This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: W2K and sshd, ssh - asks for password


>> Brian Keener wrote:
>>> I checked the archives and I think from what I read there that I
>>> now understand that in order to run sshd on a W2k system you must
>>> also be using NTFS and ntsec.   If that is not correct - I would
>>> appreciate a clarification.

> Corinna Vinschen wrote:
>> Whatever, this isn't appropriate for cygwin-apps.

Brian Keener wrote:
> Sheesh - Thanks for all you help. I am deeply touched and overwhelmed.
>
> You know I started to post this again in the cygwin list but since
> you are the one that can probably help and from whom the explanation
> I am seeking will probably come and the one that will offer debugging
> to solve this problem (if it is a problem) and I had already gotten
> your response - I say what is the use.  What is the point.  I don't
> know why I bothered.  Whatever.

Why the lousy attitude?
1. Corinna was entirely justified - your question has no place on cygwin-apps -
therefore I am replying cc the main cygwin list. There are multiple lists for a
reason - if people just post anywhere and are not discouraged, then there might
as well just be one list - maybe cygwin-chaos@cygwin.com ? :-)
2. The Red Hat people on the lists are usually very busy. Be kind to them.
3. Just because Corinna may be the person you think is most qualified to help
you, don't assume that no one else can. Now, I had a similar problem, which I
had been putting off investigating. Your first request reminded me, and I've now
solved mine.

To help you find your problem, I need the _server_ triple-verbose debugging
output:

The server needs to run under the SYSTEM account, so you will need to get a
shell running under this account: As an administrator, run 'at hh:mm
/interactive C:\cygwin\cygwin.bat', where hh:mm is current time +1m. Once the
minute rolls over, you will have a bash shell running as SYSTEM. Now run
'/usr/sbin/sshd -ddde >sshd-log 2>&1'. Now, in a separate shell (not as SYSTEM),
try to log in - 'ssh myuser@localhost' As soon as you get the password prompt,
Ctrl-C. The sshd will exit as it is running in debug mode. Send sshd-log to
cygwin@cygwin.com in the body of an email.

Your original email follows, for context, and a couple of comments from me.

Brian Keener wrote:
> I checked the archives and I think from what I read there that I now
> understand that in order to run sshd on a W2k system you must also be
> using NTFS and ntsec.   If that is not correct - I would appreciate a
> clarification.

ntsec, definitely. I can see no reason why it wouldn't work on FAT, but I
haven't tried it personally.

> I tried to configure sshd and ssh on my W2K system and I used the
> ssh-host-config and ssh-user-config scripts to set it up.  Sshd does
> seem to be starting as a daemon but when try to test using just
> against my Win2k machine it still asks me for password.  The first
> time I ran it I was told it was not a known hosts and would be added
> and this seemed to work and then I moved the known_hosts file to
> /etc/ssh_known_hosts.  It still works but contiunues to ask for my
> password.  As you can see in the following debug - I did an ssh to
> FPC_ATL_BKNB (my Win2k machine) with 3 -v for the most detail.  At
> the beginning you can see it does not seem to like the key with the
> BEGIN and END in it.  Maybe someone who is better at reading this
> than me can tell for sure but later it seems to be exchanging the
> keys but then still asks for the password.  Is this normal or as I
> said above is this because my machine is not using ntsec and NTFS.

ntsec is _required_ for publickey auth to work. NTFS is almost certainly not.

No more replies below here,

Max.


> By the way it does say I am logged in - once I supply the password.
>
> bk
>
> /Etc
> $ ssh -v -v -v FPC_ATL_BKNB
> OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090604f
> debug1: Reading configuration data /etc/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted. debug1: ssh_connect: needpriv 0
> debug1: Connecting to FPC_ATL_BKNB [192.168.60.13] port 22.
> debug1: Connection established.
> debug1: identity file /usr/local/briank/.ssh/identity type 0
> debug3: Not a RSA1 key file /usr/local/briank/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: no key found
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: no key found
> debug1: identity file /usr/local/briank/.ssh/id_rsa type 1
> debug3: Not a RSA1 key file /usr/local/briank/.ssh/id_dsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: no key found
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug3: key_read: no space
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: no key found
> debug1: identity file /usr/local/briank/.ssh/id_dsa type 2
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH*
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.4p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-gro
> up1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
> aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
> aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-gro
> up1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
> aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
> aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 126/256
> debug1: bits set: 1634/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename
> /usr/local/briank/.ssh/known_hosts debug3: check_host_in_hostfile:
> filename /etc/ssh_known_hosts debug3: check_host_in_hostfile: match
> line 1 debug3: check_host_in_hostfile: filename
> /usr/local/briank/.ssh/known_hosts debug3: check_host_in_hostfile:
> filename /etc/ssh_known_hosts debug3: check_host_in_hostfile: match
> line 1 debug1: Host 'fpc_atl_bknb' is known and matches the RSA host
> key. debug1: Found key in /etc/ssh_known_hosts:1
> debug1: bits set: 1552/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue:
> publickey,password,keyboard-interacti
> ve
> debug3: start over, passed a different list
> publickey,password,keyboard-interact
> ive
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: next auth method to try is publickey
> debug1: try pubkey: /usr/local/briank/.ssh/id_rsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey
> 0x100b4820 hint 1 debug2: input_userauth_pk_ok: fp
> 2c:8c:83:68:8c:34:49:37:b3:ad:dc:78:9a:01:b7:12
>
> debug3: sign_and_send_pubkey
> debug1: read PEM private key done: type RSA
> debug1: authentications that can continue:
> publickey,password,keyboard-interacti
> ve
> debug1: try pubkey: /usr/local/briank/.ssh/id_dsa
> debug3: send_pubkey_test
> debug2: we sent a publickey packet, wait for reply
> debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey
> 0x100b4838 hint 2 debug2: input_userauth_pk_ok: fp
> cc:38:29:e0:da:45:65:e9:aa:f0:6e:6a:b4:db:f6:90
>
> debug3: sign_and_send_pubkey
> debug1: read PEM private key done: type DSA
> debug1: authentications that can continue:
> publickey,password,keyboard-interacti
> ve
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: next auth method to try is keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug1: authentications that can continue:
> publickey,password,keyboard-interacti
> ve
> debug3: userauth_kbdint: disable: no info_req_seen
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred:
> debug3: authmethod_is_enabled password
> debug1: next auth method to try is password
> briank@fpc_atl_bknb's password:


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]