[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] can TELNET can NOT SSH

Subject: [cobalt-security] can TELNET can NOT SSH
From: Warren Daly <warren.daly@xxxxxxxxx>
Date: Fri, 30 Nov 2001 10:15:02 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hello,
I have freshly installed a COBALT RAQ 4i.  I have installed SSL and then
compiled/installed SSH 3.0.1 
I can telnet to the machine and gain access.
I can SSH to the box and get prompted for username and password I input the
correct password but it will not allow me access.  The password is correct!!
I did read something about copying a file sshd.pam to /etc/pam.d and
renaming  it to sshd. Which I did but this does not work. I have also added
the line to sshd_config  which is 
AllowUsers username    
This didn't work either!!!  I cannot find anything else.  I have compiled
with and without PAM.  Did you have the same problem! 
please  help?
thanks,
warren


****SSHD****
[root sbin]# ./sshd -d
debug1: Seeding random number generator
debug1: sshd version OpenSSH_3.0p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Invalid argument
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 193.x.x.x port 2553
debug1: Client protocol version 1.5; client software version PuTTY
debug1: no match: PuTTY
debug1: Local version string SSH-1.99-OpenSSH_3.0p1
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for admin.
Failed password for admin from 193.x.x.x port 2553
Failed password for admin from 193.x.x.x port 2553
Failed password for admin from 193.x.x.x port 2553
Failed password for admin from 193.x.x.x port 2553
Read from socket failed: Connection reset by peer
debug1: Calling cleanup 0x806678c(0x0)

***my sshd_config file ***

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
HostKey /usr/local/etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

# Authentication:

LoginGraceTime 600
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in
/usr/local/etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no
"sshd_config" 80L, 2049C

Follow-Ups:
- Re: [cobalt-security] can TELNET can NOT SSH
  - From: MikeM

Prev by Date: Re: [cobalt-security] OpenSSH 3.0.1??
Next by Date: [cobalt-security] can TELNET can NOT SSH?
Previous by thread: Re: [cobalt-security] OpenSSH 3.0.1??
Next by thread: Re: [cobalt-security] can TELNET can NOT SSH

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index