LinuxQuestions.org - ssh logins not allowed

Hey,

This has been giving me headaches... I've tried configuring the sshd_config in many different ways and i still get the same error. I even copied my id_dsa.pub key to the remote computer (a friend's, with whom I'm trying to set this up) and I get the same error. It worked yesterday and gave the debug1: Authentications that can continue: password,keyboard-interactive and i did what it said on the tutorial http://www.linuxquestions.org/questi...ticle&artid=79 . Now the error is debug1: Authentications that can continue: keyboard-interactive.

Take a look

Code:

[alex@localhost .ssh]$ ssh -vv alex@blabla

OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090703f

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Rhosts Authentication disabled, originating port will not be trusted.

debug2: ssh_connect: needpriv 0

debug1: Connecting to blabla [blabla] port 22.

debug1: Connection established.

debug1: identity file /home/alex/.ssh/identity type -1

debug1: identity file /home/alex/.ssh/id_rsa type -1

debug2: key_type_from_name: unknown key type '-----BEGIN'

debug2: key_type_from_name: unknown key type '-----END'

debug1: identity file /home/alex/.ssh/id_dsa type 2

debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1

debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_init: found hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5 none

debug2: mac_init: found hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 137/256

debug2: bits set: 1055/2048

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'blabla' is known and matches the DSA host key.

debug1: Found key in /home/alex/.ssh/known_hosts:2

debug2: bits set: 1036/2048

debug1: ssh_dss_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug1: Authentications that can continue: keyboard-interactive

debug2: we did not send a packet, disable method

debug1: No more authentication methods to try.

Permission denied (keyboard-interactive).

debug1: Calling cleanup 0x80628b0(0x0)

[alex@localhost .ssh]$

I know the key authentication is correct because it says so above, but i have no idea what the hell this keyboard-interactive is. Is there an option (what is it) that can disable that annoying thing? His port 22 is open and sshd is indeed running.

This is his sshd_config file:

Code:

[alex@localhost gentoo]$ cat sshd_config

#      $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $



# This is the sshd server system-wide configuration file.  See

# sshd_config(5) for more information.



# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin



# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options change a

# default value.



Port 22

Protocol 2

#ListenAddress 0.0.0.0

#ListenAddress ::



# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

#KbdInteractiveAuthentication yes



# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h

ServerKeyBits 2048



# Logging

#obsoletes QuietMode and FascistLogging

SyslogFacility AUTH

LogLevel INFO



# Authentication:



LoginGraceTime 60

PermitRootLogin yes

#StrictModes yes



RSAAuthentication no

PubkeyAuthentication no

#AuthorizedKeysFile    .ssh/authorized_keys



# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes



# To disable tunneled clear text passwords, change to no here!

PasswordAuthentication yes

PermitEmptyPasswords no



# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes



# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no



# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes



# Set this to 'yes' to enable PAM authentication (via challenge-response)

# and session processing. Depending on your PAM configuration, this may

# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords'

UsePAM no



#AllowTcpForwarding yes

#GatewayPorts no

X11Forwarding yes

#X11DisplayOffset 10

#X11UseLocalhost yes

#PrintMotd yes

#PrintLastLog yes

TCPKeepAlive yes

#UseLogin no

#UsePrivilegeSeparation yes

#PermitUserEnvironment no

Compression yes

ClientAliveInterval 0

#ClientAliveCountMax 3

#UseDNS yes

#PidFile /var/run/sshd.pid

#MaxStartups 10



# no default banner path

#Banner /some/path



# override default of no subsystems

Subsystem      sftp    /usr/lib/misc/sftp-server



AllowUsers alex,aniket

PAMAuthenticationViaKbdInt no

KeepAlive yes

He is running Gentoo Linux 2004.3, kernel 2.6.9.

Thanks; any help welcome.