[Gllug] Inconsistent SSH denial of access
Lucian @ lastdot.org
lucian at lastdot.org
Mon Nov 23 02:02:51 UTC 2009
On Tue, Nov 17, 2009 at 1:01 AM, gvim <gvimrc at googlemail.com> wrote:
> I have ssh access to a server running CentOS 4.3 from my home machine (OS X Leopard) which has been working with my id_dsa file after I installed my public key on the server. After changing the server's sshd_conf to allow only public key access I now find I'm being locked out but .... not always. Very occasionally I can connect but most of the time I get the following:
>
> OpenSSH_5.2p1, OpenSSL 0.9.7l 28 Sep 2006
> debug1: Reading configuration data /etc/ssh_config
> debug1: Connecting to <host> [83.177.122.211] port 22.
> debug1: Connection established.
> debug1: identity file /Users/<user>/.ssh/identity type -1
> debug1: identity file /Users/<user>/.ssh/id_rsa type -1
> debug1: identity file /Users/<user>/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1
> debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.2
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host '<host>' is known and matches the RSA host key.
> debug1: Found key in /Users/<user>/.ssh/known_hosts:13
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Offering public key: /Users/<user>/.ssh/id_dsa
> debug1: Authentications that can continue: publickey
> debug1: Trying private key: /Users/<user>/.ssh/identity
> debug1: Trying private key: /Users/<user>/.ssh/id_rsa
> debug1: Trying private key: /Users/<user>/.ssh/id_dsa
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> debug1: read PEM private key done: type DSA
> debug1: Authentications that can continue: publickey
> debug1: No more authentication methods to try.
> Permission denied (publickey).
>
> So it's mainly denial of access with occasional access, which I find hard to fathom. My ISP is PlusNet and the client's is BT. I manage other servers from my end with the same key pair so it can't be PlusNet's problem. Usernames and hosts replaced with <user>, <host> for confidentiality.
>
> gvim
>
>
> --
> Gllug mailing list - Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
>
This happened to me when trying to connect to a ssh server from an IP
with very slow resolving reverse dns entry. This may also happen if
the nameserver you use has issues. If you ever manage to login, edit
sshd_config and set UseDNS to no and see if that helps.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list