Package: openssh-server Version: 1:4.6p1-1 Followup-For: Bug #428968 I get the same problem on my AMD64 box. I attach the logs of running sshd -ddd and connecting thereto with ssh -vvv. Ignore the bit about running sshd on port 23: I run it on a non-default port as an obscurity mechanism to stop worms eating my bandwidth with futile dictionary attacks.
-- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (990, 'unstable'), (400, 'testing'), (100, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.18 (PREEMPT) Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-server depends on: ii adduser 3.102 Add and remove users and groups ii debconf 1.5.13 Debian configuration management sy ii dpkg 1.14.4 package maintenance system for Deb ii libc6 2.5-11 GNU C Library: Shared libraries ii libcomer 1.39+1.40-WIP-2007.04.07+dfsg-2 common error description library ii libkrb53 1.6.dfsg.1-4 MIT Kerberos runtime libraries ii libpam-m 0.79-4 Pluggable Authentication Modules f ii libpam-r 0.79-4 Runtime support for the PAM librar ii libpam0g 0.79-4 Pluggable Authentication Modules l ii libselin 2.0.15-2 SELinux shared libraries ii libssl0. 0.9.8e-5 SSL shared libraries ii libwrap0 7.6.dbs-13 Wietse Venema's TCP wrappers libra ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip ii openssh- 1:4.6p1-1 secure shell client, an rlogin/rsh ii zlib1g 1:1.2.3-15 compression library - runtime openssh-server recommends no packages. -- debconf information: ssh/insecure_rshd: ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true ssh/encrypted_host_key_but_no_keygen: ssh/disable_cr_auth: false -- "After all, one can't complain. I have my friends. Somebody spoke to me only yesterday. And was it last week or the week before that Rabbit bumped into me and said 'Bother!' The Social Round. Always something going on." -- A. A. Milne, 'Winnie-the-Pooh' http://surreal.istic.org/
OpenSSH_4.6p1 Debian-1, OpenSSL 0.9.8e 23 Feb 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 23. debug1: Connection established. debug1: identity file /home/z1/.ssh/identity type -1 debug1: identity file /home/z1/.ssh/id_rsa type -1 debug1: identity file /home/z1/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.6p1 Debian-1 debug1: match: OpenSSH_4.6p1 Debian-1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-1 debug2: fd 6 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 117/256 debug2: bits set: 517/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: put_host_port: [127.0.0.1]:23 debug3: put_host_port: [localhost]:23 debug3: check_host_in_hostfile: filename /home/z1/.ssh/known_hosts debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts debug1: checking without port identifier debug3: check_host_in_hostfile: filename /home/z1/.ssh/known_hosts debug3: check_host_in_hostfile: match line 7 debug1: Host 'localhost' is known and matches the RSA host key. debug1: Found key in /home/z1/.ssh/known_hosts:7 debug1: found matching key w/out port debug2: bits set: 521/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/z1/.ssh/identity ((nil)) debug2: key: /home/z1/.ssh/id_rsa ((nil)) debug2: key: /home/z1/.ssh/id_dsa (0x5555557b81d0) debug1: Authentications that can continue: publickey debug3: start over, passed a different list publickey debug3: preferred gssapi-keyex,gssapi-with-mic,gssapi,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/z1/.ssh/identity debug3: no such identity: /home/z1/.ssh/identity debug1: Trying private key: /home/z1/.ssh/id_rsa debug3: no such identity: /home/z1/.ssh/id_rsa debug1: Offering public key: /home/z1/.ssh/id_dsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey).
debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 629 debug2: parse_server_config: config /etc/ssh/sshd_config len 629 debug3: /etc/ssh/sshd_config:5 setting Port 23 debug3: /etc/ssh/sshd_config:9 setting Protocol 2 debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key debug3: /etc/ssh/sshd_config:14 setting UsePrivilegeSeparation yes debug3: /etc/ssh/sshd_config:17 setting KeyRegenerationInterval 3600 debug3: /etc/ssh/sshd_config:18 setting ServerKeyBits 768 debug3: /etc/ssh/sshd_config:21 setting SyslogFacility AUTH debug3: /etc/ssh/sshd_config:22 setting LogLevel INFO debug3: /etc/ssh/sshd_config:25 setting LoginGraceTime 600 debug3: /etc/ssh/sshd_config:26 setting PermitRootLogin yes debug3: /etc/ssh/sshd_config:27 setting StrictModes yes debug3: /etc/ssh/sshd_config:29 setting RSAAuthentication yes debug3: /etc/ssh/sshd_config:30 setting PubkeyAuthentication yes debug3: /etc/ssh/sshd_config:34 setting IgnoreRhosts yes debug3: /etc/ssh/sshd_config:35 setting PermitUserEnvironment yes debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no debug3: /etc/ssh/sshd_config:50 setting PasswordAuthentication no debug3: /etc/ssh/sshd_config:62 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:63 setting X11DisplayOffset 10 debug3: /etc/ssh/sshd_config:64 setting PrintMotd no debug3: /etc/ssh/sshd_config:65 setting PrintLastLog yes debug3: /etc/ssh/sshd_config:66 setting KeepAlive yes debug3: /etc/ssh/sshd_config:72 setting Subsystem sftp /usr/lib/openssh/sftp-server debug3: /etc/ssh/sshd_config:74 setting UsePAM yes debug1: sshd version OpenSSH_4.6p1 Debian-1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 23 on 0.0.0.0. Server listening on 0.0.0.0 port 23. socket: Address family not supported by protocol debug3: fd 4 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 7 config len 629 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 debug1: inetd sockets after dupping: 3, 3 Connection from 127.0.0.1 port 52073 debug1: Client protocol version 2.0; client software version OpenSSH_4.6p1 Debian-1 debug1: match: OpenSSH_4.6p1 Debian-1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-1 debug2: fd 3 setting O_NONBLOCK debug3: privsep user:group 102:65534 debug1: permanently_set_uid: 102/65534 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug2: Network child is on pid 321 debug3: preauth child monitor started debug3: mm_request_receive entering debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug3: mm_request_send entering: type 0 debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 1024 8192 debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_request_receive entering debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI debug3: mm_request_receive_expect entering: type 1 debug3: mm_request_receive entering debug3: mm_choose_dh: remaining 0 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug2: dh_gen_key: priv key bits set: 118/256 debug2: bits set: 521/1024 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug2: bits set: 517/1024 debug3: mm_key_sign entering debug3: mm_request_send entering: type 5 debug3: monitor_read: checking request 5 debug3: mm_answer_sign debug3: mm_answer_sign: signature 0x5555557cdce0(143) debug3: mm_request_send entering: type 6 debug2: monitor_read: 5 used once, disabling now debug3: mm_request_receive entering debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 6 debug3: mm_request_receive entering debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user z1 service ssh-connection method none debug1: attempt 0 failures 0 debug3: mm_getpwnamallow entering debug3: mm_request_send entering: type 7 debug3: monitor_read: checking request 7 debug3: mm_answer_pwnamallow debug3: Trying to reverse map address 127.0.0.1. debug2: parse_server_config: config reprocess config len 629 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 8 debug2: monitor_read: 7 used once, disabling now debug3: mm_request_receive entering debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_request_receive_expect entering: type 8 debug3: mm_request_receive entering debug2: input_userauth_request: setting up authctxt for z1 debug3: mm_start_pam entering debug3: mm_request_send entering: type 48 debug3: monitor_read: checking request 48 debug1: PAM: initializing for "z1" debug1: PAM: setting PAM_RHOST to "localhost.localdomain" debug1: PAM: setting PAM_TTY to "ssh" debug2: monitor_read: 48 used once, disabling now debug3: mm_request_receive entering debug3: mm_inform_authserv entering debug3: mm_request_send entering: type 3 debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, style=, role= debug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug2: input_userauth_request: try method none debug1: userauth-request for user z1 service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: mm_key_allowed entering debug3: mm_request_send entering: type 21 debug3: monitor_read: checking request 21 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x5555557d1280 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/z1/.ssh/authorized_keys debug3: secure_filename: checking '/home/z1/.ssh' debug3: secure_filename: checking '/home/z1' debug3: secure_filename: terminating check at '/home/z1' debug1: restore_uid: 0/0 debug2: key not found debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/z1/.ssh/authorized_keys2 debug1: restore_uid: 0/0 Failed publickey for z1 from 127.0.0.1 port 52073 ssh2 debug3: mm_answer_keyallowed: key 0x5555557d1280 is disallowed debug3: mm_request_send entering: type 22 debug3: mm_request_receive entering debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 22 debug3: mm_request_receive entering debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss Connection closed by 127.0.0.1 debug1: do_cleanup debug1: do_cleanup
signature.asc
Description: Digital signature