Discussion:
'ssh as a user' problem
S. Anthony Sequeira
2003-07-29 13:39:00 UTC
Permalink
This thread continuing.

http://archives.linuxfromscratch.org/mail-archives/blfs-support/2002-June/024359.html

I have hit the same problem.

$ ssh quasar
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).

It does not stop and ask for a password.

I found this thread

http://lists.freebsd.org/pipermail/freebsd-questions/2003-June/008608.html

but when I apply this patch, the password is visible on entry, and I do
not believe that it is the 'Right' solution.

I believe this is due to some permission problem. I can ssh as root
fine. Tracking down where the problem lies is more difficult for me.
My previous Pure LFS installation does not have this problem. It's not
a version problem as OpenSSH_3.6.1p1 exhibits the same problem. It's
something I have omitted to do, but I'm now lost.

Here is part of a successful (root) ssh log:

debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: fd 6 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: ssh_session2_setup: id 0
debug1: channel 0: request pty-req
debug3: tty_make_modes: ospeed 9600
debug3: tty_make_modes: ispeed 9600

And here is the equivalent unsuccessful one:

debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/sherwin/.ssh/identity
debug3: no such identity: /home/sherwin/.ssh/identity
debug1: Trying private key: /home/sherwin/.ssh/id_rsa
debug3: no such identity: /home/sherwin/.ssh/id_rsa
debug1: Trying private key: /home/sherwin/.ssh/id_dsa
debug3: no such identity: /home/sherwin/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
Permission denied, please try again.
debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
Permission denied, please try again.
debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
debug1: Calling cleanup 0x8064c70(0x0)

Any ideas?

Thanks

BTW the news server is down (the old 'throttling' problem), and
attempting to subscribe vi email also fails:

This is the Postfix program at host belgarath.linuxfromscratch.org.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the message returned below.

The Postfix program

<listar at linuxfromscratch.org>: can't create user output file. Command
output:
procmail: Unable to treat as directory "/home/listar/Maildir"
procmail:
Couldn't create "/home/listar/Maildir"


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 24/07/2003
Guenter Hopf
2003-07-29 14:00:07 UTC
Permalink
hi,

i've got exactly the same problem here. i got three machines, that have
openSSH set up in exaclty the same way (same version, configure options,
config file and PAM control file), it works on one machine, on the other
two, it does not.
pubkey authentication works on all the machines, however.

the only real difference between the machines is that the one which
works as expected is the NIS server, while the other two are NIS
clients.

so i guess it might have sth to do with NIS, but i didn't find a
solution either (and as pubkey auth works, i havent been looking very
hard).

cheers,
guenter
Post by S. Anthony Sequeira
This thread continuing.
http://archives.linuxfromscratch.org/mail-archives/blfs-support/2002-June/024359.html
I have hit the same problem.
$ ssh quasar
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).
It does not stop and ask for a password.
I found this thread
http://lists.freebsd.org/pipermail/freebsd-questions/2003-June/008608.html
but when I apply this patch, the password is visible on entry, and I do
not believe that it is the 'Right' solution.
I believe this is due to some permission problem. I can ssh as root
fine. Tracking down where the problem lies is more difficult for me.
My previous Pure LFS installation does not have this problem. It's not
a version problem as OpenSSH_3.6.1p1 exhibits the same problem. It's
something I have omitted to do, but I'm now lost.
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: fd 6 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: ssh_session2_setup: id 0
debug1: channel 0: request pty-req
debug3: tty_make_modes: ospeed 9600
debug3: tty_make_modes: ispeed 9600
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/sherwin/.ssh/identity
debug3: no such identity: /home/sherwin/.ssh/identity
debug1: Trying private key: /home/sherwin/.ssh/id_rsa
debug3: no such identity: /home/sherwin/.ssh/id_rsa
debug1: Trying private key: /home/sherwin/.ssh/id_dsa
debug3: no such identity: /home/sherwin/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
debug2: we sent a password packet, wait for reply
publickey,password,keyboard-interactive
Permission denied, please try again.
debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
debug2: we sent a password packet, wait for reply
publickey,password,keyboard-interactive
Permission denied, please try again.
debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
debug2: we sent a password packet, wait for reply
publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
debug1: Calling cleanup 0x8064c70(0x0)
Any ideas?
Thanks
BTW the news server is down (the old 'throttling' problem), and
This is the Postfix program at host belgarath.linuxfromscratch.org.
I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can
delete your own text from the message returned below.
The Postfix program
<listar at linuxfromscratch.org>: can't create user output file. Command
procmail: Unable to treat as directory "/home/listar/Maildir"
Couldn't create "/home/listar/Maildir"
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 24/07/2003
--
Kiss that frog, and you will get your prince... 8)

ICQ # 33638817 --- jabber: qe1 at home.qe1.org
e-mail: qe1 at qe1.org --- http://www.qe1.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxfromscratch.org/pipermail/blfs-support/attachments/20030729/16d6e15c/attachment.sig>
Douglas J Hunley
2003-07-29 16:40:45 UTC
Permalink
Post by Guenter Hopf
hi,
i've got exactly the same problem here. i got three machines, that have
openSSH set up in exaclty the same way (same version, configure options,
config file and PAM control file), it works on one machine, on the other
two, it does not.
pubkey authentication works on all the machines, however.
the only real difference between the machines is that the one which
works as expected is the NIS server, while the other two are NIS
clients.
so i guess it might have sth to do with NIS, but i didn't find a
solution either (and as pubkey auth works, i havent been looking very
hard).
I had similar issues with ssh once, and it turned out to be the permissions on
/dev/tty (it should have been chmod 666). can you guys check this?
- --
Douglas J Hunley (doug at hunley.homeip.net) - Linux User #174778
http://doug.hunley.homeip.net && http://www.linux-sxs.org

Alliance, n.: In international politics, the union of two thieves who have
their hands so deeply inserted in each other's pocket that they cannot
separately plunder a third. -- Ambrose Bierce, "The Devil's Dictionary"
S. Anthony Sequeira
2003-07-29 17:00:49 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Guenter Hopf
hi,
i've got exactly the same problem here. i got three machines, that
have openSSH set up in exaclty the same way (same version, configure
options, config file and PAM control file), it works on one machine,
on the other two, it does not.
pubkey authentication works on all the machines, however.
the only real difference between the machines is that the one which
works as expected is the NIS server, while the other two are NIS
clients.
so i guess it might have sth to do with NIS, but i didn't find a
solution either (and as pubkey auth works, i havent been looking very
hard).
I had similar issues with ssh once, and it turned out to be the
permissions on /dev/tty (it should have been chmod 666). can you guys
check this?
Nope, doesn't change a thing. The funny thing is that the machine
being ssh'ed to gets invalid password entries. Weird.

Jul 29 14:16:20 quasar sshd[31864]: Failed password for sherwin from
192.168.0.5 port 32770 ssh2

BTW, I'm now subscribed, so please don't cc me.

Cheers.


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 24/07/2003
Guenter Hopf
2003-07-29 19:52:31 UTC
Permalink
you have NIS on that machine? i did a test and added a user to the local
passwd / shadow file. ssh worked for this user, so on my side it's
definitely a NIS issue...

cheers,
guenter
Post by S. Anthony Sequeira
Nope, doesn't change a thing. The funny thing is that the machine
being ssh'ed to gets invalid password entries. Weird.
Jul 29 14:16:20 quasar sshd[31864]: Failed password for sherwin from
192.168.0.5 port 32770 ssh2
BTW, I'm now subscribed, so please don't cc me.
Cheers.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 24/07/2003
--
Kiss that frog, and you will get your prince... 8)

ICQ # 33638817 --- jabber: qe1 at home.qe1.org
e-mail: qe1 at qe1.org --- http://www.qe1.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxfromscratch.org/pipermail/blfs-support/attachments/20030729/07fdf40c/attachment.sig>
S. Anthony Sequeira
2003-07-29 21:05:25 UTC
Permalink
No NIS at all.

Guenter Hopf wrote:

you have NIS on that machine? i did a test and added a user to the
local
passwd / shadow file. ssh worked for this user, so on my side it's
definitely a NIS issue...

cheers,
guenter
Post by S. Anthony Sequeira
Nope, doesn't change a thing. The funny thing is that the machine
being ssh'ed to gets invalid password entries. Weird.
Jul 29 14:16:20 quasar sshd[31864]: Failed password for sherwin from
192.168.0.5 port 32770 ssh2
BTW, I'm now subscribed, so please don't cc me.
Cheers.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 24/07/2003
Jeroen Coumans
2003-07-29 14:07:40 UTC
Permalink
Post by S. Anthony Sequeira
<listar at linuxfromscratch.org>: can't create user output file. Command
listar has been put to rest:
http://test.linuxfromscratch.org/lfs/news.html#mail_change
and also see the updated mail page:
http://test.linuxfromscratch.org/mail.html
--
Jeroen Coumans,
FAQ maintainer
http://test.linuxfromscratch.org/faq
Thomas de Roo
2003-07-29 22:53:14 UTC
Permalink
Post by S. Anthony Sequeira
This thread continuing.
http://archives.linuxfromscratch.org/mail-archives/blfs-support/2002-June/0
24359.html
I have hit the same problem.
<snip>

Hello,

Maybe not encouraging, but when I reported this problem last year, I couldn't
find a solution, until I got so fed up with it, I just removed everything
related to ssh, and re-installed it. Somehow the problem was gone...

I hope you find a 'nicer' solution (i.e. really fix it), because this did not
satisfy me at all.

HTH,
Thomas
S. Anthony Sequeira
2003-07-29 23:09:42 UTC
Permalink
Post by Thomas de Roo
Post by S. Anthony Sequeira
This thread continuing.
http://archives.linuxfromscratch.org/mail-archives/blfs-support/2002-June/0
Post by Thomas de Roo
Post by S. Anthony Sequeira
24359.html
I have hit the same problem.
<snip>
Hello,
Maybe not encouraging, but when I reported this problem last year, I
couldn't find a solution, until I got so fed up with it, I just
removed everything related to ssh, and re-installed it. Somehow the
problem was gone...
I hope you find a 'nicer' solution (i.e. really fix it), because this
did not satisfy me at all.
HTH,
Thomas
Relating to? How? All dependencies I presume, which is openssl IIRC.
I'll have a go. It's a weirdo OK.


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 25/07/2003
Continue reading on narkive:
Loading...