Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Odd key problem

from [Keith Edmunds] Network Security [Permanent Link]
Subject: Odd key problem
Date: Wed, 25 Oct 2006 16:10:55 +0100 
I have what (to me at least) is a very odd ssh key problem.

There are three systems, systemA, systemB and systemC. Two users each
have an account on all three. Systems B and C both enforce the use of
ssh keys (PasswordAuthentication and ChallengeResponseAuthentication
both set to 'no').


From SystemA, both users can "ssh -A systemB" and are logged in

successfully via keys.

Having logged into SystemB from SystemA as shown above, one user can
"ssh -A systemC" and log in successfully; the other user, with the same
command, gets "Permission denied (publickey)".


From SystemA, both users can "ssh -A systemC" and are logged in

successfully via keys.

I cannot understand why the second user cannot login SystemA - SystemB -
SystemC while the other user can.

I have set the loglevel to DEBUG3 on systemC. The first two lines of the
successful login are:

debug1: Forked child 5971.
Connection from a.b.c.c port 49710

whereas the first two lines of the unsuccessful login are in the
opposite order:

Connection from a.b.c.c port 49711
debug1: Forked child 5980.

Other than that, and the PIDs used, the two logs continue identically:

debug1: Client protocol version 2.0; client software version
OpenSSH_3.8.1p1 Debian-8.sarge.4
debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4
debug2: Network child is on pid 5981
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 1024 8192
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x809d838(143)
debug3: mm_request_send entering: type 5
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug3: auth_shadow_acctexpired: today 13446 sp_expire -1 days left -13447
debug3: account expiration disabled
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering

The next (and last) line of the failing login is:

debug1: do_cleanup

The successful login has many more lines; the next couple are:

debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering

Can anyone shed any light as to why one user cannot login to SystemC via
SystemB? Or even offer any avenues to explore?

Thanks,
Keith
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Odd timestampts in /var/log/messages from sshd, Knut Berg
Next by Date:  sshd: entries in hosts.deny, Rob Munsch
Previous by Thread:  Odd timestampts in /var/log/messages from sshd, Scot P. Floess
Next by Thread:  Re: Odd key problem, Keith Edmunds
Indexes:  [Date] [Thread] [Top] [All Lists]