That was exactly the fix I needed... Thanks!
I agree with you, this *really* ought to be in the docs somewhere... A 30
second fix had me deleting, rebuilding, and reinstalling the daemon several
times to try and troubleshoot.
Mark
-----Original Message-----
From: Trevor Antczak [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 27, 2000 8:48 AM
To: Rolen, Mark E.
Subject: Re: Problems authenticating w/ 2.2.0p1 and RH6.2
Mark,
I had the exact same problem. There seems to be an error with "make
install"
it should copy a file from (I believe) $SOURCE/contrib/redhat called
sshd.pam
to /etc/pam.d and rename it sshd. If you do this manually, everything
should
work great. Is there a way this could be added to the README or the FAQ? I
had the search the newsgroup archives to find it. It is a really simple fix
that you would never think of without some prompting.
--
Thank you,
Trevor Antczak [EMAIL PROTECTED]
Network Administrator II
Tulane University Math Dept.
"Rolen, Mark E." wrote:
> I'm running a standard installation of RedHat 6.2 and openssh 2.2.0p1.
> Everything compiled fine, client works great, but the server seems to be
> unable to authenticate connecting users. On the remote, connecting side,
I
> get:
>
> [EMAIL PROTECTED]'s password:
> Permission denied, please try again.
> [EMAIL PROTECTED]'s password:
> Permission denied, please try again.
> [EMAIL PROTECTED]'s password:
> Permission denied (publickey,password).
>
> ...although I know for a fact I'm entering the correct password. The
server
> side, with debug, shows these lines as what I think are the pertinent
> pieces:
>
> debug: userauth-request for user merolen service ssh-connection method
none
> debug: Starting up PAM with username "merolen"
> Failed none for merolen from 205.140.xxx.9 port 1023 ssh2
> debug: userauth-request for user merolen service ssh-connection method
> password
> debug: PAM Password authentication for "merolen" failed: Authentication
> failure
> Failed password for merolen from 205.140.xxx.9 port 1023 ssh2
> debug: userauth-request for user merolen service ssh-connection method
> password
> debug: PAM Password authentication for "merolen" failed: Authentication
> failure
> Failed password for merolen from 205.140.xxx.9 port 1023 ssh2
> debug: userauth-request for user merolen service ssh-connection method
> password
> debug: PAM Password authentication for "merolen" failed: Authentication
> failure
> Failed password for merolen from 205.140.xxx.9 port 1023 ssh2
> Connection closed by 205.140.xxx.9
> debug: Calling cleanup 0x804e78c(0x0)
> Cannot close PAM session: System error
> debug: Cannot delete credentials: Authentication service cannot retrieve
> user credentials
> debug: Calling cleanup 0x805d704(0x0)
>
> I'll include the full debug at the end of this email, it isn't much
longer.
>
> Has anyone else had similar problems? when I say "standard" installations
> of both, I mean they couldn't *be* more standard... redhat installed at
> defaults, and openssh config'ed and compiled/installed with defaults. No
> changes to sshd_config at all. I get the exact same problem if I ssh
> localhost, so the client that was built can't connect to the server it was
> built with, either.
>
> Any help would be greatly appreciated... I've gone through the last 4
> months of the mailing list archive, but I'm at work so I keep getting
pulled
> off of this.
>
> Thank you!
> Mark Rolen
>
> Here's the full debug from server side:
>
> debug: sshd version OpenSSH_2.2.0p1
> debug: Seeding random number generator
> debug: read DSA private key done
> debug: Seeding random number generator
> debug: Bind to port 22 on 0.0.0.0.
> Server listening on 0.0.0.0 port 22.
> Generating 768 bit RSA key.
> debug: Seeding random number generator
> debug: Seeding random number generator
> RSA key generation complete.
> debug: Server will not fork when running in debugging mode.
> Connection from 205.140.xxx.9 port 1023
> debug: Client protocol version 2.0; client software version OpenSSH_2.1.1
> Enabling compatibility mode for protocol 2.0
> debug: Local version string SSH-1.99-OpenSSH_2.2.0p1
> debug: send KEXINIT
> debug: done
> debug: wait KEXINIT
> debug: got kexinit: diffie-hellman-group1-sha1
> debug: got kexinit: ssh-dss
> debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
> debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc
> debug: got kexinit: hmac-sha1,hmac-md5,[EMAIL PROTECTED]
> debug: got kexinit: hmac-sha1,hmac-md5,[EMAIL PROTECTED]
> debug: got kexinit: none
> debug: got kexinit: none
> debug: got kexinit:
> debug: got kexinit:
> debug: first kex follow: 0
> debug: reserved: 0
> debug: done
> debug: kex: client->server 3des-cbc hmac-sha1 none
> debug: kex: server->client 3des-cbc hmac-sha1 none
> debug: Wait SSH2_MSG_KEXDH_INIT.
> debug: bits set: 507/1024
> debug: bits set: 528/1024
> debug: sig size 20 20
> debug: send SSH2_MSG_NEWKEYS.
> debug: done: send SSH2_MSG_NEWKEYS.
> debug: Wait SSH2_MSG_NEWKEYS.
> debug: GOT SSH2_MSG_NEWKEYS.
> debug: done: KEX2.
> debug: userauth-request for user merolen service ssh-connection method
none
> debug: Starting up PAM with username "merolen"
> Failed none for merolen from 205.140.xxx.9 port 1023 ssh2
> debug: userauth-request for user merolen service ssh-connection method
> password
> debug: PAM Password authentication for "merolen" failed: Authentication
> failure
> Failed password for merolen from 205.140.xxx.9 port 1023 ssh2
> debug: userauth-request for user merolen service ssh-connection method
> password
> debug: PAM Password authentication for "merolen" failed: Authentication
> failure
> Failed password for merolen from 205.140.xxx.9 port 1023 ssh2
> debug: userauth-request for user merolen service ssh-connection method
> password
> debug: PAM Password authentication for "merolen" failed: Authentication
> failure
> Failed password for merolen from 205.140.xxx.9 port 1023 ssh2
> Connection closed by 205.140.xxx.9
> debug: Calling cleanup 0x804e78c(0x0)
> Cannot close PAM session: System error
> debug: Cannot delete credentials: Authentication service cannot retrieve
> user credentials
> debug: Calling cleanup 0x805d704(0x0)
