[Bug 874518] Re: ssh with kerberos fails after upgrade to 11.10

Jason Nett 874518 at bugs.launchpad.net
Tue Oct 18 17:09:51 UTC 2011 

Hi Clint,

I'm not sure if anyone is working on this, but I just wanted to let you (or
whomever is working on it) that I've decided to scrap 11.10 and do a fresh
install of 11.04 from scratch.  After installing kerberos:

sudo apt-get install krb5-user
sudo apt-get install libpam-krb5

and replacing the /etc/krb5.conf with one friendly to the lab I work for, I
can now again ssh into where I need to.  The ticket authentication is
communicated successfully via gssapi-with-mic.

I hope you all are able to find this bug in 11.10 and I look forward to
trying the newest version again in a few months.  There were some new
features I really liked in 11.10, especially the new ALT-Tab window
switcher.  That makes juggling a dozen emacs windows in a single workspace
much easier (one of the very few downsides to the 11.04 Unity version).

Thanks for the help.


Jason

On Sun, Oct 16, 2011 at 1:31 PM, Jason Nett <jasonnett80 at gmail.com>
wrote:

> Hi Clint,
>
> Your summary is correct.  I tried upgrading my home desktop from 11.04 to
> 11.10 and one of the first things I check when I do this is whether ssh and
> kerberos are working properly because I often work from home on this
> computer.  I also have a laptop with 11.04 that I have NOT upgraded to 11.10
> for comparison.  As far as I can tell, kerberos is functioning properly and
> the errors I posted earlier indicate that my destop (11.10) now cannot
> communicate the kerberos ticket while ssh'ing via gssapi-with-mic, whereas
> my laptop (11.04) does communicate the ticket successfully with
> gssapi-with-mic.  I've scoured the files in /username/.ssh/ and in /etc/ssh/
> for any discrepant settings and even tried outright replacing such files
> (not .ssh/known_hosts, of course, but I did try deleting and regenerating
> it), but nothing produces a different result.
>
>
> Jason
>
>
> On Sun, Oct 16, 2011 at 12:30 PM, Clint Byrum <clint at fewbar.com> wrote:
>
>> Ok Jason, thanks for all the leg work. I think at this point we need to
>> try and reproduce your setup to try and address the bug. To be clear,
>>
>> Your client is on 11.10, and can obtain kerberos tickets fine, but
>> cannot log into any SSH service that normally would accept these
>> tickets.
>>
>> Is that an accurate reflection of the problem?
>>
>> ** Summary changed:
>>
>> - ssh fails after upgrade to 11.10
>> + ssh with kerberos fails after upgrade to 11.10
>>
>> ** Changed in: openssh (Ubuntu)
>>       Status: Incomplete => New
>>
>> --
>> You received this bug notification because you are subscribed to the bug
>> report.
>> https://bugs.launchpad.net/bugs/874518
>>
>> Title:
>>  ssh with kerberos fails after upgrade to 11.10
>>
>> Status in “openssh” package in Ubuntu:
>>  New
>>
>> Bug description:
>>  I upgraded from 11.04 to 11.10 and upon completion found that I could no
>> longer ssh into other computers that I routinely do so.  There are several
>> things I've checked:
>>  1. Kerberos authentication is working fine, that's not the problem.
>>  2. I tried restarting and reinstalling ssh, but neither helped.
>>  3. I tried copying over all ssh related files from my laptop (with a
>> properly function ssh in 11.04) and replace what is on my 11.10
>> malfunctioning OS, but that did not help.
>>  4. I tried deleting the .ssh/known_hosts file.  On my next attempt, I
>> received the normal message about connecting somewhere for the first time,
>> but was still refused a connection.
>>  5.
>>
>>  jason:~$ /usr/sbin/sshd -ddd
>>  debug2: load_server_config: filename /etc/ssh/sshd_config
>>  debug2: load_server_config: done config len = 682
>>  debug2: parse_server_config: config /etc/ssh/sshd_config len 682
>>  debug3: /etc/ssh/sshd_config:5 setting Port 22
>>  debug3: /etc/ssh/sshd_config:9 setting Protocol 2
>>  debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
>>  debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
>>  debug3: /etc/ssh/sshd_config:13 setting HostKey
>> /etc/ssh/ssh_host_ecdsa_key
>>  debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
>>  debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
>>  debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
>>  debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
>>  debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
>>  debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
>>  debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
>>  debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
>>  debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
>>  debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
>>  debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
>>  debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
>>  debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
>>  debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
>>  debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication
>> no
>>  debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
>>  debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
>>  debug3: /etc/ssh/sshd_config:65 setting PrintMotd no
>>  debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes
>>  debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes
>>  debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_*
>>  debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp
>> /usr/lib/openssh/sftp-server
>>  debug3: /etc/ssh/sshd_config:87 setting UsePAM yes
>>  debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
>>  debug3: Incorrect RSA1 identifier
>>  debug1: read PEM private key done: type RSA
>>  debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
>>  debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
>>  debug1: private host key: #0 type 1 RSA
>>  debug3: Incorrect RSA1 identifier
>>  debug1: read PEM private key done: type DSA
>>  debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
>>  debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
>>  debug1: private host key: #1 type 2 DSA
>>  debug3: Incorrect RSA1 identifier
>>  debug1: read PEM private key done: type ECDSA
>>  debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
>>  debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
>>  debug1: private host key: #2 type 3 ECDSA
>>  debug1: setgroups() failed: Operation not permitted
>>  debug1: rexec_argv[0]='/usr/sbin/sshd'
>>  debug1: rexec_argv[1]='-ddd'
>>  debug3: oom_adjust_setup
>>  Set /proc/self/oom_score_adj from 0 to -1000
>>  debug2: fd 3 setting O_NONBLOCK
>>  debug1: Bind to port 22 on 0.0.0.0.
>>  Bind to port 22 on 0.0.0.0 failed: Permission denied.
>>  debug2: fd 3 setting O_NONBLOCK
>>  debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
>>  debug1: Bind to port 22 on ::.
>>  Bind to port 22 on :: failed: Permission denied.
>>  Cannot bind any address.
>>
>>  Maybe the problem is in that readout, but I'm not familiar enough with
>>  this output to know.
>>
>>  My laptop which still has Ubuntu 11.04 still can successfully log into
>>  the computers I need to, so the problem is definitely related to the
>>  upgrade of my desktop to 11.10.
>>
>>  ProblemType: Bug
>>  DistroRelease: Ubuntu 11.10
>>  Package: ssh (not installed)
>>  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4
>>  Uname: Linux 3.0.0-12-generic-pae i686
>>  NonfreeKernelModules: wl
>>  ApportVersion: 1.23-0ubuntu3
>>  Architecture: i386
>>  Date: Fri Oct 14 13:40:37 2011
>>  InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
>>  ProcEnviron:
>>   PATH=(custom, no user)
>>   LANG=en_US.UTF-8
>>   SHELL=/bin/bash
>>  SourcePackage: openssh
>>  UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago)
>>
>> To manage notifications about this bug go to:
>>
>> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions
>>
>
>

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/874518

Title:
  ssh with kerberos fails after upgrade to 11.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions

More information about the Ubuntu-server-bugs mailing list