[Bug 874518] Re: ssh fails after upgrade to 11.10

Jason Nett 874518 at bugs.launchpad.net
Sun Oct 16 13:21:50 UTC 2011 

Hi Clint

Yes, I had checked this and the ticket itself appeared fine to me:

jason at jason:~$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: jnett80@<ORG>.COM

Valid starting     Expires            Service principal
10/16/11 08:19:12  10/17/11 10:18:56  krbtgt/<ORG>.COM@<ORG>.<COM>
    renew until 10/23/11 08:18:56
jason at jason:~$



Jason


On Sun, Oct 16, 2011 at 2:36 AM, Clint Byrum <clint at fewbar.com> wrote:

> Excerpts from Jason Nett's message of Sun Oct 16 06:46:07 UTC 2011:
> > Upon a fresh install of Ubuntu 11.10, I still have problems with ssh.
>  After
> > studying it all day, I believe that the problem has something to do with
> ssh
> > not being able to communicate a valid kerberos ticket via
> "gssapi-with-mic".
> >
> > The problem area of the verbose output looks like:
> > ----------------------------------------
> > debug1: Next authentication method: gssapi-with-mic
> > debug1: Unspecified GSS failure.  Minor code may provide more information
> > KDC can't fulfill requested option
> >
> > debug1: Unspecified GSS failure.  Minor code may provide more information
> > KDC can't fulfill requested option
> >
> > debug1: Unspecified GSS failure.  Minor code may provide more
> > information
> >
> >
> > debug2: we sent a gssapi-with-mic packet, wait for reply
> > -------------------------------------------
> >
> > where it should look like (according to the successful execution on my
> > laptop that is still running 11.04):
> >
> > --------------------------------------------
> > debug1: Next authentication method: gssapi-with-mic
> > debug2: we sent a gssapi-with-mic packet, wait for reply
> > debug1: Authentication succeeded (gssapi-with-mic).
> > Authenticated to <name>.<org>.gov ([1xx.xxx.xxx.xxx]:xx).
> > ----------------------------------------------
> >
> > If I look at the version numbers of the ssh packages installed with "dpkg
> -l
> > | grep ssh", Ubuntu 11.10 has:
> >
> > ii  openssh-client
> > 1:5.8p1-7ubuntu1                        secure shell (SSH) client, for
> > secure access to remote machines
> > ii  ssh-askpass-gnome
> > 1:5.8p1-7ubuntu1                        interactive X program to prompt
> > users for a passphrase for ssh-add
> >
> > while 11.04 has
> >
> > ii  openssh-client                         1:5.8p1-1ubuntu3
> >                        secure shell (SSH) client, for secure access to
> > remote machines
> > ii  ssh-askpass-gnome                      1:5.8p1-1ubuntu3
> >                        interactive X program to prompt users for a
> > passphrase for ssh-add
> >
> >
> > I've searched through every configuration file I can find, especially
> those
> > in ./ssh/ and /etc/ssh/, but have not been able to solve the problem or
> > produce any different results.  The best I can think of is that there's
> > something about the newer versions that gssapi-with-mic is not agreeing
> well
> > with.
> >
> > I would greatly appreciate if this bug could be fixed because it affects
> my
> > ability to work remotely from home.
>
> Jason, you are using kerberos auth.. can you do
>
> kinit user at KERBEROS.DOMAIN
>
> and get assigned kerberos credentials? (klist should show them)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/874518
>
> Title:
>  ssh fails after upgrade to 11.10
>
> Status in “openssh” package in Ubuntu:
>  Incomplete
>
> Bug description:
>  I upgraded from 11.04 to 11.10 and upon completion found that I could no
> longer ssh into other computers that I routinely do so.  There are several
> things I've checked:
>  1. Kerberos authentication is working fine, that's not the problem.
>  2. I tried restarting and reinstalling ssh, but neither helped.
>  3. I tried copying over all ssh related files from my laptop (with a
> properly function ssh in 11.04) and replace what is on my 11.10
> malfunctioning OS, but that did not help.
>  4. I tried deleting the .ssh/known_hosts file.  On my next attempt, I
> received the normal message about connecting somewhere for the first time,
> but was still refused a connection.
>  5.
>
>  jason:~$ /usr/sbin/sshd -ddd
>  debug2: load_server_config: filename /etc/ssh/sshd_config
>  debug2: load_server_config: done config len = 682
>  debug2: parse_server_config: config /etc/ssh/sshd_config len 682
>  debug3: /etc/ssh/sshd_config:5 setting Port 22
>  debug3: /etc/ssh/sshd_config:9 setting Protocol 2
>  debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
>  debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
>  debug3: /etc/ssh/sshd_config:13 setting HostKey
> /etc/ssh/ssh_host_ecdsa_key
>  debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
>  debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
>  debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
>  debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
>  debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
>  debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
>  debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
>  debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
>  debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
>  debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
>  debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
>  debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
>  debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
>  debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
>  debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication no
>  debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
>  debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
>  debug3: /etc/ssh/sshd_config:65 setting PrintMotd no
>  debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes
>  debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes
>  debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_*
>  debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp
> /usr/lib/openssh/sftp-server
>  debug3: /etc/ssh/sshd_config:87 setting UsePAM yes
>  debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
>  debug3: Incorrect RSA1 identifier
>  debug1: read PEM private key done: type RSA
>  debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
>  debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
>  debug1: private host key: #0 type 1 RSA
>  debug3: Incorrect RSA1 identifier
>  debug1: read PEM private key done: type DSA
>  debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
>  debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
>  debug1: private host key: #1 type 2 DSA
>  debug3: Incorrect RSA1 identifier
>  debug1: read PEM private key done: type ECDSA
>  debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
>  debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
>  debug1: private host key: #2 type 3 ECDSA
>  debug1: setgroups() failed: Operation not permitted
>  debug1: rexec_argv[0]='/usr/sbin/sshd'
>  debug1: rexec_argv[1]='-ddd'
>  debug3: oom_adjust_setup
>  Set /proc/self/oom_score_adj from 0 to -1000
>   debug2: fd 3 setting O_NONBLOCK
>   debug1: Bind to port 22 on 0.0.0.0.
>  Bind to port 22 on 0.0.0.0 failed: Permission denied.
>   debug2: fd 3 setting O_NONBLOCK
>   debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
>  debug1: Bind to port 22 on ::.
>  Bind to port 22 on :: failed: Permission denied.
>  Cannot bind any address.
>
>  Maybe the problem is in that readout, but I'm not familiar enough with
>  this output to know.
>
>  My laptop which still has Ubuntu 11.04 still can successfully log into
>  the computers I need to, so the problem is definitely related to the
>  upgrade of my desktop to 11.10.
>
>  ProblemType: Bug
>  DistroRelease: Ubuntu 11.10
>  Package: ssh (not installed)
>  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4
>  Uname: Linux 3.0.0-12-generic-pae i686
>  NonfreeKernelModules: wl
>  ApportVersion: 1.23-0ubuntu3
>  Architecture: i386
>  Date: Fri Oct 14 13:40:37 2011
>  InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
>  ProcEnviron:
>   PATH=(custom, no user)
>   LANG=en_US.UTF-8
>   SHELL=/bin/bash
>  SourcePackage: openssh
>  UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago)
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions
>

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/874518

Title:
  ssh fails after upgrade to 11.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions

More information about the Ubuntu-server-bugs mailing list