LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-11-2005, 09:15 PM   #1
MaestroC
LQ Newbie
 
Registered: Sep 2005
Posts: 12

Rep: Reputation: 0
SSH connection won't authenticate


I am running a Suse distribution and trying to access the server using SSH. The problem that I am having is that it appears I can connect with no problem until it comes to having the server accept my password. My client connects to the server, exchanges the security key, and asks for my username and password. At this point I get locked into a loop of having to retype my password six or seven times before the client gives me the error message:

Failed to connect to ssh://my.site.here:22 Too many authentication failures for username.

I know my username and password are correct. I can do a VNC connection to the machine with no problem. Anyone know what is going on?

Sincerely,
MaestroC
 
Old 10-11-2005, 09:35 PM   #2
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi.

Try doing 'ssh -vv user@my.site.here' That will give you the debug info as you try to log in.

Dave
 
Old 10-13-2005, 04:31 AM   #3
AnRkey
Member
 
Registered: Dec 2004
Location: UK
Distribution: Ubuntu, Fedora and not for long, M$ SuSE
Posts: 59

Rep: Reputation: 15
Question I am also having a problem like above.

I am also having a problem like above. I used the ssh -vv to output this....


<-------------------------------------->
jmitchell@CASLIN01:~> ssh -vv cconnoll@172.16.10.16
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 172.16.10.16 [172.16.10.16] port 22.
debug1: Connection established.
debug1: identity file /home/jmitchell/.ssh/identity type -1
debug1: identity file /home/jmitchell/.ssh/id_rsa type -1
debug1: identity file /home/jmitchell/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 141/256
debug2: bits set: 525/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '172.16.10.16' is known and matches the RSA host key.
debug1: Found key in /home/jmitchell/.ssh/known_hosts:3
debug2: bits set: 492/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/jmitchell/.ssh/identity ((nil))
debug2: key: /home/jmitchell/.ssh/id_rsa ((nil))
debug2: key: /home/jmitchell/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/jmitchell/.ssh/identity
debug1: Trying private key: /home/jmitchell/.ssh/id_rsa
debug1: Trying private key: /home/jmitchell/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password: I entered password here
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password: I entered password here
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password: I entered password here
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
cconnoll@172.16.10.16's password: I entered password here
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
cconnoll@172.16.10.16's password: I entered password here
<-------------------------------------->

Any help would be really cool. I have added this user to the same groupd as my account. My account works but his won't. I am going nuts over this...
 
Old 10-13-2005, 07:17 AM   #4
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 96
Hi.

It looks like the user you're trying to use isn't on the allowed users list. (I just tried to log into my own machine with a username which isn't listed in 'AllowUsers' and it came up with the same messages)

Have a look in sshd_config, and also make sure the user has a valid login shell.

Dave
 
Old 10-13-2005, 08:41 AM   #5
AnRkey
Member
 
Registered: Dec 2004
Location: UK
Distribution: Ubuntu, Fedora and not for long, M$ SuSE
Posts: 59

Rep: Reputation: 15
Thumbs up Thanks

I added the name into the allowedusers and ran this >> to restart SSHD

/etc/init.d/sshd restart

The account and all others work now. I also noticed that root was allowed and removed this as it was not secure.

Thanks a stack!
 
Old 10-16-2005, 04:38 AM   #6
tagulouss
LQ Newbie
 
Registered: Oct 2005
Posts: 2

Rep: Reputation: 0
exchange

i have a similar problem where my exchange server is in another country and i use RPC with https to connect to the server. i have a linux firewall and proxy server running and when i enable the proxy services in outlook ussing https and open outlook the authentication wont work, it just loops, i have ssl and http allowed through the firewall.
i can on the other hand use OWA running https through a browser.

anyone know what i need to do?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FC4 Slow to authenticate with SSH dashnaam Fedora 6 02-21-2006 10:31 PM
Cannot Authenticate Via SSH Sivel Linux - Software 10 07-03-2005 11:13 AM
ssh fails to authenticate some users cochoa Linux - Software 1 12-10-2004 08:43 AM
ssh connection jeasimkev Linux - Newbie 2 12-10-2003 10:06 PM
Setting up SSH to accept authenticate hosts without passwords jphaynes Slackware 4 05-05-2002 12:33 PM


All times are GMT -5. The time now is 08:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration