![]() |
No joy.
Ok, here is a detailed description of the conditions. I have tried to set things up to emliminate any extraneous influences. CONDITIONS: - server and client are now directly connected by CAT5 and have manually specified addresses. - no firewall on either end - remote login is started Code:
May 21 11:00:17 Mutsu xinetd[1001]: xinetd Version 2.3.11 started with libwrap options compiled in.CONFIGURATION FILES (these are the same on both client and server): - /etc/sshd_config: Code:
#Port 221) set "Protocol 2" 2) set "LogLevel DEBUG3" 3) set "PermitRootLogin no" - ~/.ssh/config: Code:
# Host *1) set "RSAAuthentication no" 2) set "Protocol 2" 3) set "HostKeyAlgorithms ssh-dss" 4) set "LogLevel DEBUG3" 5) set "User JDR" SETUP AND EXECUTION: 1) Generate keys on server and client "ssh-keygen -t dsa" 2) Exchange public keys where each public key becomes "~/.ssh/authorized_keys" and also (for good measure) "~/.ssh/authorized_keys2" 3) Idiot check that there are not line feeds in these files 4) try the connection "ssh 192.168.0.9" or "ssh -l JDR 192.168.0.9" OR "ssh JDR@192.168.09" 5) piss and moan I won't inlcude again the client reponse, but here is what is logged on the server: Code:
May 21 11:13:51 Mutsu xinetd[1001]: START: ssh pid=1156 from=192.168.0.8 |
Well, I just replaced my ssh_config and my sshd_config with yours on both my Uni and home machine, and I can still connect with no problems.... I do get this
Code:
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLYSo, it does not seem to be your '_config' files. A long shot, and one I don't expect it to be, but you username is all uppercase. have you tried with a user with lowercase name? In fact, what you may want to do is to create a generic user on both machines, set all config files back to standard, set up keys and try to get it to work then. If it works, then slowly add one change at a time until it breaks. If it doesn't, then we will see where that leads us. |
I am still having serious issues logging into my Linux box after upgrading to 10.3.4. I have been admin this headless Linux box for over 2 years from the OS X box via SSH with no problems whatsoever. After updating to 10.3.4 - I can no longer login to the Linux box. Nothing has changed on the Linux box either.
I can verify that port 22 is still available on the Linux box, and I have tried deleting keys from the the OS X box as well as the whole .ssh dirs - stil no luck. Here is a typical session - hope someone can offer some advice... I'm stuck! Code:
XXXX% ssh -vvv root@linux |
Quote:
|
Yes I am sure the sshd isn't dying on the remote server. This is on a very stable production server that has been rock solid with ssh for the last 2 years. Only after the latest Security Update/10.3.4 update have I been unable to access it.
Quote:
|
i am seeing the problem too. two weeks ago, i was able to access an ssh server. now (after the recent security update), i am not. running ssh with -v option, i see what look to be a lot of the same error messages "an invalid name was supplied", "configuration file does not specify a default realm", etc.
anyway, i just wanted to confirm that it appears that something broke due to the security update. i can still access some hosts normally. just one host is broken. i'm not sure how to fix it. |
davidduff,
Is your remote server at this version as well? Code:
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2From bluehz Code:
... |
I finally solved my problem after a lot of log watching, debugging on the server. Seems the server was looking for a dir named /var/empty and this dir did not exist. Why the server all of the sudden required this dir is beyond me. I have not modified the server or deleted anything in over 3-4 weeks, and the problem just started last week.
Anyway - as soon as I created a /var/empty - I was able to login again from 10.3.4. |
From here (first google hit on '/var/empty ssh')
Quote:
I suppose it is possible that this 'privilege separation' thing only happens on the server for new versions of the client, but that seems pretty weird if it is so.... PS. told you the server was dying! :D (couldn't resist) |
Very interesting! Thx!
|
| All times are GMT -5. The time now is 08:52 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.