Hi Clint, I'm not sure if anyone is working on this, but I just wanted to let you (or whomever is working on it) that I've decided to scrap 11.10 and do a fresh install of 11.04 from scratch. After installing kerberos:
sudo apt-get install krb5-user sudo apt-get install libpam-krb5 and replacing the /etc/krb5.conf with one friendly to the lab I work for, I can now again ssh into where I need to. The ticket authentication is communicated successfully via gssapi-with-mic. I hope you all are able to find this bug in 11.10 and I look forward to trying the newest version again in a few months. There were some new features I really liked in 11.10, especially the new ALT-Tab window switcher. That makes juggling a dozen emacs windows in a single workspace much easier (one of the very few downsides to the 11.04 Unity version). Thanks for the help. Jason On Sun, Oct 16, 2011 at 1:31 PM, Jason Nett <[email protected]> wrote: > Hi Clint, > > Your summary is correct. I tried upgrading my home desktop from 11.04 to > 11.10 and one of the first things I check when I do this is whether ssh and > kerberos are working properly because I often work from home on this > computer. I also have a laptop with 11.04 that I have NOT upgraded to 11.10 > for comparison. As far as I can tell, kerberos is functioning properly and > the errors I posted earlier indicate that my destop (11.10) now cannot > communicate the kerberos ticket while ssh'ing via gssapi-with-mic, whereas > my laptop (11.04) does communicate the ticket successfully with > gssapi-with-mic. I've scoured the files in /username/.ssh/ and in /etc/ssh/ > for any discrepant settings and even tried outright replacing such files > (not .ssh/known_hosts, of course, but I did try deleting and regenerating > it), but nothing produces a different result. > > > Jason > > > On Sun, Oct 16, 2011 at 12:30 PM, Clint Byrum <[email protected]> wrote: > >> Ok Jason, thanks for all the leg work. I think at this point we need to >> try and reproduce your setup to try and address the bug. To be clear, >> >> Your client is on 11.10, and can obtain kerberos tickets fine, but >> cannot log into any SSH service that normally would accept these >> tickets. >> >> Is that an accurate reflection of the problem? >> >> ** Summary changed: >> >> - ssh fails after upgrade to 11.10 >> + ssh with kerberos fails after upgrade to 11.10 >> >> ** Changed in: openssh (Ubuntu) >> Status: Incomplete => New >> >> -- >> You received this bug notification because you are subscribed to the bug >> report. >> https://bugs.launchpad.net/bugs/874518 >> >> Title: >> ssh with kerberos fails after upgrade to 11.10 >> >> Status in “openssh” package in Ubuntu: >> New >> >> Bug description: >> I upgraded from 11.04 to 11.10 and upon completion found that I could no >> longer ssh into other computers that I routinely do so. There are several >> things I've checked: >> 1. Kerberos authentication is working fine, that's not the problem. >> 2. I tried restarting and reinstalling ssh, but neither helped. >> 3. I tried copying over all ssh related files from my laptop (with a >> properly function ssh in 11.04) and replace what is on my 11.10 >> malfunctioning OS, but that did not help. >> 4. I tried deleting the .ssh/known_hosts file. On my next attempt, I >> received the normal message about connecting somewhere for the first time, >> but was still refused a connection. >> 5. >> >> jason:~$ /usr/sbin/sshd -ddd >> debug2: load_server_config: filename /etc/ssh/sshd_config >> debug2: load_server_config: done config len = 682 >> debug2: parse_server_config: config /etc/ssh/sshd_config len 682 >> debug3: /etc/ssh/sshd_config:5 setting Port 22 >> debug3: /etc/ssh/sshd_config:9 setting Protocol 2 >> debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key >> debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key >> debug3: /etc/ssh/sshd_config:13 setting HostKey >> /etc/ssh/ssh_host_ecdsa_key >> debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes >> debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600 >> debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768 >> debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH >> debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO >> debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120 >> debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no >> debug3: /etc/ssh/sshd_config:28 setting StrictModes yes >> debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes >> debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes >> debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes >> debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no >> debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no >> debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no >> debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication >> no >> debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes >> debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10 >> debug3: /etc/ssh/sshd_config:65 setting PrintMotd no >> debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes >> debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes >> debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_* >> debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp >> /usr/lib/openssh/sftp-server >> debug3: /etc/ssh/sshd_config:87 setting UsePAM yes >> debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1 >> debug3: Incorrect RSA1 identifier >> debug1: read PEM private key done: type RSA >> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 >> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 >> debug1: private host key: #0 type 1 RSA >> debug3: Incorrect RSA1 identifier >> debug1: read PEM private key done: type DSA >> debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 >> debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 >> debug1: private host key: #1 type 2 DSA >> debug3: Incorrect RSA1 identifier >> debug1: read PEM private key done: type ECDSA >> debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256 >> debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256 >> debug1: private host key: #2 type 3 ECDSA >> debug1: setgroups() failed: Operation not permitted >> debug1: rexec_argv[0]='/usr/sbin/sshd' >> debug1: rexec_argv[1]='-ddd' >> debug3: oom_adjust_setup >> Set /proc/self/oom_score_adj from 0 to -1000 >> debug2: fd 3 setting O_NONBLOCK >> debug1: Bind to port 22 on 0.0.0.0. >> Bind to port 22 on 0.0.0.0 failed: Permission denied. >> debug2: fd 3 setting O_NONBLOCK >> debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY >> debug1: Bind to port 22 on ::. >> Bind to port 22 on :: failed: Permission denied. >> Cannot bind any address. >> >> Maybe the problem is in that readout, but I'm not familiar enough with >> this output to know. >> >> My laptop which still has Ubuntu 11.04 still can successfully log into >> the computers I need to, so the problem is definitely related to the >> upgrade of my desktop to 11.10. >> >> ProblemType: Bug >> DistroRelease: Ubuntu 11.10 >> Package: ssh (not installed) >> ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4 >> Uname: Linux 3.0.0-12-generic-pae i686 >> NonfreeKernelModules: wl >> ApportVersion: 1.23-0ubuntu3 >> Architecture: i386 >> Date: Fri Oct 14 13:40:37 2011 >> InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5) >> ProcEnviron: >> PATH=(custom, no user) >> LANG=en_US.UTF-8 >> SHELL=/bin/bash >> SourcePackage: openssh >> UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago) >> >> To manage notifications about this bug go to: >> >> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions >> > > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/874518 Title: ssh with kerberos fails after upgrade to 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
