[colug-432] colug-432 Digest, Vol 69, Issue 5

Steve VanSlyck s.vanslyck at postpro.net
Mon May 11 12:36:55 EDT 2015 

By the way, earlier - in an attempt to isolate the program - I decided
to use the same key pair for steve as works for root. I copied
authorized_keys to /home/steve/.ssh and changed its owner to steve. It
made no differentce
=======================================
SSHD CONFIG:
=======================================
# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where possible,
# but leave them commented. Uncommented options change a default value.

# Port 22 AddressFamily any ListenAddress 0.0.0.0 ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1 HostKey /etc/ssh/ssh_host_key HostKeys
# for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey
# /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
# KeyRegenerationInterval 1h ServerKeyBits 1024

# Logging obsoletes QuietMode and FascistLogging SyslogFacility AUTH
SyslogFacility AUTHPRIV LogLevel VERBOSE

# Authentication:

# LoginGraceTime 2m PermitRootLogin yes StrictModes yes MaxAuthTries 6
# MaxSessions 10

#RSAAuthentication yes
# PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys
# AuthorizedKeysCommand none AuthorizedKeysCommandRunAs nobody

# For this to work you will also need host keys in
# /etc/ssh/ssh_known_hosts RhostsRSAAuthentication no similar for
# protocol version 2 HostbasedAuthentication no Change to yes if you
# don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication and
# HostbasedAuthentication IgnoreUserKnownHosts no Don't read the user's
# ~/.rhosts and ~/.shosts files IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
# PasswordAuthentication yes PermitEmptyPasswords no
PasswordAuthentication no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no #KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes #KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options GSSAPIAuthentication no
GSSAPIAuthentication yes
# GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
# GSSAPIStrictAcceptorCheck yes GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will be
# allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration, PAM
# authentication via ChallengeResponseAuthentication may bypass the
# setting of "PermitRootLogin without-password". If you just want the
# PAM account and session checks to run without PAM authentication, then
# enable this but set PasswordAuthentication and
# ChallengeResponseAuthentication to 'no'.
#UsePAM no UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE
LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv
XMODIFIERS

#AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no
#X11Forwarding no X11Forwarding yes #X11DisplayOffset 10
#X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes
#UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no
#Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3
#ShowPatchLevel no #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups
10:30:100 #PermitTunnel no #ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no AllowTcpForwarding no ForceCommand cvs server

=======================================
recent contents of /var/log/secure
=======================================
May 11 12:28:31 vslaw sshd[5989]: Received signal 15; terminating. May
11 12:28:31 vslaw sshd[7233]: Set /proc/self/oom_score_adj from 0 to
-1000 May 11 12:28:31 vslaw sshd[7233]: Server listening on 0.0.0.0 port
22. May 11 12:28:31 vslaw sshd[7233]: Server listening on :: port 22.
May 11 12:28:48 vslaw sshd[6760]: pam_unix(sshd:session): session closed
for user root May 11 12:28:53 vslaw sshd[7236]: Set
/proc/self/oom_score_adj to 0 May 11 12:28:53 vslaw sshd[7236]:
Connection from 107.132.57.128 port 1476 May 11 12:28:55 vslaw
sshd[7236]: Found matching RSA key:
f1:9e:10:c8:3a:ba:73:97:47:d7:e1:b6:f3:69:14:bc May 11 12:28:55 vslaw
sshd[7237]: Postponed publickey for root from 107.132.57.128 port 1476
ssh2 May 11 12:28:56 vslaw sshd[7236]: Found matching RSA key:
f1:9e:10:c8:3a:ba:73:97:47:d7:e1:b6:f3:69:14:bc May 11 12:28:56 vslaw
sshd[7236]: Accepted publickey for root from 107.132.57.128 port 1476
ssh2 May 11 12:28:56 vslaw sshd[7236]: pam_unix(sshd:session): session
opened for user root by (uid=0) May 11 12:28:58 vslaw sshd[7236]:
Connection closed by 107.132.57.128 May 11 12:28:58 vslaw sshd[7236]:
pam_unix(sshd:session): session closed for user root May 11 12:28:58
vslaw sshd[7236]: Transferred: sent 3760, received 3472 bytes May 11
12:28:58 vslaw sshd[7236]: Closing connection to 107.132.57.128 port
1476 May 11 12:29:02 vslaw sshd[7252]: Set /proc/self/oom_score_adj to 0
May 11 12:29:02 vslaw sshd[7252]: Connection from 107.132.57.128 port
1477 May 11 12:29:04 vslaw sshd[7252]: Failed publickey for steve from
107.132.57.128 port 1477 ssh2 May 11 12:29:05 vslaw sshd[7253]: Received
disconnect from 107.132.57.128: 14: No supported authentication methods
available May 11 12:29:11 vslaw sshd[7254]: Set /proc/self/oom_score_adj
to 0 May 11 12:29:11 vslaw sshd[7254]: Connection from 107.132.57.128
port 1478 May 11 12:29:12 vslaw sshd[7254]: Found matching RSA key:
f1:9e:10:c8:3a:ba:73:97:47:d7:e1:b6:f3:69:14:bc May 11 12:29:12 vslaw
sshd[7255]: Postponed publickey for root from 107.132.57.128 port 1478
ssh2 May 11 12:29:13 vslaw sshd[7254]: Found matching RSA key:
f1:9e:10:c8:3a:ba:73:97:47:d7:e1:b6:f3:69:14:bc May 11 12:29:13 vslaw
sshd[7254]: Accepted publickey for root from 107.132.57.128 port 1478
ssh2 May 11 12:29:13 vslaw sshd[7254]: pam_unix(sshd:session): session
opened for user root by (uid=0)
=======================================


On Mon, May 11, 2015, at 00:07, Chris Punches wrote: Can you please
provide the sshd.conf being used?

Also could you set sshd.conf to verbose logging, generate a few login
attempts, and paste /var/log/auth.log or equivalent of that log for
your distro?

-Chris Punches
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20150511/5391ebed/attachment.html

More information about the colug-432 mailing list