[Trilug-ontopic] ssh - someone changed something and I have to change it back..

Greg Cox glcox at pobox.com
Tue Jul 19 15:03:32 EDT 2011


Intuition makes me suspect StrictModes for some reason.

What I'd suggest is to spin up sshd with -d -p 922 -vvv  and hit it with an ssh with -vvv to see who's unhappy.


On Jul 19, 2011, at 14:42, Greg Brown <gwbrown1 at gmail.com> wrote:

> Ok, so I've got a test and dev system I use for writing scripts and whatnot.  Someone changed sshd_config or ssh_config and I can't for the life of me figure out what or where but it's causing my perl/Net::SSH::Expect scripts to fail.  EACH and EVERY time I try to log into something with Net::SSH::Expect it hangs and barfs back:
> 
> "Enter passphrase for key '/home/netadmin/.ssh/id_dsa':
> 
> ...where it did not before which leads me to believe someone has turned strict host key checking off.  That turns out not to be the case, at least according to the ssh config files.  I've got as far as creating a 2nd VM on another machine and comparing and copying the ssh_config and sshd_config files back to the broken test machine (and restarting ssh and later just rebooting the damn thing).
> 
> System is: Linux debian 2.6.26-2-686 #1 SMP Thu Jan 27 00:28:05 UTC 2011 i686 GNU/Linux
> 
> I'm missing something very basic and very rudimentary.  Does anyone know what?
> 
> Here are the files in question stripped of comments (and commented out lines) and blanks:
> 
> cat ssh_config | grep -v "#" | grep -v "^$"
> Host *
>     SendEnv LANG LC_*
>     HashKnownHosts yes
>     GSSAPIAuthentication yes
>     GSSAPIDelegateCredentials no
>  
> cat sshd_config | grep -v "#" | grep -v "^$"
> Port 22
> Protocol 2
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
> UsePrivilegeSeparation yes
> KeyRegenerationInterval 3600
> ServerKeyBits 768
> SyslogFacility AUTH
> LogLevel INFO
> LoginGraceTime 120
> PermitRootLogin yes
> StrictModes yes
> RSAAuthentication yes
> PubkeyAuthentication yes
> IgnoreRhosts yes
> RhostsRSAAuthentication no
> HostbasedAuthentication no
> PermitEmptyPasswords no
> ChallengeResponseAuthentication no
> X11Forwarding yes
> X11DisplayOffset 10
> PrintMotd no
> PrintLastLog yes
> TCPKeepAlive yes
> AcceptEnv LANG LC_*
> Subsystem sftp /usr/lib/openssh/sftp-server
> UsePAM yes
> 
> Greg
> _______________________________________________
> Trilug-ontopic mailing list
> Trilug-ontopic at trilug.org
> http://www.trilug.org/mailman/listinfo/trilug-ontopic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trilug.org/pipermail/trilug-ontopic/attachments/20110719/e4d9d8f4/attachment.htm>


More information about the Trilug-ontopic mailing list