Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: ssh connection to an ldap server

from [fatima riadi] Network Security [Permanent Link]
Subject: Re: Re: ssh connection to an ldap server
Date: Fri, 18 Mar 2005 21:08:17 +0100 (CET) 
Hello,

I am using OpenSSH_3.5p1, SSH protocols 1.5/2.0,
OpenSSL 0x0090701f on a Linux Red Hat 9.0 server.

here is a debug output of a failed connection:

[root@SrvRedHat downloads]# ssh -vvv
testuser@localhost
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL
0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating
port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software
version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 151/256
debug1: bits set: 1626/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename
/root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'localhost' is known and matches the RSA
host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: bits set: 1606/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug3: start over, passed a different list
publickey,password,keyboard-interactive
debug3: preferred
publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred:
keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug2: userauth_pubkey_agent: no keys at all
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: try privkey: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: try privkey: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa
debug1: try privkey: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: next auth method to try is
keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait
for reply
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
testuser@localhost's password:
debug3: packet_send2: adding 64 (len 53 padlen 11
extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: authentications that can continue:
publickey,password,keyboard-interactive
Permission denied, please try again.

Here is a  smaple of my /var/log/messages file
content:

Mar 18 18:44:17 RedHat sshd(pam_unix)[1880]: check
pass; user unknown
Mar 18 18:44:17 RedHat sshd[1880]: pam_ldap: error
trying to bind (Server is unwilling to perform)
Mar 18 18:44:19 RedHat sshd(pam_unix)[1880]: 2 more
authentication failures; logname= uid=0 euid=0
tty=NODEVssh ruser= rhost=redhat

Would you please have any idea?


-------------------- >>>>>


Please tell the list which version of SSH and OS you
are running. Also,
provide a debug output of a failed connection (ssh
-vvv ...) if you're
using OpenSSH.


<<<<< -------------------- <<<<<

Date: Fri, 18 Mar 2005 19:29:49 +0100 (CET)

De: fatima riadi <ftmriadi@yahoo.fr>
Objet: ssh connection to ldap server
À: secureshell@securityfocus.com

Hello there,

I configured an OpenLDAP server with a Samba pdc.
I created a system account in the ldap directory
that
I named testuser.
When I entrer the testuser password to connect to my
ldap server using ssh (ssh
testuser@LDAP_server_IP_address) I get a permission
denied message.
I added the following entry to my /etc/hosts.allow
file:
   ssh : ALL : ALLOW
but the problem stil exists!

Please, do you have any idea that may help me.

Thank you in advance.


      

      
              
Découvrez nos promotions exclusives "destination de
la Tunisie, du Maroc, des Baléares et la Rép.
Dominicaine sur Yahoo! Voyages :
http://fr.travel.yahoo.com/promotions/mar14.html




        

        
                
Découvrez nos promotions exclusives "destination de la Tunisie, du Maroc, des 
Baléares et la Rép. Dominicaine sur Yahoo! Voyages :
http://fr.travel.yahoo.com/promotions/mar14.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Maximum Authentication Tries, Marc Valard
Next by Date:  netstat from ssh_prng_cmds taking too much CPU on AIX, Ronald B. Miller
Previous by Thread:  Maximum Authentication Tries, Marc Valard
Next by Thread:  RE: Re: ssh connection to an ldap server, fatima riadi
Indexes:  [Date] [Thread] [Top] [All Lists]