Date: Fri, 26 Sep 2003 13:59:55 -0500 (CDT) From: "Jon Noack" <noackjr@alumni.rice.edu> To: freebsd-questions@freebsd.org Cc: des@des.no Subject: Re: can't connect after update to openssh-portable 3.6.1p2-5 [RESOLVED with update to 3.7.1p2] Message-ID: <10076.64.1.99.131.1064602795.squirrel@www.noacks.org> In-Reply-To: <3F73DC5E.2000701@alumni.rice.edu> References: <3F73DC5E.2000701@alumni.rice.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
This was resolved with the update to 3.7.1p2. Jon Noack Jon Noack wrote: > On 4.8-RELEASE-p10 machines I can't connect after updating to > openssh-portable 3.6.1p2-5. Updating steps: > > 1) cvsup > 2) portupgrade -ar > 3) /usr/local/bin/rc.d/sshd.sh stop > 4) /usr/local/bin/rc.d/sshd.sh start > > This worked fine on 5.1-RELEASE-p8 machines and has worked for several > years now (since 4.4 days, I think). There was nothing in the CVS > commit description that said I needed to recompile anything else. > > I do not have access to the machines right now (I was updating all the > machines at once over SSH (I tested on a 5.1-RELEASE-p8 machine so I > thought I was OK -- I'll test on every version in the future) -- steps = 3 > and 4 are done with a shell script that doesn't result in termination o= f > the current connection), but the output when trying to connect (scrubbe= d > of identifying info) is below and the current sshd_config is at the > bottom: > > ********************** debug output *********************** > $ ssh -vvv my.server.example.com > debug1: Reading configuration data /usr/local/etc/ssh/ssh_config > debug1: Rhosts Authentication disabled, originating port will not be > trusted. > debug2: ssh_connect: needpriv 0 > debug1: Connecting to my.server.example.com [xxx.xxx.xxx.xxx] port 22. > debug1: Connection established. > debug1: identity file /home/username/.ssh/identity type -1 > debug1: identity file /home/username/.ssh/id_rsa type -1 > debug1: identity file /home/username/.ssh/id_dsa type -1 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_3.6.1p2 > debug1: match: OpenSSH_3.6.1p2 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-= cbc,rijndael-cbc@lysator.liu.se > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-= cbc,rijndael-cbc@lysator.liu.se > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-= 96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-= 96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-= cbc,rijndael-cbc@lysator.liu.se > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-= cbc,rijndael-cbc@lysator.liu.se > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-= 96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-= 96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 131/256 > debug2: bits set: 1577/3191 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: check_host_in_hostfile: filename /home/username/.ssh/known_host= s2 > debug3: check_host_in_hostfile: filename > /usr/local/etc/ssh/ssh_known_hosts2 > debug3: check_host_in_hostfile: filename /home/username/.ssh/known_host= s2 > debug3: check_host_in_hostfile: filename > /usr/local/etc/ssh/ssh_known_hosts2 > debug3: check_host_in_hostfile: filename /home/username/.ssh/known_host= s > debug3: check_host_in_hostfile: match line 9 > debug3: check_host_in_hostfile: filename /home/username/.ssh/known_host= s > debug3: check_host_in_hostfile: match line 9 > debug1: Host 'my.server.example.com' is known and matches the RSA host > key. > debug1: Found key in /home/username/.ssh/known_hosts:9 > debug2: bits set: 1590/3191 > debug1: ssh_rsa_verify: signature correct > debug2: kex_derive_keys > debug2: set_newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug2: set_newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug2: service_accept: ssh-userauth > debug1: SSH2_MSG_SERVICE_ACCEPT received > Connection closed by xxx.xxx.xxx.xxx > debug1: Calling cleanup 0x8061dc0(0x0) > ******************** end debug output ********************* > > *********************** sshd_config *********************** > Port 22 > Protocol 2 > > HostKey /usr/local/etc/ssh/ssh_host_rsa_key > > #PasswordAuthentication no > PermitRootLogin no > ChallengeResponseAuthentication no > PAMAuthenticationViaKbdInt no > UsePrivilegeSeparation yes > > Subsystem sftp /usr/local/libexec/sftp-server > ******************** end sshd_config ********************** > > Thanks for any help and/or suggestions, > Jon Noack > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?10076.64.1.99.131.1064602795.squirrel>