From: Clayton Evans <CEvans AT joshitech DOT com>
To: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Date: Thu, 13 Oct 2011 17:21:11 -0500
Subject: openssh authentification
Message-ID: <C1D4084E4F215A4F890E70E3675DF633491EC860BE@JTISBS8.joshitech.local>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Content-Transfer-Encoding: 8bit

I have installed OpenSSH_5.9p1 on two machines, the host machine and the client machine.

The host machine is Windows 7 (64-bit) named jti031

The client machine is Windows XP (32-bit)

On the host machine ssh-host-config was run.  Testing with 'ssh localhost' resulted in the ssh prompt for a password, the windows domain password was accepted by ssh and ssh logged in.  Then ssh-user-config was run on the host.  Testing with 'ssh localhost' resulted in ssh logged in with no request for a password.  I conclude that all is well on the host.

On the client machine ssh-user-config was run.  Testing with 'ssh -vvv jti031' does not log in.  All the public keys do not work and the Windows domain password was not accepted.  I have probably made some rookie mistake with the keys, but why password authentication does not work baffles me.

$ ssh -vvv jti031
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to jti031 [192.168.58.29] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/cevans/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/cevans/.ssh/id_rsa type 1
debug1: identity file /home/cevans/.ssh/id_rsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/cevans/.ssh/id_dsa" as a RSA1 public key
debug1: identity file /home/cevans/.ssh/id_dsa type 2
debug1: identity file /home/cevans/.ssh/id_dsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/cevans/.ssh/id_ecdsa" as a RSA1 public key
debug1: identity file /home/cevans/.ssh/id_ecdsa type 3
debug1: identity file /home/cevans/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "jti031" from file "/home/cevans/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/cevans/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01 AT openssh DOT com,ecdsa-sha2-nistp384-cert-v01 AT openssh DOT com,ecdsa-sha2-nistp521-cert-v01 AT openssh DOT com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 AT openssh DOT com,ecdsa-sha2-nistp384-cert-v01 AT openssh DOT com,ecdsa-sha2-nistp521-cert-v01 AT openssh DOT com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01 AT openssh DOT com,ssh-dss-cert-v01 AT openssh DOT com,ssh-rsa-cert-v00 AT openssh DOT com,ssh-dss-cert-v00 AT openssh DOT com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc AT lysator DOT liu DOT se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc AT lysator DOT liu DOT se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 AT openssh DOT com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 AT openssh DOT com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib AT openssh DOT com,zlib
debug2: kex_parse_kexinit: none,zlib AT openssh DOT com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc AT lysator DOT liu DOT se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc AT lysator DOT liu DOT se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 AT openssh DOT com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 AT openssh DOT com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160 AT openssh DOT com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib AT openssh DOT com
debug2: kex_parse_kexinit: none,zlib AT openssh DOT com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 42:04:0a:2f:7e:07:06:86:79:bf:e8:28:8a:eb:6c:21
debug3: load_hostkeys: loading entries for host "jti031" from file "/home/cevans/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/cevans/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "192.168.58.29" from file "/home/cevans/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/cevans/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'jti031' is known and matches the ECDSA host key.
debug1: Found key in /home/cevans/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/cevans/.ssh/id_rsa (0x4f7468)
debug2: key: /home/cevans/.ssh/id_dsa (0x4f9be8)
debug2: key: /home/cevans/.ssh/id_ecdsa (0x4fb328)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/cevans/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering DSA public key: /home/cevans/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering ECDSA public key: /home/cevans/.ssh/id_ecdsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
cevans AT jti031's password:
debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
cevans AT jti031's password:
debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64)
debug2: we sent a password packet, wait for reply
Received disconnect from 192.168.58.29: 2: Too many authentication failures for cevans

Clayton Evans

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple