'ssh as a user' problem

Guenter Hopf qe1 at qe1.org
Tue Jul 29 07:00:07 PDT 2003


hi,

i've got exactly the same problem here. i got three machines, that have
openSSH set up in exaclty the same way (same version, configure options,
config file and PAM control file), it works on one machine, on the other
two, it does not. 
pubkey authentication works on all the machines, however. 

the only real difference between the machines is that the one which
works as expected is the NIS server, while the other two are NIS
clients.

so i guess it might have sth to do with NIS, but i didn't find a
solution either (and as pubkey auth works, i havent been looking very
hard).

cheers,
guenter

On Tue, 2003-07-29 at 15:39, S. Anthony Sequeira wrote:
> This thread continuing.
> 
> http://archives.linuxfromscratch.org/mail-archives/blfs-support/2002-June/024359.html
> 
> I have hit the same problem.
> 
> $ ssh quasar
> Permission denied, please try again.
> Permission denied, please try again.
> Permission denied (publickey,password,keyboard-interactive).
> 
> It does not stop and ask for a password.
> 
> I found this thread
> 
> http://lists.freebsd.org/pipermail/freebsd-questions/2003-June/008608.html
> 
> but when I apply this patch, the password is visible on entry, and I do
> not believe that it is the 'Right' solution.
> 
> I believe this is due to some permission problem.  I can ssh as root
> fine.  Tracking down where the problem lies is more difficult for me.
> My previous Pure LFS installation does not have this problem.  It's not
> a version problem as OpenSSH_3.6.1p1 exhibits the same problem.  It's
> something I have omitted to do, but I'm now lost.
> 
> Here is part of a successful (root) ssh log:
> 
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /root/.ssh/identity
> debug3: no such identity: /root/.ssh/identity
> debug1: Trying private key: /root/.ssh/id_rsa
> debug3: no such identity: /root/.ssh/id_rsa
> debug1: Trying private key: /root/.ssh/id_dsa
> debug3: no such identity: /root/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug3: userauth_kbdint: disable: no info_req_seen
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred:
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
> debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
> debug2: we sent a password packet, wait for reply
> debug1: Authentication succeeded (password).
> debug1: fd 6 setting O_NONBLOCK
> debug1: channel 0: new [client-session]
> debug3: ssh_session2_open: channel_new: 0
> debug2: channel 0: send open
> debug1: Entering interactive session.
> debug2: callback start
> debug2: ssh_session2_setup: id 0
> debug1: channel 0: request pty-req
> debug3: tty_make_modes: ospeed 9600
> debug3: tty_make_modes: ispeed 9600
> 
> And here is the equivalent unsuccessful one:
> 
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/sherwin/.ssh/identity
> debug3: no such identity: /home/sherwin/.ssh/identity
> debug1: Trying private key: /home/sherwin/.ssh/id_rsa
> debug3: no such identity: /home/sherwin/.ssh/id_rsa
> debug1: Trying private key: /home/sherwin/.ssh/id_dsa
> debug3: no such identity: /home/sherwin/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug3: userauth_kbdint: disable: no info_req_seen
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred:
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
> debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> Permission denied, please try again.
> debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> Permission denied, please try again.
> debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue:
> publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug1: No more authentication methods to try.
> Permission denied (publickey,password,keyboard-interactive).
> debug1: Calling cleanup 0x8064c70(0x0)
> 
> Any ideas?
> 
> Thanks
> 
> BTW the news server is down (the old 'throttling' problem), and
> attempting to subscribe vi email also fails:
> 
> This is the Postfix program at host belgarath.linuxfromscratch.org.
> 
> I'm sorry to have to inform you that the message returned
> below could not be delivered to one or more destinations.
> 
> For further assistance, please send mail to <postmaster>
> 
> If you do so, please include this problem report. You can
> delete your own text from the message returned below.
> 
> The Postfix program
> 
> <listar at linuxfromscratch.org>: can't create user output file. Command
> output:
>     procmail: Unable to treat as directory "/home/listar/Maildir"
> procmail:
>     Couldn't create "/home/listar/Maildir"
> 
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.504 / Virus Database: 302 - Release Date: 24/07/2003
-- 
Kiss that frog, and you will get your prince... 8)

ICQ # 33638817           ---   jabber: qe1 at home.qe1.org
e-mail: qe1 at qe1.org      ---         http://www.qe1.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxfromscratch.org/pipermail/blfs-support/attachments/20030729/16d6e15c/attachment.sig>


More information about the blfs-support mailing list