Bug#428968: openssh-server: I also get failed pw auth after upgrade; logs included

To: Debian Bug Tracking System <428968@bugs.debian.org>
Subject: Bug#428968: openssh-server: I also get failed pw auth after upgrade; logs included
From: Daniel Hulme <st@istic.org>
Date: Fri, 15 Jun 2007 13:05:40 +0100
Message-id: <[🔎] 20070615120540.GA422@istic.org>
Reply-to: Daniel Hulme <st@istic.org>, 428968@bugs.debian.org

Package: openssh-server
Version: 1:4.6p1-1
Followup-For: Bug #428968

I get the same problem on my AMD64 box. I attach the logs of running
sshd -ddd and connecting thereto with ssh -vvv. Ignore the bit about
running sshd on port 23: I run it on a non-default port as an obscurity
mechanism to stop worms eating my bandwidth with futile dictionary
attacks.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (400, 'testing'), (100, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.18 (PREEMPT)
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  adduser  3.102                           Add and remove users and groups
ii  debconf  1.5.13                          Debian configuration management sy
ii  dpkg     1.14.4                          package maintenance system for Deb
ii  libc6    2.5-11                          GNU C Library: Shared libraries
ii  libcomer 1.39+1.40-WIP-2007.04.07+dfsg-2 common error description library
ii  libkrb53 1.6.dfsg.1-4                    MIT Kerberos runtime libraries
ii  libpam-m 0.79-4                          Pluggable Authentication Modules f
ii  libpam-r 0.79-4                          Runtime support for the PAM librar
ii  libpam0g 0.79-4                          Pluggable Authentication Modules l
ii  libselin 2.0.15-2                        SELinux shared libraries
ii  libssl0. 0.9.8e-5                        SSL shared libraries
ii  libwrap0 7.6.dbs-13                      Wietse Venema's TCP wrappers libra
ii  lsb-base 3.1-23.1                        Linux Standard Base 3.1 init scrip
ii  openssh- 1:4.6p1-1                       secure shell client, an rlogin/rsh
ii  zlib1g   1:1.2.3-15                      compression library - runtime

openssh-server recommends no packages.

-- debconf information:
  ssh/insecure_rshd:
  ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/encrypted_host_key_but_no_keygen:
  ssh/disable_cr_auth: false

-- 
"After all, one can't complain.  I have my friends. Somebody spoke to me
only  yesterday.  And was it  last week or  the week before  that Rabbit
bumped into  me and said  'Bother!'  The Social Round.  Always something
going on."  -- A. A. Milne, 'Winnie-the-Pooh'  http://surreal.istic.org/

OpenSSH_4.6p1 Debian-1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 23.
debug1: Connection established.
debug1: identity file /home/z1/.ssh/identity type -1
debug1: identity file /home/z1/.ssh/id_rsa type -1
debug1: identity file /home/z1/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6p1 Debian-1
debug1: match: OpenSSH_4.6p1 Debian-1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-1
debug2: fd 6 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 117/256
debug2: bits set: 517/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: put_host_port: [127.0.0.1]:23
debug3: put_host_port: [localhost]:23
debug3: check_host_in_hostfile: filename /home/z1/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug1: checking without port identifier
debug3: check_host_in_hostfile: filename /home/z1/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 7
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/z1/.ssh/known_hosts:7
debug1: found matching key w/out port
debug2: bits set: 521/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/z1/.ssh/identity ((nil))
debug2: key: /home/z1/.ssh/id_rsa ((nil))
debug2: key: /home/z1/.ssh/id_dsa (0x5555557b81d0)
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/z1/.ssh/identity
debug3: no such identity: /home/z1/.ssh/identity
debug1: Trying private key: /home/z1/.ssh/id_rsa
debug3: no such identity: /home/z1/.ssh/id_rsa
debug1: Offering public key: /home/z1/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 629
debug2: parse_server_config: config /etc/ssh/sshd_config len 629
debug3: /etc/ssh/sshd_config:5 setting Port 23
debug3: /etc/ssh/sshd_config:9 setting Protocol 2
debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
debug3: /etc/ssh/sshd_config:14 setting UsePrivilegeSeparation yes
debug3: /etc/ssh/sshd_config:17 setting KeyRegenerationInterval 3600
debug3: /etc/ssh/sshd_config:18 setting ServerKeyBits 768
debug3: /etc/ssh/sshd_config:21 setting SyslogFacility AUTH
debug3: /etc/ssh/sshd_config:22 setting LogLevel INFO
debug3: /etc/ssh/sshd_config:25 setting LoginGraceTime 600
debug3: /etc/ssh/sshd_config:26 setting PermitRootLogin yes
debug3: /etc/ssh/sshd_config:27 setting StrictModes yes
debug3: /etc/ssh/sshd_config:29 setting RSAAuthentication yes
debug3: /etc/ssh/sshd_config:30 setting PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:34 setting IgnoreRhosts yes
debug3: /etc/ssh/sshd_config:35 setting PermitUserEnvironment yes
debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
debug3: /etc/ssh/sshd_config:50 setting PasswordAuthentication no
debug3: /etc/ssh/sshd_config:62 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:63 setting X11DisplayOffset 10
debug3: /etc/ssh/sshd_config:64 setting PrintMotd no
debug3: /etc/ssh/sshd_config:65 setting PrintLastLog yes
debug3: /etc/ssh/sshd_config:66 setting KeepAlive yes
debug3: /etc/ssh/sshd_config:72 setting Subsystem sftp /usr/lib/openssh/sftp-server
debug3: /etc/ssh/sshd_config:74 setting UsePAM yes
debug1: sshd version OpenSSH_4.6p1 Debian-1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 23 on 0.0.0.0.
Server listening on 0.0.0.0 port 23.
socket: Address family not supported by protocol
debug3: fd 4 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 629
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 52073
debug1: Client protocol version 2.0; client software version OpenSSH_4.6p1 Debian-1
debug1: match: OpenSSH_4.6p1 Debian-1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-1
debug2: fd 3 setting O_NONBLOCK
debug3: privsep user:group 102:65534
debug1: permanently_set_uid: 102/65534
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug2: Network child is on pid 321
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 1024 8192
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 118/256
debug2: bits set: 521/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 517/1024
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 5
debug3: monitor_read: checking request 5
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x5555557cdce0(143)
debug3: mm_request_send entering: type 6
debug2: monitor_read: 5 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive_expect entering: type 6
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user z1 service ssh-connection method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 7
debug3: monitor_read: checking request 7
debug3: mm_answer_pwnamallow
debug3: Trying to reverse map address 127.0.0.1.
debug2: parse_server_config: config reprocess config len 629
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 8
debug2: monitor_read: 7 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 8
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for z1
debug3: mm_start_pam entering
debug3: mm_request_send entering: type 48
debug3: monitor_read: checking request 48
debug1: PAM: initializing for "z1"
debug1: PAM: setting PAM_RHOST to "localhost.localdomain"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 48 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=, role=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug2: input_userauth_request: try method none
debug1: userauth-request for user z1 service ssh-connection method publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 21
debug3: monitor_read: checking request 21
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x5555557d1280
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/z1/.ssh/authorized_keys
debug3: secure_filename: checking '/home/z1/.ssh'
debug3: secure_filename: checking '/home/z1'
debug3: secure_filename: terminating check at '/home/z1'
debug1: restore_uid: 0/0
debug2: key not found
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/z1/.ssh/authorized_keys2
debug1: restore_uid: 0/0
Failed publickey for z1 from 127.0.0.1 port 52073 ssh2
debug3: mm_answer_keyallowed: key 0x5555557d1280 is disallowed
debug3: mm_request_send entering: type 22
debug3: mm_request_receive entering
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 22
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss
Connection closed by 127.0.0.1
debug1: do_cleanup
debug1: do_cleanup

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Bug#428968: openssh-server: password based authentication not working following upgrade
Next by Date: Bug#428968: openssh-server: password based authentication not working following upgrade
Previous by thread: Bug#428968: marked as done (openssh-server: password based authentication not working following upgrade)
Next by thread: Bug#429243: passwords stopped working, SSH stopped logging failures!
Index(es):
- Date
- Thread