DebianThis forum is for the discussion of Debian Linux.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I seem to have run into a problem upon logging into my remote server i get the following error :
No further authentication methods available
This only started happening when i upgraded to debian etch and im not really sure why ,i cant change anything in the sshd because im locked out oops.When i use trace options i got the folliwng info :
SecureCRT - Version 6.1.4 (build 489)
[LOCAL] : SSH2Core version 188.8.131.529
[LOCAL] : Connecting to 88.xxx.xxx.xx:296xx ...
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT
[LOCAL] : Using protocol SSH2
[LOCAL] : RECV : Remote Identifier = "SSH-2.0-OpenSSH_4.3p2 Debian-9etch3"
[LOCAL] : CAP : Remote can re-key
[LOCAL] : CAP : Remote sends language in password change requests
[LOCAL] : CAP : Remote sends algorithm name in PK_OK packets
[LOCAL] : CAP : Remote sends algorithm name in public key packets
[LOCAL] : CAP : Remote sends algorithm name in signatures
[LOCAL] : CAP : Remote sends error text in open failure packets
[LOCAL] : CAP : Remote sends name in service accept packets
[LOCAL] : CAP : Remote includes port number in x11 open packets
[LOCAL] : CAP : Remote uses 160 bit keys for SHA1 MAC
[LOCAL] : CAP : Remote supports new diffie-hellman group exchange messages
[LOCAL] : CAP : Remote correctly handles unknown SFTP extensions
[LOCAL] : CAP : Remote correctly encodes OID for gssapi
[LOCAL] : CAP : Remote correctly uses connected addresses in forwarded-tcpip requests
[LOCAL] : CAP : Remote can do SFTP version 4
[LOCAL] : CAP : Remote x.509v3 uses ASN.1 encoding for DSA signatures
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos] SPN : email@example.com
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism
[LOCAL] : GSS : [Kerberos] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos] The specified target is unknown or unreachable
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : GSS : Requesting full delegation
[LOCAL] : GSS : [Kerberos w/ Group Exchange] SPN : firstname.lastname@example.org
[LOCAL] : GSS : [Kerberos w/ Group Exchange] Disabling gss mechanism
[LOCAL] : GSS : [Kerberos w/ Group Exchange] InitializeSecurityContext() failed.
[LOCAL] : GSS : [Kerberos w/ Group Exchange] The specified target is unknown or unreachable
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==
[LOCAL] : SEND : KEXINIT
[LOCAL] : RECV : Read kexinit
[LOCAL] : Available Remote Kex Methods = diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
[LOCAL] : Selected Kex Method = diffie-hellman-group-exchange-sha1
[LOCAL] : Available Remote Host Key Algos = ssh-rsa,ssh-dss
[LOCAL] : Selected Host Key Algo = ssh-dss
[LOCAL] : Available Remote Send Ciphers = aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,email@example.com,aes128-ctr,aes192-ctr,aes256-ctr
[LOCAL] : Selected Send Cipher = aes256-ctr
[LOCAL] : Available Remote Recv Ciphers = aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,firstname.lastname@example.org,aes128-ctr,aes192-ctr,aes256-ctr
[LOCAL] : Selected Recv Cipher = aes256-ctr
[LOCAL] : Available Remote Send Macs = hmac-md5,hmac-sha1,hmac-ripemd160,email@example.com,hmac-sha1-96,hmac-md5-96
[LOCAL] : Selected Send Mac = hmac-sha1
[LOCAL] : Available Remote Recv Macs = hmac-md5,hmac-sha1,hmac-ripemd160,firstname.lastname@example.org,hmac-sha1-96,hmac-md5-96
[LOCAL] : Selected Recv Mac = hmac-sha1
[LOCAL] : Available Remote Compressors = none,email@example.com
[LOCAL] : Selected Compressor = none
[LOCAL] : Available Remote Decompressors = none,firstname.lastname@example.org
[LOCAL] : Selected Decompressor = none
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE
[LOCAL] : SEND : KEXDH_GEX_REQUEST
[LOCAL] : RECV : KEXDH_GEX_GROUP
[LOCAL] : SEND : KEXDH_INIT
[LOCAL] : RECV : KEXDH_REPLY
[LOCAL] : SEND : NEWKEYS
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_EXPECT_NEWKEYS
[LOCAL] : RECV : NEWKEYS
[LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth]
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK
[LOCAL] : SENT : USERAUTH_REQUEST [none]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey]
[LOCAL] : SEND: Disconnect packet: Unable to authenticate using any of the configured authentication methods.
[LOCAL] : Changing state from STATE_CONNECTION to STATE_SEND_DISCONNECT
[LOCAL] : Changing state from STATE_SEND_DISCONNECT to STATE_CLOSED
[LOCAL] : Connected for 2 seconds, 1171 bytes sent, 1908 bytes received
Please help im fairly new to this and learning all the time but this is beyond me.
Damn , not sure how i have done that the following is the sshd_config
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
# Use these options to restrict which interfaces/protocols sshd will bind to
# HostKeys for protocol version 2
#Privilege Separation is turned on for security
# Lifetime and size of ephemeral version 1 server key
# Don't read the user's ~/.rhosts and ~/.shosts files
# For this to work you will also need host keys in /etc/ssh_known_hosts
# similar for protocol version 2
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
# To enable empty passwords, change to yes (NOT RECOMMENDED)
# Change to no to disable s/key passwords
# Change to yes to enable tunnelled clear text passwords
# To change Kerberos options
# Kerberos TGT Passing does only work with the AFS kaserver
Subsystem sftp /usr/lib/sftp-server
Iam using secure crt but i have also tried putty and winSCP with the same error.thanks for the fast reply.
Where did you upgrade, on the local client or the remote server. If you upgraded on your client, and use pubkey authentication, you may have changed or deleted the private/public key pair on the client side. If you restore your old ~/.ssh/ directory from backup, you may be able to log into the server again.
What is OpenCRT? Is that a rebranding of OpenSSH? I haven't heard of it before, so I can't guarantee that opencrt uses the ~/.ssh/ directory to hold the keys.
Another thing that could cause a problem is if you were using the version of openssh, on either end that created weak keys. After an upgrade, there may be a black list of the bad keys. If the keys you are using were created with the debian's bad port of openssh, your public key may be black listed.
I'm also not certain whether you are posting the sshd_config on your client or a copy you have from the server. Sshd is what runs on the server. Ssh_config is what is used on the client side. I think that the config file you posted is for the ssh server you run on your client side, so it doesn't say anything about your current problem.
Also, did you change your username on the client. The user_auth failure line tends to indicate that the username may be different.
Could you try logging in with ssh instead of opencrt, because the login log looks different than I am used to. Using "ssh -vv user@host" may produce more familiar results.
Also look at your ssh_config file (if opencrt uses it). That is where the default client configuration is defined.
Thanks for helping i updated via the apt upgrade i think it was and its a remote server based in germany.To login i would normaly just use root and password and port and i could login fine before i upgraded it was sarge before.To login im using secure crt by van dyke , but i have tried putty with the same error The sshd config i posted was from the server which i saved when i first did the sshd config and thats really all i have. Please excuse my noobness since im not that good with debian servers.thanks again for the reply.
If the update replaced your old /etc/ssh/sshd_config on the server, It might use PAM password authentication now. Try logging in as root and your regular user name.
Allowing root logins is a bad idea. It is one that is guessed. Suppose you lost your laptop at the airport. If your private key weren't protected with a passphrase, the thief could log into the server and have instant root access.
However, if you can log in using username/password authentication, keep the first ssh session, and open another shell and start a new one. That way, if changes you make fail, you can use the first open session to undo your changes.
If neither pubkey or username/password authentication works, I think you need to place a service call. Someone will need physical access to make changes.