Re: Cant login using ssh; no password prompt
I've installed a new box with FreeBSD 6.0 (workbench) and cant login to it by means of ssh from the internal or external network. Try editing /etc/ssh/sshd_config and uncomment the lines: PubkeyAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no ChallengeResponseAuthentication yes UsePAM yes This will reactivate the automatic login stuff... ~Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Cant login using ssh; no password prompt
Mauricio Brunstein wrote: Hi! I've installed a new box with FreeBSD 6.0 (workbench) and cant login to it by means of ssh from the internal or external network. The box is installed from the release version, and worked fine using the console. I also had accessed other hosts form there using ssh. I did not patch the box in any way, is just the 6.0 release version. I can not login to that box form a local OpenBSD 3.7 box, a 5.4 box (as shown below) or using putty 0.57 from the Internet (the putty window closes after some time without asking me for a password) . Anybody have and idea of what could be happening? Thank you in advance, Mauro Form a 5.4 Box, [EMAIL PROTECTED]:~> uname -a FreeBSD Server.blstar 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #0: Sun Oct 16 04:00:03 ART 2005 mauro@:/usr/obj/usr/src/sys/GENERIC i386 I issue the following command: [EMAIL PROTECTED]:~> ssh -vvv workbench OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e-p1 25 Oct 2004 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to workbench.blstar [192.168.1.34] port 22. debug1: Connection established. debug1: identity file /home/mauro/.ssh/identity type -1 debug1: identity file /home/mauro/.ssh/id_rsa type -1 debug1: identity file /home/mauro/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1 FreeBSD-20050903 debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 129/256 debug2: bits set: 536/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/mauro/.ssh/known_hosts debug3: check_host_in_hostfile: match line 3 debug1: Host 'workbench.blstar' is known and matches the DSA host key. debug1: Found key in /home/mauro/.ssh/known_hosts:3 debug2: bits set: 497/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/mauro/.ssh/identity (0x0) debug2: key: /home/mauro/.ssh/id_rsa (0x0) debug2: key: /home/mauro/.ssh/id_dsa (0x0) debug1: Authentications that can continue: publickey,keyboard-interactive debug3: start over, passed a different list publickey,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authenticatio
Re: Cant login using ssh; no password prompt
Hi ben! Thank you for oyur answer. The resolv.conf file have this line: nameserver 192.168.1.1 At this address there is an OpenBSD 3.7 firewall which running a cache DNS from my provider. When I was using olders versions of ssh from the local network I had to wait more to the password prompt until I've configured the /etc/hosts file in the new box. Bun never happened a situation like this one. Thank you for all, Mauro On 11/18/05, Ben Pratt <[EMAIL PROTECTED]> wrote: > I have seen this before and every time it turns out to be that DNS isn't > working on the box. Please make sure that you are able to access a DNS > server from the box by trying to ping google.com or something. > > Good luck, > > Ben > > Mauricio Brunstein wrote: > > Hi! > > > > I've installed a new box with FreeBSD 6.0 (workbench) and cant login > > to it by means of ssh from the internal or external network. The box > > is installed from the release version, and worked fine using the > > console. I also had accessed other hosts form there using ssh. I did > > not patch the box in any way, is just the 6.0 release version. I can > > not login to that box form a local OpenBSD 3.7 box, a 5.4 box (as > > shown below) or using putty 0.57 from the Internet (the putty window > > closes after some time without asking me for a password) . > > > > Anybody have and idea of what could be happening? > > > > Thank you in advance, > > Mauro > > > > Form a 5.4 Box, > > > > [EMAIL PROTECTED]:~> uname -a > > FreeBSD Server.blstar 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #0: Sun > > Oct 16 04:00:03 ART 2005 mauro@:/usr/obj/usr/src/sys/GENERIC i386 > > > > I issue the following command: > > > > [EMAIL PROTECTED]:~> ssh -vvv workbench > > OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e-p1 25 Oct 2004 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug2: ssh_connect: needpriv 0 > > debug1: Connecting to workbench.blstar [192.168.1.34] port 22. > > debug1: Connection established. > > debug1: identity file /home/mauro/.ssh/identity type -1 > > debug1: identity file /home/mauro/.ssh/id_rsa type -1 > > debug1: identity file /home/mauro/.ssh/id_dsa type -1 > > debug1: Remote protocol version 2.0, remote software version > > OpenSSH_4.2p1 FreeBSD-20050903 > > debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH* > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug2: kex_parse_kexinit: > > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > > debug2: kex_parse_kexinit: ssh-dss,ssh-rsa > > debug2: kex_parse_kexinit: > > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL > > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > > debug2: kex_parse_kexinit: > > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL > > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > > debug2: kex_parse_kexinit: > > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: > > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: none,zlib > > debug2: kex_parse_kexinit: none,zlib > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: kex_parse_kexinit: > > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > > debug2: kex_parse_kexinit: ssh-dss > > debug2: kex_parse_kexinit: > > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL > > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > > debug2: kex_parse_kexinit: > > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL > > PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > > debug2: kex_parse_kexinit: > > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: > > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 > > debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] > > debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: mac_init: found hmac-md5 > > debug1: kex: server->client aes128-cbc hmac-md5 none > > debug2: mac_init: found hmac-md5 > > debug1: kex: client->server aes128-cbc hmac-md5 none > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > > debug2: dh_gen_key: priv key bits set: 129/256 > > debug2: bits set: 536/1024 > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > > debug3: check_host_in_hostfile: fil
RE: Cant login using ssh; no password prompt
Greetings Mauricio, I have gotten this problem lots o times with new installs of FreeBSD. SSH times out trying to do a reverse lookup on the IP connecting to it. This is not a FreeBSD problem but an OpenSSH "issue"(not really an issue). My solution has always been to point the FreeBSD machine to an internal DNS server that has both the FreeBSD machine and the client's name->IP address mapping in DNS. So check your /etc/resolv.conf and see what entries you are using. If you are using 127.0.0.1 and you don't have DNS running locally then that can be your problem. Good luck! > -Original Message- > From: [EMAIL PROTECTED] [mailto:owner-freebsd- > [EMAIL PROTECTED] On Behalf Of Mauricio Brunstein > Sent: November 18, 2005 9:50 AM > To: freebsd-questions@freebsd.org > Subject: Cant login using ssh; no password prompt > > Hi! > > I've installed a new box with FreeBSD 6.0 (workbench) and cant login > to it by means of ssh from the internal or external network. The box > is installed from the release version, and worked fine using the > console. I also had accessed other hosts form there using ssh. I did > not patch the box in any way, is just the 6.0 release version. I can > not login to that box form a local OpenBSD 3.7 box, a 5.4 box (as > shown below) or using putty 0.57 from the Internet (the putty window > closes after some time without asking me for a password) . > > Anybody have and idea of what could be happening? > > Thank you in advance, > Mauro > > Form a 5.4 Box, > > [EMAIL PROTECTED]:~> uname -a > FreeBSD Server.blstar 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #0: Sun > Oct 16 04:00:03 ART 2005 mauro@:/usr/obj/usr/src/sys/GENERIC i386 > > I issue the following command: > > [EMAIL PROTECTED]:~> ssh -vvv workbench > OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e-p1 25 Oct 2004 > debug1: Reading configuration data /etc/ssh/ssh_config > debug2: ssh_connect: needpriv 0 > debug1: Connecting to workbench.blstar [192.168.1.34] port 22. > debug1: Connection established. > debug1: identity file /home/mauro/.ssh/identity type -1 > debug1: identity file /home/mauro/.ssh/id_rsa type -1 > debug1: identity file /home/mauro/.ssh/id_dsa type -1 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_4.2p1 FreeBSD-20050903 > debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-dss,ssh-rsa > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- > cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256- > cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1- > 96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1- > 96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie- > hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128- > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128- > cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- > [EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1- > 96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1- > 96,hmac-md5-96 > debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] > debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_init: found hmac-md5 > debug1: kex: server->client aes128-cbc hmac-md5 none > debug2: mac_init: found hmac-md5 > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug2: dh_gen_key: priv key bits set: 129/256 > debug2: bits set: 536/1024 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug3: check_host_in_hostfile: filename /home/mauro/.ssh/known_hosts >