Problem with SSH from OS X to Debian box

Discussion in 'Mac OS X Server, Xserve, and Networking' started by MartynT, Oct 24, 2009.

  1. MartynT macrumors newbie

    Joined:
    Oct 24, 2009
    #1
    Hi,

    I'm posting here because I'm not sure whether this is a Mac problem or not. From my iMac (10.6.1) I can't SSH into my Debian box (Etch 2.6.18 kernel). I know that openssh_server is installed and running on the Debian box as I can get into it with Putty from a Windows machine. This is the verbose log:

    Joes-Domage:~ Martyn$ ssh -v root@192.168.1.35
    OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
    debug1: Reading configuration data /etc/ssh_config
    debug1: Connecting to 192.168.1.35 [192.168.1.35] port 22.
    debug1: Connection established.
    debug1: identity file /Users/Martyn/.ssh/identity type -1
    debug1: identity file /Users/Martyn/.ssh/id_rsa type -1
    debug1: identity file /Users/Martyn/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-9etch3
    debug1: match: OpenSSH_4.3p2 Debian-9etch3 pat OpenSSH_4*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.2
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    The authenticity of host '192.168.1.35 (192.168.1.35)' can't be established.
    RSA key fingerprint is 96:1c:c5:23:85:a5:d8:61:16:53:a9:9d:f3:f0:3e:3a.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.1.35' (RSA) to the list of known hosts.
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    Connection closed by 192.168.1.35

    As you can see during the authentication process a new key was generated and stored. On running the SSH command again I get the same result but with acceptance of a known host:

    Joes-Domage:~ Martyn$ ssh -v root@192.168.1.35
    OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
    debug1: Reading configuration data /etc/ssh_config
    debug1: Connecting to 192.168.1.35 [192.168.1.35] port 22.
    debug1: Connection established.
    debug1: identity file /Users/Martyn/.ssh/identity type -1
    debug1: identity file /Users/Martyn/.ssh/id_rsa type -1
    debug1: identity file /Users/Martyn/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-9etch3
    debug1: match: OpenSSH_4.3p2 Debian-9etch3 pat OpenSSH_4*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.2
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host '192.168.1.35' is known and matches the RSA host key.
    debug1: Found key in /Users/Martyn/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    Connection closed by 192.168.1.35

    If I remove the 192.168.1.35 line from the knownhosts file then I will get the authentication key request again and the same result as at the top.

    The connection is obviously closed by the Debian server but I am not sure if this is due a config problem with Debian or on the Mac. Any ideas gratefully received, I have googled and searched various forums and although I see similar problems I can't resolve it.

    Thanks,

    Martyn
     
  2. NoNameBrand macrumors 6502

    Joined:
    Nov 17, 2005
    Location:
    Halifax, Canada
    #2
    I can SSH from my Mac(s) to Etch boxes (2.6.18 kernel too). My output is the same as yours except instead of the connection closing, I get:

    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /Volumes/Users/jamie/.ssh/identity
    debug1: Trying private key: /Volumes/Users/jamie/.ssh/id_rsa
    debug1: Trying private key: /Volumes/Users/jamie/.ssh/id_dsa
    debug1: Next authentication method: password

    I then put in my password and I'm in.

    I would login from Windows and tail -f the auth log after enabling a higher logging level in /etc/ssh/sshd_config (try 'DEBUG' instead of 'INFO'). Then try logging in from the Mac.
     
  3. savar macrumors 68000

    savar

    Joined:
    Jun 6, 2003
    Location:
    District of Columbia
    #3
    Are you sure that the remote box allows login as root?
     
  4. MartynT thread starter macrumors newbie

    Joined:
    Oct 24, 2009
    #4
    I can log in as root from the windows box, but even with a normal user I get the same result:

    Joes-Domage:~ Martyn$ ssh -v martyn@192.168.1.35
    OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
    debug1: Reading configuration data /etc/ssh_config
    debug1: Connecting to 192.168.1.35 [192.168.1.35] port 22.
    debug1: Connection established.
    debug1: identity file /Users/Martyn/.ssh/identity type -1
    debug1: identity file /Users/Martyn/.ssh/id_rsa type -1
    debug1: identity file /Users/Martyn/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-9etch3
    debug1: match: OpenSSH_4.3p2 Debian-9etch3 pat OpenSSH_4*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.2
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5 none
    debug1: kex: client->server aes128-ctr hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host '192.168.1.35' is known and matches the RSA host key.
    debug1: Found key in /Users/Martyn/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    Connection closed by 192.168.1.35

    I was just looking in the auth.log file and although I see the logins from the Win box there is nothing from the Mac.
     
  5. NoNameBrand macrumors 6502

    Joined:
    Nov 17, 2005
    Location:
    Halifax, Canada
    #5
    1. Etch does by default.

    2. IIRC, when it's forbidden, you will get to the password step (assuming no preshared keys, but you have to get on once to do that), and your login will fail regardless of what you type, same as for any bogus username.
     

Share This Page