Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Solaris 10 sshd and OpenSSH 4 client problems

from [Jeff Blaine] Network Security [Permanent Link]
Subject: Solaris 10 sshd and OpenSSH 4 client problems
Date: Wed, 25 Jul 2007 13:06:07 -0400 
Any insight would be very welcome.

Client: Solaris 9 SPARC with both OpenSSH 4.3p2 and OEM ssh
        client binaries.

Server: Solaris 10 SPARC with OEM sshd.  OpenAFS 1.4.3
        pam_afs.so.1

Problem: OpenSSH 4.3p2 client fails against Solaris 10 sshd.
         Note below that it completely skips over 'password'
         authentication method and goes to keyboard-interactive
         (which should work as well, but does not).

Solution?: Set 'PAMAuthenticationViaKBDInt no' and it forces
           'password' auth to not be skipped.  Why kbdint
           won't work, I don't know.

           Note that PAMAuthenticationViaKBDInt is not an
           option listed in the sshd_config man page under
           Solaris 10 yet it is defined in the stock Solaris
           10 /etc/ssh/sshd_config file!

#-----------------------------------------------------------------
# OpenSSH 4.3p2 client fails against Solaris 10 sshd
#-----------------------------------------------------------------
~:noodle> ssh -v root@bertha
OpenSSH_4.3p2, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /usr/rcf/etc/ssh_config
debug1: Connecting to bertha [129.83.11.117] port 22.
debug1: Connection established.
debug1: identity file /afs/rcf/user/jblaine/.ssh/identity type -1
debug1: identity file /afs/rcf/user/jblaine/.ssh/id_rsa type -1
debug1: identity file /afs/rcf/user/jblaine/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'bertha' is known and matches the RSA host key.
debug1: Found key in /afs/rcf/user/jblaine/.ssh/known_hosts:278
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
# Next auth method should be 'password' if this fails
debug1: Trying private key: /afs/rcf/user/jblaine/.ssh/identity
debug1: Trying private key: /afs/rcf/user/jblaine/.ssh/id_rsa
debug1: Trying private key: /afs/rcf/user/jblaine/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
# WHAT HAPPENED TO 'password' !?
Password:
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
Password:
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied
(gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).
~:noodle>

#-----------------------------------------------------------------
# Solaris 9's SSH client works fine with Solaris 10 sshd
#-----------------------------------------------------------------
~:noodle> /usr/bin/ssh -v root@bertha
SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: getuid 26560 geteuid 26560 anon 1
debug1: Connecting to bertha [129.83.11.117] port 22.
debug1: Connection established.
debug1: identity file /afs/rcf/user/jblaine/.ssh/identity type 3
debug1: identity file /afs/rcf/user/jblaine/.ssh/id_rsa type 3
debug1: identity file /afs/rcf/user/jblaine/.ssh/id_dsa type 3
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.0
debug1: sent kexinit: diffie-hellman-group1-sha1
debug1: sent kexinit: ssh-rsa,ssh-dss
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: none
debug1: sent kexinit: none
debug1: sent kexinit:
debug1: sent kexinit:
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: got kexinit: ssh-rsa,ssh-dss
debug1: got kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug1: got kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug1: got kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug1: got kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug1: got kexinit: none,zlib
debug1: got kexinit: none,zlib
debug1: got kexinit:
en_CA.UTF-8,en_US.UTF-8,es_MX.UTF-8,en_CA,en_CA.ISO8859-1,en_US,en_US.ISO8859-1,en_US.ISO8859-15,en_US.ISO8859-15@euro,es,es_MX,es_MX.ISO8859-1,fr,fr_CA,fr_CA.ISO8859-1,C,POSIX,fr_CA.UTF-8
debug1: got kexinit:
en_CA.UTF-8,en_US.UTF-8,es_MX.UTF-8,en_CA,en_CA.ISO8859-1,en_US,en_US.ISO8859-1,en_US.ISO8859-15,en_US.ISO8859-15@euro,es,es_MX,es_MX.ISO8859-1,fr,fr_CA,fr_CA.ISO8859-1,C,POSIX,fr_CA.UTF-8
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug1: kex: server->client unable to decide common locale
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug1: kex: client->server unable to decide common locale
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: Sending SSH2_MSG_KEXDH_INIT.
debug1: bits set: 519/1024
debug1: Wait SSH2_MSG_KEXDH_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host 'bertha' is known and matches the RSA host key.
debug1: Found key in /afs/rcf/user/jblaine/.ssh/known_hosts:278
debug1: bits set: 493/1024
debug1: ssh_rsa_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: key does not exist: /afs/rcf/user/jblaine/.ssh/identity
debug1: key does not exist: /afs/rcf/user/jblaine/.ssh/id_rsa
debug1: key does not exist: /afs/rcf/user/jblaine/.ssh/id_dsa
debug1: next auth method to try is password
root@bertha's password:
debug1: ssh-userauth2 successfull: method password
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: client_init id 0 arg 0
debug1: channel request 0: shell
debug1: channel 0: open confirm rwindow 0 rmax 32768

#-----------------------------------------------------------------
# The /etc/ssh/sshd_config on the Solaris 10 box (bertha)
#-----------------------------------------------------------------
Protocol 2
Port 22
ListenAddress ::
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd no
KeepAlive yes
SyslogFacility auth
LogLevel debug
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
KeyRegenerationInterval 3600
StrictModes no
LoginGraceTime 600
MaxAuthTries    8
MaxAuthTriesLog 3
PermitEmptyPasswords no
PasswordAuthentication yes
PAMAuthenticationViaKBDInt yes
PermitRootLogin yes
Subsystem       sftp    /usr/lib/ssh/sftp-server
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes

#-----------------------------------------------------------------
# /etc/pam.conf entries on bertha
#-----------------------------------------------------------------
sshd    auth requisite      pam_authtok_get.so.1
sshd    auth required       pam_dhkeys.so.1
sshd    auth sufficient     pam_afs.so.1 try_first_pass  ignore_root
setenv_password_expires
sshd    auth required       pam_unix_auth.so.1
###
sshd-kbdint auth requisite      pam_authtok_get.so.1
sshd-kbdint auth required       pam_dhkeys.so.1
sshd-kbdint auth sufficient     pam_afs.so.1 try_first_pass  ignore_root
 setenv_password_expires debug
sshd-kbdint auth required       pam_unix_auth.so.1 debug

#-----------------------------------------------------------------
# Failed attempt (OpenSSH 4.3 client) syslog info from
# Solaris 10 sshd and PAM modules
#-----------------------------------------------------------------
 Connection from 129.83.10.14 port 45710
 debug1: Client protocol version 2.0; client software version OpenSSH_4.3
 debug1: match: OpenSSH_4.3 pat OpenSSH*
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-Sun_SSH_1.1
 debug1: Forked child 724.
 debug1: list_hostkey_types: ssh-rsa,ssh-dss
 debug1: Failed to acquire GSS-API credentials for any mechanisms (No
credentials were supplied, or the credentials were unavailable or
inaccessible Unknown code 0)
 debug1: SSH2_MSG_KEXINIT sent
 debug1: SSH2_MSG_KEXINIT received
 debug1: kex: client->server aes128-cbc hmac-md5 none
 debug1: kex: server->client aes128-cbc hmac-md5 none
 debug1: Peer sent proposed langtags, ctos:
 debug1: Peer sent proposed langtags, stoc:
 debug1: We proposed langtags, ctos:
en-CA,en-US,es-MX,es,fr,fr-CA,i-default
 debug1: We proposed langtags, stoc:
en-CA,en-US,es-MX,es,fr,fr-CA,i-default
 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
 debug1: dh_gen_key: priv key bits set: 127/256
 debug1: bits set: 517/1024
 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
 debug1: bits set: 520/1024
 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
 debug1: newkeys: mode 1
 debug1: SSH2_MSG_NEWKEYS sent
 debug1: expecting SSH2_MSG_NEWKEYS
 debug1: newkeys: mode 0
 debug1: SSH2_MSG_NEWKEYS received
 debug1: KEX done
 debug1: userauth-request for user root service ssh-connection method none
 debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
 Failed none for root from 129.83.10.14 port 45710 ssh2
 debug1: userauth-request for user root service ssh-connection method
keyboard-interactive
 debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
 debug1: keyboard-interactive devs
 debug1: got 1 responses
 debug1: PAM conv function returns PAM_SUCCESS
 AFS Options: nowarn=0, use_first_pass=0, try_first_pass=1, ignore_uid
= 1, ignore_uid_id = 0, refresh_token=0, set_token=0, dont_fork=0,
use_klog=0
 AFS Username = `root'
 AFS Ignoring superuser root
 pam_unix_auth: entering pam_sm_authenticate()
 AFS Options: nowarn=0, use_first_pass=1, try_first_pass=0, ignore_uid
= 1, ignore_uid_id = 0, refresh_token=8, set_token=8, dont_fork=8,
use_klog=8
 AFS Ignoring superuser root
 while authorizing: Authentication failed
 Failed keyboard-interactive for root from 129.83.10.14 port 45710 ssh2
 debug1: userauth-request for user root service ssh-connection method
keyboard-interactive
 debug1: attempt 2 initial attempt 1 failures 2 initial failures 1
 debug1: keyboard-interactive devs
 debug1: got 1 responses
 debug1: PAM conv function returns PAM_SUCCESS
 AFS Options: nowarn=0, use_first_pass=0, try_first_pass=1, ignore_uid
= 1, ignore_uid_id = 0, refresh_token=0, set_token=0, dont_fork=0,
use_klog=0
 AFS Username = `root'
 AFS Ignoring superuser root
 pam_unix_auth: entering pam_sm_authenticate()
 AFS Options: nowarn=0, use_first_pass=1, try_first_pass=0, ignore_uid
= 1, ignore_uid_id = 0, refresh_token=8, set_token=8, dont_fork=8,
use_klog=8
 AFS Ignoring superuser root
 while authorizing: Authentication failed
 Failed keyboard-interactive for root from 129.83.10.14 port 45710 ssh2
 debug1: userauth-request for user root service ssh-connection method
keyboard-interactive
 debug1: attempt 3 initial attempt 2 failures 3 initial failures 2
 debug1: keyboard-interactive devs
 debug1: got 1 responses
 debug1: PAM conv function returns PAM_SUCCESS
 AFS Options: nowarn=0, use_first_pass=0, try_first_pass=1, ignore_uid
= 1, ignore_uid_id = 0, refresh_token=0, set_token=0, dont_fork=0,
use_klog=0
 AFS Username = `root'
 AFS Ignoring superuser root
 pam_unix_auth: entering pam_sm_authenticate()
 AFS Options: nowarn=0, use_first_pass=1, try_first_pass=0, ignore_uid
= 1, ignore_uid_id = 0, refresh_token=8, set_token=8, dont_fork=8,
use_klog=8
 AFS Ignoring superuser root
 while authorizing: Authentication failed
 Failed keyboard-interactive for root from 129.83.10.14 port 45710 ssh2
 Connection closed by 129.83.10.14
 debug1: Calling cleanup 0x260f4(0x8a538)
 debug1: Calling cleanup 0x1f7d4(0x893f8)
 debug1: Calling cleanup 0x45854(0x0)


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: OpenSSH 4.3p2 -> 4.3p2; gssapi problem., Simon Wilkinson
Next by Date:  Adding new cipher to OpenSSH using OpenSSL, al7ob . kelah
Previous by Thread:  Able to login with any password, Cartman
Next by Thread:  Re: Solaris 10 sshd and OpenSSH 4 client problems, Jan Pechanec
Indexes:  [Date] [Thread] [Top] [All Lists]