LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 03-13-2009, 06:23 PM   #1
rogee
LQ Newbie
 
Registered: Feb 2006
Posts: 19

Rep: Reputation: 0
No further authentication methods available


Hi ,

I seem to have run into a problem upon logging into my remote server i get the following error :

No further authentication methods available

This only started happening when i upgraded to debian etch and im not really sure why ,i cant change anything in the sshd because im locked out oops.When i use trace options i got the folliwng info :

Code:
SecureCRT - Version 6.1.4 (build 489)
[LOCAL] : SSH2Core version 6.1.0.489 
[LOCAL] : Connecting to 88.xxx.xxx.xx:296xx ... 
[LOCAL] : Changing state from STATE_NOT_CONNECTED to STATE_EXPECT_KEX_INIT 
[LOCAL] : Using protocol SSH2 
[LOCAL] : RECV : Remote Identifier = "SSH-2.0-OpenSSH_4.3p2 Debian-9etch3" 
[LOCAL] : CAP  : Remote can re-key 
[LOCAL] : CAP  : Remote sends language in password change requests 
[LOCAL] : CAP  : Remote sends algorithm name in PK_OK packets 
[LOCAL] : CAP  : Remote sends algorithm name in public key packets 
[LOCAL] : CAP  : Remote sends algorithm name in signatures 
[LOCAL] : CAP  : Remote sends error text in open failure packets 
[LOCAL] : CAP  : Remote sends name in service accept packets 
[LOCAL] : CAP  : Remote includes port number in x11 open packets 
[LOCAL] : CAP  : Remote uses 160 bit keys for SHA1 MAC 
[LOCAL] : CAP  : Remote supports new diffie-hellman group exchange messages 
[LOCAL] : CAP  : Remote correctly handles unknown SFTP extensions 
[LOCAL] : CAP  : Remote correctly encodes OID for gssapi 
[LOCAL] : CAP  : Remote correctly uses connected addresses in forwarded-tcpip requests 
[LOCAL] : CAP  : Remote can do SFTP version 4 
[LOCAL] : CAP  : Remote x.509v3 uses ASN.1 encoding for DSA signatures 
[LOCAL] : GSS  : Requesting full delegation 
[LOCAL] : GSS : [Kerberos] SPN : host@88.198.53.84 
[LOCAL] : GSS : [Kerberos] Disabling gss mechanism 
[LOCAL] : GSS : [Kerberos] InitializeSecurityContext() failed. 
[LOCAL] : GSS : [Kerberos] The specified target is unknown or unreachable  
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==  
[LOCAL] : GSS  : Requesting full delegation 
[LOCAL] : GSS : [Kerberos w/ Group Exchange] SPN : host@88.198.53.84 
[LOCAL] : GSS : [Kerberos w/ Group Exchange] Disabling gss mechanism 
[LOCAL] : GSS : [Kerberos w/ Group Exchange] InitializeSecurityContext() failed. 
[LOCAL] : GSS : [Kerberos w/ Group Exchange] The specified target is unknown or unreachable  
[LOCAL] : The following key exchange method has been filtered from the key exchange method list because it is not supported: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==  
[LOCAL] : SEND : KEXINIT 
[LOCAL] : RECV : Read kexinit 
[LOCAL] : Available Remote Kex Methods = diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
[LOCAL] : Selected Kex Method = diffie-hellman-group-exchange-sha1 
[LOCAL] : Available Remote Host Key Algos = ssh-rsa,ssh-dss 
[LOCAL] : Selected Host Key Algo = ssh-dss 
[LOCAL] : Available Remote Send Ciphers = aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr 
[LOCAL] : Selected Send Cipher = aes256-ctr 
[LOCAL] : Available Remote Recv Ciphers = aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr 
[LOCAL] : Selected Recv Cipher = aes256-ctr 
[LOCAL] : Available Remote Send Macs = hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
[LOCAL] : Selected Send Mac = hmac-sha1 
[LOCAL] : Available Remote Recv Macs = hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
[LOCAL] : Selected Recv Mac = hmac-sha1 
[LOCAL] : Available Remote Compressors = none,zlib@openssh.com 
[LOCAL] : Selected Compressor = none 
[LOCAL] : Available Remote Decompressors = none,zlib@openssh.com 
[LOCAL] : Selected Decompressor = none 
[LOCAL] : Changing state from STATE_EXPECT_KEX_INIT to STATE_KEY_EXCHANGE 
[LOCAL] : SEND : KEXDH_GEX_REQUEST 
[LOCAL] : RECV : KEXDH_GEX_GROUP 
[LOCAL] : SEND : KEXDH_INIT 
[LOCAL] : RECV : KEXDH_REPLY 
[LOCAL] : SEND : NEWKEYS 
[LOCAL] : Changing state from STATE_KEY_EXCHANGE to STATE_EXPECT_NEWKEYS 
[LOCAL] : RECV : NEWKEYS 
[LOCAL] : Changing state from STATE_EXPECT_NEWKEYS to STATE_CONNECTION 
[LOCAL] : SEND: SERVICE_REQUEST[ssh-userauth] 
[LOCAL] : RECV: SERVICE_ACCEPT[ssh-userauth] -- OK 
[LOCAL] : SENT : USERAUTH_REQUEST [none] 
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey] 
[LOCAL] : SEND: Disconnect packet: Unable to authenticate using any of the configured authentication methods.  
[LOCAL] : Changing state from STATE_CONNECTION to STATE_SEND_DISCONNECT 
[LOCAL] : Changing state from STATE_SEND_DISCONNECT to STATE_CLOSED 
[LOCAL] : Connected for 2 seconds, 1171 bytes sent, 1908 bytes received

Please help im fairly new to this and learning all the time but this is beyond me.
 
Old 03-13-2009, 07:04 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
It sounds like you've disabled password authentication? Post your sshd_config.

What SSH program is that? Can you use another, like PuTTY?
 
Old 03-13-2009, 07:17 PM   #3
rogee
LQ Newbie
 
Registered: Feb 2006
Posts: 19

Original Poster
Rep: Reputation: 0
Damn , not sure how i have done that the following is the sshd_config

Code:
# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 29672
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 600
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile	%h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication no


# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding no
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

Subsystem	sftp	/usr/lib/sftp-server

UsePAM yes
Iam using secure crt but i have also tried putty and winSCP with the same error.thanks for the fast reply.
 
Old 03-13-2009, 09:46 PM   #4
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
Code:
# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication no
Ok, so did you disable password authentication (leaving only ssh key authentication) on purpose? If no, change that "no" to "yes".
 
Old 03-14-2009, 06:17 AM   #5
rogee
LQ Newbie
 
Registered: Feb 2006
Posts: 19

Original Poster
Rep: Reputation: 0
Sorry , Yeh i must have changed it when i did the first server setup.Problem is i cant login to change the "PasswordAuthentication"
many thanks .
 
Old 03-14-2009, 08:23 AM   #6
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
You're out of luck unless you have another way to get in.
 
Old 03-14-2009, 01:13 PM   #7
rogee
LQ Newbie
 
Registered: Feb 2006
Posts: 19

Original Poster
Rep: Reputation: 0
damn , nope no other way in , well thanks very much for repling really aprreicate it.
 
Old 03-14-2009, 02:00 PM   #8
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Where did you upgrade, on the local client or the remote server. If you upgraded on your client, and use pubkey authentication, you may have changed or deleted the private/public key pair on the client side. If you restore your old ~/.ssh/ directory from backup, you may be able to log into the server again.

What is OpenCRT? Is that a rebranding of OpenSSH? I haven't heard of it before, so I can't guarantee that opencrt uses the ~/.ssh/ directory to hold the keys.

Another thing that could cause a problem is if you were using the version of openssh, on either end that created weak keys. After an upgrade, there may be a black list of the bad keys. If the keys you are using were created with the debian's bad port of openssh, your public key may be black listed.

I'm also not certain whether you are posting the sshd_config on your client or a copy you have from the server. Sshd is what runs on the server. Ssh_config is what is used on the client side. I think that the config file you posted is for the ssh server you run on your client side, so it doesn't say anything about your current problem.

Also, did you change your username on the client. The user_auth failure line tends to indicate that the username may be different.

Could you try logging in with ssh instead of opencrt, because the login log looks different than I am used to. Using "ssh -vv user@host" may produce more familiar results.

Also look at your ssh_config file (if opencrt uses it). That is where the default client configuration is defined.

Last edited by jschiwal; 03-14-2009 at 02:16 PM.
 
Old 03-15-2009, 08:48 AM   #9
rogee
LQ Newbie
 
Registered: Feb 2006
Posts: 19

Original Poster
Rep: Reputation: 0
Hi ,

Thanks for helping i updated via the apt upgrade i think it was and its a remote server based in germany.To login i would normaly just use root and password and port and i could login fine before i upgraded it was sarge before.To login im using secure crt by van dyke , but i have tried putty with the same error The sshd config i posted was from the server which i saved when i first did the sshd config and thats really all i have. Please excuse my noobness since im not that good with debian servers.thanks again for the reply.
 
Old 03-15-2009, 01:12 PM   #10
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
If the update replaced your old /etc/ssh/sshd_config on the server, It might use PAM password authentication now. Try logging in as root and your regular user name.

Allowing root logins is a bad idea. It is one that is guessed. Suppose you lost your laptop at the airport. If your private key weren't protected with a passphrase, the thief could log into the server and have instant root access.

However, if you can log in using username/password authentication, keep the first ssh session, and open another shell and start a new one. That way, if changes you make fail, you can use the first open session to undo your changes.

If neither pubkey or username/password authentication works, I think you need to place a service call. Someone will need physical access to make changes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how many types of authentication methods are there in linux? vijith2k2 Linux - Security 1 11-27-2008 07:34 PM
SSHD: No further authentication methods. URGENT ciaoci Linux - Security 4 10-08-2005 11:31 AM
ssh - No supported authentication methods rajah9 Linux - Networking 4 08-19-2005 01:59 PM
Samba Authentication Methods garullon245136 Linux - Newbie 2 08-07-2005 01:20 PM
Samba Authentication Methods garullon245136 Linux - Networking 2 07-12-2005 06:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 05:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration