Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-25-2004, 02:30 PM
ant ant is offline
Registered User
 
Join Date: Sep 2004
Posts: 29
Question "Unable to authenticate using any of the configured authentication methods?"to Debian

Hi. I just installed Debian v3.1 overnight since I was replacing old Red Hat Linux 7.1 OS. I installed it cleanly (wiped out everything on a 30 GB HDD). I installed SSH daemon and client. I installed SSH daemon and client from apt-get install.

I cannot ssh (1 and 2) into this box due to these errors:

SSH2 says "Unable to authenticate using any of the configured authentication methods".
SSH1 says: "The server does not support authentication type Password ... The server supports the following authentications: RSA TIS"

Note this test was just from a Windows box to a Linux box on an Intranet!

How do I make SecureCRT work with this Debian system? I hope I don't have to upgrade SecureCRT v3.4.8 since I prefer 3.x version (4.x is bloated to me). I would use PuTTY, but it doesn't have zmodem which only SecureCRT has. I know I can use SCP, but it doesn't have file transfer resume availabilty and UI is annoying.


Thank you in advance.

Last edited by ant; 09-25-2004 at 03:04 PM.
Reply With Quote
  #2  
Old 10-04-2004, 08:50 AM
rlpm's Avatar
rlpm rlpm is offline
VanDyke Developer
 
Join Date: Jun 2004
Location: Albuquerque, NM
Posts: 69
Lightbulb Authentication from SecureCRT to OpenSSH

ant,

It sounds like your server is configured not to allow password authentication for SSH. However, by default, I believe it should be configured to allow Keyboard Interactive authentication.

To configure SecureCRT 3.4.8 to use this type of authentication:
1) Select "Connect..." from the File menu. The Connect Dialog will appear.
2) Right-click on the session and select "Properties" from the context menu. The Session Options dialog will appear.
3) Select the "Connection" Category
4) Select "Keyboard Interactive" as the primary authentication type.

You can also try enabling password authetication on the server side by adding the following to your openssh configuration file (/etc/ssh/sshd_config):
PasswordAuthentication yes

Regards,
--rlpm

Last edited by rlpm; 02-16-2005 at 08:27 AM.
Reply With Quote
  #3  
Old 10-04-2004, 09:54 AM
ant ant is offline
Registered User
 
Join Date: Sep 2004
Posts: 29
rlpm: Thanks. "Keyboard Interactive" worked. Is "Keyboard Interactive" more secured?
Reply With Quote
  #4  
Old 10-04-2004, 10:13 AM
rlpm's Avatar
rlpm rlpm is offline
VanDyke Developer
 
Join Date: Jun 2004
Location: Albuquerque, NM
Posts: 69
ant,
Keyboard interactive is not necessarily more secure, but does allow for challenge-response authentication, used by many two-factor authentication systems. Two-factor authentication systems are more secure than passwords.
--rlpm
Reply With Quote
  #5  
Old 02-10-2005, 11:21 PM
alexus's Avatar
alexus alexus is offline
Registered User
 
Join Date: Jul 2004
Location: Brooklyn, New York
Posts: 47
is it possible to have sshd work around here?
__________________
http://alexus.org/ - http://alexus.biz/ - http://alexus.fm/ - http://lexus.gs/
Reply With Quote
  #6  
Old 02-15-2005, 11:53 PM
vhl vhl is offline
Registered User
 
Join Date: Feb 2005
Posts: 1
correction...

I believe it's /etc/ssh/sshd_config and not /etc/ssh/ssh_config that you should enable PasswordAuthentication yes.
Reply With Quote
  #7  
Old 02-16-2005, 08:28 AM
rlpm's Avatar
rlpm rlpm is offline
VanDyke Developer
 
Join Date: Jun 2004
Location: Albuquerque, NM
Posts: 69
Red face Fixed

You are correct. I have fixed the typo in the previous post.
Thanks,
--rlpm
Reply With Quote
  #8  
Old 06-13-2007, 11:10 PM
ant ant is offline
Registered User
 
Join Date: Sep 2004
Posts: 29
Question Here we go again!

Hello,

Sorry, I have to bring this old forum thread back again because I have this problem again.

I upgraded my SSH files (version: OpenSSH_4.6p1 Debian-1, OpenSSL 0.9.8e 23 Feb 2007) and other packages (don't remember what else) today on my old Debian box, but now SecureCRT v3.4.8 is showing similiar results again with ssh2: "Unable to authenticate using any of the configured authentication methods."

Here's my /etc/ssh/sshd_config:

# Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO
#LogLevel DEBUG3

# Authentication:
LoginGraceTime 600
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication yes


# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
Banner /etc/ssh-banner.txt

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

--

I have Keyboard interactive in my SecureCRT profile as well. PuTTY v0.60 had NO problems.

Here's the /etc/ssh/auth.log file:
Jun 13 21:17:08 localhost sshd[27558]: debug3: fd 4 is not O_NONBLOCK
Jun 13 21:17:08 localhost sshd[27948]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Jun 13 21:17:08 localhost sshd[27558]: debug1: Forked child 27948.
Jun 13 21:17:08 localhost sshd[27558]: debug3: send_rexec_state: entering fd = 7 config len 633
Jun 13 21:17:08 localhost sshd[27558]: debug3: ssh_msg_send: type 0
Jun 13 21:17:08 localhost sshd[27558]: debug3: send_rexec_state: done
Jun 13 21:17:08 localhost sshd[27948]: debug1: inetd sockets after dupping: 3, 3
Jun 13 21:17:08 localhost sshd[27948]: debug3: Normalising mapped IPv4 in IPv6 address
Jun 13 21:17:08 localhost sshd[27948]: debug3: Normalising mapped IPv4 in IPv6 address
Jun 13 21:17:08 localhost sshd[27948]: Connection from 192.168.0.46 port 1504
Jun 13 21:17:08 localhost sshd[27948]: debug1: Client protocol version 2.0; client software version 3.4.8 SecureCRT
Jun 13 21:17:08 localhost sshd[27948]: debug1: no match: 3.4.8 SecureCRT
Jun 13 21:17:08 localhost sshd[27948]: debug1: Enabling compatibility mode for protocol 2.0
Jun 13 21:17:08 localhost sshd[27948]: debug1: Local version string SSH-2.0-OpenSSH_4.6p1 Debian-1
Jun 13 21:17:08 localhost sshd[27948]: debug2: fd 3 setting O_NONBLOCK
Jun 13 21:17:08 localhost sshd[27948]: debug2: Network child is on pid 27949
Jun 13 21:17:08 localhost sshd[27948]: debug3: preauth child monitor started
Jun 13 21:17:08 localhost sshd[27948]: debug3: mm_request_receive entering
Jun 13 21:17:08 localhost sshd[27948]: debug3: monitor_read: checking request 0
Jun 13 21:17:08 localhost sshd[27948]: debug3: mm_answer_moduli: got parameters: 1024 2046 2046
Jun 13 21:17:08 localhost sshd[27948]: debug3: mm_request_send entering: type 1
Jun 13 21:17:08 localhost sshd[27948]: debug2: monitor_read: 0 used once, disabling now
Jun 13 21:17:08 localhost sshd[27948]: debug3: mm_request_receive entering
Jun 13 21:17:09 localhost sshd[27948]: debug3: monitor_read: checking request 5
Jun 13 21:17:09 localhost sshd[27948]: debug3: mm_answer_sign
Jun 13 21:17:09 localhost sshd[27948]: debug3: mm_answer_sign: signature 0x80065ba0(55)
Jun 13 21:17:09 localhost sshd[27948]: debug3: mm_request_send entering: type 6
Jun 13 21:17:09 localhost sshd[27948]: debug2: monitor_read: 5 used once, disabling now
Jun 13 21:17:09 localhost sshd[27948]: debug3: mm_request_receive entering
Jun 13 21:17:10 localhost sshd[27948]: debug3: monitor_read: checking request 7
Jun 13 21:17:10 localhost sshd[27948]: debug3: mm_answer_pwnamallow
Jun 13 21:17:10 localhost sshd[27948]: debug3: Normalising mapped IPv4 in IPv6 address
Jun 13 21:17:10 localhost sshd[27948]: debug3: Trying to reverse map address 192.168.0.46.
Jun 13 21:17:10 localhost sshd[27948]: debug2: parse_server_config: config reprocess config len 633
Jun 13 21:17:10 localhost sshd[27948]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Jun 13 21:17:10 localhost sshd[27948]: debug3: mm_request_send entering: type 8
Jun 13 21:17:10 localhost sshd[27948]: debug2: monitor_read: 7 used once, disabling now
Jun 13 21:17:10 localhost sshd[27948]: debug3: mm_request_receive entering
Jun 13 21:17:10 localhost sshd[27948]: debug3: monitor_read: checking request 48
Jun 13 21:17:10 localhost sshd[27948]: debug1: PAM: initializing for "ant"
Jun 13 21:17:10 localhost sshd[27948]: debug1: PAM: setting PAM_RHOST to "windowsbox"
Jun 13 21:17:10 localhost sshd[27948]: debug1: PAM: setting PAM_TTY to "ssh"
Jun 13 21:17:10 localhost sshd[27948]: debug2: monitor_read: 48 used once, disabling now
Jun 13 21:17:10 localhost sshd[27948]: debug3: mm_request_receive entering
Jun 13 21:17:10 localhost sshd[27948]: debug3: monitor_read: checking request 3
Jun 13 21:17:10 localhost sshd[27948]: debug3: mm_answer_authserv: service=ssh-connection, style=, role=
Jun 13 21:17:10 localhost sshd[27948]: debug2: monitor_read: 3 used once, disabling now
Jun 13 21:17:10 localhost sshd[27948]: debug3: mm_request_receive entering
Jun 13 21:17:10 localhost sshd[27948]: debug3: monitor_read: checking request 9
Jun 13 21:17:10 localhost sshd[27948]: debug3: mm_request_send entering: type 10
Jun 13 21:17:10 localhost sshd[27948]: debug2: monitor_read: 9 used once, disabling now
Jun 13 21:17:10 localhost sshd[27948]: debug3: mm_request_receive entering
Jun 13 21:17:10 localhost sshd[27948]: debug3: monitor_read: checking request 11
Jun 13 21:17:10 localhost sshd[27948]: debug3: mm_answer_authpassword: sending result 0
Jun 13 21:17:10 localhost sshd[27948]: debug3: mm_request_send entering: type 12
Jun 13 21:17:10 localhost sshd[27948]: Failed none for ant from 192.168.0.46 port 1504 ssh2
Jun 13 21:17:10 localhost sshd[27948]: debug3: mm_request_receive entering
Jun 13 21:17:10 localhost sshd[27948]: debug1: do_cleanup


What's wrong? Thank you in advance.

Last edited by ant; 06-13-2007 at 11:20 PM.
Reply With Quote
  #9  
Old 06-14-2007, 01:16 PM
ant ant is offline
Registered User
 
Join Date: Sep 2004
Posts: 29
Question

Odd. On another computer and on another network (work), I had no problems connecting to my Debian box at home. I checked the settings to compare:

Authentication
Primary: Password
Secondary: <none>


I don't think I had that set up on my home Windows XP Pro. SP2 (all updates) machine. I think I have Keyboard interactive as I noted in my last comment. I will check again tonight.

Feel free to post though if you know the answer.
Reply With Quote
  #10  
Old 06-14-2007, 02:16 PM
tnygren's Avatar
tnygren tnygren is offline
Registered User
 
Join Date: May 2005
Posts: 1,408
Hi Ant,

It could be that the authentication list that the upgraded server supports/allows has changed.

If Password does not work as the primary authentication method, could you post the 'Trace Options' output from SecureCRT?

This will show what authentication methods the SSH2 server is presenting to SecureCRT.

To enable trace options, click on the "File" pull down menu and select "Trace Options". If you click the "File" pull down menu again you should see a check mark next to "Trace Options".

After trace options is enabled, try to connect to the server.

After the problem occurs, right click inside the window and "Select All", then right click and select "Copy", and then right click in an email message to me and select "Paste".
__________________
Thanks,

Teresa

Teresa Nygren
Reply With Quote
  #11  
Old 06-14-2007, 02:28 PM
ant ant is offline
Registered User
 
Join Date: Sep 2004
Posts: 29
Quote:
Originally Posted by tnygren
Hi Ant,

It could be that the authentication list that the upgraded server supports/allows has changed.

If Password does not work as the primary authentication method, could you post the 'Trace Options' output from SecureCRT?

This will show what authentication methods the SSH2 server is presenting to SecureCRT.

To enable trace options, click on the "File" pull down menu and select "Trace Options". If you click the "File" pull down menu again you should see a check mark next to "Trace Options".

After trace options is enabled, try to connect to the server.

After the problem occurs, right click inside the window and "Select All", then right click and select "Copy", and then right click in an email message to me and select "Paste".
I will try this and follow-up tonight if Password fails. Thanks for the tips.
Reply With Quote
  #12  
Old 06-14-2007, 11:18 PM
ant ant is offline
Registered User
 
Join Date: Sep 2004
Posts: 29
Thumbs up

Quote:
Originally Posted by tnygren
Hi Ant,

It could be that the authentication list that the upgraded server supports/allows has changed.

If Password does not work as the primary authentication method, could you post the 'Trace Options' output from SecureCRT?
Password method worked!

Also, nice to know about Trace Options. I never knew that existed. Thank you.
Reply With Quote
  #13  
Old 06-15-2007, 08:20 AM
tnygren's Avatar
tnygren tnygren is offline
Registered User
 
Join Date: May 2005
Posts: 1,408
Hi Ant,

I'm glad to hear that using 'Password' as the authentication method is working!

Using 'Trace Options' are a great way to see what authentication methods that the server supports plus other options that are negotiated during the connection.
__________________
Thanks,

Teresa

Teresa Nygren
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 03:41 AM.