# ssh problem

## mystified

When I try to ssh into another box I keep getting prompted for a password (which I know is correct) and then I get the following:  Permission denied (publickey,password,keyboard-interactive).

any ideas?

Thanks!

----------

## papal_authority

That can be caused by a number of things. Maybe try a ssh -vv HOST to increase the verbosity of the error messages.

----------

## mystified

ok, I did that and received the following:

```
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to 192.168.0.2 [192.168.0.2] port 22.

debug1: Connection established.

debug1: identity file /home/mystified/.ssh/identity type -1

debug1: identity file /home/mystified/.ssh/id_rsa type -1

debug1: identity file /home/mystified/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1

debug1: match: OpenSSH_3.9p1 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.9p1

debug2: fd 3 setting O_NONBLOCK

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_init: found hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5 none

debug2: mac_init: found hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 129/256

debug2: bits set: 479/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug2: no key of type 0 for host 192.168.0.2

debug2: no key of type 2 for host 192.168.0.2

The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established.

RSA key fingerprint is b4:c9:fe:b1:43:c2:77:78:49:df:2e:76:1c:1b:87:80.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.0.2' (RSA) to the list of known hosts.

debug2: bits set: 497/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/mystified/.ssh/identity ((nil))

debug2: key: /home/mystified/.ssh/id_rsa ((nil))

debug2: key: /home/mystified/.ssh/id_dsa ((nil))

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug1: Next authentication method: publickey

debug1: Trying private key: /home/mystified/.ssh/identity

debug1: Trying private key: /home/mystified/.ssh/id_rsa

debug1: Trying private key: /home/mystified/.ssh/id_dsa

debug2: we did not send a packet, disable method

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug2: we did not send a packet, disable method

```

----------

## mystified

I tried editing hosts.allow as suggested in another post and now ssh won't do anything.  I deleted the entries from hosts.allow and reemerged openssh and still nothing.

----------

## papal_authority

You'll want your IP address in hosts.allow, what you might want to remove though, are the entries in $HOME/ssh/.known_hosts on *both* machines. If it still doesn't work, try a ssh -vvv HOST (the most debugging you can get) and see if that gives any further clues.

----------

## mystified

I did as you suggested and this is all I get - 

```
mystified@gentoo ~ $ ssh -vvv jenn@192.168.0.3

OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to 192.168.0.3 [192.168.0.3] port 22.

debug1: connect to address 192.168.0.3 port 22: Connection timed out

ssh: connect to host 192.168.0.3 port 22: Connection timed out

```

----------

## DaveArb

In your earlier example you used IP ...2, this one is IP ...3?

Dave

----------

## mystified

you're correct.  my mistake.  This is the output I get now.

```
mystified@gentoo ~ $ ssh -vvv jenn@192.168.0.2

OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to 192.168.0.2 [192.168.0.2] port 22.

debug1: Connection established.

debug1: identity file /home/mystified/.ssh/identity type -1

debug1: identity file /home/mystified/.ssh/id_rsa type -1

debug1: identity file /home/mystified/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1

debug1: match: OpenSSH_3.9p1 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.9p1

debug2: fd 3 setting O_NONBLOCK

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_init: found hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5 none

debug2: mac_init: found hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 126/256

debug2: bits set: 523/1024

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug3: check_host_in_hostfile: filename /home/mystified/.ssh/known_hosts

debug3: check_host_in_hostfile: match line 1

debug1: Host '192.168.0.2' is known and matches the RSA host key.

debug1: Found key in /home/mystified/.ssh/known_hosts:1

debug2: bits set: 473/1024

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /home/mystified/.ssh/identity ((nil))

debug2: key: /home/mystified/.ssh/id_rsa ((nil))

debug2: key: /home/mystified/.ssh/id_dsa ((nil))

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug3: start over, passed a different list publickey,password,keyboard-interactive

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/mystified/.ssh/identity

debug3: no such identity: /home/mystified/.ssh/identity

debug1: Trying private key: /home/mystified/.ssh/id_rsa

debug3: no such identity: /home/mystified/.ssh/id_rsa

debug1: Trying private key: /home/mystified/.ssh/id_dsa

debug3: no such identity: /home/mystified/.ssh/id_dsa

debug2: we did not send a packet, disable method

debug3: authmethod_lookup keyboard-interactive

debug3: remaining preferred: password

debug3: authmethod_is_enabled keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug2: userauth_kbdint

debug2: we sent a keyboard-interactive packet, wait for reply

debug1: Authentications that can continue: publickey,password,keyboard-interactive

debug3: userauth_kbdint: disable: no info_req_seen

debug2: we did not send a packet, disable method

debug3: authmethod_lookup password

debug3: remaining preferred:

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

jenn@192.168.0.2's password:

debug3: packet_send2: adding 64 (len 55 padlen 9 extra_pad 64)

debug2: we sent a password packet, wait for reply

debug1: Authentication succeeded (password).

debug1: channel 0: new [client-session]

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug1: Entering interactive session.

debug2: callback start

debug2: client_session2_setup: id 0

debug2: channel 0: request pty-req confirm 0

debug3: tty_make_modes: ospeed 38400

debug3: tty_make_modes: ispeed 38400

debug3: tty_make_modes: 1 3

debug3: tty_make_modes: 2 28

debug3: tty_make_modes: 3 127

debug3: tty_make_modes: 4 21

debug3: tty_make_modes: 5 4

debug3: tty_make_modes: 6 0

debug3: tty_make_modes: 7 0

debug3: tty_make_modes: 8 17

debug3: tty_make_modes: 9 19

debug3: tty_make_modes: 10 26

debug3: tty_make_modes: 12 18

debug3: tty_make_modes: 13 23

debug3: tty_make_modes: 14 22

debug3: tty_make_modes: 18 15

debug3: tty_make_modes: 30 0

debug3: tty_make_modes: 31 0

debug3: tty_make_modes: 32 0

debug3: tty_make_modes: 33 0

debug3: tty_make_modes: 34 0

debug3: tty_make_modes: 35 0

debug3: tty_make_modes: 36 1

debug3: tty_make_modes: 37 0

debug3: tty_make_modes: 38 0

debug3: tty_make_modes: 39 0

debug3: tty_make_modes: 40 0

debug3: tty_make_modes: 41 0

debug3: tty_make_modes: 50 1

debug3: tty_make_modes: 51 1

debug3: tty_make_modes: 52 0

debug3: tty_make_modes: 53 1

debug3: tty_make_modes: 54 1

debug3: tty_make_modes: 55 1

debug3: tty_make_modes: 56 0

debug3: tty_make_modes: 57 0

debug3: tty_make_modes: 58 0

debug3: tty_make_modes: 59 1

debug3: tty_make_modes: 60 1

debug3: tty_make_modes: 61 1

debug3: tty_make_modes: 62 0

debug3: tty_make_modes: 70 1

debug3: tty_make_modes: 71 0

debug3: tty_make_modes: 72 1

debug3: tty_make_modes: 73 0

debug3: tty_make_modes: 74 0

debug3: tty_make_modes: 75 0

debug3: tty_make_modes: 90 1

debug3: tty_make_modes: 91 1

debug3: tty_make_modes: 92 0

debug3: tty_make_modes: 93 0

debug2: channel 0: request shell confirm 0

debug2: fd 3 setting TCP_NODELAY

debug2: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug2: channel 0: rcvd adjust 131072

Last login: Thu Sep  1 10:36:21 2005 from 192.168.0.6

-bash: TMOUT: readonly variable

xhost:  unable to open display ""

```

----------

## DaveArb

 *mystified wrote:*   

> you're correct.  my mistake.  This is the output I get now.
> 
> ```
> <snip>
> 
> ...

 

It appears you're logging in with ssh OK. Those last two lines look to be your difficulty, is your login is trying to automatically go into X?

Dave

----------

## mystified

I have no idea.  I don't see why it should tho.  I've logged into this box successfully before using the exact same commands.

----------

## mystified

Ok, now I can successfully ssh into another box on my network.  But if I try outside the network I get the following 

```
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004

debug1: Reading configuration data /etc/ssh/ssh_config

debug2: ssh_connect: needpriv 0

debug1: Connecting to 70.118.201.125 [70.118.201.125] port 22.

debug1: connect to address 70.118.201.125 port 22: Connection refused

ssh: connect to host 70.118.201.125 port 22: Connection refused

```

I have a router with a NAT firewall and port 22 open.

----------

## DaveArb

I don't mean to be nitpicky on words, but is port 22 open, or forwarded. If it's open, then the sshd would be expected to be on the machine with the firewall (presumably 70.118.201.125). If forwarded, it is forwarded to the correct computer?

If forwarded to the correct computer, check /etc/ssh/sshd_config on the destination machine to be certain it is listening on the interface you'll be hitting (for example, if `ListenAddress 127.0.0.1`, it won't pay attention to the ethernet port.)

Dave

----------

## mystified

ok, bad terminology.  The port is forwarded.  And for ip I have the internal ip of this box.  This is the way I've always had it and it's worked for me in the past.  I'm rather confused at this point.

----------

## DaveArb

My earlier comment about ListenAddress was hogwash, you patently can hit the machine at 192.168.0.2. My guess is either the firewall is forwarding to the wrong machine, or it is set up wrong, for instance allowing traffic in only one direction, or having source and destination ports switched.

Dave

----------

