PAY offered - sshd won't allow client from same domain

Garrett Cooper youshi10 at u.washington.edu
Sat Sep 16 06:51:41 PDT 2006 

On Sep 16, 2006, at 6:05 PM, ke han wrote:

>
> On Sep 16, 2006, at 4:50 PM, Garrett Cooper wrote:
>
>> ssh -vv server1.domain.com
>
> form OS X:  (real domain name edited to domain.com)
>
> > ssh -vv server1.domain.com
> OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005
> debug1: Reading configuration data /etc/ssh_config
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to server1.domain.com [209.216.230.199] port 22.
> debug1: Connection established.
> debug1: identity file /Users/jhancock/.ssh/identity type -1
> debug1: identity file /Users/jhancock/.ssh/id_rsa type -1
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug2: key_type_from_name: unknown key type 'Proc-Type:'
> debug2: key_type_from_name: unknown key type 'DEK-Info:'
> debug2: key_type_from_name: unknown key type '-----END'
> debug1: identity file /Users/jhancock/.ssh/id_dsa type 2
> debug1: Remote protocol version 2.0, remote software version  
> OpenSSH_4.2p1 FreeBSD-20050903
> debug1: match: OpenSSH_4.2p1 FreeBSD-20050903 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.2
> debug2: fd 3 setting O_NONBLOCK
> debug1: Miscellaneous failure
> No credentials cache found
>
> debug1: Miscellaneous failure
> No credentials cache found
>
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange- 
> sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- 
> cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- 
> cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- 
> cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- 
> cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- 
> ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- 
> ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange- 
> sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-dss
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- 
> cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- 
> cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- 
> cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- 
> cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- 
> ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- 
> ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com
> debug2: kex_parse_kexinit: none,zlib at openssh.com
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug2: dh_gen_key: priv key bits set: 132/256
> debug2: bits set: 523/1024
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'server1.domain.com' is known and matches the DSA host  
> key.
> debug1: Found key in /Users/jhancock/.ssh/known_hosts:2
> debug2: bits set: 527/1024
> debug1: ssh_dss_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> Read from socket failed: Connection reset by peer

Your problem appears to be in how your user is being authenticated  
and not your DNS setup, I think. Example:

shiina:~ gcooper$ uname -a
Darwin shiina.local 8.7.0 Darwin Kernel Version 8.7.0: Fri May 26  
15:20:53 PDT 2006; root:xnu-792.6.76.obj~1/RELEASE_PPC Power  
Macintosh powerpc
shiina:~ gcooper$ ssh -vv tebo.cs.washington.edu
OpenSSH_4.2p1, OpenSSL 0.9.7i 14 Oct 2005
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to tebo.cs.washington.edu [128.208.6.74] port 22.
debug1: Connection established.
debug1: identity file /Users/gcooper/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/gcooper/.ssh/id_rsa type 1
debug1: identity file /Users/gcooper/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug2: fd 3 setting O_NONBLOCK
debug1: Miscellaneous failure
No credentials cache found

debug1: Miscellaneous failure
No credentials cache found

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie- 
hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- 
cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- 
cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- 
cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- 
cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- 
ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- 
ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie- 
hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- 
cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- 
cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- 
cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael- 
cbc at lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- 
ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- 
ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib at openssh.com
debug2: kex_parse_kexinit: none,zlib at openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 512/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'tebo.cs.washington.edu' is known and matches the RSA  
host key.
debug1: Found key in /Users/gcooper/.ssh/known_hosts:43
debug2: bits set: 504/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth

The only thing I can tell that's different is that I'm trying to  
connect to a Linux host with an RSA host key, where you're trying to  
connect to a FreeBSD host with a DSA key. Have you tried deleting or  
renaming your DSA/RSA public key and then try connecting to the  
FreeBSD host again?
-Garrett

More information about the freebsd-questions mailing list