[winswitch] SSH login failure with winswitch

Shane Williams shanew at shanew.net
Wed Aug 20 15:11:21 BST 2014


On Wed, 20 Aug 2014, Antoine Martin wrote:

> On 20/08/14 19:39, Shane Williams wrote:
>> I've been trying for a while to use winswitch between several
>> systems.  First, trying to connect from OSX to a Linux workstation,
>> but then from one Linux workstation to another (I'm running gentoo on
>> both Linux boxes).
>>
>> In each case, what I've found is that it looks like SSH isn't able to
>> connect with the password, despite the fact that I can connect between
>> systems using ssh at the command line (these are systems I connect to
>> regularly, so I feel very confident I'm not mistyping the password).
>>
>> In particular, what I'm seeing in the logs are entries like:
>>
>> Aug 20 07:27:54 xxxxxx sshd[23276]: SSH: Server;Ltype: Version;Remote:
>> 192.168.1.9-56825;Protocol: 2.0;Client: Twisted
>> Aug 20 07:27:54 xxxxxx sshd[23276]: SSH: Server;Ltype: Kex;Remote:
>> 192.168.1.9-56825;Enc: aes256-ctr;MAC: hmac-sha1;Comp: none [preauth]
>> Aug 20 07:27:54 xxxxxx sshd[23276]: SSH: Server;Ltype: Authname;Remote:
>> 192.168.1.9-56825;Name: shanew [preauth]
>> Aug 20 07:27:54 xxxxxx sshd[23276]: Postponed keyboard-interactive for
>> shanew from 192.168.1.9 port 56825 ssh2 [preauth]
>> Aug 20 07:27:54 xxxxxx last message repeated 2 times
>> Aug 20 07:27:54 xxxxxx sshd[23276]: Failed keyboard-interactive/pam for
>> shanew from 192.168.1.9 port 56825 ssh2
>> Aug 20 07:27:54 xxxxxx sshd[23276]: Disconnecting: Too many
>> authentication failures for shanew [preauth]
>>
>> I haven't tried using keys yet, but I get the impression that keys
>> shouldn't be necessary to connect.
> Correct. Keys are nice, but should not be needed.
>>
>> Any suggestions?
> Yes... (I assume that you've checked your username, etc):
> * on Linux, especially with distros like gentoo, you may need to add an
> "askpass" utility to your environment to ensure that you get prompted
> for a password
> * could be an incompatibility with the Twisted library you have
> installed (on Linux only, we ship our own one with OSX builds)
> * OSX, I will try to test again, what version are you using?
> (unfortunately, I don't have every version available for testing..)

I emerged x11-ssh-askpass, and when I try to connect to the remote
server, it doesn't pop anything up.  I tried removing my password from
the connection configuration screen thinking that might prompt the
askpass, and noticed something interesting.  When I have an empty or
incorrect password entered in the configuration, I get errors like
this on the remote side (in auth.log):

Aug 20 09:00:11 xxxxxx sshd[23427]: Bad protocol version identification
'set_salt 'cfcb532196ab4b7c8f51c3c9dd907adf'' from 192.168.1.9 port
60288
Aug 20 09:00:12 xxxxxx sshd[23430]: Bad protocol version identification
'set_salt '4994cf6a6b4b44ba82e33ec39110c99e'' from 192.168.1.9 port 60289

In fact, now even if I set the password back to the correct one, I
still see errors like that in the remote auth.log.  I don't know if
that represents progress or a step backwards?

If there's a specific version of twisted (core or conch) that I should
be using, let me know.  I have at least a few options to choose from
on gentoo.

I don't have the OSX machine in front of me, but I'll let you know
what version it's on once I've had a look.

-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |      System Admin - UT iSchool
=----------------------------------+-------------------------------
All syllogisms contain three lines |              shanew at shanew.net
Therefore this is not a syllogism  | www.ischool.utexas.edu/~shanew



More information about the shifter-users mailing list