Ubuntu
openssh package

Bug #874518
Comment #10

Comment 10 for bug 874518

Revision history for this message

Jason Nett (jasonnett80) wrote on 2011-10-16: Re: [Bug 874518] Re: ssh with kerberos fails after upgrade to 11.10

#10

Hi Clint,

Your summary is correct. I tried upgrading my home desktop from 11.04 to
11.10 and one of the first things I check when I do this is whether ssh and
kerberos are working properly because I often work from home on this
computer. I also have a laptop with 11.04 that I have NOT upgraded to 11.10
for comparison. As far as I can tell, kerberos is functioning properly and
the errors I posted earlier indicate that my destop (11.10) now cannot
communicate the kerberos ticket while ssh'ing via gssapi-with-mic, whereas
my laptop (11.04) does communicate the ticket successfully with
gssapi-with-mic. I've scoured the files in /username/.ssh/ and in /etc/ssh/
for any discrepant settings and even tried outright replacing such files
(not .ssh/known_hosts, of course, but I did try deleting and regenerating
it), but nothing produces a different result.

Jason

On Sun, Oct 16, 2011 at 12:30 PM, Clint Byrum <email address hidden> wrote:

> Ok Jason, thanks for all the leg work. I think at this point we need to
> try and reproduce your setup to try and address the bug. To be clear,
>
> Your client is on 11.10, and can obtain kerberos tickets fine, but
> cannot log into any SSH service that normally would accept these
> tickets.
>
> Is that an accurate reflection of the problem?
>
> ** Summary changed:
>
> - ssh fails after upgrade to 11.10
> + ssh with kerberos fails after upgrade to 11.10
>
> ** Changed in: openssh (Ubuntu)
> Status: Incomplete => New
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/874518
>
> Title:
> ssh with kerberos fails after upgrade to 11.10
>
> Status in “openssh” package in Ubuntu:
> New
>
> Bug description:
> I upgraded from 11.04 to 11.10 and upon completion found that I could no
> longer ssh into other computers that I routinely do so. There are several
> things I've checked:
> 1. Kerberos authentication is working fine, that's not the problem.
> 2. I tried restarting and reinstalling ssh, but neither helped.
> 3. I tried copying over all ssh related files from my laptop (with a
> properly function ssh in 11.04) and replace what is on my 11.10
> malfunctioning OS, but that did not help.
> 4. I tried deleting the .ssh/known_hosts file. On my next attempt, I
> received the normal message about connecting somewhere for the first time,
> but was still refused a connection.
> 5.
>
> jason:~$ /usr/sbin/sshd -ddd
> debug2: load_server_config: filename /etc/ssh/sshd_config
> debug2: load_server_config: done config len = 682
> debug2: parse_server_config: config /etc/ssh/sshd_config len 682
> debug3: /etc/ssh/sshd_config:5 setting Port 22
> debug3: /etc/ssh/sshd_config:9 setting Protocol 2
> debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
> debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
> debug3: /etc/ssh/sshd_config:13 setting HostKey
> /etc/ssh/ssh_host_ecdsa_key
> debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
> debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
> debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
> debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
> debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
> debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
> debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
> debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
> debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
> debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
> debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
> debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
> debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
> debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
> debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication no
> debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
> debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
> debug3: /etc/ssh/sshd_config:65 setting PrintMotd no
> debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes
> debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes
> debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_*
> debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp
> /usr/lib/openssh/sftp-server
> debug3: /etc/ssh/sshd_config:87 setting UsePAM yes
> debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
> debug3: Incorrect RSA1 identifier
> debug1: read PEM private key done: type RSA
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> debug1: private host key: #0 type 1 RSA
> debug3: Incorrect RSA1 identifier
> debug1: read PEM private key done: type DSA
> debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
> debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
> debug1: private host key: #1 type 2 DSA
> debug3: Incorrect RSA1 identifier
> debug1: read PEM private key done: type ECDSA
> debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
> debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
> debug1: private host key: #2 type 3 ECDSA
> debug1: setgroups() failed: Operation not permitted
> debug1: rexec_argv[0]='/usr/sbin/sshd'
> debug1: rexec_argv[1]='-ddd'
> debug3: oom_adjust_setup
> Set /proc/self/oom_score_adj from 0 to -1000
> debug2: fd 3 setting O_NONBLOCK
> debug1: Bind to port 22 on 0.0.0.0.
> Bind to port 22 on 0.0.0.0 failed: Permission denied.
> debug2: fd 3 setting O_NONBLOCK
> debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
> debug1: Bind to port 22 on ::.
> Bind to port 22 on :: failed: Permission denied.
> Cannot bind any address.
>
> Maybe the problem is in that readout, but I'm not familiar enough with
> this output to know.
>
> My laptop which still has Ubuntu 11.04 still can successfully log into
> the computers I need to, so the problem is definitely related to the
> upgrade of my desktop to 11.10.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 11.10
> Package: ssh (not installed)
> ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4
> Uname: Linux 3.0.0-12-generic-pae i686
> NonfreeKernelModules: wl
> ApportVersion: 1.23-0ubuntu3
> Architecture: i386
> Date: Fri Oct 14 13:40:37 2011
> InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
> ProcEnviron:
> PATH=(custom, no user)
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: openssh
> UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago)
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions
>

Hi Clint,

Your summary is correct.  I tried upgrading my home desktop from 11.04 to
11.10 and one of the first things I check when I do this is whether ssh and
kerberos are working properly because I often work from home on this
computer.  I also have a laptop with 11.04 that I have NOT upgraded to 11.10
for comparison.  As far as I can tell, kerberos is functioning properly and
the errors I posted earlier indicate that my destop (11.10) now cannot
communicate the kerberos ticket while ssh'ing via gssapi-with-mic, whereas
my laptop (11.04) does communicate the ticket successfully with
gssapi-with-mic.  I've scoured the files in /username/.ssh/ and in /etc/ssh/
for any discrepant settings and even tried outright replacing such files
(not .ssh/known_hosts, of course, but I did try deleting and regenerating
it), but nothing produces a different result.

Jason

On Sun, Oct 16, 2011 at 12:30 PM, Clint Byrum <clint@fewbar.com> wrote:

> Ok Jason, thanks for all the leg work. I think at this point we need to
> try and reproduce your setup to try and address the bug. To be clear,
>
> Your client is on 11.10, and can obtain kerberos tickets fine, but
> cannot log into any SSH service that normally would accept these
> tickets.
>
> Is that an accurate reflection of the problem?
>
> ** Summary changed:
>
> - ssh fails after upgrade to 11.10
> + ssh with kerberos fails after upgrade to 11.10
>
> ** Changed in: openssh (Ubuntu)
>       Status: Incomplete => New
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/874518
>
> Title:
>  ssh with kerberos fails after upgrade to 11.10
>
> Status in “openssh” package in Ubuntu:
>  New
>
> Bug description:
>  I upgraded from 11.04 to 11.10 and upon completion found that I could no
> longer ssh into other computers that I routinely do so.  There are several
> things I've checked:
>  1. Kerberos authentication is working fine, that's not the problem.
>  2. I tried restarting and reinstalling ssh, but neither helped.
>  3. I tried copying over all ssh related files from my laptop (with a
> properly function ssh in 11.04) and replace what is on my 11.10
> malfunctioning OS, but that did not help.
>  4. I tried deleting the .ssh/known_hosts file.  On my next attempt, I
> received the normal message about connecting somewhere for the first time,
> but was still refused a connection.
>  5.
>
>  jason:~$ /usr/sbin/sshd -ddd
>  debug2: load_server_config: filename /etc/ssh/sshd_config
>  debug2: load_server_config: done config len = 682
>  debug2: parse_server_config: config /etc/ssh/sshd_config len 682
>  debug3: /etc/ssh/sshd_config:5 setting Port 22
>  debug3: /etc/ssh/sshd_config:9 setting Protocol 2
>  debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
>  debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
>  debug3: /etc/ssh/sshd_config:13 setting HostKey
> /etc/ssh/ssh_host_ecdsa_key
>  debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
>  debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
>  debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
>  debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
>  debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
>  debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
>  debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
>  debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
>  debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
>  debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
>  debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
>  debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
>  debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
>  debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
>  debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication no
>  debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
>  debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
>  debug3: /etc/ssh/sshd_config:65 setting PrintMotd no
>  debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes
>  debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes
>  debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_*
>  debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp
> /usr/lib/openssh/sftp-server
>  debug3: /etc/ssh/sshd_config:87 setting UsePAM yes
>  debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
>  debug3: Incorrect RSA1 identifier
>  debug1: read PEM private key done: type RSA
>  debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
>  debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
>  debug1: private host key: #0 type 1 RSA
>  debug3: Incorrect RSA1 identifier
>  debug1: read PEM private key done: type DSA
>  debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
>  debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
>  debug1: private host key: #1 type 2 DSA
>  debug3: Incorrect RSA1 identifier
>  debug1: read PEM private key done: type ECDSA
>  debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
>  debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
>  debug1: private host key: #2 type 3 ECDSA
>  debug1: setgroups() failed: Operation not permitted
>  debug1: rexec_argv[0]='/usr/sbin/sshd'
>  debug1: rexec_argv[1]='-ddd'
>  debug3: oom_adjust_setup
>  Set /proc/self/oom_score_adj from 0 to -1000
>  debug2: fd 3 setting O_NONBLOCK
>  debug1: Bind to port 22 on 0.0.0.0.
>  Bind to port 22 on 0.0.0.0 failed: Permission denied.
>  debug2: fd 3 setting O_NONBLOCK
>  debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
>  debug1: Bind to port 22 on ::.
>  Bind to port 22 on :: failed: Permission denied.
>  Cannot bind any address.
>
>  Maybe the problem is in that readout, but I'm not familiar enough with
>  this output to know.
>
>  My laptop which still has Ubuntu 11.04 still can successfully log into
>  the computers I need to, so the problem is definitely related to the
>  upgrade of my desktop to 11.10.
>
>  ProblemType: Bug
>  DistroRelease: Ubuntu 11.10
>  Package: ssh (not installed)
>  ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4
>  Uname: Linux 3.0.0-12-generic-pae i686
>  NonfreeKernelModules: wl
>  ApportVersion: 1.23-0ubuntu3
>  Architecture: i386
>  Date: Fri Oct 14 13:40:37 2011
>  InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
>  ProcEnviron:
>   PATH=(custom, no user)
>   LANG=en_US.UTF-8
>   SHELL=/bin/bash
>  SourcePackage: openssh
>  UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago)
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions
>

Ubuntuopenssh package

Comment 10 for bug 874518

Ubuntu
openssh package