Skip to main content

Thread: SSH ignores "StrictModes no"

-

i'm trying set sshd. had strictmodes set "yes" , changed "no." sshd seems reading setting properly, can see below, it's still refusing public key when permissions set 755.

here's debug output sshd. (i deleted ip address due paranoia.) values sshd_config file can seen in output.

code:
$ sudo /usr/sbin/sshd -ddd -e  debug2: load_server_config: filename /etc/ssh/sshd_config  debug2: load_server_config: done config len = 843  debug2: parse_server_config: config /etc/ssh/sshd_config len 843  debug3: /etc/ssh/sshd_config:6 setting strictmodes no  debug3: /etc/ssh/sshd_config:11 setting port 2727  debug3: /etc/ssh/sshd_config:14 setting addressfamily inet  debug3: /etc/ssh/sshd_config:21 setting protocol 2  debug3: /etc/ssh/sshd_config:24 setting x11forwarding no  debug3: /etc/ssh/sshd_config:27 setting tcpkeepalive no  debug3: /etc/ssh/sshd_config:28 setting clientaliveinterval 600  debug3: /etc/ssh/sshd_config:29 setting clientalivecountmax 3  debug3: /etc/ssh/sshd_config:32 setting useprivilegeseparation yes  debug3: /etc/ssh/sshd_config:38 setting hostkey /etc/ssh/ssh_host_rsa_key  debug3: /etc/ssh/sshd_config:39 setting hostkey /etc/ssh/ssh_host_dsa_key  debug3: /etc/ssh/sshd_config:42 setting keyregenerationinterval 3600  debug3: /etc/ssh/sshd_config:43 setting serverkeybits 768  debug3: /etc/ssh/sshd_config:46 setting permitblacklistedkeys no  debug3: /etc/ssh/sshd_config:52 setting allowusers jordon  debug3: /etc/ssh/sshd_config:55 setting logingracetime 60  debug3: /etc/ssh/sshd_config:58 setting permitrootlogin no  debug3: /etc/ssh/sshd_config:64 setting ignorerhosts yes  debug3: /etc/ssh/sshd_config:67 setting hostbasedauthentication no  debug3: /etc/ssh/sshd_config:69 setting rsaauthentication yes  debug3: /etc/ssh/sshd_config:70 setting pubkeyauthentication yes  debug3: /etc/ssh/sshd_config:74 setting rhostsrsaauthentication no  debug3: /etc/ssh/sshd_config:77 setting hostbasedauthentication no  debug3: /etc/ssh/sshd_config:80 setting ignoreuserknownhosts yes  debug3: /etc/ssh/sshd_config:83 setting permitemptypasswords no  debug3: /etc/ssh/sshd_config:87 setting challengeresponseauthentication no  debug3: /etc/ssh/sshd_config:91 setting passwordauthentication no  debug3: /etc/ssh/sshd_config:97 setting usepam no  debug3: /etc/ssh/sshd_config:103 setting syslogfacility auth  debug3: /etc/ssh/sshd_config:104 setting loglevel info  debug3: /etc/ssh/sshd_config:110 setting printmotd no  debug3: /etc/ssh/sshd_config:113 setting printlastlog yes  debug3: /etc/ssh/sshd_config:115 setting maxauthtries 2  debug3: /etc/ssh/sshd_config:117 setting maxstartups 1  debug3: /etc/ssh/sshd_config:119 setting subsystem sftp /usr/lib/openssh/sftp-server  debug1: sshd version openssh_5.1p1 debian-6ubuntu2  debug3: not rsa1 key file /etc/ssh/ssh_host_rsa_key.  debug1: read pem private key done: type rsa  debug1: checking blacklist file /usr/share/ssh/blacklist.rsa-2048  debug1: checking blacklist file /etc/ssh/blacklist.rsa-2048  debug1: private host key: #0 type 1 rsa  debug3: not rsa1 key file /etc/ssh/ssh_host_dsa_key.  debug1: read pem private key done: type dsa  debug1: checking blacklist file /usr/share/ssh/blacklist.dsa-1024  debug1: checking blacklist file /etc/ssh/blacklist.dsa-1024  debug1: private host key: #1 type 2 dsa  debug1: rexec_argv[0]='/usr/sbin/sshd'  debug1: rexec_argv[1]='-ddd'  debug1: rexec_argv[2]='-e'  debug2: fd 3 setting o_nonblock  debug1: bind port 2727 on 0.0.0.0.  server listening on 0.0.0.0 port 2727.  debug3: fd 4 not o_nonblock  debug1: server not fork when running in debugging mode.  debug3: send_rexec_state: entering fd = 7 config len 843  debug3: ssh_msg_send: type 0  debug3: send_rexec_state: done  debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7  debug3: recv_rexec_state: entering fd = 5  debug3: ssh_msg_recv entering  debug3: recv_rexec_state: done  debug2: parse_server_config: config rexec len 843  debug3: rexec:6 setting strictmodes no  debug3: rexec:11 setting port 2727  debug3: rexec:14 setting addressfamily inet  debug3: rexec:21 setting protocol 2  debug3: rexec:24 setting x11forwarding no  debug3: rexec:27 setting tcpkeepalive no  debug3: rexec:28 setting clientaliveinterval 600  debug3: rexec:29 setting clientalivecountmax 3  debug3: rexec:32 setting useprivilegeseparation yes  debug3: rexec:38 setting hostkey /etc/ssh/ssh_host_rsa_key  debug3: rexec:39 setting hostkey /etc/ssh/ssh_host_dsa_key  debug3: rexec:42 setting keyregenerationinterval 3600  debug3: rexec:43 setting serverkeybits 768  debug3: rexec:46 setting permitblacklistedkeys no  debug3: rexec:52 setting allowusers jordon  debug3: rexec:55 setting logingracetime 60  debug3: rexec:58 setting permitrootlogin no  debug3: rexec:64 setting ignorerhosts yes  debug3: rexec:67 setting hostbasedauthentication no  debug3: rexec:69 setting rsaauthentication yes  debug3: rexec:70 setting pubkeyauthentication yes  debug3: rexec:74 setting rhostsrsaauthentication no  debug3: rexec:77 setting hostbasedauthentication no  debug3: rexec:80 setting ignoreuserknownhosts yes  debug3: rexec:83 setting permitemptypasswords no  debug3: rexec:87 setting challengeresponseauthentication no  debug3: rexec:91 setting passwordauthentication no  debug3: rexec:97 setting usepam no  debug3: rexec:103 setting syslogfacility auth  debug3: rexec:104 setting loglevel info  debug3: rexec:110 setting printmotd no  debug3: rexec:113 setting printlastlog yes  debug3: rexec:115 setting maxauthtries 2  debug3: rexec:117 setting maxstartups 1  debug3: rexec:119 setting subsystem sftp /usr/lib/openssh/sftp-server  debug1: sshd version openssh_5.1p1 debian-6ubuntu2  debug3: not rsa1 key file /etc/ssh/ssh_host_rsa_key.  debug1: read pem private key done: type rsa  debug1: checking blacklist file /usr/share/ssh/blacklist.rsa-2048  debug1: checking blacklist file /etc/ssh/blacklist.rsa-2048  debug1: private host key: #0 type 1 rsa  debug3: not rsa1 key file /etc/ssh/ssh_host_dsa_key.  debug1: read pem private key done: type dsa  debug1: checking blacklist file /usr/share/ssh/blacklist.dsa-1024  debug1: checking blacklist file /etc/ssh/blacklist.dsa-1024  debug1: private host key: #1 type 2 dsa  debug1: inetd sockets after dupping: 3, 3  connection [ip redacted] port 41085  debug1: client protocol version 2.0; client software version openssh_5.1p1 debian-6ubuntu2  debug1: match: openssh_5.1p1 debian-6ubuntu2 pat openssh*  debug1: enabling compatibility mode protocol 2.0  debug1: local version string ssh-2.0-openssh_5.1p1 debian-6ubuntu2  debug2: fd 3 setting o_nonblock  debug3: privsep user:group 113:65534  debug1: permanently_set_uid: 113/65534  debug1: list_hostkey_types: ssh-rsa,ssh-dss  debug1: ssh2_msg_kexinit sent  debug1: ssh2_msg_kexinit received  debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1  debug2: kex_parse_kexinit: ssh-rsa,ssh-dss  debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr  debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96  debug2: kex_parse_kexinit: none,zlib@openssh.com  debug2: kex_parse_kexinit: none,zlib@openssh.com  debug2: kex_parse_kexinit:   debug2: kex_parse_kexinit:   debug2: kex_parse_kexinit: first_kex_follows 0   debug2: kex_parse_kexinit: reserved 0   debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1  debug2: kex_parse_kexinit: ssh-rsa,ssh-dss  debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr  debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96  debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96  debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib  debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib  debug2: kex_parse_kexinit:   debug2: kex_parse_kexinit:   debug2: kex_parse_kexinit: first_kex_follows 0   debug2: kex_parse_kexinit: reserved 0   debug2: mac_setup: found hmac-md5  debug1: kex: client->server aes128-cbc hmac-md5 none  debug2: mac_setup: found hmac-md5  debug1: kex: server->client aes128-cbc hmac-md5 none  debug1: ssh2_msg_kex_dh_gex_request received  debug3: mm_request_send entering: type 0  debug3: mm_choose_dh: waiting monitor_ans_moduli  debug3: mm_request_receive_expect entering: type 1  debug3: mm_request_receive entering  debug2: network child on pid 5255  debug3: preauth child monitor started  debug3: mm_request_receive entering  debug3: monitor_read: checking request 0  debug3: mm_answer_moduli: got parameters: 1024 1024 8192  debug3: mm_request_send entering: type 1  debug2: monitor_read: 0 used once, disabling  debug3: mm_request_receive entering  debug3: mm_choose_dh: remaining 0  debug1: ssh2_msg_kex_dh_gex_group sent  debug2: dh_gen_key: priv key bits set: 121/256  debug2: bits set: 509/1024  debug1: expecting ssh2_msg_kex_dh_gex_init  debug2: bits set: 500/1024  debug3: mm_key_sign entering  debug3: mm_request_send entering: type 5  debug3: mm_key_sign: waiting monitor_ans_sign  debug3: mm_request_receive_expect entering: type 6  debug3: mm_request_receive entering  debug3: monitor_read: checking request 5  debug3: mm_answer_sign  debug3: mm_answer_sign: signature 0x2523bf8(271)  debug3: mm_request_send entering: type 6  debug2: monitor_read: 5 used once, disabling  debug3: mm_request_receive entering  debug1: ssh2_msg_kex_dh_gex_reply sent  debug2: kex_derive_keys  debug2: set_newkeys: mode 1  debug1: ssh2_msg_newkeys sent  debug1: expecting ssh2_msg_newkeys  debug2: set_newkeys: mode 0  debug1: ssh2_msg_newkeys received  debug1: kex done  debug1: userauth-request user jordon service ssh-connection method none  debug1: attempt 0 failures 0  debug3: mm_getpwnamallow entering  debug3: mm_request_send entering: type 7  debug3: mm_getpwnamallow: waiting monitor_ans_pwnam  debug3: mm_request_receive_expect entering: type 8  debug3: mm_request_receive entering  debug3: monitor_read: checking request 7  debug3: mm_answer_pwnamallow  debug3: trying reverse map address [ip redacted].  debug2: parse_server_config: config reprocess config len 843  debug3: auth_shadow_acctexpired: today 14633 sp_expire -1 days left -14634  debug3: account expiration disabled  debug3: mm_answer_pwnamallow: sending monitor_ans_pwnam: 1  debug3: mm_request_send entering: type 8  debug2: monitor_read: 7 used once, disabling  debug3: mm_request_receive entering  debug2: input_userauth_request: setting authctxt jordon  debug3: mm_inform_authserv entering  debug3: mm_request_send entering: type 3  debug2: input_userauth_request: try method none  debug3: monitor_read: checking request 3  debug3: mm_answer_authserv: service=ssh-connection, style=, role=  debug2: monitor_read: 3 used once, disabling  debug3: mm_request_receive entering  connection closed [ip redacted]  debug1: do_cleanup  debug1: do_cleanup
someone else seems have had problem, didn't seem solved. can help?

edit: mean issues still occurs me on ubuntu 11.04


Forum The Ubuntu Forum Community Ubuntu Official Flavours Support Networking & Wireless [all variants] SSH ignores "StrictModes no"


Ubuntu

Comments

Post a Comment

Popular posts from this blog

Flip address is out of range arduino uno r3

-
hello  guy, trying flash firmware on arduino uno rev3 atmega 16u2 using atmel flip. whenever try , import .hex file program, throws error " address out of range ." have looked around online , haven't found solution. , info helpful. here hex file : https://github.com/nicohood/hoodloader2/blob/master/avr/bootloaders/hexfiles/hoodloader2_0_5_uno_atmega16u2.hex its using arduino uno hid Arduino Forum > Using Arduino > Installation & Troubleshooting > Flip address is out of range arduino uno r3 arduino
Read more

Arduino Uno not uploading

-
hi guys, so, have arduino uno r3 (not wired thing) when try upload sketch (even empty sketch) first takes long in "uploading..." comes error: arduino: 1.8.0 (windows 10), board: "arduino/genuino uno" sketch uses 444 bytes (1%) of program storage space. maximum 32256 bytes. global variables use 9 bytes (0%) of dynamic memory, leaving 2039 bytes local variables. maximum 2048 bytes. avrdude: stk500_recv(): programmer not responding avrdude: stk500_getsync() attempt 1 of 10: not in sync: resp=0x9f avrdude: stk500_recv(): programmer not responding avrdude: stk500_getsync() attempt 2 of 10: not in sync: resp=0x9f avrdude: stk500_recv(): programmer not responding avrdude: stk500_getsync() attempt 3 of 10: not in sync: resp=0x9f avrdude: stk500_recv(): programmer not responding avrdude: stk500_getsync() attempt 4 of 10: not in sync: resp=0x9f avrdude: stk500_recv(): programmer not responding avrdude: stk500_getsync() attempt 5 of 10: not in sync: resp=0x9f avrdude...
Read more

Indesign and MathType fonts

-
i having trouble getting indesign recognize mathtype fonts.  have been told move mathtype fonts on 2 indesign font folder.  copied mt-extra font file mathtype folder , pasted indesign font folder.  nothing changed.  indesign still gives me blank box after copy mt-extra font mathtype -->illustrator-->indesign.   guess need instructions on how transfer of fonts done correctly.  i'v looked @ install fonts manual indesign, not clear me on how it.  need utility fontexplorer this, or there other way.  what's weird working fine until had reinstall osx , reinstall cs3, font trouble started.  need toggle "activate-reactivate' adobe cs3 , don't know how close 20 max on this, worried that.  (i suspect because of note on forum might necessary).  thoughts appreciated. i'm using windows, advice may worth nothing...   1) shouldn't have deactivate id recognize fonts. 2) design science gives fonts away in type 1 , truetype flavors....
Read more