FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 08-07-2008, 05:18 AM
Kenward Vaughan
 
Default resetting ssh after blacklist?

Hi,

Google isn't helping me right now with this, and the update notice
doesn't show a procedure, AFAICT, for redoing ssh between my gateway and
primary desktop at home. The firewall/gateway allows connections only
from the desktop machine, and that is ssh.

I regenerated rsa keys for myself, transported the public one to
~/.ssh/authorized_keys on the gateway, and removed the known-hosts file.
I cannot connect. The keys have password phrases attached as well.

Would someone please help this "old fella" with the missing step? I
touch that machine about once in a blue moon wrt this sort of thing, so
it's not second-nature to me.

Thanks!


Kenward
--
The church says the earth is flat, but I know that it is round, for I
have seen the shadow on the moon, and I have more faith in a shadow than
in the church. --Ferdinand Magellan



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 08-07-2008, 05:24 AM
Shachar Or
 
Default resetting ssh after blacklist?

On Thursday 07 August 2008 08:18, Kenward Vaughan wrote:
> Hi,
>
> Google isn't helping me right now with this, and the update notice
> doesn't show a procedure, AFAICT, for redoing ssh between my gateway and
> primary desktop at home. The firewall/gateway allows connections only
> from the desktop machine, and that is ssh.
>
> I regenerated rsa keys for myself, transported the public one to
> ~/.ssh/authorized_keys on the gateway, and removed the known-hosts file.
> I cannot connect. The keys have password phrases attached as well.
>
> Would someone please help this "old fella" with the missing step? I
> touch that machine about once in a blue moon wrt this sort of thing, so
> it's not second-nature to me.
>
> Thanks!
>
Try with ssh -v and paste it here, please.
>
> Kenward
> --
> The church says the earth is flat, but I know that it is round, for I
> have seen the shadow on the moon, and I have more faith in a shadow than
> in the church. --Ferdinand Magellan

--
Shachar Or | שחר אור
http://ox.freeallweb.org/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 08-07-2008, 05:59 AM
Kenward Vaughan
 
Default resetting ssh after blacklist?

On Thu, 2008-08-07 at 08:24 +0300, Shachar Or wrote:
> On Thursday 07 August 2008 08:18, Kenward Vaughan wrote:
> > Hi,
> >
> > Google isn't helping me right now with this, and the update notice
> > doesn't show a procedure, AFAICT, for redoing ssh between my gateway and
> > primary desktop at home. The firewall/gateway allows connections only
> > from the desktop machine, and that is ssh.
> >
> > I regenerated rsa keys for myself, transported the public one to
> > ~/.ssh/authorized_keys on the gateway, and removed the known-hosts file.
> > I cannot connect. The keys have password phrases attached as well.
> >
> > Would someone please help this "old fella" with the missing step? I
> > touch that machine about once in a blue moon wrt this sort of thing, so
> > it's not second-nature to me.
> >
> > Thanks!
> >
> Try with ssh -v and paste it here, please.

see below...

The rsa file is the one placed onto the gateway.

----------------------------
daddy:~# ssh -v blackGate
OpenSSH_5.1p1 Debian-2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /home/daddy/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to blackGate [192.168.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/daddy/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/daddy/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: Remote protocol version 2.0, remote software version
OpenSSH_4.3p2 Debian-9etch2
debug1: match: OpenSSH_4.3p2 Debian-9etch2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'blackGate' is known and matches the RSA host key.
debug1: Found key in /home/daddy/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,keyboard-interactive,hostbased
debug1: Next authentication method: hostbased
debug1: permanently_drop_suid: 1000
ssh-keysign not enabled in /etc/ssh/ssh_config
ssh_msg_send: write
ssh_keysign: couldn't send request

10:53:55
daddy:~#
----------------------------

???? I don't understand the "permanently_drop_suid: 1000" line (which refers to me...)


Kenward
--
If people are good only because they fear punishment, and hope for
reward, then we are a sorry lot indeed. Albert Einstein


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 08-07-2008, 07:17 PM
Kenward Vaughan
 
Default resetting ssh after blacklist?

From: Unruh <unruh-spam@physics.ubc.ca>

In linux.debian.user you write:

>Hi,

>Google isn't helping me right now with this, and the update notice
>doesn't show a procedure, AFAICT, for redoing ssh between my gateway and
>primary desktop at home. The firewall/gateway allows connections only
>from the desktop machine, and that is ssh.

I am afraid that although you know how the machines are connected, what
kind of machines they are, where your "dateway" and "desktop" are, etc, we
do not. redoing? firewall/gateway? Is that the same gateway?


Sorry... my desktop is Debian Sid, The gateway/firewall is Etch on an
old Athlon 700. They're connected by standard ethernet.

The most recent updates for me for ssh addressed the Debian-specific
openssh key problems. This happened on both machines. I recreated new
rsa public/private keys on the desktop, put the public one onto the
gateway as ~/.ssh/authorized_keys and tried to reestablish connections
between the two. This was unsuccessful.

This is the gist of the rest of my message, below.


>I regenerated rsa keys for myself, transported the public one to
>~/.ssh/authorized_keys on the gateway, and removed the known-hosts file.
>I cannot connect. The keys have password phrases attached as well.

No idea what you are doing, or what the situation is.


>Would someone please help this "old fella" with the missing step? I
>touch that machine about once in a blue moon wrt this sort of thing, so
>it's not second-nature to me.

Please describe exactly what you are doing.

I hope the above clarifies this. Please let me know if you need other
information. My last email to the list included the output of
ssh -v blackGate
from the desktop.

Thanks,

Kenward
--
In a completely rational society, the best of us would aspire to be
_teachers_ and the rest of us would have to settle for something less,
because passing civilization along from one generation to the next
ought to be the highest honor and the highest responsibility anyone
could have. - Lee Iacocca


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 01:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org