Date: Sun, 10 Jun 2001 21:35:00 +0200 (Romance Daylight Time) From: Ivan Eriksen <Ivan.Eriksen@uni-c.dk> To: <stable@freebsd.org> Subject: PAM and OpenSSH in 4.3-20010906-STABLE Message-ID: <Pine.WNT.4.33.0106102105450.872-100000@IVAN-E>
next in thread | raw e-mail | index | archive | help
Greetings, I'm pretty new to this -stable business, so maybe my problem is due to my inexperience, but here goes: I have two freshly installed stable boxes - both installed from a snap-server. One box from 20010604 [1] and one from 20010609 [2]. The last one won't let me use rsa or dsa keys to log in via slogin. Password authentication works. [1] works fine with both key- and password auth.. I cant really see the difference between these boxes, but nevertheless on [2] I get: sshd[27906]: fatal: PAM setcred failed[6]: Permission denied Below is a dump from sshd in debug mode.. Any ideas? Otherwise I hope the problem will go away by itself :-) / IE debug1: sshd version OpenSSH_2.3.0 green@FreeBSD.org 20010321 debug1: read DSA private key done debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from <remote host> port 723 Connection from <remote host ip> port 723 debug1: Client protocol version 2.0; client software version OpenSSH_2.5.1p1 debug1: no match: OpenSSH_2.5.1p1 Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_2.3.0 green@FreeBSD.org 20010321 debug1: send KEXINIT debug1: done debug1: wait KEXINIT debug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug1: got kexinit: ssh-rsa,ssh-dss debug1: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se debug1: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se debug1: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug1: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug1: got kexinit: none debug1: got kexinit: none debug1: got kexinit: debug1: got kexinit: debug1: first kex follow: 0 debug1: reserved: 0 debug1: done debug1: kex: client->server 3des-cbc hmac-sha1 none debug1: kex: server->client 3des-cbc hmac-sha1 none debug1: Wait SSH2_MSG_KEX_DH_GEX_REQUEST. debug1: bits set: 1039/2049 debug1: Sending SSH2_MSG_KEX_DH_GEX_GROUP. debug1: Wait SSH2_MSG_KEX_DH_GEX_INIT. debug1: bits set: 1049/2049 debug1: sig size 20 20 debug1: send SSH2_MSG_NEWKEYS. debug1: done: send SSH2_MSG_NEWKEYS. debug1: Wait SSH2_MSG_NEWKEYS. debug1: GOT SSH2_MSG_NEWKEYS. debug1: done: KEX2. debug1: userauth-request for user <user> service ssh-connection method none debug1: attempt #1 debug1: Starting up PAM with username "<user>" Failed none for <user> from <remote host ip> port 723 ssh2 debug1: userauth-request for user <user> service ssh-connection method publickey debug1: attempt #2 debug1: matching key found: file /home/<user>/.ssh/authorized_keys2, line 1 debug1: len 55 datafellows 0 debug1: dsa_verify: signature correct debug1: PAM setting rhost to "<remote host>" Accepted publickey for <user> from <remote host ip> port 723 ssh2 debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 32768 max 16384 debug1: open session debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: confirm session debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 channel 0 request pty-req reply 0 debug1: session_pty_req: session 0 alloc /dev/ttyp3 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 channel 0 request x11-req reply 0 debug1: Received request for X11 forwarding with auth spoofing. debug1: bind port 6010: Address already in use debug1: fd 8 setting O_NONBLOCK debug1: fd 8 IS O_NONBLOCK debug1: channel 1: new [X11 inet listener] debug1: fd 9 setting O_NONBLOCK debug1: fd 9 IS O_NONBLOCK debug1: channel 2: new [X11 inet listener] debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 channel 0 request shell reply 0 debug1: PAM setting tty to "/dev/ttyp3" debug1: do_pam_session: euid 0, uid 0 debug1: PAM establishing creds fatal: PAM setcred failed[6]: Permission denied debug1: Calling cleanup 0x8054fa4(0x807c880) debug1: xauthfile_cleanup_proc called debug1: Calling cleanup 0x8055018(0x807c880) debug1: pty_cleanup_proc: /dev/ttyp3 debug1: Calling cleanup 0x8066bf8(0x0) debug1: channel_free: channel 1: status: The following connections are open: #0 server-session (t10 r0 i1/0 o16/0 fd -1/-1) debug1: channel_free: channel 2: status: The following connections are open: #0 server-session (t10 r0 i1/0 o16/0 fd -1/-1) debug1: Calling cleanup 0x8058bf4(0x0) debug1: Cannot delete credentials[6]: Permission denied debug1: Calling cleanup 0x805f418(0x0) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.WNT.4.33.0106102105450.872-100000>