Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Password authentication fails: SSH secure shell to openssh server

from [Mike Friedman] Network Security [Permanent Link]
Subject: Re: Password authentication fails: SSH secure shell to openssh server
Date: Tue, 2 Aug 2005 08:28:49 -0700 (PDT) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 2 Aug 2005 at 09:31 (-0400), Andrew Muller wrote:

Problem: Can connect to OpenSSH server from openSSH client but not from SSH Secure Shell Client

I am running OpenSSH_3.8.1p1_FreeBSD_20040419 on my desktop (pc-mullera). I rely on passwords because I've never been able to figure out how to do the other authentication methods. I can ssh to the desktop from my laptop under cygwin (openSSH_4.1p1) but not from the laptop Secure Shell Client under XP (SSH Secure Schell 3.0.0) nor from a linux machine running SSH Secure Shell 3.1.2 under mandrake 9. When I fail to connect I get shut out with "no further authentication methods available" before I have even been asked for my password. I suspect an incompatibility between openSSH's keyboard-interactive method and Secure SSHs password method. 

Andrew,

Have you converted the public key on the openssh system?

The public key formats for SSH Secure Shell and openssh are different. On the host running openssh, you must run ssh-keygen to convert the public key as generated under SSH Secure Shell into openssh format (and place the result as an entry in authorized_keys2). From your log, it appears that the public key auth method is being disabled, which I assume would be the case if the public key is not recognized by openssh.

Note the following lines in your log:

debug: Ssh2AuthClient/sshauthc.c:315/ssh_authc_completion_proc: Method 'publickey' disabled. 

Mike

================================================================================ 
Here is the output of a failed attempt following
"ssh -v pc-mullera  2> sshcom.log" issued from pc-muller-17

$more sshcom.log
debug: SshAppCommon/sshappcommon.c:133/ssh_app_get_global_regex_context: Allocating global SshRegex context.
debug: SshConfig/sshconfig.c:2355/ssh2_parse_config: Unable to open /home/mullera/.ssh2/ssh2_config
debug: Connecting to pc-mullera, port 22... (SOCKS not used)
debug: Ssh2/ssh2.c:2121/main: Entering event loop.
debug: Ssh2Client/sshclient.c:1403/ssh_client_wrap: Creating transport protocol.debug: SshAuthMethodClient/sshauthmethodc.c:83/ssh_client_authentication_initialize: Added "publickey" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:83/ssh_client_authentication_initialize: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1444/ssh_client_wrap: Creating userauth protocol.
debug: client supports 2 auth methods: 'publickey,password'
debug: Ssh2Common/sshcommon.c:559/ssh_common_wrap: local ip = 130.113.124.23, local port = 33035
debug: Ssh2Common/sshcommon.c:561/ssh_common_wrap: remote ip = 130.113.139.33, remote port = 22
debug: SshConnection/sshconn.c:1930/ssh_conn_wrap: Wrapping...
debug: Remote version: SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419
debug: Major: 3 Minor: 8 Revision: 1
debug: Ssh2Transport/trcommon.c:1306/ssh_tr_input_version: Remote version has rekey incompatibility bug.
debug: Ssh2Transport/trcommon.c:1308/ssh_tr_input_version: Remote version is OpenSSH, KEX guesses disabled.
debug: Ssh2Transport/trcommon.c:1647/ssh_tr_negotiate: lang s to c: `', lang c to s: `'
debug: Ssh2Transport/trcommon.c:1712/ssh_tr_negotiate: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1715/ssh_tr_negotiate: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Remote host key found from database.
debug: Ssh2Common/sshcommon.c:317/ssh_common_special: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:367/ssh_common_special: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: server offers auth methods 'publickey,keyboard-interactive'.
debug: SshConfig/sshconfig.c:2355/ssh2_parse_config: Unable to open /home/mullera/.ssh2/identification
debug: Ssh2AuthClient/sshauthc.c:315/ssh_authc_completion_proc: Method 'publickey' disabled. <==
debug: server offers auth methods 'publickey,keyboard-interactive'.
debug: Ssh2Common/sshcommon.c:155/ssh_common_disconnect: DISCONNECT received: No further authentication methods available.
warning: Authentication failed.
debug: Ssh2/ssh2.c:130/client_disconnect: locally_generated = TRUE
Disconnected; no more authentication methods available (No further authentication methods available.).
debug: Ssh2Client/sshclient.c:1478/ssh_client_destroy: Destroying client.
debug: SshConnection/sshconn.c:1982/ssh_conn_destroy: Destroying SshConn object.debug: Ssh2Client/sshclient.c:1540/ssh_client_destroy_finalize: Destroying client completed.
debug: SshAuthMethodClient/sshauthmethodc.c:88/ssh_client_authentication_uninitialize: Destroying authentication method array.
debug: SshAppCommon/sshappcommon.c:146/ssh_app_free_global_regex_context: Freeing global SshRegex context.

Note the contrast between the lines
debug: client supports 2 auth methods: 'publickey,password'
and
debug: server offers auth methods 'publickey,keyboard-interactive'.

Thanks for any help

--
Andrew Muller, Professor of Economics, McMaster University
Hamilton, Ontario, Canada L8S 4M4
http://socserv.socsci.mcmaster.ca/mullera


_____________________________________________________________________
Mike Friedman                   System and Network Security
mikef@ack.Berkeley.EDU          2484 Shattuck Avenue
1-510-642-1410                  University of California at Berkeley
http://ack.Berkeley.EDU/~mikef  http://security.berkeley.edu
_____________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBQu+RNa0bf1iNr4mCEQLqfgCgzK0B9renpGWL2QEwWq07yryEFjcAnRYS
1WzfzExq9AavVuDpuS8ElxG5
=M0dI
-----END PGP SIGNATURE-----

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Password authentication fails: SSH secure shell to openssh server, Darren Tucker
Next by Date:  Solved: Password authentication fails: SSH secure shell to openssh server -, Andrew Muller
Previous by Thread:  Solved: Password authentication fails: SSH secure shell to openssh server -, Andrew Muller
Next by Thread:  unable to use SSH_ASKPASS, Popeanga Marian
Indexes:  [Date] [Thread] [Top] [All Lists]