Hi I'm seeing the same behaviour- using gss-client works, ssh fails and
prompts for a password
"
mark@moonshot:~$ which ssh
/usr/bin/ssh
mark@moonshot:~$ ssh -v [log in to unmask]
OpenSSH_5.9p1 Debian-5+moonshot1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to moonshot.moonshot.local [127.0.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/mark/.ssh/id_rsa type -1
debug1: identity file /home/mark/.ssh/id_rsa-cert type -1
debug1: identity file /home/mark/.ssh/id_dsa type -1
debug1: identity file /home/mark/.ssh/id_dsa-cert type -1
debug1: identity file /home/mark/.ssh/id_ecdsa type -1
debug1: identity file /home/mark/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.9p1 Debian-5+moonshot1
debug1: match: OpenSSH_5.9p1 Debian-5+moonshot1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5+moonshot1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA
a4:bc:8e:d4:72:54:55:27:e0:ed:b8:e5:3f:c1:29:8a
debug1: Host 'moonshot.moonshot.local' is known and matches the ECDSA
host key.
debug1: Found key in /home/mark/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
debug1: Unspecified GSS failure. Minor code may provide more information
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found
debug1: Invalid token was supplied
Acceptor identity different than expected
debug1: Invalid token was supplied
Acceptor identity different than expected
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mark/.ssh/id_rsa
debug1: Trying private key: /home/mark/.ssh/id_dsa
debug1: Trying private key: /home/mark/.ssh/id_ecdsa
"
I see the following in the gss-server output:
"
Attribute local-login-user Authenticated Complete
moonshot
6d6f6f6e73686f74
"
Finally hostname -f gives "moonshot.moonshot.local"
My environment is that I'm running it within a NAT'ed VM via VirtualBox
on a Linux workstation. I've pegged back the freeradius packages to
2.1.1.2 as suggested on the wiki and updated the moonshot packages to
the latest available version.
On 11/04/13 07:34, Sam Hartman wrote:
>>>>>> "Rhys" == Rhys Smith <[log in to unmask]> writes:
>
> Rhys> Out of interest, can you both try running ssh against both the
> Rhys> hostname and the FQDN and see if you see the same thing both
> Rhys> ways? (e.g. "ssh moonshot@moonshotdemo" and "ssh
> Rhys> [log in to unmask]")
>
> Ah yes.
> you'll need to ssh to whatever hostname -f prints out.
>
--
/****************************
Mark Cairney
ITI UNIX Section
Information Services
University of Edinburgh
Tel: 0131 650 6565
Email: [log in to unmask]
*******************************/
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|