Ubuntu
openssh package

  1. Bug #874518
  2. Comment #11

Comment 11 for bug 874518

Revision history for this message
Jason Nett (jasonnett80) wrote : Re: [Bug 874518] Re: ssh with kerberos fails after upgrade to 11.10

Hi Clint,

I'm not sure if anyone is working on this, but I just wanted to let you (or
whomever is working on it) that I've decided to scrap 11.10 and do a fresh
install of 11.04 from scratch. After installing kerberos:

sudo apt-get install krb5-user
sudo apt-get install libpam-krb5

and replacing the /etc/krb5.conf with one friendly to the lab I work for, I
can now again ssh into where I need to. The ticket authentication is
communicated successfully via gssapi-with-mic.

I hope you all are able to find this bug in 11.10 and I look forward to
trying the newest version again in a few months. There were some new
features I really liked in 11.10, especially the new ALT-Tab window
switcher. That makes juggling a dozen emacs windows in a single workspace
much easier (one of the very few downsides to the 11.04 Unity version).

Thanks for the help.

Jason

On Sun, Oct 16, 2011 at 1:31 PM, Jason Nett <email address hidden> wrote:

> Hi Clint,
>
> Your summary is correct. I tried upgrading my home desktop from 11.04 to
> 11.10 and one of the first things I check when I do this is whether ssh and
> kerberos are working properly because I often work from home on this
> computer. I also have a laptop with 11.04 that I have NOT upgraded to 11.10
> for comparison. As far as I can tell, kerberos is functioning properly and
> the errors I posted earlier indicate that my destop (11.10) now cannot
> communicate the kerberos ticket while ssh'ing via gssapi-with-mic, whereas
> my laptop (11.04) does communicate the ticket successfully with
> gssapi-with-mic. I've scoured the files in /username/.ssh/ and in /etc/ssh/
> for any discrepant settings and even tried outright replacing such files
> (not .ssh/known_hosts, of course, but I did try deleting and regenerating
> it), but nothing produces a different result.
>
>
> Jason
>
>
> On Sun, Oct 16, 2011 at 12:30 PM, Clint Byrum <email address hidden> wrote:
>
>> Ok Jason, thanks for all the leg work. I think at this point we need to
>> try and reproduce your setup to try and address the bug. To be clear,
>>
>> Your client is on 11.10, and can obtain kerberos tickets fine, but
>> cannot log into any SSH service that normally would accept these
>> tickets.
>>
>> Is that an accurate reflection of the problem?
>>
>> ** Summary changed:
>>
>> - ssh fails after upgrade to 11.10
>> + ssh with kerberos fails after upgrade to 11.10
>>
>> ** Changed in: openssh (Ubuntu)
>> Status: Incomplete => New
>>
>> --
>> You received this bug notification because you are subscribed to the bug
>> report.
>> https://bugs.launchpad.net/bugs/874518
>>
>> Title:
>> ssh with kerberos fails after upgrade to 11.10
>>
>> Status in “openssh” package in Ubuntu:
>> New
>>
>> Bug description:
>> I upgraded from 11.04 to 11.10 and upon completion found that I could no
>> longer ssh into other computers that I routinely do so. There are several
>> things I've checked:
>> 1. Kerberos authentication is working fine, that's not the problem.
>> 2. I tried restarting and reinstalling ssh, but neither helped.
>> 3. I tried copying over all ssh related files from my laptop (with a
>> properly function ssh in 11.04) and replace what is on my 11.10
>> malfunctioning OS, but that did not help.
>> 4. I tried deleting the .ssh/known_hosts file. On my next attempt, I
>> received the normal message about connecting somewhere for the first time,
>> but was still refused a connection.
>> 5.
>>
>> jason:~$ /usr/sbin/sshd -ddd
>> debug2: load_server_config: filename /etc/ssh/sshd_config
>> debug2: load_server_config: done config len = 682
>> debug2: parse_server_config: config /etc/ssh/sshd_config len 682
>> debug3: /etc/ssh/sshd_config:5 setting Port 22
>> debug3: /etc/ssh/sshd_config:9 setting Protocol 2
>> debug3: /etc/ssh/sshd_config:11 setting HostKey /etc/ssh/ssh_host_rsa_key
>> debug3: /etc/ssh/sshd_config:12 setting HostKey /etc/ssh/ssh_host_dsa_key
>> debug3: /etc/ssh/sshd_config:13 setting HostKey
>> /etc/ssh/ssh_host_ecdsa_key
>> debug3: /etc/ssh/sshd_config:15 setting UsePrivilegeSeparation yes
>> debug3: /etc/ssh/sshd_config:18 setting KeyRegenerationInterval 3600
>> debug3: /etc/ssh/sshd_config:19 setting ServerKeyBits 768
>> debug3: /etc/ssh/sshd_config:22 setting SyslogFacility AUTH
>> debug3: /etc/ssh/sshd_config:23 setting LogLevel INFO
>> debug3: /etc/ssh/sshd_config:26 setting LoginGraceTime 120
>> debug3: /etc/ssh/sshd_config:27 setting PermitRootLogin no
>> debug3: /etc/ssh/sshd_config:28 setting StrictModes yes
>> debug3: /etc/ssh/sshd_config:30 setting RSAAuthentication yes
>> debug3: /etc/ssh/sshd_config:31 setting PubkeyAuthentication yes
>> debug3: /etc/ssh/sshd_config:35 setting IgnoreRhosts yes
>> debug3: /etc/ssh/sshd_config:37 setting RhostsRSAAuthentication no
>> debug3: /etc/ssh/sshd_config:39 setting HostbasedAuthentication no
>> debug3: /etc/ssh/sshd_config:44 setting PermitEmptyPasswords no
>> debug3: /etc/ssh/sshd_config:48 setting ChallengeResponseAuthentication
>> no
>> debug3: /etc/ssh/sshd_config:63 setting X11Forwarding yes
>> debug3: /etc/ssh/sshd_config:64 setting X11DisplayOffset 10
>> debug3: /etc/ssh/sshd_config:65 setting PrintMotd no
>> debug3: /etc/ssh/sshd_config:66 setting PrintLastLog yes
>> debug3: /etc/ssh/sshd_config:67 setting TCPKeepAlive yes
>> debug3: /etc/ssh/sshd_config:74 setting AcceptEnv LANG LC_*
>> debug3: /etc/ssh/sshd_config:76 setting Subsystem sftp
>> /usr/lib/openssh/sftp-server
>> debug3: /etc/ssh/sshd_config:87 setting UsePAM yes
>> debug1: sshd version OpenSSH_5.8p1 Debian-7ubuntu1
>> debug3: Incorrect RSA1 identifier
>> debug1: read PEM private key done: type RSA
>> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
>> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
>> debug1: private host key: #0 type 1 RSA
>> debug3: Incorrect RSA1 identifier
>> debug1: read PEM private key done: type DSA
>> debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
>> debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
>> debug1: private host key: #1 type 2 DSA
>> debug3: Incorrect RSA1 identifier
>> debug1: read PEM private key done: type ECDSA
>> debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
>> debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
>> debug1: private host key: #2 type 3 ECDSA
>> debug1: setgroups() failed: Operation not permitted
>> debug1: rexec_argv[0]='/usr/sbin/sshd'
>> debug1: rexec_argv[1]='-ddd'
>> debug3: oom_adjust_setup
>> Set /proc/self/oom_score_adj from 0 to -1000
>> debug2: fd 3 setting O_NONBLOCK
>> debug1: Bind to port 22 on 0.0.0.0.
>> Bind to port 22 on 0.0.0.0 failed: Permission denied.
>> debug2: fd 3 setting O_NONBLOCK
>> debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
>> debug1: Bind to port 22 on ::.
>> Bind to port 22 on :: failed: Permission denied.
>> Cannot bind any address.
>>
>> Maybe the problem is in that readout, but I'm not familiar enough with
>> this output to know.
>>
>> My laptop which still has Ubuntu 11.04 still can successfully log into
>> the computers I need to, so the problem is definitely related to the
>> upgrade of my desktop to 11.10.
>>
>> ProblemType: Bug
>> DistroRelease: Ubuntu 11.10
>> Package: ssh (not installed)
>> ProcVersionSignature: Ubuntu 3.0.0-12.20-generic-pae 3.0.4
>> Uname: Linux 3.0.0-12-generic-pae i686
>> NonfreeKernelModules: wl
>> ApportVersion: 1.23-0ubuntu3
>> Architecture: i386
>> Date: Fri Oct 14 13:40:37 2011
>> InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
>> ProcEnviron:
>> PATH=(custom, no user)
>> LANG=en_US.UTF-8
>> SHELL=/bin/bash
>> SourcePackage: openssh
>> UpgradeStatus: Upgraded to oneiric on 2011-10-14 (0 days ago)
>>
>> To manage notifications about this bug go to:
>>
>> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/874518/+subscriptions
>>
>
>