Hello,

I am using OpenSSH_3.5p1, SSH protocols 1.5/2.0,
OpenSSL 0x0090701f on a Linux Red Hat 9.0 server.

here is a debug output of a failed connection:

[root@SrvRedHat downloads]# ssh -vvv
testuser@localhost
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL
0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating
port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software
version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 151/256
debug1: bits set: 1626/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename
/root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'localhost' is known and matches the RSA
host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: bits set: 1606/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug3: start over, passed a different list
publickey,password,keyboard-interactive
debug3: preferred
publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred:
keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug2: userauth_pubkey_agent: no keys at all
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: try privkey: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: try privkey: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa
debug1: try privkey: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: next auth method to try is
keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait
for reply
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
testuser@localhost's password:
debug3: packet_send2: adding 64 (len 53 padlen 11
extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: authentications that can continue:
publickey,password,keyboard-interactive
Permission denied, please try again.

Here is a smaple of my /var/log/messages file
content:

Mar 18 18:44:17 RedHat sshd(pam_unix)[1880]: check
pass; user unknown
Mar 18 18:44:17 RedHat sshd[1880]: pam_ldap: error
trying to bind (Server is unwilling to perform)
Mar 18 18:44:19 RedHat sshd(pam_unix)[1880]: 2 more
authentication failures; logname= uid=0 euid=0
tty=NODEVssh ruser= rhost=redhat

Would you please have any idea?

> >>>>> -------------------- >>>>>

>
> Please tell the list which version of SSH and OS you
> are running. Also,
> provide a debug output of a failed connection (ssh
> -vvv ...) if you're
> using OpenSSH.
>
>
> <<<<< -------------------- <<<<<
> > Date: Fri, 18 Mar 2005 19:29:49 +0100 (CET)

> De: fatima riadi
> Objet: ssh connection to ldap server
> À: secureshell@securityfocus.com
>
> Hello there,
>
> I configured an OpenLDAP server with a Samba pdc.
> I created a system account in the ldap directory
> that
> I named testuser.
> When I entrer the testuser password to connect to my
> ldap server using ssh (ssh
> testuser@LDAP_server_IP_address) I get a permission
> denied message.
> I added the following entry to my /etc/hosts.allow
> file:
> ssh : ALL : ALLOW
> but the problem stil exists!
>
> Please, do you have any idea that may help me.
>
> Thank you in advance.
>
>
>
>
>
>
> Découvrez nos promotions exclusives "destination de
> la Tunisie, du Maroc, des Baléares et la Rép.
> Dominicaine sur Yahoo! Voyages :
> http://fr.travel.yahoo.com/promotions/mar14.html
>







Découvrez nos promotions exclusives "destination de la Tunisie, du Maroc, des Baléares et la Rép. Dominicaine sur Yahoo! Voyages :
http://fr.travel.yahoo.com/promotions/mar14.html