SSH problem
am 16.02.2005 15:52:21 von garcia_pan
Hi all
I have a machine with RHEL 3 WS. This machine has two network interface=
s,
each one in a different network, one for office work and another for
development work.
Since I don't want to enable access between both network but in special
cases, this machine is providing ssh service, and I am planning to use =
it
as "jump machine": An user access to the Jump Machine using ssh and the=
n in
the shell the users must connect using ssh to the development machine. =
More
clearly:
A is the office machine
B is the development machine
C is the jump machine
U is the user (defined in both B and C)
The schema:
A -> (ssh) -> C -> (ssh) -> B
Well:
If U is root all is going fine.
If U is for instance "pedro" (My test user), the connection between A a=
nd C
is correct, but I am not able to connect to B.
If I connect form C to B (accessing directly to A console) this behavio=
ur
is also observed.
I copied the known_hosts under "/root/.ssh" to "/home/pedro/.ssh", and
chowned this file to user "pedro" group "pedro" (As defined in
/etc/passwd).
I didn't generated enither DSA nor RSA keys because I want a password
connection for each user
When trying to connect from C to B I get an:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey)
At the end of this mail please see the -vvv trace for this connection t=
ry,
but... any idea?
Thanks you in advance,
Pedro.
[pedro@C]$ ssh pedro@B -vvv
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to B [B] port 22.
debug1: Connection established.
debug1: identity file /home/pedro/.ssh/identity type -1
debug1: identity file /home/pedro/.ssh/id_rsa type -1
debug1: identity file /home/pedro/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version 3.0.1 SSH
Secure Shell
debug1: match: 3.0.1 SSH Secure Shell pat 3.0.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha 1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192- cbc,aes256-=
cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192- cbc,aes256-=
cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com ,hmac-sha1-=
96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com ,hmac-sha1-=
96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,twofish128-cbc,twofish-cbc, arcfour,cas=
t128-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,twofish128-cbc,twofish-cbc, arcfour,cas=
t128-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,=
none
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,=
none
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: dh_gen_key: priv key bits set: 121/256
debug2: bits set: 505/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug3: check_host_in_hostfile: filename /home/pedro/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'B' is known and matches the DSA host key.
debug1: Found key in /home/pedro/.ssh/known_hosts:1
debug2: bits set: 499/1024
debug1: ssh_dss_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/pedro/.ssh/identity
debug3: no such identity: /home/pedro/.ssh/identity
debug1: Trying private key: /home/pedro/.ssh/id_rsa
debug3: no such identity: /home/pedro/.ssh/id_rsa
debug1: Trying private key: /home/pedro/.ssh/id_dsa
debug3: no such identity: /home/pedro/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug1: No more authentication methods to try.
Permission denied (publickey).
debug1: Calling cleanup 0x8062c30(0x0)
--
Este mensaje puede contener informaci=F3n confidencial y/o privilegiada=
Si Vd. no es el destinatario de este mensaje o ha recibido este mensaje
por error, por favor, informe inmediatamente al emisor y destruya este
mensaje. Est=E1 estrictamente prohibido por la legislaci=F3n vigente
realizar sin autorizaci=F3n cualquier copia, revelaci=F3n o distribuci=F3=
n de
este mensaje. Las opiniones expresadas en este correo son las de su
autor y Telef=F3nica M=F3viles Espa=F1a, S.A. no se responsabiliza de s=
u
contenido.
This e-mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this e-mail
in error), please notify the sender immediately and destroy this
e-mail. Any unauthorised copying, disclosure or distribution of the
material in this e-mail is strictly forbidden by current legislation.
The points of view expressed in this e-mail are solely those of the
author and may not necessarily be from, or supported by, the company.
Telefonica Moviles S.A. neither assumes obligations nor accepts
liability for the content of this e-mail, unless that information is
subsequently confirmed by writing by a duly authorised representative.
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: SSH problem
am 19.02.2005 17:53:35 von Jamie Border
Pedro
You could consider an alternative:
Machine 'C' forwards SSH traffic from 'A' to 'B' (and 'B' to 'A' ? You
didn't say)
This could be accomplished using iptables. Should you need advice on
exact configuration, mail me off-list and I will help.
This would mean:
1) You do not have the 'SSH-in-SSH' situation, as you currently do
2) You have the same (or better) security. Better because a
port-forward-only box with no access other than physical will always
be more secure than a box with open services.
3) If you want to give a user access to a machine, you have to
explicitly give him/her an account on it. This gives better auditing
(but may not be what you want)
4) Your users will be less confused
IPTables assistance:
1) http://iptables-tutorial.frozentux.net/iptables-tutorial.htm l
2) google for 'iptables nat'
Have fun!
Jamie
On Wed, 16 Feb 2005 15:52:21 +0100, garcia_pan@tsm.es
s> wrote:
> Hi all
>=20
> I have a machine with RHEL 3 WS. This machine has two network interfa=
ces,
> each one in a different network, one for office work and another for
> development work.
>=20
> Since I don't want to enable access between both network but in speci=
al
> cases, this machine is providing ssh service, and I am planning to us=
e it
> as "jump machine": An user access to the Jump Machine using ssh and t=
hen in
> the shell the users must connect using ssh to the development machine=
More
> clearly:
>=20
> A is the office machine
> B is the development machine
> C is the jump machine
>=20
> U is the user (defined in both B and C)
>=20
> The schema:
>=20
> A -> (ssh) -> C -> (ssh) -> B
>=20
> Well:
> If U is root all is going fine.
> If U is for instance "pedro" (My test user), the connection between A=
and C
> is correct, but I am not able to connect to B.
> If I connect form C to B (accessing directly to A console) this behav=
iour
> is also observed.
>=20
> I copied the known_hosts under "/root/.ssh" to "/home/pedro/.ssh", an=
d
> chowned this file to user "pedro" group "pedro" (As defined in
> /etc/passwd).
>=20
> I didn't generated enither DSA nor RSA keys because I want a password
> connection for each user
>=20
> When trying to connect from C to B I get an:
>=20
> Permission denied, please try again.
> Permission denied, please try again.
> Permission denied (publickey)
>=20
> At the end of this mail please see the -vvv trace for this connection=
try,
> but... any idea?
>=20
> Thanks you in advance,
> Pedro.
>=20
> [pedro@C]$ ssh pedro@B -vvv
> OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to B [B] port 22.
> debug1: Connection established.
> debug1: identity file /home/pedro/.ssh/identity type -1
> debug1: identity file /home/pedro/.ssh/id_rsa type -1
> debug1: identity file /home/pedro/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version 3.0.1 SS=
H
> Secure Shell
> debug1: match: 3.0.1 SSH Secure Shell pat 3.0.*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha 1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192- cbc,aes25=
6-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192- cbc,aes25=
6-cbc,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com ,hmac-sha=
1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com ,hmac-sha=
1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,twofish128-cbc,twofish-cbc, arcfour,c=
ast128-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-c bc
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,twofish128-cbc,twofish-cbc, arcfour,c=
ast128-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-c bc
> debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-9=
6,none
> debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-9=
6,none
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug2: dh_gen_key: priv key bits set: 121/256
> debug2: bits set: 505/1024
> debug1: sending SSH2_MSG_KEXDH_INIT
> debug1: expecting SSH2_MSG_KEXDH_REPLY
> debug3: check_host_in_hostfile: filename /home/pedro/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 1
> debug1: Host 'B' is known and matches the DSA host key.
> debug1: Found key in /home/pedro/.ssh/known_hosts:1
> debug2: bits set: 499/1024
> debug1: ssh_dss_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug3: start over, passed a different list publickey,password
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/pedro/.ssh/identity
> debug3: no such identity: /home/pedro/.ssh/identity
> debug1: Trying private key: /home/pedro/.ssh/id_rsa
> debug3: no such identity: /home/pedro/.ssh/id_rsa
> debug1: Trying private key: /home/pedro/.ssh/id_dsa
> debug3: no such identity: /home/pedro/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred: ,password
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
> debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64)
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue: publickey,password
> Permission denied, please try again.
> debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64)
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue: publickey,password
> Permission denied, please try again.
> debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64)
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue: publickey
> debug3: start over, passed a different list publickey
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug1: No more authentication methods to try.
> Permission denied (publickey).
> debug1: Calling cleanup 0x8062c30(0x0)
>=20
> --
> Este mensaje puede contener informaci=F3n confidencial y/o privilegia=
da.
> Si Vd. no es el destinatario de este mensaje o ha recibido este mensa=
je
> por error, por favor, informe inmediatamente al emisor y destruya est=
e
> mensaje. Est=E1 estrictamente prohibido por la legislaci=F3n vigente
> realizar sin autorizaci=F3n cualquier copia, revelaci=F3n o distribuc=
i=F3n de
> este mensaje. Las opiniones expresadas en este correo son las de su
> autor y Telef=F3nica M=F3viles Espa=F1a, S.A. no se responsabiliza de=
su
> contenido.
>=20
> This e-mail may contain confidential and/or privileged information.
> If you are not the intended recipient (or have received this e-mail
> in error), please notify the sender immediately and destroy this
> e-mail. Any unauthorised copying, disclosure or distribution of the
> material in this e-mail is strictly forbidden by current legislation.
> The points of view expressed in this e-mail are solely those of the
> author and may not necessarily be from, or supported by, the company.
> Telefonica Moviles S.A. neither assumes obligations nor accepts
> liability for the content of this e-mail, unless that information is
> subsequently confirmed by writing by a duly authorised representative=
>=20
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin=
" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" =
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: SSH problem
am 19.02.2005 18:59:10 von Jean-Sebastien Trottier
--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi Pedro,
Personally, I use this type of scenario using ssh's ProxyCommand
configuration.
Basically, you can tell ssh to create a "transparent" tunnel from A to
C and then use that tunnel to connect from A to B directly.
What you need is to have "netcat" installed on the jump (C) machine it
should be very easy to install on RH (I didn't verify) or compile it
yourself.
Modify your ~/.ssh/config configuration on A by adding the following
lines:
Host B
ProxyCommand ssh -a -x -e none -o "Compression no" C netcat -q 0 %h=
%p
("ProxyCommand" up to "%p" should all be on the same line)
What this means is:
`To connect to host "B", first initiate a ssh connection to host "C"
on which you should "netcat" all traffic to the real host (%h =3D B)
and port (%p =3D 22 by default)'
Remember that this is just a tunnel over top of which your "real" ssh
connection will travel... which is why you want to keep as slim as
possible by disabling compression (the "real" connection will compress
anyway, if wanted), disabling forwarding of ssh-agent (-a) and X display
(-x) as well as disabling the escape character (-e none).
So... try it out. Configure as above and simply run "ssh pedro@B"
Note that if you want to authenticate the connection between A and
C using a different user, simply replace "C" in the ProxyCommand with
"@C"
Good luck,
Sebastien
On Wed, Feb 16, 2005 at 03:52:21PM +0100, Pedro Garcia wrote:
> Hi all
>=20
> I have a machine with RHEL 3 WS. This machine has two network interfaces,
> each one in a different network, one for office work and another for
> development work.
>=20
> Since I don't want to enable access between both network but in special
> cases, this machine is providing ssh service, and I am planning to use it
> as "jump machine": An user access to the Jump Machine using ssh and then =
in
> the shell the users must connect using ssh to the development machine. Mo=
re
> clearly:
>=20
> A is the office machine
> B is the development machine
> C is the jump machine
>=20
> U is the user (defined in both B and C)
>=20
> The schema:
>=20
> A -> (ssh) -> C -> (ssh) -> B
>=20
> Well:
> If U is root all is going fine.
> If U is for instance "pedro" (My test user), the connection between A and=
C
> is correct, but I am not able to connect to B.
> If I connect form C to B (accessing directly to A console) this behaviour
> is also observed.
>=20
>=20
> I copied the known_hosts under "/root/.ssh" to "/home/pedro/.ssh", and
> chowned this file to user "pedro" group "pedro" (As defined in
> /etc/passwd).
>=20
> I didn't generated enither DSA nor RSA keys because I want a password
> connection for each user
>=20
> When trying to connect from C to B I get an:
>=20
> Permission denied, please try again.
> Permission denied, please try again.
> Permission denied (publickey)
>=20
>=20
> At the end of this mail please see the -vvv trace for this connection try,
> but... any idea?
>=20
> Thanks you in advance,
> Pedro.
>=20
>=20
> [pedro@C]$ ssh pedro@B -vvv
> OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to B [B] port 22.
> debug1: Connection established.
> debug1: identity file /home/pedro/.ssh/identity type -1
> debug1: identity file /home/pedro/.ssh/id_rsa type -1
> debug1: identity file /home/pedro/.ssh/id_dsa type -1
> debug1: Remote protocol version 2.0, remote software version 3.0.1 SSH
> Secure Shell
> debug1: match: 3.0.1 SSH Secure Shell pat 3.0.*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha 1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192- cbc,aes256-cb=
c,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192- cbc,aes256-cb=
c,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com ,hmac-sha1-96=
,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com ,hmac-sha1-96=
,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,twofish128-cbc,twofish-cbc, arcfour,cast1=
28-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,twofish128-cbc,twofish-cbc, arcfour,cast1=
28-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc
> debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,no=
ne
> debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,no=
ne
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug2: dh_gen_key: priv key bits set: 121/256
> debug2: bits set: 505/1024
> debug1: sending SSH2_MSG_KEXDH_INIT
> debug1: expecting SSH2_MSG_KEXDH_REPLY
> debug3: check_host_in_hostfile: filename /home/pedro/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 1
> debug1: Host 'B' is known and matches the DSA host key.
> debug1: Found key in /home/pedro/.ssh/known_hosts:1
> debug2: bits set: 499/1024
> debug1: ssh_dss_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug3: start over, passed a different list publickey,password
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/pedro/.ssh/identity
> debug3: no such identity: /home/pedro/.ssh/identity
> debug1: Trying private key: /home/pedro/.ssh/id_rsa
> debug3: no such identity: /home/pedro/.ssh/id_rsa
> debug1: Trying private key: /home/pedro/.ssh/id_dsa
> debug3: no such identity: /home/pedro/.ssh/id_dsa
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred: ,password
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
> debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64)
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue: publickey,password
> Permission denied, please try again.
> debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64)
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue: publickey,password
> Permission denied, please try again.
> debug3: packet_send2: adding 64 (len 50 padlen 14 extra_pad 64)
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue: publickey
> debug3: start over, passed a different list publickey
> debug3: preferred publickey,keyboard-interactive,password
> debug3: authmethod_lookup publickey
> debug3: remaining preferred: keyboard-interactive,password
> debug1: No more authentication methods to try.
> Permission denied (publickey).
> debug1: Calling cleanup 0x8062c30(0x0)
>=20
>=20
>=20
> --
> Este mensaje puede contener informaci=F3n confidencial y/o privilegiada.
> Si Vd. no es el destinatario de este mensaje o ha recibido este mensaje
> por error, por favor, informe inmediatamente al emisor y destruya este
> mensaje. Est=E1 estrictamente prohibido por la legislaci=F3n vigente
> realizar sin autorizaci=F3n cualquier copia, revelaci=F3n o distribuci=F3=
n de
> este mensaje. Las opiniones expresadas en este correo son las de su
> autor y Telef=F3nica M=F3viles Espa=F1a, S.A. no se responsabiliza de su
> contenido.
>=20
>=20
> This e-mail may contain confidential and/or privileged information.
> If you are not the intended recipient (or have received this e-mail
> in error), please notify the sender immediately and destroy this
> e-mail. Any unauthorised copying, disclosure or distribution of the
> material in this e-mail is strictly forbidden by current legislation.
> The points of view expressed in this e-mail are solely those of the
> author and may not necessarily be from, or supported by, the company.
> Telefonica Moviles S.A. neither assumes obligations nor accepts
> liability for the content of this e-mail, unless that information is
> subsequently confirmed by writing by a duly authorised representative.
>=20
>=20
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCF35uWHtULG0eY+ERAkLUAJ9SLRVd6tct8PL1FABlw7LEcIua0QCc DKBy
2ynFfHOFozHwLqJ3guYXf2Q=
=FDfn
-----END PGP SIGNATURE-----
--cWoXeonUoKmBZSoM--
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html