Hi,
Many Thanks to all that replied. It helped me work
in the right direction.
However, I am still confused whether what I am trying
achieve is really possible. I am going to divide my mail
into two parts -
PART I -
------------
In PART I, I want to state a few things that were not clear
in my previous postings and as some of you wanted more info.
PART II -
-------------
In PART II, I have tried to check most of the things
that others have adviced.
So PART I -
---------------
This is what I am trying to achieve (I am repeating a
few things stated in my previous mail so that the idea remains clear.
Please advice me if I am trying to do something impossible
or where I am going wrong) -
1. We have a few Red Hat linux servers in a kerberos domain.
The Windows 2000 Server acts as the KDC.
2. The telnet server running on the linux servers is the one in
/usr/kerberos/sbin/telnetd. The ssh server is the default rpm
install as stated in my previous mail.
3. There are user accounts WITHOUT PASSWORDS on the linux
servers. Passwords are stored in the Windows 2000 Server.
4. Each of our users has a windows 2000 professional client.
He/She logs in to his/her windows machine.
5. Then using Putty or SSH Secure Shell from www.ssh.com
he/she uses telnet/ssh to connect to one of the linux server
from the windows 2000 professional client.
6. They are authenticated against the active directory
by "pam_krb5" on the linux server, as there are no passwords
on the linux server but only accounts in /etc/password.
7. Now both putty and SSH Secure Shell are not kerberized.
(If I am not wrong, both the telnet/ssh client and server
have to be kerberized inorder to get kerberos tickets.)
8. However, I think "pam_krb5" gives them the tickets
After the user logs in to a linux server using telnet/ssh,
he/she can check his/her credentials as follows -
(a) klist -5fa
which gives the following result -
-----------------------------------------------------------------
Ticket cache: FILE:/tmp/krb5cc_p11807
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
06/22/03 10:45:28 06/22/03 20:45:28
krbtgt/[EMAIL PROTECTED]
Flags: FPIA
Addresses: kripa.ncst.ernet.in
-----------------------------------------------------------------
It can be observed that the flags show that
the credentials obtained are forwardable (F).
(b) Also, Running
echo $KRB5CCNAME gives FILE:/tmp/krb5cc_p11807
(c) Running ls -l /tmp/krb5* gives
-rw------- 1 paragg spc 1208 Jun 22 10:45 /tmp/krb5cc_p11807
9. Now from this telnet/ssh session, I would like the users to
telnet/ssh to another linux server (or to the same server)
in the same kerberos domain WITHOUT BEING PROMPTED FOR A
PASSWORD.
NOW THIS IS WHAT I WANT TO KNOW IF IT IS
PRACTICABLE OR I AM TRYING TO DO SOMETHING
IMPOSSIBLE?
10.However, the user is prompted for a password and on entering
the kerberos password, he/she gets another set of credentials
on that server (or on the same server if he/she opens another
telnet/ssh session on the same server).
(a) Running klist -5fa again gives -
-----------------------------------------------------------------
Ticket cache: FILE:/tmp/krb5cc_p11905
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
06/22/03 10:51:30 06/22/03 20:51:30
krbtgt/[EMAIL PROTECTED]
Flags: FPIA
Addresses: kripa.ncst.ernet.in
-----------------------------------------------------------------
It can be observed that the flags show that
the credentials obtained are still forwardable (F)
and not forwarded (f).
(b) Also, Running
echo $KRB5CCNAME gives FILE:/tmp/krb5cc_p11905
(c) Running ls -l /tmp/krb5* gives
-rw------- 1 paragg spc 1208 Jun 22 10:45 /tmp/krb5cc_p11807
-rw------- 1 paragg spc 1208 Jun 22 10:51 /tmp/krb5cc_p11905
It can be observed that it is different cache.
11. So, you see forwarding credentials does not work
for telnet/ssh for me.
I also tried ssh -1 . But that doesn't help either.
12. This is true even if I do "kinit" after telnet/ssh
to the linux server from a windows machine.
Now PART II -
---------------
So I decide compile kerberos 5 support into openssh.
1. I have compiled openssh after applying Simon Wilkinson's
gssapi patch on one Red Hat Linux 9 test server -
openssh-3.6.1p2
openssh-3.6.1p2-gssapi-20030430.diff
2. I configured with the following options -
./configure --with-kerberos5=/usr/kerberos --with-gssapi
I did not do --with-pam as the ssh server used to get hanged
while connecting.
3. I have the following relevant lines in my sshd_config -
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
#PasswordAuthentication yes
#PermitEmptyPasswords no
#ChallengeResponseAuthentication yes
KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
GssapiAuthentication yes
GssapiKeyExchange yes
GssapiUseSessionCredCache yes
#AFSTokenPassing no
#KerberosTgtPassing no
#PAMAuthenticationViaKbdInt no
and the following relevant lines in my ssh_config -
# Host *
# ForwardAgent no
# ForwardX11 no
# PasswordAuthentication yes
GssapiAuthentication yes
GSSAPIDelegateCredentials yes
4. I am still not able to forward credentials inorder to login
without being prompted for a password. I get two different
credentials for each ssh login as stated in PART I of my mail.
5. So I ssh to the test server as root and decide to debug.
I start the ssh daemon in debug mode as follows -
[EMAIL PROTECTED] root]# /usr/local/sbin/sshd -p 222 -d -d -d
>/root/sshd_debug 2>&1
The I connect to it as follows -
[EMAIL PROTECTED] root]# /usr/local/bin/ssh -p 222 -v -v -v -l paragg
kripa >/root/ssh_debug 2>&1
6. I noticed one particular error -
debug2: we sent a gssapi packet, wait for reply
Server GSSAPI Error:
Miscellaneous failure
7. I am attaching the debug files - "sshd_debug" and "ssh_debug" to
this mail.
I will be happy if someone can throw some light on the errors.
I have seen a post form Simon Wilkinson which states -
There 3 ways to use Kerberos to authenticated to a ssh server -
1. Enter password at prompt
2. Use previously gained TGT , over Kerberos support in SSH 1
3. Use previously gained TGT , over GSSAPI support in SSH 2
So I feel I must stick to SSH 2 and GSSAPI.
Thanks in advance.
Regards,
Parag Godkardebug2: read_server_config: filename /usr/local/etc/sshd_config
debug1: sshd version OpenSSH_3.6.1p2
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Address family not supported by protocol
debug1: Bind to port 222 on 0.0.0.0.
Server listening on 0.0.0.0 port 222.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 202.141.151.164 port 2444
debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.6.1p2
debug2: Network child is on pid 12582
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: privsep user:group 74:74
debug1: permanently_set_uid: 74/74
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug3: mm_request_send entering: type 28
debug3: monitor_read: checking request 28
debug3: mm_request_send entering: type 29
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 29
debug3: mm_request_receive entering
debug3: mm_request_send entering: type 20
debug3: monitor_read: checking request 20
debug1: Miscellaneous failure
No principal in keytab matches desired name
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug1: no credentials for GSSAPI mechanism Kerberos
debug3: mm_request_send entering: type 20
debug3: monitor_read: checking request 20
debug1: Miscellaneous failure
No principal in keytab matches desired name
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug1: no credentials for GSSAPI mechanism Kerberos
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL
PROTECTED]
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL
PROTECTED]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL
PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL
PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL
PROTECTED]
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL
PROTECTED]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL
PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL
PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug3: mm_request_send entering: type 0
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 2048 8192
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI
debug3: mm_request_receive_expect entering: type 1
debug3: mm_request_receive entering
debug3: mm_choose_dh: remaining 0
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 134/256
debug2: bits set: 1626/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 1608/3191
debug3: mm_key_sign entering
debug3: mm_request_send entering: type 4
debug3: monitor_read: checking request 4
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x80967f0(143)
debug3: mm_request_send entering: type 5
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive_expect entering: type 5
debug3: mm_request_receive entering
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user paragg service ssh-connection method none
debug1: attempt 0 failures 0
debug3: mm_getpwnamallow entering
debug3: mm_request_send entering: type 6
debug3: monitor_read: checking request 6
debug3: mm_answer_pwnamallow
debug3: allowed_user: today 12225 sp_expire -1 sp_lstchg 12220 sp_max -1
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
debug3: mm_request_receive_expect entering: type 7
debug3: mm_request_receive entering
debug2: input_userauth_request: setting up authctxt for paragg
debug3: mm_inform_authserv entering
debug3: mm_request_send entering: type 3
debug3: monitor_read: checking request 3
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 3 used once, disabling now
debug3: mm_request_receive entering
debug2: input_userauth_request: try method none
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: monitor_read: checking request 10
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 11
Failed none for paragg from 202.141.151.164 port 2444 ssh2
debug3: mm_request_receive entering
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug3: mm_auth_password: user not authenticated
Failed none for paragg from 202.141.151.164 port 2444 ssh2
debug1: userauth-request for user paragg service ssh-connection method external-keyx
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method external-keyx
debug3: mm_request_send entering: type 26
debug3: monitor_read: checking request 26
debug1: No suitable client data
debug3: mm_answer_gss_userok: sending result 0
debug3: mm_request_send entering: type 27
Failed gssapi for paragg from 202.141.151.164 port 2444 ssh2
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 27
debug3: mm_request_receive entering
debug3: mm_ssh_gssapi_userok: user not authenticated
Failed external-keyx for paragg from 202.141.151.164 port 2444 ssh2
debug1: userauth-request for user paragg service ssh-connection method gssapi
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method gssapi
debug3: mm_request_send entering: type 28
debug3: monitor_read: checking request 28
debug3: mm_request_send entering: type 29
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 29
debug3: mm_request_receive entering
debug1: Trying to get OID string
debug1: Got string
debug3: mm_request_send entering: type 20
debug3: monitor_read: checking request 20
debug1: Miscellaneous failure
No principal in keytab matches desired name
debug3: mm_request_send entering: type 21
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug3: mm_request_send entering: type 32
debug3: monitor_read: checking request 32
debug3: mm_request_send entering: type 33
debug2: monitor_read: 32 used once, disabling now
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 33
debug3: mm_request_receive entering
Failed gssapi for paragg from 202.141.151.164 port 2444 ssh2
debug1: userauth-request for user paragg service ssh-connection method gssapi
debug1: attempt 3 failures 3
debug2: input_userauth_request: try method gssapi
debug3: mm_request_send entering: type 28
debug3: monitor_read: checking request 28
debug3: mm_request_send entering: type 29
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 29
debug3: mm_request_receive entering
debug1: Trying to get OID string
debug1: Got string
Failed gssapi for paragg from 202.141.151.164 port 2444 ssh2
debug1: userauth-request for user paragg service ssh-connection method gssapi
debug1: attempt 4 failures 4
debug2: input_userauth_request: try method gssapi
debug3: mm_request_send entering: type 28
debug3: monitor_read: checking request 28
debug3: mm_request_send entering: type 29
debug3: mm_request_receive entering
debug3: mm_request_receive_expect entering: type 29
debug3: mm_request_receive entering
debug1: Trying to get OID string
debug1: Got string
Failed gssapi for paragg from 202.141.151.164 port 2444 ssh2
debug1: userauth-request for user paragg service ssh-connection method publickey
debug1: attempt 5 failures 5
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 34
debug3: monitor_read: checking request 34
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x80910e0
debug1: temporarily_use_uid: 1002/1000 (e=0/0)
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 35
debug3: mm_request_receive entering
debug1: trying public key file /home/paragg/.ssh/authorized_keys
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1002/1000 (e=0/0)
debug1: trying public key file /home/paragg/.ssh/authorized_keys2
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x80910e0 is disallowed
debug3: mm_request_send entering: type 35
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Failed publickey for paragg from 202.141.151.164 port 2444 ssh2
debug1: userauth-request for user paragg service ssh-connection method
keyboard-interactive
debug1: attempt 6 failures 6
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=paragg devs=
debug1: kbdint_alloc: devices ''
debug2: auth2_challenge_start: devices
Failed keyboard-interactive for paragg from 202.141.151.164 port 2444 ssh2
debug1: userauth-request for user paragg service ssh-connection method password
debug1: attempt 7 failures 7
debug2: input_userauth_request: try method password
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 10
debug3: monitor_read: checking request 10
debug1: temporarily_use_uid: 1002/1000 (e=0/0)
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 11
debug3: mm_request_receive entering
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 1002/1000 (e=0/0)
debug1: restore_uid: 0/0
debug3: mm_answer_authpassword: sending result 1
debug3: mm_request_send entering: type 11
Accepted password for paragg from 202.141.151.164 port 2444 ssh2
debug1: monitor_child_preauth: paragg has been authenticated by privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 38
debug3: mm_request_receive entering
debug3: mm_auth_password: user authenticated
Accepted password for paragg from 202.141.151.164 port 2444 ssh2
debug3: mm_send_keystate: Sending new keys: 0x808f7a8 0x8090cf8
debug3: mm_newkeys_to_blob: converting 0x808f7a8
debug3: mm_newkeys_to_blob: converting 0x8090cf8
debug3: mm_send_keystate: New keys have been sent
debug3: mm_send_keystate: Sending compression state
debug3: mm_request_send entering: type 38
debug3: mm_newkeys_from_blob: 0x80ac9e0(118)
debug2: mac_init: found hmac-md5
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 0x80ac9e0(118)
debug2: mac_init: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug3: mm_send_keystate: Finished sending state
debug2: User child is on pid 12583
debug3: mm_request_receive entering
debug1: permanently_set_uid: 1002/1000
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug1: fd 8 setting O_NONBLOCK
debug1: fd 9 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: lastlog_openseek: Couldn't open /var/log/lastlog: Permission denied
debug1: Allocating pty.
debug3: mm_request_send entering: type 39
debug3: monitor_read: checking request 39
debug3: mm_answer_pty entering
debug1: session_new: init
debug1: session_new: session 0
debug3: mm_request_send entering: type 40
debug3: Trying to reverse map address 202.141.151.164.
debug3: mm_answer_pty: tty /dev/pts/2 ptyfd 7
debug3: mm_request_receive entering
debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY
debug3: mm_request_receive_expect entering: type 40
debug3: mm_request_receive entering
debug1: session_pty_req: session 0 alloc /dev/pts/2
debug3: tty_parse_modes: SSH2 n_bytes 256
debug3: tty_parse_modes: ospeed 38400
debug3: tty_parse_modes: ispeed 38400
debug3: tty_parse_modes: 1 3
debug3: tty_parse_modes: 2 28
debug3: tty_parse_modes: 3 8
debug3: tty_parse_modes: 4 21
debug3: tty_parse_modes: 5 4
debug3: tty_parse_modes: 6 0
debug3: tty_parse_modes: 7 0
debug3: tty_parse_modes: 8 17
debug3: tty_parse_modes: 9 19
debug3: tty_parse_modes: 10 26
debug3: tty_parse_modes: 12 18
debug3: tty_parse_modes: 13 23
debug3: tty_parse_modes: 14 22
debug3: tty_parse_modes: 18 15
debug3: tty_parse_modes: 30 0
debug3: tty_parse_modes: 31 0
debug3: tty_parse_modes: 32 0
debug3: tty_parse_modes: 33 0
debug3: tty_parse_modes: 34 0
debug3: tty_parse_modes: 35 0
debug3: tty_parse_modes: 36 1
debug3: tty_parse_modes: 37 0
debug3: tty_parse_modes: 38 1
debug3: tty_parse_modes: 39 0
debug3: tty_parse_modes: 40 0
debug3: tty_parse_modes: 41 0
debug3: tty_parse_modes: 50 1
debug3: tty_parse_modes: 51 1
debug3: tty_parse_modes: 52 0
debug3: tty_parse_modes: 53 1
debug3: tty_parse_modes: 54 1
debug3: tty_parse_modes: 55 1
debug3: tty_parse_modes: 56 0
debug3: tty_parse_modes: 57 0
debug3: tty_parse_modes: 58 0
debug3: tty_parse_modes: 59 1
debug3: tty_parse_modes: 60 1
debug3: tty_parse_modes: 61 1
debug3: tty_parse_modes: 62 0
debug3: tty_parse_modes: 70 1
debug3: tty_parse_modes: 71 0
debug3: tty_parse_modes: 72 1
debug3: tty_parse_modes: 73 0
debug3: tty_parse_modes: 74 0
debug3: tty_parse_modes: 75 0
debug3: tty_parse_modes: 90 1
debug3: tty_parse_modes: 91 1
debug3: tty_parse_modes: 92 0
debug3: tty_parse_modes: 93 0
debug1: server_input_channel_req: channel 0 request shell reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: temporarily_use_uid: 1002/1000 (e=1002/1000)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: (unprivileged)
debug1: Setting controlling tty using TIOCSCTTY.
debug1: channel 0: rfd 11 isatty
debug1: fd 11 setting O_NONBLOCK
debug2: fd 10 is O_NONBLOCK
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to kripa [202.141.151.164] port 222.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug3: Trying to reverse map address 202.141.151.164.
debug1: Miscellaneous failure
No credentials cache found
debug1: Miscellaneous failure
No credentials cache found
debug1: Miscellaneous failure
No credentials cache found
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL
PROTECTED]
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL
PROTECTED]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL
PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL
PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL
PROTECTED]
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL
PROTECTED]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL
PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL
PROTECTED],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 135/256
debug2: bits set: 1608/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 4
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 4
debug1: Host 'kripa' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug2: bits set: 1626/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
external-keyx,gssapi,publickey,password,keyboard-interactive
debug3: start over, passed a different list
external-keyx,gssapi,publickey,password,keyboard-interactive
debug3: preferred external-keyx,gssapi,publickey,keyboard-interactive,password
debug3: authmethod_lookup external-keyx
debug3: remaining preferred: gssapi,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled external-keyx
debug1: Next authentication method: external-keyx
debug2: userauth_external
debug2: we sent a external-keyx packet, wait for reply
debug1: Authentications that can continue:
external-keyx,gssapi,publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi
debug1: Next authentication method: gssapi
debug2: we sent a gssapi packet, wait for reply
Server GSSAPI Error:
Miscellaneous failure
No principal in keytab matches desired name
debug1: Authentications that can continue:
external-keyx,gssapi,publickey,password,keyboard-interactive
debug2: we sent a gssapi packet, wait for reply
debug1: Authentications that can continue:
external-keyx,gssapi,publickey,password,keyboard-interactive
debug2: we sent a gssapi packet, wait for reply
debug1: Authentications that can continue:
external-keyx,gssapi,publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue:
external-keyx,gssapi,publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue:
external-keyx,gssapi,publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: fd 5 setting O_NONBLOCK
debug2: fd 6 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: ssh_session2_setup: id 0
debug1: channel 0: request pty-req
debug3: tty_make_modes: ospeed 38400
debug3: tty_make_modes: ispeed 38400
debug3: tty_make_modes: 1 3
debug3: tty_make_modes: 2 28
debug3: tty_make_modes: 3 8
debug3: tty_make_modes: 4 21
debug3: tty_make_modes: 5 4
debug3: tty_make_modes: 6 0
debug3: tty_make_modes: 7 0
debug3: tty_make_modes: 8 17
debug3: tty_make_modes: 9 19
debug3: tty_make_modes: 10 26
debug3: tty_make_modes: 12 18
debug3: tty_make_modes: 13 23
debug3: tty_make_modes: 14 22
debug3: tty_make_modes: 18 15
debug3: tty_make_modes: 30 0
debug3: tty_make_modes: 31 0
debug3: tty_make_modes: 32 0
debug3: tty_make_modes: 33 0
debug3: tty_make_modes: 34 0
debug3: tty_make_modes: 35 0
debug3: tty_make_modes: 36 1
debug3: tty_make_modes: 37 0
debug3: tty_make_modes: 38 1
debug3: tty_make_modes: 39 0
debug3: tty_make_modes: 40 0
debug3: tty_make_modes: 41 0
debug3: tty_make_modes: 50 1
debug3: tty_make_modes: 51 1
debug3: tty_make_modes: 52 0
debug3: tty_make_modes: 53 1
debug3: tty_make_modes: 54 1
debug3: tty_make_modes: 55 1
debug3: tty_make_modes: 56 0
debug3: tty_make_modes: 57 0
debug3: tty_make_modes: 58 0
debug3: tty_make_modes: 59 1
debug3: tty_make_modes: 60 1
debug3: tty_make_modes: 61 1
debug3: tty_make_modes: 62 0
debug3: tty_make_modes: 70 1
debug3: tty_make_modes: 71 0
debug3: tty_make_modes: 72 1
debug3: tty_make_modes: 73 0
debug3: tty_make_modes: 74 0
debug3: tty_make_modes: 75 0
debug3: tty_make_modes: 90 1
debug3: tty_make_modes: 91 1
debug3: tty_make_modes: 92 0
debug3: tty_make_modes: 93 0
debug1: channel 0: request shell
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
Environment:
USER=paragg
LOGNAME=paragg
HOME=/home/paragg
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
MAIL=/var/mail/paragg
SHELL=/bin/bash
SSH_CLIENT=202.141.151.164 2444 222
SSH_CONNECTION=202.141.151.164 2444 202.141.151.164 222
SSH_TTY=/dev/pts/2
TERM=vt100
KRB5CCNAME=/tmp/krb5cc_1002_G12573
debug3: channel_close_fds: channel 0: r -1 w -1 e -1
[EMAIL PROTECTED] paragg]$ debug1: channel_free: channel 0: client-session, nchannels 1
debug3: channel_free: status: The following connections are open:\015
#0 client-session (t4 r0 i0/0 o0/0 fd 4/5)\015
debug3: channel_close_fds: channel 0: r 4 w 5 e 6
debug1: fd 1 clearing O_NONBLOCK
debug2: fd 2 is not O_NONBLOCK
Connection to kripa closed by remote host.
Connection to kripa closed.
debug1: Transferred: stdin 0, stdout 0, stderr 73 bytes in 122.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.6
debug1: Exit status -1
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
