> I doubt it’s this, but I do keep an open mind. Some printfs() would be a good start. :)
How's this?
[root@ssh ssh]# /usr/sbin/sshd -f /etc/ssh/sshd_config -d -d -d -d
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 681
debug2: parse_server_config: config /etc/ssh/sshd_config len 681
debug3: /etc/ssh/sshd_config:21 setting Protocol 2
debug3: /etc/ssh/sshd_config:36 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:66 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:70 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:81 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:83 setting GSSAPICleanupCredentials yes
debug3: /etc/ssh/sshd_config:84 setting GSSAPIStrictAcceptorCheck yes
debug3: /etc/ssh/sshd_config:97 setting UsePAM yes
debug3: /etc/ssh/sshd_config:100 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:101 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:102 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:103 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:109 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:116 setting UsePrivilegeSeparation no
debug3: /etc/ssh/sshd_config:132 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug3: /etc/ssh/sshd_config:139 setting KerberosAuthentication no
debug3: /etc/ssh/sshd_config:141 setting UsePAM yes
debug3: /etc/ssh/sshd_config:142 setting GSSAPIAuthentication yes
debug1: sshd version OpenSSH_5.3p1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-f'
debug1: rexec_argv[2]='/etc/ssh/sshd_config'
debug1: rexec_argv[3]='-d'
debug1: rexec_argv[4]='-d'
debug1: rexec_argv[5]='-d'
debug1: rexec_argv[6]='-d'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 681
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 212.219.210.246 port 63277
debug1: Client protocol version 2.0; client software version OpenSSH_6.9
debug1: match: OpenSSH_6.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 3 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 840 bytes for a total of 861
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[log in to unmask]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[log in to unmask]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[log in to unmask],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[log in to unmask],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[log in to unmask],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[log in to unmask],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[log in to unmask]
debug2: kex_parse_kexinit: none,[log in to unmask]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [log in to unmask],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [log in to unmask],[log in to unmask],ssh-rsa,[log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: [log in to unmask],aes128-ctr,aes192-ctr,aes256-ctr,[log in to unmask],[log in to unmask],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[log in to unmask]
debug2: kex_parse_kexinit: [log in to unmask],aes128-ctr,aes192-ctr,aes256-ctr,[log in to unmask],[log in to unmask],arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[log in to unmask]
debug2: kex_parse_kexinit: [log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],hmac-md5,hmac-ripemd160,[log in to unmask],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],hmac-sha2-256,hmac-sha2-512,hmac-sha1,[log in to unmask],[log in to unmask],[log in to unmask],[log in to unmask],hmac-md5,hmac-ripemd160,[log in to unmask],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[log in to unmask],zlib
debug2: kex_parse_kexinit: none,[log in to unmask],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found [log in to unmask]
debug1: kex: client->server aes128-ctr [log in to unmask] none
debug2: mac_setup: found [log in to unmask]
debug1: kex: server->client aes128-ctr [log in to unmask] none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug3: Wrote 408 bytes for a total of 1269
debug2: dh_gen_key: priv key bits set: 131/256
debug2: bits set: 1524/3072
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 1558/3072
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 976 bytes for a total of 2245
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug3: Wrote 40 bytes for a total of 2285
debug1: userauth-request for user moonshot service ssh-connection method none
debug1: attempt 0 failures 0
debug3: Trying to reverse map address 212.219.210.246.
debug2: parse_server_config: config reprocess config len 681
debug2: input_userauth_request: setting up authctxt for moonshot
debug1: PAM: initializing for "moonshot"
debug1: PAM: setting PAM_RHOST to "oscar.dev.ja.net"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: input_userauth_request: try method none
Failed none for moonshot from 212.219.210.246 port 63277 ssh2
debug3: Wrote 72 bytes for a total of 2357
debug1: userauth-request for user moonshot service ssh-connection method gssapi-with-mic
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method gssapi-with-mic
Postponed gssapi-with-mic for moonshot from 212.219.210.246 port 63277 ssh2
debug3: Wrote 40 bytes for a total of 2397
In eapGssSmAcceptAcceptorName()
ctx->acceptorName != GSS_C_NO_NAME
gssEapDisplayName(minor, ctx->acceptorName, outputToken, NULL)
gssEapDisplayName() ok
In eapGssSmAcceptIdentity()
gssEapCredAvailable() ok
inputToken != GSS_C_NO_BUFFER && inputToken->length != 0
eap_msg_alloc(EAP_VENDOR_IETF,...) ok
duplicateBuffer(minor, &pktBuffer, outputToken)
wpabuf_free(reqdata)
GSSEAP_SM_TRANSITION_NEXT(ctx)
debug1: Got no client credentials
debug3: Wrote 88 bytes for a total of 2485
In eapGssSmAcceptAuthenticate()
In createRadiusHandle()
GSSEAP_ASSERT(actx->radContext, actx->radConn, cred != GSS_C_NO_CREDENTIAL) all ok
gssEapCreateRadiusContext() ok
rs_conn_create() ok
ctx->acceptorCtx.radContext is NULL, createRadiusHandle() ok
isIdentityResponseP() is true
In importInitiatorIdentity()
wpabuf_set() ok
eap_hdr_validate() ok
gssEapReleaseName() ok
Returning gssEapImportName(minor, &nameBuf, GSS_C_NT_USER_NAME, ctx->mechanismUsed, &ctx->initiatorName
importInitiatorIdentity() ok
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 56 bytes for a total of 2541
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 1064 bytes for a total of 3605
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 1064 bytes for a total of 4669
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 792 bytes for a total of 5461
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 120 bytes for a total of 5581
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 104 bytes for a total of 5685
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 168 bytes for a total of 5853
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge false
rs_packet_avps() ok
In acceptReadyEap()
gssEapOidToEnctype() ok
gssEapRadiusGetRawAvp() ok
gssEapImportName() ok
gssEapRadiusGetRawAvp() ok
gssEapDeriveRfc3961Key() ok
rfc3961ChecksumTypeForKey() ok
sequenceInit() ok
gssEapCreateAttrContext() ok
acceptReadyEap() ok
GSSEAP_SM_TRANSITION_NEXT(ctx)
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 56 bytes for a total of 5909
In eapGssSmAcceptGssFlags()
GSSEAP_ASSERT(ctx->flags & CTX_FLAG_KRB_REAUTH) ok
inputToken->length ok
In eapGssSmAcceptInitiatorMIC()
eapGssSmAcceptInitiatorMIC channel bindings ok!
gssEapVerifyTokenMIC() returned 393216
debug1: A token had an invalid Message Integrity Check (MIC)
Decrypt integrity check failed
debug1: Got no client credentials
debug3: Wrote 120 bytes for a total of 6029
Failed gssapi-with-mic for moonshot from 212.219.210.246 port 63277 ssh2
debug3: Wrote 128 bytes for a total of 6157
debug1: userauth-request for user moonshot service ssh-connection method gssapi-with-mic
debug1: attempt 2 failures 1
debug2: input_userauth_request: try method gssapi-with-mic
Postponed gssapi-with-mic for moonshot from 212.219.210.246 port 63277 ssh2
debug3: Wrote 40 bytes for a total of 6197
In eapGssSmAcceptAcceptorName()
ctx->acceptorName != GSS_C_NO_NAME
gssEapDisplayName(minor, ctx->acceptorName, outputToken, NULL)
gssEapDisplayName() ok
In eapGssSmAcceptIdentity()
gssEapCredAvailable() ok
inputToken != GSS_C_NO_BUFFER && inputToken->length != 0
eap_msg_alloc(EAP_VENDOR_IETF,...) ok
duplicateBuffer(minor, &pktBuffer, outputToken)
wpabuf_free(reqdata)
GSSEAP_SM_TRANSITION_NEXT(ctx)
debug1: Got no client credentials
debug3: Wrote 88 bytes for a total of 6285
In eapGssSmAcceptAuthenticate()
In createRadiusHandle()
GSSEAP_ASSERT(actx->radContext, actx->radConn, cred != GSS_C_NO_CREDENTIAL) all ok
gssEapCreateRadiusContext() ok
rs_conn_create() ok
ctx->acceptorCtx.radContext is NULL, createRadiusHandle() ok
isIdentityResponseP() is true
In importInitiatorIdentity()
wpabuf_set() ok
eap_hdr_validate() ok
gssEapReleaseName() ok
Returning gssEapImportName(minor, &nameBuf, GSS_C_NT_USER_NAME, ctx->mechanismUsed, &ctx->initiatorName
importInitiatorIdentity() ok
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 56 bytes for a total of 6341
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 1064 bytes for a total of 7405
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 1064 bytes for a total of 8469
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 792 bytes for a total of 9261
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 120 bytes for a total of 9381
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 104 bytes for a total of 9485
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge true, gssEapRadiusGetAvp() ok
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 168 bytes for a total of 9653
In eapGssSmAcceptAuthenticate()
rs_packet_create_authn_request() ok
In setInitiatorIdentity()
ctx->initiatorName != GSS_C_NO_NAME
gssEapDisplayName() ok
gssEapRadiusAddAvp() ok
gss_release_buffer() ok
setInitiatorIdentity() ok
In setAcceptorIdentity()
GSSEAP_ASSERT(rc != NULL) ok
ctx->acceptorName != GSS_C_NO_NAME
GSSEAP_KRB_INIT(&krbContext)
GSSEAP_ASSERT(krbPrinc) ok
GSSEAP_ASSERT(KRB_PRINC_LENGTH(krbPrinc)) ok
krbPrincComponentToGssBuffer(krbPrinc, 0, &nameBuf)
gssEapRadiusAddAvp(minor, req, ..., SERVICE_NAME) ok
KRB_PRINC_LENGTH(krbPrinc) >= 2
krbPrincComponentToGssBuffer() ok
gssEapRadiusAddAvp() ok
krbPrincRealmToGssBuffer()
setAcceptorIdentity() ok
gssEapRadiusAddAvp() ok
ctx->acceptorCtx.state.length != 0, gssEapRadiusAddAvp() ok
rs_request_create() ok
rs_request_add_reqpkt() ok
rs_request_send() ok
GSSEAP_ASSERT(resp != NULL) ok
rs_packet_code() ok
gssEapRadiusGetAvp() ok
isAccessChallenge false
rs_packet_avps() ok
In acceptReadyEap()
gssEapOidToEnctype() ok
gssEapRadiusGetRawAvp() ok
gssEapImportName() ok
gssEapRadiusGetRawAvp() ok
gssEapDeriveRfc3961Key() ok
rfc3961ChecksumTypeForKey() ok
sequenceInit() ok
gssEapCreateAttrContext() ok
acceptReadyEap() ok
GSSEAP_SM_TRANSITION_NEXT(ctx)
eapGssSmAcceptAuthenticate() cleanup, major = 1
debug1: Got no client credentials
debug3: Wrote 56 bytes for a total of 9709
In eapGssSmAcceptGssFlags()
GSSEAP_ASSERT(ctx->flags & CTX_FLAG_KRB_REAUTH) ok
inputToken->length ok
In eapGssSmAcceptInitiatorMIC()
eapGssSmAcceptInitiatorMIC channel bindings ok!
gssEapVerifyTokenMIC() returned 393216
debug1: A token had an invalid Message Integrity Check (MIC)
Decrypt integrity check failed
debug1: Got no client credentials
debug3: Wrote 120 bytes for a total of 9829
Failed gssapi-with-mic for moonshot from 212.219.210.246 port 63277 ssh2
debug3: Wrote 128 bytes for a total of 9957
Connection closed by 212.219.210.246
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
The 'tweaked' accept_sec_context.c (for these messages) is attached.
:-)
Stefan Paetow
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: [log in to unmask]
skype: stefan.paetow.janet
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
|