RE: Non-root ssh


Subject: RE: Non-root ssh
From: Brian ThunderEagle (furbs@mail.swjedi.net)
Date: Tue Dec 17 2002 - 03:05:36 AKST


Here is what happens from the time the client opens a connection until it is
terminated, mabye it will help explain:

Dec 17 15:02:53 server01 sshd[12641]: debug1: Forked child 12667.
Dec 17 15:02:53 server01 sshd[12667]: Connection from 24.237.3.34 port 3123
Dec 17 15:02:53 server01 sshd[12667]: debug1: Client protocol version 2.0;
client software version PuTTY-Release-0.53
Dec 17 15:02:53 server01 sshd[12667]: debug1: no match: PuTTY-Release-0.53
Dec 17 15:02:53 server01 sshd[12667]: Enabling compatibility mode for protocol
2.0
Dec 17 15:02:53 server01 sshd[12667]: debug1: Local version string SSH-1.99-
OpenSSH_3.1p1
Dec 17 15:02:53 server01 sshd[12667]: debug1: list_hostkey_types: ssh-rsa,ssh-
dss
Dec 17 15:02:53 server01 sshd[12667]: debug1: SSH2_MSG_KEXINIT sent
Dec 17 15:02:53 server01 sshd[12667]: debug1: SSH2_MSG_KEXINIT received
Dec 17 15:02:53 server01 sshd[12667]: debug1: kex: client->server aes256-cbc
hmac-sha1 none
Dec 17 15:02:53 server01 sshd[12667]: debug1: kex: server->client aes256-cbc
hmac-sha1 none
Dec 17 15:02:53 server01 sshd[12667]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD
received
Dec 17 15:02:53 server01 sshd[12667]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Dec 17 15:02:53 server01 sshd[12667]: debug1: dh_gen_key: priv key bits set:
244/512
Dec 17 15:02:53 server01 sshd[12667]: debug1: bits set: 1620/3191
Dec 17 15:02:53 server01 sshd[12667]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Dec 17 15:02:55 server01 sshd[12667]: debug1: bits set: 1582/3191
Dec 17 15:02:55 server01 sshd[12667]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Dec 17 15:02:55 server01 sshd[12667]: debug1: kex_derive_keys
Dec 17 15:02:55 server01 sshd[12667]: debug1: newkeys: mode 1
Dec 17 15:02:55 server01 sshd[12667]: debug1: cipher_init: set keylen (16 -> 32)
Dec 17 15:02:55 server01 sshd[12667]: debug1: SSH2_MSG_NEWKEYS sent
Dec 17 15:02:55 server01 sshd[12667]: debug1: waiting for SSH2_MSG_NEWKEYS
Dec 17 15:02:57 server01 sshd[12667]: debug1: newkeys: mode 0
Dec 17 15:02:57 server01 sshd[12667]: debug1: cipher_init: set keylen (16 -> 32)
Dec 17 15:02:57 server01 sshd[12667]: debug1: SSH2_MSG_NEWKEYS received
Dec 17 15:02:57 server01 sshd[12667]: debug1: KEX done
Dec 17 15:03:00 server01 sshd[12667]: debug1: userauth-request for user Furbs
service ssh-connection method none
Dec 17 15:03:00 server01 sshd[12667]: debug1: attempt 0 failures 0
Dec 17 15:03:00 server01 sshd[12667]: debug1: Starting up PAM with
username "Furbs"
Dec 17 15:03:00 server01 sshd[12667]: debug1: PAM setting rhost to "34-3-237-24-
cable.anchorageak.net"
Dec 17 15:03:00 server01 sshd[12667]: Failed none for Furbs from 24.237.3.34
port 3123 ssh2
Dec 17 15:03:00 server01 sshd[12667]: debug1: userauth-request for user Furbs
service ssh-connection method keyboard-interactive
Dec 17 15:03:00 server01 sshd[12667]: debug1: attempt 1 failures 1
Dec 17 15:03:00 server01 sshd[12667]: debug1: keyboard-interactive devs
Dec 17 15:03:00 server01 sshd[12667]: debug1: auth2_challenge: user=Furbs devs=
Dec 17 15:03:00 server01 sshd[12667]: debug1: kbdint_alloc: devices ''
Dec 17 15:03:00 server01 sshd[12667]: Failed keyboard-interactive for Furbs
from 24.237.3.34 port 3123 ssh2
Dec 17 15:03:03 server01 sshd[12667]: debug1: userauth-request for user Furbs
service ssh-connection method password
Dec 17 15:03:03 server01 sshd[12667]: debug1: attempt 2 failures 2
Dec 17 15:03:05 server01 sshd[12667]: debug1: PAM Password authentication
for "Furbs" failed[7]: Authentication failure
Dec 17 15:03:05 server01 sshd[12667]: Failed password for Furbs from
24.237.3.34 port 3123 ssh2
Dec 17 15:03:05 server01 sshd[12667]: debug1: userauth-request for user Furbs
service ssh-connection method none
Dec 17 15:03:05 server01 sshd[12667]: debug1: attempt 3 failures 3
Dec 17 15:03:05 server01 sshd[12667]: Failed none for Furbs from 24.237.3.34
port 3123 ssh2
Dec 17 15:03:05 server01 sshd[12667]: debug1: userauth-request for user Furbs
service ssh-connection method keyboard-interactive
Dec 17 15:03:05 server01 sshd[12667]: debug1: attempt 4 failures 4
Dec 17 15:03:05 server01 sshd[12667]: debug1: keyboard-interactive devs
Dec 17 15:03:05 server01 sshd[12667]: debug1: auth2_challenge: user=Furbs devs=
Dec 17 15:03:05 server01 sshd[12667]: debug1: kbdint_alloc: devices ''
Dec 17 15:03:05 server01 sshd[12667]: Failed keyboard-interactive for Furbs
from 24.237.3.34 port 3123 ssh2
Dec 17 15:03:12 server01 sshd[12667]: Connection closed by 24.237.3.34
Dec 17 15:03:12 server01 sshd[12667]: debug1: Calling cleanup 0x80526a0(0x0)
Dec 17 15:03:12 server01 sshd[12667]: debug1: Calling cleanup 0x8067b20(0x0)

     Brian ThunderEagle
      - http://www.swjedi.net
      - furbs@swjedi.net
      - bthundereagle@aidea.org

Quoting Larry Collier <larry@medease.com>:

>
> sshd should be configured to not accept non-local root logins. It is a
> pain
> in the butt to enforce this but it is way more secure.
>
> ssh should be in the user path, and sshd in roots. No mixing should be
> allowed.
>
> Larry
>
> -----Original Message-----
> From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org]On Behalf Of
> Fielder George Dowding
> Sent: Tuesday, December 17, 2002 2:42 PM
> To: aklug@aklug.org
> Subject: Re: Non-root ssh
>
>
>
> Hi Mike and everybody. When I want to ssh to another machine, I log
> in to somebody other than root. Then, assuming I have root
> priviledges, I su to root as needed. Of course, the other userid
> must be setup on the target machine. Also, I always, repeat
> _ALWAYS_, start out as somebody other than root on the host from
> which I am ssh'ing.
>
> fgd.
>
> On Tue, 17 Dec 2002 12:58:08 -0900
> Mike Barsalou <mbarsalou@aidea.org> wrote:
>
> >
> > I want to setup ssh so that I can login as a non-root user....what
> > are the basic steps for this?
> >
> > I have been reading through the docs and I am getting clues, but I
> > am missing something.
> >
> > Anyone have any good ideas?
> >
> > Mike
> >
> > ---------
>
> --
> Fielder George Dowding, Chief Iceworm
> dba Iceworm Enterprises, Anchorage, Alaska
> Since 1976 - Over 25 Years of Service.
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

-- Attached file included as plaintext by Listar --
-- File: mylog.txt

Dec 17 15:02:53 server01 sshd[12641]: debug1: Forked child 12667.
Dec 17 15:02:53 server01 sshd[12667]: Connection from 24.237.3.34 port 3123
Dec 17 15:02:53 server01 sshd[12667]: debug1: Client protocol version 2.0; client software version PuTTY-Release-0.53
Dec 17 15:02:53 server01 sshd[12667]: debug1: no match: PuTTY-Release-0.53
Dec 17 15:02:53 server01 sshd[12667]: Enabling compatibility mode for protocol 2.0
Dec 17 15:02:53 server01 sshd[12667]: debug1: Local version string SSH-1.99-OpenSSH_3.1p1
Dec 17 15:02:53 server01 sshd[12667]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Dec 17 15:02:53 server01 sshd[12667]: debug1: SSH2_MSG_KEXINIT sent
Dec 17 15:02:53 server01 sshd[12667]: debug1: SSH2_MSG_KEXINIT received
Dec 17 15:02:53 server01 sshd[12667]: debug1: kex: client->server aes256-cbc hmac-sha1 none
Dec 17 15:02:53 server01 sshd[12667]: debug1: kex: server->client aes256-cbc hmac-sha1 none
Dec 17 15:02:53 server01 sshd[12667]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
Dec 17 15:02:53 server01 sshd[12667]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Dec 17 15:02:53 server01 sshd[12667]: debug1: dh_gen_key: priv key bits set: 244/512
Dec 17 15:02:53 server01 sshd[12667]: debug1: bits set: 1620/3191
Dec 17 15:02:53 server01 sshd[12667]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Dec 17 15:02:55 server01 sshd[12667]: debug1: bits set: 1582/3191
Dec 17 15:02:55 server01 sshd[12667]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Dec 17 15:02:55 server01 sshd[12667]: debug1: kex_derive_keys
Dec 17 15:02:55 server01 sshd[12667]: debug1: newkeys: mode 1
Dec 17 15:02:55 server01 sshd[12667]: debug1: cipher_init: set keylen (16 -> 32)
Dec 17 15:02:55 server01 sshd[12667]: debug1: SSH2_MSG_NEWKEYS sent
Dec 17 15:02:55 server01 sshd[12667]: debug1: waiting for SSH2_MSG_NEWKEYS
Dec 17 15:02:57 server01 sshd[12667]: debug1: newkeys: mode 0
Dec 17 15:02:57 server01 sshd[12667]: debug1: cipher_init: set keylen (16 -> 32)
Dec 17 15:02:57 server01 sshd[12667]: debug1: SSH2_MSG_NEWKEYS received
Dec 17 15:02:57 server01 sshd[12667]: debug1: KEX done
Dec 17 15:03:00 server01 sshd[12667]: debug1: userauth-request for user Furbs service ssh-connection method none
Dec 17 15:03:00 server01 sshd[12667]: debug1: attempt 0 failures 0
Dec 17 15:03:00 server01 sshd[12667]: debug1: Starting up PAM with username "Furbs"
Dec 17 15:03:00 server01 sshd[12667]: debug1: PAM setting rhost to "34-3-237-24-cable.anchorageak.net"
Dec 17 15:03:00 server01 sshd[12667]: Failed none for Furbs from 24.237.3.34 port 3123 ssh2
Dec 17 15:03:00 server01 sshd[12667]: debug1: userauth-request for user Furbs service ssh-connection method keyboard-interactive
Dec 17 15:03:00 server01 sshd[12667]: debug1: attempt 1 failures 1
Dec 17 15:03:00 server01 sshd[12667]: debug1: keyboard-interactive devs
Dec 17 15:03:00 server01 sshd[12667]: debug1: auth2_challenge: user=Furbs devs=
Dec 17 15:03:00 server01 sshd[12667]: debug1: kbdint_alloc: devices ''
Dec 17 15:03:00 server01 sshd[12667]: Failed keyboard-interactive for Furbs from 24.237.3.34 port 3123 ssh2
Dec 17 15:03:03 server01 sshd[12667]: debug1: userauth-request for user Furbs service ssh-connection method password
Dec 17 15:03:03 server01 sshd[12667]: debug1: attempt 2 failures 2
Dec 17 15:03:05 server01 sshd[12667]: debug1: PAM Password authentication for "Furbs" failed[7]: Authentication failure
Dec 17 15:03:05 server01 sshd[12667]: Failed password for Furbs from 24.237.3.34 port 3123 ssh2
Dec 17 15:03:05 server01 sshd[12667]: debug1: userauth-request for user Furbs service ssh-connection method none
Dec 17 15:03:05 server01 sshd[12667]: debug1: attempt 3 failures 3
Dec 17 15:03:05 server01 sshd[12667]: Failed none for Furbs from 24.237.3.34 port 3123 ssh2
Dec 17 15:03:05 server01 sshd[12667]: debug1: userauth-request for user Furbs service ssh-connection method keyboard-interactive
Dec 17 15:03:05 server01 sshd[12667]: debug1: attempt 4 failures 4
Dec 17 15:03:05 server01 sshd[12667]: debug1: keyboard-interactive devs
Dec 17 15:03:05 server01 sshd[12667]: debug1: auth2_challenge: user=Furbs devs=
Dec 17 15:03:05 server01 sshd[12667]: debug1: kbdint_alloc: devices ''
Dec 17 15:03:05 server01 sshd[12667]: Failed keyboard-interactive for Furbs from 24.237.3.34 port 3123 ssh2
Dec 17 15:03:12 server01 sshd[12667]: Connection closed by 24.237.3.34
Dec 17 15:03:12 server01 sshd[12667]: debug1: Calling cleanup 0x80526a0(0x0)
Dec 17 15:03:12 server01 sshd[12667]: debug1: Calling cleanup 0x8067b20(0x0)

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.



This archive was generated by hypermail 2a23 : Tue Dec 17 2002 - 15:06:48 AKST