[Bug 874518] Re: ssh with kerberos fails after upgrade to 11.10

Jason Nett 874518 at bugs.launchpad.net
Tue Oct 18 17:09:51 UTC 2011 

Hi Clint,

I'm not sure if anyone is working on this, but I just wanted to let you (or
whomever is working on it) that I've decided to scrap 11.10 and do a fresh
install of 11.04 from scratch.  After installing kerberos:

sudo apt-get install krb5-user
sudo apt-get install libpam-krb5

and replacing the /etc/krb5.conf with one friendly to the lab I work for, I
can now again ssh into where I need to.  The ticket authentication is
communicated successfully via gssapi-with-mic.

I hope you all are able to find this bug in 11.10 and I look forward to
trying the newest version again in a few months.  There were some new
features I really liked in 11.10, especially the new ALT-Tab window
switcher.  That makes juggling a dozen emacs windows in a single workspace
much easier (one of the very few downsides to the 11.04 Unity version).

Thanks for the help.


Jason

On Sun, Oct 16, 2011 at 1:31 PM, Jason Nett <jasonnett80 at gmail.com>
wrote:

> Hi Clint,
>
> Your summary is correct.  I tried upgrading my home desktop from 11.04 to
> 11.10 and one of the first things I check when I do this is whether ssh and
> kerberos are working properly because I often work from home on this
> computer.  I also have a laptop with 11.04 that I have NOT upgraded to 11.10
> for comparison.  As far as I can tell, kerberos is functioning properly and
> the errors I posted earlier indicate that my destop (11.10) now cannot
> communicate the kerberos ticket while ssh'ing via gssapi-with-mic, whereas
> my laptop (11.04) does communicate the ticket successfully with
> gssapi-with-mic.  I've scoured the files in /username/.ssh/ and in /etc/ssh/
> for any discrepant settings and even tried outright replacing such files
> (not .ssh/known_hosts, of course, but I did try deleting and regenerating
> it), but nothing produces a different result.
>
>
> Jason
>
>
> On Sun, Oct 16, 2011 at 12:30 PM, Clint Byrum <clint at fewbar.com> wrote:
>
>> Ok Jason, thanks for all the leg work. I think at this point we need to
>> try and reproduce your setup to try and address the bug. To be clear,
>>
>> Your client is on 11.10, and can obtain kerberos tickets fine, but
>> cannot log into any SSH service that normally would accept these
>> tickets.
>>
>> Is that an accurate reflection of the problem?
>>
>> ** Summary changed:
>>
>> - ssh fails after upgrade to 11.10
>> + ssh with kerberos fails after upgrade to 11.10
>>
>> ** Changed in: openssh (Ubuntu)
>>       Status: Incomplete => New
>>
>> --
>> You received this bug notification because you are subscribed to the bug
>> report.
>> https://bugs.launchpad.net/bugs/874518
>>
>> Title:
>>  ssh with kerberos fails after upgrade to 11.10
>>
>> Status in “openssh” package in Ubuntu:
>>  New
>>
>> Bug description:
>>  I upgraded from 11.04 to 11.10 and upon completion found that I could no
>> longer ssh into other computers that I routinely do so.  There are several
>> things I've checked:
>>  1. Kerberos authentication is working fine, that's not the problem.
>>  2. I tried restarting and reinstalling ssh, but neither helped.
>>  3. I tried copying over all ssh related files from my laptop (with a
>> properly function ssh in 11.04) and replace what is on my 11.10
>> malfunctioning OS, but that did not help.
>>  4. I tried deleting the .ssh/known_hosts file.  On my next attempt, I
>> received the normal message about connecting somewhere for the first time,
>> but was still refused a connection.
>>  5.
>>
>>  jason:~$ /usr/sbin/sshd -ddd
>>  debug2: load_server_config: filename /etc/ssh/sshd_config
>>  debug2: load_server_config: done config len = 682
>>  debug2: parse_server_config: config /etc/ssh/sshd_config len 682
>>  debug3: /etc/ssh/sshd_config:5 setting Port 22
>>  debug3: /etc/ssh/sshd_config:9 setting Protocol 2
>>  debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
>>  debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
>>  debug3: /etc/ssh/sshd_config:13 setting HostKey
>> /etc/ssh/ssh_host_ecdsa_key
>>  debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
>>  debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
>>  debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
>>  debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
>>  debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
>>  debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
>>  debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
>>  debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
>>  debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
>>  debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
>>  debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
>>  debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
>>  debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
>>  debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
>>  debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication
>> no
>>  debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
>>  debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
>>  debug3: /etc/ssh/sshd_config:65 setting PrintMotd no
>>  debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes
>>  debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes
>>  debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_*
>>  debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp
>> /usr/lib/openssh/sftp-server
>>  debug3: /etc/ssh/sshd_config:87 setting UsePAM yes
>>  debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
>>  debug3: Incorrect RSA1 identifier
>>  debug1: read PEM private key done: type RSA
>>  debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
>>  debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
>>  debug1: private host key: #0 type 1 RSA
>>  debug3: Incorrect RSA1 identifier
>>  debug1: read PEM private key done: type DSA
>>  debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
>>  debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
>>  debug1: private host key: #1 type 2 DSA
>>  debug3: Incorrect RSA1 identifier
>>  debug1: read PEM private key done: type ECDSA
>>  debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
>>  debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
>>  debug1: private host key: #2 type 3 ECDSA
>>  debug1: setgroups() failed: Operation not permitted
>>  debug1: rexec_argv[0]='/usr/sbin/sshd'
>>  debug1: rexec_argv[1]='-ddd'
>>  debug3: oom_adjust_setup
>>  Set /proc/self/oom_score_adj from 0 to -1000
>>  debug2: fd 3 setting O_NONBLOCK
>>  debug1: Bind to port 22 on 0.0.0.0.
>>  Bind to port 22 on 0.0.0.0 failed: Permission denied.
>>  debug2: fd 3 setting O_NONBLOCK
>>  debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
>>  debug1: Bind to port 22 on ::.
>>  Bind to port 22 on :: failed: Permission denied.
>>  Cannot bind any address.
>>
>>  Maybe the problem is in that readout, but I'm not familiar enough with
>>  this output to know.
>>
>>  My laptop which still has Ubuntu 11.04 still can successfully log into
>>  the computers I need to, so the problem is definitely related to the
>>  upgrade of my desktop to 11.10.
>>
>>  ProblemType: Bug
>>  DistroRelease: Ubuntu 11.10
>>  Package: ssh (not installed)
>>  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4
>>  Uname: Linux 3.0.0-12-generic-pae i686
>>  NonfreeKernelModules: wl
>>  ApportVersion: 1.23-0ubuntu3
>>  Architecture: i386
>>  Date: Fri Oct 14 13:40:37 2011
>>  InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
>>  ProcEnviron:
>>   PATH=(custom, no user)
>>   LANG=en_US.UTF-8
>>   SHELL=/bin/bash
>>  SourcePackage: openssh
>>  UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago)
>>
>> To manage notifications about this bug go to:
>>
>> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions
>>
>
>

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/874518

Title:
  ssh with kerberos fails after upgrade to 11.10

Status in “openssh” package in Ubuntu:
  New

Bug description:
  I upgraded from 11.04 to 11.10 and upon completion found that I could no longer ssh into other computers that I routinely do so.  There are several things I've checked:
  1. Kerberos authentication is working fine, that's not the problem.
  2. I tried restarting and reinstalling ssh, but neither helped.
  3. I tried copying over all ssh related files from my laptop (with a properly function ssh in 11.04) and replace what is on my 11.10 malfunctioning OS, but that did not help.
  4. I tried deleting the .ssh/known_hosts file.  On my next attempt, I received the normal message about connecting somewhere for the first time, but was still refused a connection.
  5. 

  jason:~$ /usr/sbin/sshd -ddd
  debug2: load_server_config: filename /etc/ssh/sshd_config
  debug2: load_server_config: done config len = 682
  debug2: parse_server_config: config /etc/ssh/sshd_config len 682
  debug3: /etc/ssh/sshd_config:5 setting Port 22
  debug3: /etc/ssh/sshd_config:9 setting Protocol 2
  debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
  debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
  debug3: /etc/ssh/sshd_config:13 setting HostKey /etc/ssh/ssh_host_ecdsa_key
  debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
  debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
  debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
  debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
  debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
  debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
  debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
  debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
  debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
  debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
  debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
  debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
  debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
  debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
  debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication no
  debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
  debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
  debug3: /etc/ssh/sshd_config:65 setting PrintMotd no
  debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes
  debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes
  debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_*
  debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp /usr/lib/openssh/sftp-server
  debug3: /etc/ssh/sshd_config:87 setting UsePAM yes
  debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
  debug3: Incorrect RSA1 identifier
  debug1: read PEM private key done: type RSA
  debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
  debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
  debug1: private host key: #0 type 1 RSA
  debug3: Incorrect RSA1 identifier
  debug1: read PEM private key done: type DSA
  debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
  debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
  debug1: private host key: #1 type 2 DSA
  debug3: Incorrect RSA1 identifier
  debug1: read PEM private key done: type ECDSA
  debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
  debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
  debug1: private host key: #2 type 3 ECDSA
  debug1: setgroups() failed: Operation not permitted
  debug1: rexec_argv[0]='/usr/sbin/sshd'
  debug1: rexec_argv[1]='-ddd'
  debug3: oom_adjust_setup
  Set /proc/self/oom_score_adj from 0 to -1000
  debug2: fd 3 setting O_NONBLOCK
  debug1: Bind to port 22 on 0.0.0.0.
  Bind to port 22 on 0.0.0.0 failed: Permission denied.
  debug2: fd 3 setting O_NONBLOCK
  debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
  debug1: Bind to port 22 on ::.
  Bind to port 22 on :: failed: Permission denied.
  Cannot bind any address.

  Maybe the problem is in that readout, but I'm not familiar enough with
  this output to know.

  My laptop which still has Ubuntu 11.04 still can successfully log into
  the computers I need to, so the problem is definitely related to the
  upgrade of my desktop to 11.10.

  ProblemType: Bug
  DistroRelease: Ubuntu 11.10
  Package: ssh (not installed)
  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4
  Uname: Linux 3.0.0-12-generic-pae i686
  NonfreeKernelModules: wl
  ApportVersion: 1.23-0ubuntu3
  Architecture: i386
  Date: Fri Oct 14 13:40:37 2011
  InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssh
  UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions

More information about the foundations-bugs mailing list