read
debug: SshEventLoop/sshunixeloop.c:764: Select.
debug: SshEventLoop/sshunixeloop.c:764: Select.
========== END OF SSH2 DEBUG OUTPUT ==========
And here's the debug output from sshd2 form the same point:
========== START OF SSH2 DEBUG OUTPUT ==========
debug: Ssh2Transport/trcommon.c:2380: ssh_tr_callback 0
debug: Ssh2Transport/trcommon.c:2122: ssh_tr_process_input
debug: Ssh2Transport/trcommon.c:2049: ssh_tr_input_interactive
debug: Ssh2Transport/trcommon.c:1046: ssh_tr_input_packet
debug: Ssh2Transport/trcommon.c:1071: ssh_tr_input_packet: read 8 bytes
debug: Ssh2Transport/trcommon.c:1135: ssh_tr_input_packet: read 64 bytes
debug: Ssh2Transport/trcommon.c:249: ssh_tr_up_send 0
debug: Ssh2Transport/trcommon.c:229: ssh_tr_up_signal_input
debug: SshEventLoop/sshunixeloop.c:328: Timeout registered at 954014882.
debug: Ssh2Transport/trcommon.c:2049: ssh_tr_input_interactive
debug: Ssh2Transport/trcommon.c:1046: ssh_tr_input_packet
debug: Ssh2Transport/trcommon.c:1071: ssh_tr_input_packet: read -1 bytes
debug: SshEventLoop/sshunixeloop.c:651: Calling a timeout callback.
debug: Ssh2Transport/trcommon.c:207: ssh_tr_up_signal_input_proc
debug: Ssh2Transport/trcommon.c:2595: ssh_tr_up_read
debug: Ssh2Transport/trcommon.c:191: ssh_tr_wake_up_input
debug: Ssh2Transport/trcommon.c:2595: ssh_tr_up_read
debug: Ssh2Transport/trcommon.c:191: ssh_tr_wake_up_input
debug: Ssh2AuthServer/sshauths.c:462: process_request: user pmb1 service
ssh-connection method password
debug: SshUnixUser/sshunixuser.c:610:
ssh_user_validate_secure_rpc_password: not yet implemented
debug: SshUnixUser/sshunixuser.c:599: ssh_user_validate_kerberos_password:
not yet implemented
debug: Ssh2Transport/trcommon.c:2743: ssh_tr_up_set_callback
debug: Ssh2Transport/trcommon.c:229: ssh_tr_up_signal_input
debug: SshEventLoop/sshunixeloop.c:328: Timeout registered at 954014882.
debug: Ssh2Transport/trcommon.c:238: ssh_tr_up_signal_output
debug: SshEventLoop/sshunixeloop.c:328: Timeout registered at 954014882.
debug: Ssh2Transport/trcommon.c:2595: ssh_tr_up_read
debug: Ssh2Transport/trcommon.c:2632: ssh_tr_up_write
debug: Ssh2Transport/trcommon.c:2424: ssh_tr_process_up_incoming_packet 0
debug: Ssh2Transport/trcommon.c:331: ssh_tr_send_packet 51
debug: Ssh2Transport/trcommon.c:369: ssh_tr_send_packet: length 48 pad 9
payload
34 mac 16
debug: Ssh2Transport/trcommon.c:267: ssh_tr_output_outgoing
debug: Ssh2Transport/trcommon.c:315: ssh_tr_output_outgoing: no more data
to write
debug: Ssh2Transport/trcommon.c:2595: ssh_tr_up_read
debug: SshEventLoop/sshunixeloop.c:705: Select timeout: 0 seconds, 0 usec.
debug: SshEventLoop/sshunixeloop.c:764: Select.
debug: SshEventLoop/sshunixeloop.c:651: Calling a timeout callback.
debug: Ssh2Transport/trcommon.c:207: ssh_tr_up_signal_input_proc
debug: Ssh2Transport/trcommon.c:2595: ssh_tr_up_read
debug: SshEventLoop/sshunixeloop.c:651: Calling a timeout callback.
debug: Ssh2Transport/trcommon.c:219: ssh_tr_up_signal_output_proc
debug: SshEventLoop/sshunixeloop.c:705: Select timeout: 592 seconds, 82086
usec.
debug: SshEventLoop/sshunixeloop.c:764: Select.
========== END OF SSH2 DEBUG OUTPUT ==========
Can anyone decipher this to help me get a toe-hold, please?
Many thanks!
Mike Brudenell
--
The Computing Service, University of York, Heslington, York Yo10 5DD, UK
Tel:+44-1904-433811 FAX:+44-1904-433740
Web: http://www-users.york.ac.uk/~pmb1/
* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
