Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Problems using gssapi authentication from FreeBSD to Linux machines

from [Quincey Koziol] Network Security [Permanent Link]
Subject: Re: Problems using gssapi authentication from FreeBSD to Linux machines
Date: Sun, 17 Dec 2006 15:14:01 -0600 

On Dec 15, 2006, at 10:32 AM, Simon Wilkinson wrote:


On 15 Dec 2006, at 05:51, Quincey Koziol wrote:

Any ideas what could be causing the ssh on FreeBSD to "not send a packet"?

The server failing the authentication, for some reason. More information as to why will be in the debug logs from the server.

Whilst OpenSSH 3.9p1 is old (August 2004) - there shouldn't be any protocol changes between the GSSAPI support in it, and that in the latest releases. You don't say what variety (and versions) of Kerberos you are using on each platform - I assume that FreeBSD is Heimdal - are your Linux boxes using MIT Kerberos? What encryption types are you using?

I'm using the native Kerberos on FreeBSD (heimdal) and MIT Kerberos on the Linux machine. How do I find out the encryption types?


Finding out the error messages from the sshd will go a long why to pointing the finger of blame! 

    Well, here's the output from "sshd -d -d -d -p 2222" on the Linux box:

debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 395
debug2: parse_server_config: config /etc/ssh/sshd_config len 395
debug1: sshd version OpenSSH_3.9p1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-f'
debug1: rexec_argv[2]='/etc/ssh/sshd_config'
debug1: rexec_argv[3]='-d'
debug1: rexec_argv[4]='-d'
debug1: rexec_argv[5]='-d'
debug1: rexec_argv[6]='-p'
debug1: rexec_argv[7]='2222'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 2222 on 0.0.0.0.
Bind to port 2222 on 0.0.0.0 failed: Address already in use.
debug3: fd 4 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 395
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7

Unfortunately, it's identical for both the successful login with Kerberos tickets from another Linux machine and the unsuccessful Kerberos ticket, but successful password login from the FreeBSD machine...

        Any other ideas?

                Quincey

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Problems using gssapi authentication from FreeBSD to Linux machines, Simon Wilkinson
Next by Date:  Re: transferring file in binary mode, secure.shell
Previous by Thread:  Re: Problems using gssapi authentication from FreeBSD to Linux machines, Simon Wilkinson
Next by Thread:  Re: Problems using gssapi authentication from FreeBSD to Linux machines, Darren Tucker
Indexes:  [Date] [Thread] [Top] [All Lists]