Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ssh fails on internal network
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
jedsen
Apprentice
Apprentice


Joined: 15 Oct 2004
Posts: 276
Location: Sacramento, California, USA

PostPosted: Sun Jan 15, 2006 3:38 pm    Post subject: ssh fails on internal network Reply with quote

When I try to ssh into my laptop, I get this error:
Quote:
OpenSSH_4.2p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.2.2 [192.168.2.2] port 22.
debug1: Connection established.
debug1: identity file /home/jedsen/.ssh/identity type -1
debug1: identity file /home/jedsen/.ssh/id_rsa type -1
debug1: identity file /home/jedsen/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.2.2' is known and matches the RSA host key.
debug1: Found key in /home/jedsen/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/jedsen/.ssh/identity
debug1: Trying private key: /home/jedsen/.ssh/id_rsa
debug1: Trying private key: /home/jedsen/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).

I'm able to ssh into my desktop from my laptop, just not the other way around. I don't have access to the sshd_config on the laptop because it's half-way b0rked, It looks like I don't have a private key? How do I generate one?
Back to top
View user's profile Send private message
desultory
Administrator
Administrator


Joined: 04 Nov 2005
Posts: 9345

PostPosted: Sun Jan 15, 2006 5:41 pm    Post subject: Reply with quote

I do not know the error messages for failed versus lacking private keys.

To generate new keys use ssh-keygen (net-misc/openssh), for default key sizes:
Code:
ssh-keygen -t $type
Where $type is one of rsa, dsa or rsa1. When you use the new keys you will get errors about having the wrong key if you had a key associated with that user on that machine, unless you maunally reshare the key.

Before you generate new keys check your ~/.ssh/ to see what is there, if you have valid keys in that directory, you have other problems.
Back to top
View user's profile Send private message
jedsen
Apprentice
Apprentice


Joined: 15 Oct 2004
Posts: 276
Location: Sacramento, California, USA

PostPosted: Sun Jan 15, 2006 6:14 pm    Post subject: Reply with quote

Generating a private key didn't help, as it is not listed in ~/.ssh/authorized_keys on the remote machine.

Still, shouldn't the keyboard-interactive and password authentication work? It looks like it's skipping them for some reason.
Back to top
View user's profile Send private message
desultory
Administrator
Administrator


Joined: 04 Nov 2005
Posts: 9345

PostPosted: Sun Jan 15, 2006 7:21 pm    Post subject: Reply with quote

As you had stated that you retained access from the laptop to the desktop, why not ssh in and copy it over?

It is quite possible to configure openssh to not use such forms of authenication.


Last edited by desultory on Sun Jan 15, 2006 8:12 pm; edited 1 time in total
Back to top
View user's profile Send private message
jedsen
Apprentice
Apprentice


Joined: 15 Oct 2004
Posts: 276
Location: Sacramento, California, USA

PostPosted: Sun Jan 15, 2006 7:56 pm    Post subject: Reply with quote

desultory wrote:
As you had stated that you retained access from the laptop to the desktop, why not ssh in any copy it over?

It is quite possible to configure openssh to not use such forms of authenication.

Yes, but as I cannot ssh into my laptop, and do not have access to it at the moment, I cannot copy the correct keys over.

My question is, why isn't the password/keyboard authentication method working?

Oh, and by the way, thank you for your help :D
Back to top
View user's profile Send private message
desultory
Administrator
Administrator


Joined: 04 Nov 2005
Posts: 9345

PostPosted: Sun Jan 15, 2006 8:30 pm    Post subject: Reply with quote

Once you can access the laptop, physically, you should be able to ssh in to your desktop and copy the key into the right place to allow the desktop to reciprocate the connection.

You might have a problem with PAM or you could have 'PasswordAuthentication' set to 'no' in the sshd config file, in which case this behaviour is what you asked for.
Back to top
View user's profile Send private message
jedsen
Apprentice
Apprentice


Joined: 15 Oct 2004
Posts: 276
Location: Sacramento, California, USA

PostPosted: Sun Jan 15, 2006 11:54 pm    Post subject: Reply with quote

I didn't say that clearly, I completely removed PAM from my system, so I can no longer log in manually.

It looks like the lack of PAM is the problem. What s stupid mistake, no? Anyway, thanks, desultory, and let this be a lesson to all you out there. My laptop is now completely unusable, because of this, for I can't boot a cd either.
Back to top
View user's profile Send private message
desultory
Administrator
Administrator


Joined: 04 Nov 2005
Posts: 9345

PostPosted: Mon Jan 16, 2006 12:20 am    Post subject: Reply with quote

All might not yet be lost.

If you can use grub to boot you might be able to use the old init= trick to get things working enough to get PAM back.

In broad strokes (note that I have not tried this):

  1. Start your machine with your normal kernel command line plus init=/bin/bash.
  2. Change your inittab so that instead of agetty it starts bash on at least tty1.
  3. Reboot (for geek points exec init instead of rebooting).
  4. Revert your inittab.
  5. Emerge PAM and and anything that might use it (openssh, et cetera ).
Take solace in the facts that (a) you are not alone and (b) will likely never do that again.
Back to top
View user's profile Send private message
jedsen
Apprentice
Apprentice


Joined: 15 Oct 2004
Posts: 276
Location: Sacramento, California, USA

PostPosted: Mon Jan 16, 2006 2:15 am    Post subject: Reply with quote

Awesome, your instructions worked, pam is now re-installed on my laptop. Thanks much! For prosterity:
After init booted, the file system was mounted read-only, so I ran:
Code:
mount -o remount -rw -t <filesystem type> /dev/hdaX /
then edited /etc/inittab
Also, executing init didn't work, i got this error: /dev/initctl: no such file, or some such, so I rebooted.
Thanks again, desultory! You really saved me.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum