[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 268186] Kerberos authentication fails with a Linux/FreeIPA KDC"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 06 Jan 2023 17:05:55 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268186 --- Comment #52 from amendlik@gmail.com --- Here is the server-side log: debug2: load_server_config: filename /usr/local/etc/ssh/sshd_config debug2: load_server_config: done config len = 1008 debug2: parse_server_config_depth: config /usr/local/etc/ssh/sshd_config len 1008 debug3: /usr/local/etc/ssh/sshd_config:6 setting Port 22 debug3: /usr/local/etc/ssh/sshd_config:7 setting Protocol 2 debug2: /usr/local/etc/ssh/sshd_config line 7: Deprecated option Protocol debug3: /usr/local/etc/ssh/sshd_config:8 setting SyslogFacility AUTHPRIV debug3: /usr/local/etc/ssh/sshd_config:9 setting LoginGraceTime 60 debug3: /usr/local/etc/ssh/sshd_config:10 setting PermitRootLogin no debug3: /usr/local/etc/ssh/sshd_config:11 setting MaxAuthTries 4 debug3: /usr/local/etc/ssh/sshd_config:12 setting PubkeyAuthentication no debug3: /usr/local/etc/ssh/sshd_config:13 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /usr/local/etc/ssh/sshd_config:14 setting AuthorizedKeysCommand /usr/local/bin/sss_ssh_authorizedkeys debug3: /usr/local/etc/ssh/sshd_config:15 setting AuthorizedKeysCommandUser nobody debug3: /usr/local/etc/ssh/sshd_config:16 setting ChallengeResponseAuthentication no debug3: /usr/local/etc/ssh/sshd_config:17 setting PasswordAuthentication no debug3: /usr/local/etc/ssh/sshd_config:18 setting KerberosAuthentication no debug3: /usr/local/etc/ssh/sshd_config:19 setting GSSAPIAuthentication yes debug3: /usr/local/etc/ssh/sshd_config:20 setting GSSAPICleanupCredentials no debug3: /usr/local/etc/ssh/sshd_config:21 setting X11Forwarding no debug3: /usr/local/etc/ssh/sshd_config:22 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION LC_ALL LANGUAGE XMODIFIERS debug3: /usr/local/etc/ssh/sshd_config:23 setting Subsystem sftp /usr/libexec/sftp-server debug3: /usr/local/etc/ssh/sshd_config:24 setting UsePAM yes debug3: /usr/local/etc/ssh/sshd_config:25 setting KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 debug3: kex names ok: [curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256] debug3: /usr/local/etc/ssh/sshd_config:26 setting Ciphers aes256-ctr,aes192-ctr,aes128-ctr debug3: /usr/local/etc/ssh/sshd_config:27 setting MACs hmac-sha1 debug3: /usr/local/etc/ssh/sshd_config:28 setting PermitUserEnvironment no debug1: sshd version OpenSSH_9.0, OpenSSL 1.1.1o-freebsd 3 May 2022 debug1: private host key #0: ssh-rsa SHA256:WiJ+E9LDKhQKaApfAy/rJXGwhiHejNfquaSMsNoz0e0 debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:rPdqvWjXvwdFJ+9vpL0R9D2JauywYfcTeuodrmHZRKE debug1: private host key #2: ssh-ed25519 SHA256:qsH5DlfcvjRaiyO43GHO135fwfsyFTHDji2EIsTp9r4 debug1: rexec_argv[0]='/usr/local/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='222' debug1: res_init() debug1: madvise(): Operation not permitted debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port 222 on ::. Server listening on :: port 222. debug2: fd 5 setting O_NONBLOCK debug1: Bind to port 222 on 0.0.0.0. Server listening on 0.0.0.0 port 222. debug1: fd 6 clearing O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 9 config len 1008 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9 debug3: recv_rexec_state: entering fd = 5 debug3: ssh_msg_recv entering debug3: recv_rexec_state: done debug2: parse_server_config_depth: config rexec len 1008 debug3: rexec:6 setting Port 22 debug3: rexec:7 setting Protocol 2 debug2: rexec line 7: Deprecated option Protocol debug3: rexec:8 setting SyslogFacility AUTHPRIV debug3: rexec:9 setting LoginGraceTime 60 debug3: rexec:10 setting PermitRootLogin no debug3: rexec:11 setting MaxAuthTries 4 debug3: rexec:12 setting PubkeyAuthentication no debug3: rexec:13 setting AuthorizedKeysFile .ssh/authorized_keys debug3: rexec:14 setting AuthorizedKeysCommand /usr/local/bin/sss_ssh_authorizedkeys debug3: rexec:15 setting AuthorizedKeysCommandUser nobody debug3: rexec:16 setting ChallengeResponseAuthentication no debug3: rexec:17 setting PasswordAuthentication no debug3: rexec:18 setting KerberosAuthentication no debug3: rexec:19 setting GSSAPIAuthentication yes debug3: rexec:20 setting GSSAPICleanupCredentials no debug3: rexec:21 setting X11Forwarding no debug3: rexec:22 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION LC_ALL LANGUAGE XMODIFIERS debug3: rexec:23 setting Subsystem sftp /usr/libexec/sftp-server debug3: rexec:24 setting UsePAM yes debug3: rexec:25 setting KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 debug3: kex names ok: [curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256] debug3: rexec:26 setting Ciphers aes256-ctr,aes192-ctr,aes128-ctr debug3: rexec:27 setting MACs hmac-sha1 debug3: rexec:28 setting PermitUserEnvironment no debug1: sshd version OpenSSH_9.0, OpenSSL 1.1.1o-freebsd 3 May 2022 debug1: private host key #0: ssh-rsa SHA256:WiJ+E9LDKhQKaApfAy/rJXGwhiHejNfquaSMsNoz0e0 debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:rPdqvWjXvwdFJ+9vpL0R9D2JauywYfcTeuodrmHZRKE debug1: private host key #2: ssh-ed25519 SHA256:qsH5DlfcvjRaiyO43GHO135fwfsyFTHDji2EIsTp9r4 debug1: res_init() debug1: inetd sockets after dupping: 5, 5 Connection from 192.168.50.14 port 28874 on 192.168.50.14 port 222 debug1: Local version string SSH-2.0-OpenSSH_9.0 FreeBSD-openssh-portable-gssapi-9.0.p1,1 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8 FreeBSD-20211221 debug1: compat_banner: match: OpenSSH_8.8 FreeBSD-20211221 pat OpenSSH* compat 0x04000000 debug2: fd 5 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing capsicum sandbox debug2: Network child is on pid 58800 debug3: preauth child monitor started debug3: privsep user:group 22:22 [preauth] debug1: permanently_set_uid: 22/22 [preauth] debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth] debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug3: send packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug3: receive packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug2: local server KEXINIT proposal [preauth] debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 [preauth] debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug2: ciphers ctos: aes256-ctr,aes192-ctr,aes128-ctr [preauth] debug2: ciphers stoc: aes256-ctr,aes192-ctr,aes128-ctr [preauth] debug2: MACs ctos: hmac-sha1 [preauth] debug2: MACs stoc: hmac-sha1 [preauth] debug2: compression ctos: none,zlib@openssh.com [preauth] debug2: compression stoc: none,zlib@openssh.com [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug2: peer client KEXINIT proposal [preauth] debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c [preauth] debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth] debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth] debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth] debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: compression ctos: none,zlib@openssh.com,zlib [preauth] debug2: compression stoc: none,zlib@openssh.com,zlib [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth] debug1: kex: host key algorithm: ssh-ed25519 [preauth] debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth] debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none [preauth] debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] debug3: receive packet: type 30 [preauth] debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth] debug3: mm_sshkey_sign: entering [preauth] debug3: mm_request_send: entering, type 6 [preauth] debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth] debug3: mm_request_receive_expect: entering, type 7 [preauth] debug3: mm_request_receive: entering [preauth] debug3: mm_request_receive: entering debug3: monitor_read: checking request 6 debug3: mm_answer_sign: entering debug3: mm_answer_sign: ssh-ed25519 KEX signature len=83 debug3: mm_request_send: entering, type 7 debug2: monitor_read: 6 used once, disabling now debug3: send packet: type 31 [preauth] debug3: send packet: type 21 [preauth] debug2: ssh_set_newkeys: mode 1 [preauth] debug1: rekey out after 4294967296 blocks [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: Sending SSH2_MSG_EXT_INFO [preauth] debug3: send packet: type 7 [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug3: receive packet: type 21 [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug2: ssh_set_newkeys: mode 0 [preauth] debug1: rekey in after 4294967296 blocks [preauth] debug1: KEX done [preauth] debug3: receive packet: type 5 [preauth] debug3: send packet: type 6 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user ******** service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug3: mm_getpwnamallow: entering [preauth] debug3: mm_request_send: entering, type 8 [preauth] debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] debug3: mm_request_receive_expect: entering, type 9 [preauth] debug3: mm_request_receive: entering [preauth] debug3: mm_request_receive: entering debug3: monitor_read: checking request 8 debug3: mm_answer_pwnamallow: entering debug2: parse_server_config_depth: config reprocess config len 1008 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send: entering, type 9 debug2: monitor_read: 8 used once, disabling now debug2: input_userauth_request: setting up authctxt for ******** [preauth] debug3: mm_start_pam entering [preauth] debug3: mm_request_send: entering, type 100 [preauth] debug3: mm_inform_authserv: entering [preauth] debug3: mm_request_send: entering, type 4 [preauth] debug2: input_userauth_request: try method none [preauth] debug3: mm_request_receive: entering debug3: monitor_read: checking request 100 debug1: PAM: initializing for "********" debug1: PAM: setting PAM_RHOST to "192.168.50.14" debug2: monitor_read: 100 used once, disabling now debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 3.444ms, delaying 4.614ms (requested 8.058ms) [preauth] debug3: mm_request_receive: entering debug3: monitor_read: checking request 4 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 4 used once, disabling now debug3: userauth_finish: failure partial=0 next methods="gssapi-keyex,gssapi-with-mic" [preauth] debug3: send packet: type 51 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user ******** service ssh-connection method gssapi-with-mic [preauth] debug1: attempt 1 failures 0 [preauth] debug2: input_userauth_request: try method gssapi-with-mic [preauth] debug3: mm_request_send: entering, type 42 [preauth] debug3: mm_request_receive_expect: entering, type 43 [preauth] debug3: mm_request_receive: entering [preauth] debug3: mm_request_receive: entering debug3: monitor_read: checking request 42 debug3: mm_request_send: entering, type 43 debug3: send packet: type 60 [preauth] debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 46.389ms, delaying 18.076ms (requested 8.058ms) [preauth] Postponed gssapi-with-mic for ******** from 192.168.50.14 port 28874 ssh2 [preauth] debug3: receive packet: type 61 [preauth] debug3: mm_request_send: entering, type 44 [preauth] debug3: mm_request_receive_expect: entering, type 45 [preauth] debug3: mm_request_receive: entering [preauth] debug3: mm_request_receive: entering debug3: monitor_read: checking request 44 debug1: Unspecified GSS failure. Minor code may provide more information Request ticket server host/***************@*********** kvno 1 enctype aes256-sha2 found in keytab but cannot decrypt ticket debug1: Got no client credentials debug3: mm_request_send: entering, type 45 debug3: send packet: type 65 [preauth] debug3: userauth_finish: failure partial=0 next methods="gssapi-keyex,gssapi-with-mic" [preauth] debug3: send packet: type 51 [preauth] Connection closed by authenticating user ******** 192.168.50.14 port 28874 [preauth] debug1: do_cleanup [preauth] debug3: PAM: sshpam_thread_cleanup entering [preauth] debug1: monitor_read_log: child log fd closed debug3: mm_request_receive: entering debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering debug1: Killing privsep child 58800 And the client: OpenSSH_8.8p1, OpenSSL 1.1.1o-freebsd 3 May 2022 debug1: Reading configuration data /etc/ssh/ssh_config debug3: kex names ok: [curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1] debug1: /etc/ssh/ssh_config line 28: Applying options for *.*********** debug2: resolve_addr: could not resolve name *************** as address: Name does not resolve debug1: hostname canonicalisation enabled, will re-parse configuration debug1: re-parsing configuration debug1: Reading configuration data /etc/ssh/ssh_config debug3: kex names ok: [curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1] debug1: /etc/ssh/ssh_config line 28: Applying options for *.*********** debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/********/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/********/.ssh/known_hosts2' debug1: Executing proxy command: exec /usr/local/bin/sss_ssh_knownhostsproxy -p 222 *************** debug1: identity file /home/********/.ssh/id_rsa type -1 debug1: identity file /home/********/.ssh/id_rsa-cert type -1 debug1: identity file /home/********/.ssh/id_dsa type -1 debug1: identity file /home/********/.ssh/id_dsa-cert type -1 debug1: identity file /home/********/.ssh/id_ecdsa type -1 debug1: identity file /home/********/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/********/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/********/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/********/.ssh/id_ed25519 type -1 debug1: identity file /home/********/.ssh/id_ed25519-cert type -1 debug1: identity file /home/********/.ssh/id_ed25519_sk type -1 debug1: identity file /home/********/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/********/.ssh/id_xmss type -1 debug1: identity file /home/********/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.8 FreeBSD-20211221 debug1: Remote protocol version 2.0, remote software version OpenSSH_9.0 FreeBSD-openssh-portable-gssapi-9.0.p1,1 debug1: Fssh_compat_banner: match: OpenSSH_9.0 FreeBSD-openssh-portable-gssapi-9.0.p1,1 pat OpenSSH* compat 0x04000000 debug2: fd 7 setting O_NONBLOCK debug2: fd 6 setting O_NONBLOCK debug1: Authenticating to ***************:222 as '********' debug3: put_host_port: [***************]:222 debug1: Fssh_load_hostkeys: fopen /home/********/.ssh/known_hosts2: No such file or directory debug3: order_hostkeyalgs: no algorithms matched; accept original debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: aes256-ctr,aes192-ctr,aes128-ctr debug2: ciphers stoc: aes256-ctr,aes192-ctr,aes128-ctr debug2: MACs ctos: hmac-sha1 debug2: MACs stoc: hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ssh-ed25519 SHA256:qsH5DlfcvjRaiyO43GHO135fwfsyFTHDji2EIsTp9r4 debug3: verify_host_key_dns DNS lookup error: general failure debug3: put_host_port: [***************]:222 debug1: Fssh_load_hostkeys: fopen /home/********/.ssh/known_hosts2: No such file or directory debug1: checking without port identifier debug3: Fssh_record_hostkey: found key type ED25519 in file /home/********/.ssh/known_hosts:3 debug3: Fssh_load_hostkeys_file: loaded 1 keys from *************** debug1: Fssh_load_hostkeys: fopen /home/********/.ssh/known_hosts2: No such file or directory debug1: Host '***************' is known and matches the ED25519 host key. debug1: Found key in /home/********/.ssh/known_hosts:3 debug1: found matching key w/out port debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey out after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey in after 4294967296 blocks debug1: Will attempt key: /home/********/.ssh/id_rsa RSA SHA256:f62xqkxo+DJNCEgqxXTFp6JyduHfzliOxWdWMFwQsIw agent debug1: Will attempt key: /home/********/.ssh/id_rsa debug1: Will attempt key: /home/********/.ssh/id_dsa debug1: Will attempt key: /home/********/.ssh/id_ecdsa debug1: Will attempt key: /home/********/.ssh/id_ecdsa_sk debug1: Will attempt key: /home/********/.ssh/id_ed25519 debug1: Will attempt key: /home/********/.ssh/id_ed25519_sk debug1: Will attempt key: /home/********/.ssh/id_xmss debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: Fssh_kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com> debug1: Fssh_kex_input_ext_info: publickey-hostbound@openssh.com (unrecognised) debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic debug3: preferred gssapi-with-mic,keyboard-interactive,password debug3: authmethod_lookup gssapi-with-mic debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication method: gssapi-with-mic debug3: send packet: type 50 debug2: we sent a gssapi-with-mic packet, wait for reply debug3: receive packet: type 60 debug1: Delegating credentials debug3: send packet: type 61 debug3: receive packet: type 65 debug1: Delegating credentials debug1: Miscellaneous failure (see text) Decrypt integrity check failed debug3: receive packet: type 51 debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic debug2: we did not send a packet, disable method debug1: No more authentication methods to try. ********@***************: Permission denied (gssapi-keyex,gssapi-with-mic). -- You are receiving this mail because: You are the assignee for the bug.