[Bug 874518] Re: ssh fails after upgrade to 11.10
Jason Nett
874518 at bugs.launchpad.net
Sun Oct 16 13:21:50 UTC 2011
Hi Clint
Yes, I had checked this and the ticket itself appeared fine to me:
jason at jason:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: jnett80@<ORG>.COM
Valid starting Expires Service principal
10/16/11 08:19:12 10/17/11 10:18:56 krbtgt/<ORG>.COM@<ORG>.<COM>
renew until 10/23/11 08:18:56
jason at jason:~$
Jason
On Sun, Oct 16, 2011 at 2:36 AM, Clint Byrum <clint at fewbar.com> wrote:
> Excerpts from Jason Nett's message of Sun Oct 16 06:46:07 UTC 2011:
> > Upon a fresh install of Ubuntu 11.10, I still have problems with ssh.
> After
> > studying it all day, I believe that the problem has something to do with
> ssh
> > not being able to communicate a valid kerberos ticket via
> "gssapi-with-mic".
> >
> > The problem area of the verbose output looks like:
> > ----------------------------------------
> > debug1: Next authentication method: gssapi-with-mic
> > debug1: Unspecified GSS failure. Minor code may provide more information
> > KDC can't fulfill requested option
> >
> > debug1: Unspecified GSS failure. Minor code may provide more information
> > KDC can't fulfill requested option
> >
> > debug1: Unspecified GSS failure. Minor code may provide more
> > information
> >
> >
> > debug2: we sent a gssapi-with-mic packet, wait for reply
> > -------------------------------------------
> >
> > where it should look like (according to the successful execution on my
> > laptop that is still running 11.04):
> >
> > --------------------------------------------
> > debug1: Next authentication method: gssapi-with-mic
> > debug2: we sent a gssapi-with-mic packet, wait for reply
> > debug1: Authentication succeeded (gssapi-with-mic).
> > Authenticated to <name>.<org>.gov ([1xx.xxx.xxx.xxx]:xx).
> > ----------------------------------------------
> >
> > If I look at the version numbers of the ssh packages installed with "dpkg
> -l
> > | grep ssh", Ubuntu 11.10 has:
> >
> > ii openssh-client
> > 1:5.8p1-7ubuntu1 secure shell (SSH) client, for
> > secure access to remote machines
> > ii ssh-askpass-gnome
> > 1:5.8p1-7ubuntu1 interactive X program to prompt
> > users for a passphrase for ssh-add
> >
> > while 11.04 has
> >
> > ii openssh-client 1:5.8p1-1ubuntu3
> > secure shell (SSH) client, for secure access to
> > remote machines
> > ii ssh-askpass-gnome 1:5.8p1-1ubuntu3
> > interactive X program to prompt users for a
> > passphrase for ssh-add
> >
> >
> > I've searched through every configuration file I can find, especially
> those
> > in ./ssh/ and /etc/ssh/, but have not been able to solve the problem or
> > produce any different results. The best I can think of is that there's
> > something about the newer versions that gssapi-with-mic is not agreeing
> well
> > with.
> >
> > I would greatly appreciate if this bug could be fixed because it affects
> my
> > ability to work remotely from home.
>
> Jason, you are using kerberos auth.. can you do
>
> kinit user at KERBEROS.DOMAIN
>
> and get assigned kerberos credentials? (klist should show them)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/874518
>
> Title:
> ssh fails after upgrade to 11.10
>
> Status in “openssh” package in Ubuntu:
> Incomplete
>
> Bug description:
> I upgraded from 11.04 to 11.10 and upon completion found that I could no
> longer ssh into other computers that I routinely do so. There are several
> things I've checked:
> 1. Kerberos authentication is working fine, that's not the problem.
> 2. I tried restarting and reinstalling ssh, but neither helped.
> 3. I tried copying over all ssh related files from my laptop (with a
> properly function ssh in 11.04) and replace what is on my 11.10
> malfunctioning OS, but that did not help.
> 4. I tried deleting the .ssh/known_hosts file. On my next attempt, I
> received the normal message about connecting somewhere for the first time,
> but was still refused a connection.
> 5.
>
> jason:~$ /usr/sbin/sshd -ddd
> debug2: load_server_config: filename /etc/ssh/sshd_config
> debug2: load_server_config: done config len = 682
> debug2: parse_server_config: config /etc/ssh/sshd_config len 682
> debug3: /etc/ssh/sshd_config:5 setting Port 22
> debug3: /etc/ssh/sshd_config:9 setting Protocol 2
> debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
> debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
> debug3: /etc/ssh/sshd_config:13 setting HostKey
> /etc/ssh/ssh_host_ecdsa_key
> debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
> debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
> debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
> debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
> debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
> debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
> debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
> debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
> debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
> debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
> debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
> debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
> debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
> debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
> debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication no
> debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
> debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
> debug3: /etc/ssh/sshd_config:65 setting PrintMotd no
> debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes
> debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes
> debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_*
> debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp
> /usr/lib/openssh/sftp-server
> debug3: /etc/ssh/sshd_config:87 setting UsePAM yes
> debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
> debug3: Incorrect RSA1 identifier
> debug1: read PEM private key done: type RSA
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> debug1: private host key: #0 type 1 RSA
> debug3: Incorrect RSA1 identifier
> debug1: read PEM private key done: type DSA
> debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
> debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
> debug1: private host key: #1 type 2 DSA
> debug3: Incorrect RSA1 identifier
> debug1: read PEM private key done: type ECDSA
> debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
> debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
> debug1: private host key: #2 type 3 ECDSA
> debug1: setgroups() failed: Operation not permitted
> debug1: rexec_argv[0]='/usr/sbin/sshd'
> debug1: rexec_argv[1]='-ddd'
> debug3: oom_adjust_setup
> Set /proc/self/oom_score_adj from 0 to -1000
> debug2: fd 3 setting O_NONBLOCK
> debug1: Bind to port 22 on 0.0.0.0.
> Bind to port 22 on 0.0.0.0 failed: Permission denied.
> debug2: fd 3 setting O_NONBLOCK
> debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
> debug1: Bind to port 22 on ::.
> Bind to port 22 on :: failed: Permission denied.
> Cannot bind any address.
>
> Maybe the problem is in that readout, but I'm not familiar enough with
> this output to know.
>
> My laptop which still has Ubuntu 11.04 still can successfully log into
> the computers I need to, so the problem is definitely related to the
> upgrade of my desktop to 11.10.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 11.10
> Package: ssh (not installed)
> ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4
> Uname: Linux 3.0.0-12-generic-pae i686
> NonfreeKernelModules: wl
> ApportVersion: 1.23-0ubuntu3
> Architecture: i386
> Date: Fri Oct 14 13:40:37 2011
> InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
> ProcEnviron:
> PATH=(custom, no user)
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: openssh
> UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago)
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions
>
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/874518
Title:
ssh fails after upgrade to 11.10
Status in “openssh” package in Ubuntu:
Incomplete
Bug description:
I upgraded from 11.04 to 11.10 and upon completion found that I could no longer ssh into other computers that I routinely do so. There are several things I've checked:
1. Kerberos authentication is working fine, that's not the problem.
2. I tried restarting and reinstalling ssh, but neither helped.
3. I tried copying over all ssh related files from my laptop (with a properly function ssh in 11.04) and replace what is on my 11.10 malfunctioning OS, but that did not help.
4. I tried deleting the .ssh/known_hosts file. On my next attempt, I received the normal message about connecting somewhere for the first time, but was still refused a connection.
5.
jason:~$ /usr/sbin/sshd -ddd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 682
debug2: parse_server_config: config /etc/ssh/sshd_config len 682
debug3: /etc/ssh/sshd_config:5 setting Port 22
debug3: /etc/ssh/sshd_config:9 setting Protocol 2
debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
debug3: /etc/ssh/sshd_config:13 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
debug3: /etc/ssh/sshd_config:65 setting PrintMotd no
debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes
debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_*
debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp /usr/lib/openssh/sftp-server
debug3: /etc/ssh/sshd_config:87 setting UsePAM yes
debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: private host key: #2 type 3 ECDSA
debug1: setgroups() failed: Operation not permitted
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Permission denied.
debug2: fd 3 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Bind to port 22 on :: failed: Permission denied.
Cannot bind any address.
Maybe the problem is in that readout, but I'm not familiar enough with
this output to know.
My laptop which still has Ubuntu 11.04 still can successfully log into
the computers I need to, so the problem is definitely related to the
upgrade of my desktop to 11.10.
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: ssh (not installed)
ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4
Uname: Linux 3.0.0-12-generic-pae i686
NonfreeKernelModules: wl
ApportVersion: 1.23-0ubuntu3
Architecture: i386
Date: Fri Oct 14 13:40:37 2011
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
ProcEnviron:
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: openssh
UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions
More information about the foundations-bugs
mailing list