ssh Client / Anmeldung

[SunSeb]

Hallo,

ich versuche mich gerade an den neuen Features der Firmware Version 8.0.

Zum ssh-client: der Verbindungsaufbau zu einem Linuxsystem scheitert mit folgendem LOG:

Code: Alles auswählen

> ssh 10.10.1.7
[Fluchtsequenz ist '~.']
verbinde mit 10.10.1.7...
[SSH] 2010/05/02 18:39:16,750
Creating new SSH client-side connection:


[SSH] 2010/05/02 18:39:16,750
Starting new SSH connection (PID 317):
--> created connection structures
--> opened file
--> wrote our own identification string
--> initial connection handling succeeded, off we go...


[SSH] 2010/05/02 18:39:16,800
--> peer identifier is 'SSH-2.0-OpenSSH_5.4'
--> Writing KEXINIT message:
---> written successfully


[SSH] 2010/05/02 18:39:16,810
Received Message 20 on connection (PID 317):
--> Message is KEXINIT:
---> Peer key exchange algorithm list is 'diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1'
---> selected 'diffie-hellman-group14-sha1' as key exchange algorithm
---> Peer host key algorithm list is 'ssh-rsa,ssh-dss'
---> selected 'ssh-dss' as host key algorithm
---> initial guess wrong
---> Peer C->S crypto algorithm list is 'aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se'
---> selected 'aes256-ctr' as C->S crypto algorithm
---> Peer S->C crypto algorithm list is 'aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se'
---> selected 'aes256-ctr' as S->C crypto algorithm
---> Peer C->S MAC algorithm list is 'hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96'
---> selected 'hmac-sha1' as C->S MAC algorithm
---> Peer S->C MAC algorithm list is 'hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96'
---> selected 'hmac-sha1' as S->C MAC algorithm
---> Peer C->S compression algorithm list is 'none,zlib@openssh.com'
---> selected 'none' as C->S compression algorithm
---> Peer S->C compression algorithm list is 'none,zlib@openssh.com'
---> selected 'none' as S->C compression algorithm
---> starting key exchange 'diffie-hellman-group14-sha1'


[SSH] 2010/05/02 18:39:17,540
Received Message 31 on connection (PID 317):
--> Message is KEXDH_REPLY:
---> resulting DH master key:

Adr:= 0130555c
Len:= 00000100
00000000:  49 0C 3F 5E 5A A6 33 78  30 26 6F C4 56 AF 1C C7 | I.?^Z.3x 0&o.V...
00000010:  1C 65 E8 79 1E 74 04 5E  27 A4 92 55 F3 F6 1B 85 | .e.y.t.^ '..U....
00000020:  68 C2 26 64 3A A3 2D C9  8A 4D 7D 90 45 B2 FB BD | h.&d:.-. .M}.E...
00000030:  A1 C7 75 7D 71 B0 B7 CC  1D 65 C0 69 A2 71 F8 CC | ..u}q... .e.i.q..
00000040:  F9 9E 3A A4 3E 5E B0 60  8B E7 D8 48 BE D4 0B 0D | ..:.>^.` ...H....
00000050:  BA 2F 9C 7E 9D 02 6B B7  89 4B 55 33 0A BB C3 D7 | ./.~..k. .KU3....
00000060:  99 7E 75 E0 35 0E 54 73  EE E0 FA 61 86 99 22 B0 | .~u.5.Ts ...a..".
00000070:  80 03 D5 27 0B E3 EA A1  41 40 74 39 BA B4 FB 16 | ...'.... A@t9....
00000080:  DB 02 92 42 28 7B 47 53  CF 64 38 EA 27 90 95 65 | ...B({GS .d8.'..e
00000090:  1E 2C 91 DA E1 6B 48 52  83 1D D4 6C B6 D0 BD 6E | .,...kHR ...l...n
000000A0:  F2 7E 1E F2 DB 7F 09 6F  52 05 9D 2B 49 ED 80 C1 | .~.....o R..+I...
000000B0:  64 DF 48 98 70 90 B6 9F  BF B5 AF 4C 89 E7 71 AE | d.H.p... ...L..q.
000000C0:  59 0A 3E 93 AE CA CA E8  1D 50 4B 90 81 8C EA E6 | Y.>..... .PK.....
000000D0:  16 C4 2A 6A 44 62 BC F9  4F 53 F3 C9 27 12 3F 04 | ..*jDb.. OS..'.?.
000000E0:  EB 6F 7D A4 EE B0 34 C6  B1 9C 08 9F 0B DB CC 85 | .o}...4. ........
000000F0:  FA CE 26 7E 15 3A 76 F5  13 D2 36 02 C6 46 D4 DB | ..&~.:v. ..6..F..
---> sent NEWKEYS message to peer
---> activated C->S keys
---> reenabling data transfer


[SSH] 2010/05/02 18:39:17,610
Received Message 21 on connection (PID 317):
--> Message is NEWKEYS:
---> S->C keys activated
---> transport layer complete, starting user authentication
----> SERVICEREQUEST sent successfully
---> enabling Rx side of transport layer


[SSH] 2010/05/02 18:39:17,620
Received Message 6 on connection (PID 317):
--> Message is SERVICEACCEPT:
---> service type is 'ssh-userauth'
---> peer accepted service request, starting 'ssh-userauth'
---> requesting login name from user


Einloggen als [root]: root

[SSH] 2010/05/02 18:39:20,290
----> sending empty userauth request to detect methods


[SSH] 2010/05/02 18:39:20,300
Received Message 53 on connection (PID 317):
--> unknown record 53

Adr:= 012ed941
Len:= 0000023e
00000000:  00 00 02 36 57 41 52 4E  49 4E 47 21 21 21 0A 54 | ...6WARN ING!!!.T
...

[SSH] 2010/05/02 18:39:20,300
Received Message 51 on connection (PID 317):
--> Message is USERAUTH_FAILURE:
---> algorithm list is 'publickey,password,keyboard-interactive'
---> checking for available authentication methods
---> public key: yes, keyboard-interactive: yes, password: yes
---> server supports keyboard-interactive authentication, sending initial request


[SSH] 2010/05/02 18:39:20,310
Received Message 51 on connection (PID 317):
--> Message is USERAUTH_FAILURE:
---> algorithm list is 'publickey,password,keyboard-interactive'
---> unknown state (6), bailing out
--> error handling record, closing connection & bailing out


Verbindung geschlossen
SSH-Sitzung beendet

Scheinbar "reden" beide aneinander vorbei?!

Gruß und einen schönen Restsonntag,
SEBastian

[alf29]

Moin,

interessant, was ist das für eine Distribution? Ich habe mit einer Debian (Lenny) getestet.

[SSH] 2010/05/02 18:39:20,300
Received Message 53 on connection (PID 317):
--> unknown record 53

Adr:= 012ed941
Len:= 0000023e
00000000: 00 00 02 36 57 41 52 4E 49 4E 47 21 21 21 0A 54 | ...6WARN ING!!!.T
...

Da will einem der Server vermutlich etwas sagen...ich mache Dir morgen eine Firmware,
die den Text nicht abschneidet.

Gruß Alfred

[SunSeb]

Hallo alf29,

entschuldige, ich hatte die Ausgabe gekürzt - da nicht wusste, ob sich daran vielleicht jemand "stört". Ungekürzt sieht das so aus:

Code: Alles auswählen

root@Mimas:/
> tr # ssh
SSH                 ON 

root@Mimas:/
> ssh 10.10.1.7
[Fluchtsequenz ist '~.']
verbinde mit 10.10.1.7...
[SSH] 2010/05/02 19:35:56,470
Creating new SSH client-side connection:


[SSH] 2010/05/02 19:35:56,470
Starting new SSH connection (PID 332):
--> created connection structures
--> opened file
--> wrote our own identification string
--> initial connection handling succeeded, off we go...


[SSH] 2010/05/02 19:35:56,520
--> peer identifier is 'SSH-2.0-OpenSSH_5.4'
--> Writing KEXINIT message:
---> written successfully


[SSH] 2010/05/02 19:35:56,530
Received Message 20 on connection (PID 332):
--> Message is KEXINIT:
---> Peer key exchange algorithm list is 'diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1'
---> selected 'diffie-hellman-group14-sha1' as key exchange algorithm
---> Peer host key algorithm list is 'ssh-rsa,ssh-dss'
---> selected 'ssh-dss' as host key algorithm
---> initial guess wrong
---> Peer C->S crypto algorithm list is 'aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se'
---> selected 'aes256-ctr' as C->S crypto algorithm
---> Peer S->C crypto algorithm list is 'aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se'
---> selected 'aes256-ctr' as S->C crypto algorithm
---> Peer C->S MAC algorithm list is 'hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96'
---> selected 'hmac-sha1' as C->S MAC algorithm
---> Peer S->C MAC algorithm list is 'hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96'
---> selected 'hmac-sha1' as S->C MAC algorithm
---> Peer C->S compression algorithm list is 'none,zlib@openssh.com'
---> selected 'none' as C->S compression algorithm
---> Peer S->C compression algorithm list is 'none,zlib@openssh.com'
---> selected 'none' as S->C compression algorithm
---> starting key exchange 'diffie-hellman-group14-sha1'


[SSH] 2010/05/02 19:35:57,260
Received Message 31 on connection (PID 332):
--> Message is KEXDH_REPLY:
---> resulting DH master key:

Adr:= 0151411c
Len:= 00000100
00000000:  52 30 4F BD A7 F3 9A E5  37 2D 8C 9E 6F CD 92 C7 | R0O..... 7-..o...
00000010:  73 CB 20 61 E0 27 37 A7  B9 7D 3B C1 B2 C9 69 63 | s. a.'7. .};...ic
00000020:  66 C0 F3 4B A2 74 56 43  DB 29 C0 6A 44 C1 A7 D0 | f..K.tVC .).jD...
00000030:  56 03 0F C8 6F 51 A7 6F  A0 D1 0F 64 92 AA ED 16 | V...oQ.o ...d....
00000040:  71 46 92 04 E0 A8 CB 8F  4B BE 6B 30 6D 4A 59 4F | qF...... K.k0mJYO
00000050:  0F FD FB 9C 35 DD FD CF  1B 7D 18 1D F7 15 53 1E | ....5... .}....S.
00000060:  1D 52 93 41 DE 36 91 90  7A 30 EB 12 FC ED A9 16 | .R.A.6.. z0......
00000070:  D8 CB 86 6A 05 7C CA 79  E7 98 0E 07 CB 92 F8 EE | ...j.|.y ........
00000080:  03 2B C9 46 EF B7 63 9D  A2 8D EE DC F1 11 66 E6 | .+.F..c. ......f.
00000090:  F2 50 4F 96 A4 C2 DD F6  29 E3 76 48 A2 8F 2C 37 | .PO..... ).vH..,7
000000A0:  EF 2D 6E 30 01 5A 5B 84  AD 74 B7 16 B9 E9 DB 92 | .-n0.Z[. .t......
000000B0:  FF E3 DF 4C 29 43 B9 79  24 83 CD 0E 2A 3F DB 26 | ...L)C.y $...*?.&
000000C0:  4F 42 B8 61 78 E7 BF 64  CC F5 C3 62 9F C6 98 DF | OB.ax..d ...b....
000000D0:  3B 88 41 2C 0C 9C BC 2C  84 10 1F 31 6A 19 57 97 | ;.A,..., ...1j.W.
000000E0:  58 47 49 04 F6 4D 80 3F  68 AF 1D 69 A0 B9 41 5E | XGI..M.? h..i..A^
000000F0:  AF 86 8E 4B B1 05 00 16  81 27 FF DC D6 78 44 E6 | ...K.... .'...xD.
---> sent NEWKEYS message to peer
---> activated C->S keys
---> reenabling data transfer


[SSH] 2010/05/02 19:35:57,330
Received Message 21 on connection (PID 332):
--> Message is NEWKEYS:
---> S->C keys activated
---> transport layer complete, starting user authentication
----> SERVICEREQUEST sent successfully
---> enabling Rx side of transport layer


[SSH] 2010/05/02 19:35:57,330
Received Message 6 on connection (PID 332):
--> Message is SERVICEACCEPT:
---> service type is 'ssh-userauth'
---> peer accepted service request, starting 'ssh-userauth'
---> requesting login name from user


Einloggen als [root]: root

[SSH] 2010/05/02 19:35:59,220
----> sending empty userauth request to detect methods


[SSH] 2010/05/02 19:35:59,220
Received Message 53 on connection (PID 332):
--> unknown record 53

Adr:= 0152af81
Len:= 0000023e
00000000:  00 00 02 36 57 41 52 4E  49 4E 47 21 21 21 0A 54 | ...6WARN ING!!!.T
00000010:  68 69 73 20 73 79 73 74  65 6D 20 69 73 20 73 6F | his syst em is so
00000020:  6C 65 6C 79 20 66 6F 72  20 74 68 65 20 75 73 65 | lely for  the use
00000030:  20 6F 66 20 61 75 74 68  6F 72 69 7A 65 64 20 75 |  of auth orized u
00000040:  73 65 72 73 20 66 6F 72  20 6F 66 66 69 63 69 61 | sers for  officia
00000050:  6C 20 70 75 72 70 6F 73  65 73 2E 0A 59 6F 75 20 | l purpos es..You 
00000060:  68 61 76 65 20 6E 6F 20  65 78 70 65 63 74 61 74 | have no  expectat
00000070:  69 6F 6E 20 6F 66 20 70  72 69 76 61 63 79 20 69 | ion of p rivacy i
00000080:  6E 20 69 74 73 20 75 73  65 20 61 6E 64 20 74 6F | n its us e and to
00000090:  20 65 6E 73 75 72 65 20  74 68 61 74 20 74 68 65 |  ensure  that the
000000A0:  20 73 79 73 74 65 6D 0A  69 73 20 66 75 6E 63 74 |  system. is funct
000000B0:  69 6F 6E 69 6E 67 20 70  72 6F 70 65 72 6C 79 2C | ioning p roperly,
000000C0:  20 69 6E 64 69 76 69 64  75 61 6C 73 20 75 73 69 |  individ uals usi
000000D0:  6E 67 20 74 68 69 73 20  63 6F 6D 70 75 74 65 72 | ng this  computer
000000E0:  20 73 79 73 74 65 6D 20  61 72 65 20 73 75 62 6A |  system  are subj
000000F0:  65 63 74 0A 74 6F 20 68  61 76 69 6E 67 20 61 6C | ect.to h aving al
00000100:  6C 20 6F 66 20 74 68 65  69 72 20 61 63 74 69 76 | l of the ir activ
00000110:  69 74 69 65 73 20 6D 6F  6E 69 74 6F 72 65 64 20 | ities mo nitored 
00000120:  61 6E 64 20 72 65 63 6F  72 64 65 64 20 62 79 20 | and reco rded by 
00000130:  73 79 73 74 65 6D 0A 70  65 72 73 6F 6E 6E 65 6C | system.p ersonnel
00000140:  2E 20 55 73 65 20 6F 66  20 74 68 69 73 20 73 79 | . Use of  this sy
00000150:  73 74 65 6D 20 65 76 69  64 65 6E 63 65 73 20 61 | stem evi dences a
00000160:  6E 20 65 78 70 72 65 73  73 20 63 6F 6E 73 65 6E | n expres s consen
00000170:  74 20 74 6F 20 73 75 63  68 0A 6D 6F 6E 69 74 6F | t to suc h.monito
00000180:  72 69 6E 67 20 61 6E 64  20 61 67 72 65 65 6D 65 | ring and  agreeme
00000190:  6E 74 20 74 68 61 74 20  69 66 20 73 75 63 68 20 | nt that  if such 
000001A0:  6D 6F 6E 69 74 6F 72 69  6E 67 20 72 65 76 65 61 | monitori ng revea
000001B0:  6C 73 20 65 76 69 64 65  6E 63 65 20 6F 66 0A 70 | ls evide nce of.p
000001C0:  6F 73 73 69 62 6C 65 20  61 62 75 73 65 20 6F 72 | ossible  abuse or
000001D0:  20 63 72 69 6D 69 6E 61  6C 20 61 63 74 69 76 69 |  crimina l activi
000001E0:  74 79 2C 20 73 79 73 74  65 6D 20 70 65 72 73 6F | ty, syst em perso
000001F0:  6E 6E 65 6C 20 6D 61 79  20 70 72 6F 76 69 64 65 | nnel may  provide
00000200:  20 74 68 65 0A 72 65 73  75 6C 74 73 20 6F 66 20 |  the.res ults of 
00000210:  73 75 63 68 20 6D 6F 6E  69 74 6F 72 69 6E 67 20 | such mon itoring 
00000220:  74 6F 20 61 70 70 72 6F  70 72 69 61 74 65 20 6F | to appro priate o
00000230:  66 66 69 63 69 61 6C 73  2E 0A 00 00 00 00       | fficials ......  

[SSH] 2010/05/02 19:35:59,230
Received Message 51 on connection (PID 332):
--> Message is USERAUTH_FAILURE:
---> algorithm list is 'publickey,password,keyboard-interactive'
---> checking for available authentication methods
---> public key: yes, keyboard-interactive: yes, password: yes
---> server supports keyboard-interactive authentication, sending initial request


[SSH] 2010/05/02 19:35:59,240
Received Message 51 on connection (PID 332):
--> Message is USERAUTH_FAILURE:
---> algorithm list is 'publickey,password,keyboard-interactive'
---> unknown state (6), bailing out
--> error handling record, closing connection & bailing out


Verbindung geschlossen
SSH-Sitzung beendet



root@Mimas:/
> 
[SSH] 2010/05/02 19:35:59,240
Deleting SSH connection:
--> deleting job 332

Es ist ein astlinux, leider ein custom-Linux (?) mit asterisk, das auf einer SOEKRIS net5501 läuft. Der etwas andere Anrufbeantworter

Gruß und vielen Dank,
SEBastian

[alf29]

Moin,

OK, dachte, da käme ein nützlicher Hinweis für unser Problem. Kommst Du denn von anderen
Rechnern per SSH als root auf deses System?

Gruß Alfred

[SunSeb]

Moin,

ich kann per ssh unter MAC OS X oder auch per putty unter Windows auf das System zugreifen.
Kann ich noch irgendwelche Infos bzw. Traces liefern?

Schönen Tag,
SEBastian

[alf29]

Moin,

ein 'ssh -v -v -v' mit der SSH vom MacOSX wäre ganz nützlich.
Was Deine Box da treibt, ist mir aber ehrlich gesagt nicht
ganz klar - einerseits bietet sie keyboard-interactive an,
andererseits lehnt sie direkt das erste Paket davon mit einem
Fehler ab (in dem noch gar keine Credentials übermittelt
wurden...). Das mit den 'invalid state' war noch ein Fehler
im SSH-Client im LCOS, den ich behoben habe, aber der
wird auch nur dazu führen, daß der Client auf Paßwort-
Authentisierung zurückfällt - wenn die Box das auch noch
ablehnt, weiß ich ehrlich gesagt nicht, was sie da errwartet...
kann man auf dem Linux irgendwelche Logs einsehen
(-> /var/log/daemon.log oder /var/log/auth.log) ?

Wohin soll ich die Firmware schicken?

Gruß & Dank

Alfred

[alf29]

Moin,

ach ja: für was für ein Gerät brauchst Du die FW?

Gruß Alfred

[SunSeb]

Moin und guten Abend,

leider habe ich in den logs nichts Sinnvolles gefunden. Ich bin nicht der Linux-Spezialist und das System ist eher rudimentär. (Vielleicht ein Hinweis: könnte es sein, dass sich das Lancom unter "admin" anmeldet?)

Unter MAC OS sieht die Anmeldung so aus (persönliche Daten habe ich in nnn verändert...)

Code: Alles auswählen

 ssh -v -v -v 10.10.1.7 -l root
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.10.1.7 [10.10.1.7] port 22.
debug1: Connection established.
debug1: identity file /Users/nnn/.ssh/identity type -1
debug1: identity file /Users/nnn/.ssh/id_rsa type -1
debug1: identity file /Users/nnn/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4
debug1: match: OpenSSH_5.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 119/256
debug2: bits set: 494/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /Users/nnn/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 8
debug1: Host '10.10.1.7' is known and matches the RSA host key.
debug1: Found key in /Users/nnn/.ssh/known_hosts:8
debug2: bits set: 502/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/nnn/.ssh/identity (0x0)
debug2: key: /Users/nnn/.ssh/id_rsa (0x0)
debug2: key: /Users/nnn/.ssh/id_dsa (0x0)
debug3: input_userauth_banner
WARNING!!!
This system is solely for the use of authorized users for official purposes.
You have no expectation of privacy in its use and to ensure that the system
is functioning properly, individuals using this computer system are subject
to having all of their activities monitored and recorded by system
personnel. Use of this system evidences an express consent to such
monitoring and agreement that if such monitoring reveals evidence of
possible abuse or criminal activity, system personnel may provide the
results of such monitoring to appropriate officials.
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/nnn/.ssh/identity
debug3: no such identity: /Users/nnn/.ssh/identity
debug1: Trying private key: /Users/nnn/.ssh/id_rsa
debug3: no such identity: /Users/nnn/.ssh/id_rsa
debug1: Trying private key: /Users/nnn/.ssh/id_dsa
debug3: no such identity: /Users/nnn/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: 
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@10.10.1.7's password: 
debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
pbx ~ # 

Das Gerät wäre ein 1722. Die E-Mail-Adresse ist im Forum hinterlegt - habe sie aber auch noch per PM gesendet.

Vielen Dank für die Mühe,
SEBastian

[alf29]

Moin,

OK, das beruhigt mich ja etwas, daß der OpenSSH-Client auch mit keyboard-interactive scheitert -
der Fehler im LCOS-Client war, daß er nicht auf Paßwort weitergeschaltet hat, wenn er in
dieser Phase die Ablehnung bekam. Ich denke, morgen müßte ich Dir was schicken können.

Gruß & noch schönen Abend

Alfred

[SunSeb]

Moin,

wunderbar - nun funktioniert die Kommunikation einwandfrei.

Vielen Dank,
SEBastian