[Freeipa-users] GSSAPI authentication from trusted AD domain
Jason B. Nance
jason at tresgeek.net
Tue May 2 15:40:12 UTC 2017
Hi Tiemen,
> To be clear, what I'm trying to do: log in from an AD account (adm.tiemen), from
> an AD host ( [ http://leon.clients.rdmedia.com/ | leon.clients.rdmedia.com ] )
> to a FreeIPA host ( [ http://neodymium.test.ams.i.rdmedia.com/ |
> neodymium.test.ams.i.rdmedia.com ] ) with the same AD account. I expect to be
> logged in through GSSAPI, instead I get a password prompt.
I'm assuming that you are coming from a Windows client that is domain joined and logged into that Windows client with the same domain credentials that you are using to connect to the IPA-joined host. Do you also have your SSH client configured to attempt GSSAPI? It appears that you do from the logs you provided but I'm just double-checking.
In my setup I've found that this feature does not work all of the time. I've not yet been able to track it down and I'm assuming it has something to do with connections to domain controllers timing out, but at this point that is speculation.
So to answer your question, yes, that should work. Sorry I don't have more information for you, I guess I'm basically "me too"ing your post.
Regards,
j
> Is this supposed to work? Did I miss something?
> Below the SSH log from the FreeIPA host with LogLevel DEBUG3:
> May 2 17:10:32 neodymium sshd[572]: debug3: fd 5 is not O_NONBLOCK
> May 2 17:10:32 neodymium sshd[572]: debug1: Forked child 752.
> May 2 17:10:32 neodymium sshd[572]: debug3: send_rexec_state: entering fd = 8
> config len 922
> May 2 17:10:32 neodymium sshd[572]: debug3: ssh_msg_send: type 0
> May 2 17:10:32 neodymium sshd[572]: debug3: send_rexec_state: done
> May 2 17:10:32 neodymium sshd[752]: debug3: oom_adjust_restore
> May 2 17:10:32 neodymium sshd[752]: Set /proc/self/oom_score_adj to 0
> May 2 17:10:32 neodymium sshd[752]: debug1: rexec start in 5 out 5 newsock 5
> pipe 7 sock 8
> May 2 17:10:32 neodymium sshd[752]: debug1: inetd sockets after dupping: 3, 3
> May 2 17:10:32 neodymium sshd[752]: Connection from 192.168.10.155 port 53106 on
> 192.168.50.63 port 22
> May 2 17:10:32 neodymium sshd[752]: debug1: Client protocol version 2.0; client
> software version PuTTY_KiTTY
> May 2 17:10:32 neodymium sshd[752]: debug1: no match: PuTTY_KiTTY
> May 2 17:10:32 neodymium sshd[752]: debug1: Enabling compatibility mode for
> protocol 2.0
> May 2 17:10:32 neodymium sshd[752]: debug1: Local version string
> SSH-2.0-OpenSSH_6.6.1
> May 2 17:10:32 neodymium sshd[752]: debug2: fd 3 setting O_NONBLOCK
> May 2 17:10:32 neodymium sshd[752]: debug3: ssh_sandbox_init: preparing rlimit
> sandbox
> May 2 17:10:32 neodymium sshd[752]: debug2: Network child is on pid 753
> May 2 17:10:32 neodymium sshd[752]: debug3: preauth child monitor started
> May 2 17:10:32 neodymium sshd[752]: debug1: SELinux support disabled [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: privsep user:group 74:74 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: permanently_set_uid: 74/74 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: list_hostkey_types:
> ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 42
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
> type 43 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking request 42
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 43
> May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_KEXINIT sent [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_KEXINIT received [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,
> [ mailto:curve25519-sha256 at libssh.org | curve25519-sha256 at libssh.org ]
> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, [
> mailto:aes128-gcm at openssh.com | aes128-gcm at openssh.com ] , [
> mailto:aes256-gcm at openssh.com | aes256-gcm at openssh.com ] , [
> mailto:chacha20-poly1305 at openssh.com | chacha20-poly1305 at openssh.com ]
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, [
> mailto:rijndael-cbc at lysator.liu.se | rijndael-cbc at lysator.liu.se ] [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, [
> mailto:aes128-gcm at openssh.com | aes128-gcm at openssh.com ] , [
> mailto:aes256-gcm at openssh.com | aes256-gcm at openssh.com ] , [
> mailto:chacha20-poly1305 at openssh.com | chacha20-poly1305 at openssh.com ]
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, [
> mailto:rijndael-cbc at lysator.liu.se | rijndael-cbc at lysator.liu.se ] [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [
> mailto:hmac-md5-etm at openssh.com | hmac-md5-etm at openssh.com ] , [
> mailto:hmac-sha1-etm at openssh.com | hmac-sha1-etm at openssh.com ] , [
> mailto:umac-64-etm at openssh.com | umac-64-etm at openssh.com ] , [
> mailto:umac-128-etm at openssh.com | umac-128-etm at openssh.com ] , [
> mailto:hmac-sha2-256-etm at openssh.com | hmac-sha2-256-etm at openssh.com ] , [
> mailto:hmac-sha2-512-etm at openssh.com | hmac-sha2-512-etm at openssh.com ] , [
> mailto:hmac-ripemd160-etm at openssh.com | hmac-ripemd160-etm at openssh.com ] , [
> mailto:hmac-sha1-96-etm at openssh.com | hmac-sha1-96-etm at openssh.com ] , [
> mailto:hmac-md5-96-etm at openssh.com | hmac-md5-96-etm at openssh.com ]
> ,hmac-md5,hmac-sha1, [ mailto:umac-64 at openssh.com | umac-64 at openssh.com ] , [
> mailto:umac-128 at openssh.com | umac-128 at openssh.com ]
> ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, [
> mailto:hmac-ripemd160 at openssh.com | hmac-ripemd160 at openssh.com ]
> ,hmac-sha1-96,hmac-md5-96 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [
> mailto:hmac-md5-etm at openssh.com | hmac-md5-etm at openssh.com ] , [
> mailto:hmac-sha1-etm at openssh.com | hmac-sha1-etm at openssh.com ] , [
> mailto:umac-64-etm at openssh.com | umac-64-etm at openssh.com ] , [
> mailto:umac-128-etm at openssh.com | umac-128-etm at openssh.com ] , [
> mailto:hmac-sha2-256-etm at openssh.com | hmac-sha2-256-etm at openssh.com ] , [
> mailto:hmac-sha2-512-etm at openssh.com | hmac-sha2-512-etm at openssh.com ] , [
> mailto:hmac-ripemd160-etm at openssh.com | hmac-ripemd160-etm at openssh.com ] , [
> mailto:hmac-sha1-96-etm at openssh.com | hmac-sha1-96-etm at openssh.com ] , [
> mailto:hmac-md5-96-etm at openssh.com | hmac-md5-96-etm at openssh.com ]
> ,hmac-md5,hmac-sha1, [ mailto:umac-64 at openssh.com | umac-64 at openssh.com ] , [
> mailto:umac-128 at openssh.com | umac-128 at openssh.com ]
> ,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, [
> mailto:hmac-ripemd160 at openssh.com | hmac-ripemd160 at openssh.com ]
> ,hmac-sha1-96,hmac-md5-96 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none, [
> mailto:zlib at openssh.com | zlib at openssh.com ] [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none, [
> mailto:zlib at openssh.com | zlib at openssh.com ] [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: first_kex_follows
> 0 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: reserved 0
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [
> mailto:curve25519-sha256 at libssh.org | curve25519-sha256 at libssh.org ]
> ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,rsa2048-sha256,rsa1024-sha1,diffie-hellman-group1-sha1
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> aes256-ctr,aes256-cbc, [ mailto:rijndael-cbc at lysator.liu.se |
> rijndael-cbc at lysator.liu.se ] ,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc, [
> mailto:chacha20-poly1305 at openssh.com | chacha20-poly1305 at openssh.com ]
> ,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> aes256-ctr,aes256-cbc, [ mailto:rijndael-cbc at lysator.liu.se |
> rijndael-cbc at lysator.liu.se ] ,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc, [
> mailto:chacha20-poly1305 at openssh.com | chacha20-poly1305 at openssh.com ]
> ,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5, [
> mailto:hmac-sha2-256-etm at openssh.com | hmac-sha2-256-etm at openssh.com ] , [
> mailto:hmac-sha1-etm at openssh.com | hmac-sha1-etm at openssh.com ] , [
> mailto:hmac-sha1-96-etm at openssh.com | hmac-sha1-96-etm at openssh.com ] , [
> mailto:hmac-md5-etm at openssh.com | hmac-md5-etm at openssh.com ] [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit:
> hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5, [
> mailto:hmac-sha2-256-etm at openssh.com | hmac-sha2-256-etm at openssh.com ] , [
> mailto:hmac-sha1-etm at openssh.com | hmac-sha1-etm at openssh.com ] , [
> mailto:hmac-sha1-96-etm at openssh.com | hmac-sha1-96-etm at openssh.com ] , [
> mailto:hmac-md5-etm at openssh.com | hmac-md5-etm at openssh.com ] [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none,zlib
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: none,zlib
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: first_kex_follows
> 0 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_parse_kexinit: reserved 0
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: mac_setup: setup hmac-sha2-256
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: kex: client->server aes256-ctr
> hmac-sha2-256 none [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: mac_setup: setup hmac-sha2-256
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: kex: server->client aes256-ctr
> hmac-sha2-256 none [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: kex: [
> mailto:curve25519-sha256 at libssh.org | curve25519-sha256 at libssh.org ] need=32
> dh_need=32 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 120
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
> type 121 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking request 120
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 121
> May 2 17:10:32 neodymium sshd[752]: debug1: kex: [
> mailto:curve25519-sha256 at libssh.org | curve25519-sha256 at libssh.org ] need=32
> dh_need=32 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 120
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
> type 121 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking request 120
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 121
> May 2 17:10:32 neodymium sshd[752]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_key_sign entering [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 6
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_key_sign: waiting for
> MONITOR_ANS_SIGN [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
> type 7 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:32 neodymium sshd[752]: debug3: monitor_read: checking request 6
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_answer_sign
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_answer_sign: signature
> 0x7f7ea34ed250(83)
> May 2 17:10:32 neodymium sshd[752]: debug3: mm_request_send entering: type 7
> May 2 17:10:32 neodymium sshd[752]: debug2: monitor_read: 6 used once, disabling
> now
> May 2 17:10:32 neodymium sshd[752]: debug2: kex_derive_keys [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug2: set_newkeys: mode 1 [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
> May 2 17:10:32 neodymium sshd[752]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
> May 2 17:10:33 neodymium sshd[752]: debug2: set_newkeys: mode 0 [preauth]
> May 2 17:10:33 neodymium sshd[752]: debug1: SSH2_MSG_NEWKEYS received [preauth]
> May 2 17:10:33 neodymium sshd[752]: debug1: KEX done [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user [
> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ]
> service ssh-connection method none [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: attempt 0 failures 0 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_getpwnamallow entering [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 8
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_getpwnamallow: waiting for
> MONITOR_ANS_PWNAM [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
> type 9 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 8
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pwnamallow
> May 2 17:10:42 neodymium sshd[752]: debug3: Trying to reverse map address
> 192.168.10.155.
> May 2 17:10:42 neodymium sshd[752]: debug2: parse_server_config: config
> reprocess config len 922
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pwnamallow: sending
> MONITOR_ANS_PWNAM: 1
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 9
> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 8 used once, disabling
> now
> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: setting up
> authctxt for [ mailto:adm.tiemen at clients.rdmedia.com |
> adm.tiemen at clients.rdmedia.com ] [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_start_pam entering [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 100
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_inform_authserv entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 4
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_inform_authrole entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 80
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: try method
> none [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: userauth_finish: failure partial=0
> next
> methods="publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive"
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 100
> May 2 17:10:42 neodymium sshd[752]: debug1: PAM: initializing for " [
> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ] "
> May 2 17:10:42 neodymium sshd[752]: debug1: PAM: setting PAM_RHOST to
> "192.168.10.155"
> May 2 17:10:42 neodymium sshd[752]: debug1: PAM: setting PAM_TTY to "ssh"
> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 100 used once,
> disabling now
> May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user [
> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ]
> service ssh-connection method gssapi-with-mic [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: attempt 1 failures 0 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: try method
> gssapi-with-mic [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 42
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
> type 43 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 4
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_authserv:
> service=ssh-connection, style=
> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 4 used once, disabling
> now
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 80
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_authrole: role=
> May 2 17:10:42 neodymium sshd[752]: debug2: monitor_read: 80 used once,
> disabling now
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 42
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 43
> May 2 17:10:42 neodymium sshd[752]: Postponed gssapi-with-mic for [
> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ] from
> 192.168.10.155 port 53106 ssh2 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: userauth-request for user [
> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ]
> service ssh-connection method keyboard-interactive [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: attempt 2 failures 0 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug2: input_userauth_request: try method
> keyboard-interactive [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: keyboard-interactive devs [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: auth2_challenge: user= [
> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ] devs=
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: kbdint_alloc: devices 'pam'
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug2: auth2_challenge_start: devices pam
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug2: kbdint_next_device: devices <empty>
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug1: auth2_challenge_start: trying
> authentication method 'pam' [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_init_ctx [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 104
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_init_ctx: waiting for
> MONITOR_ANS_PAM_INIT_CTX [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
> type 105 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 104
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pam_init_ctx
> May 2 17:10:42 neodymium sshd[752]: debug3: PAM: sshpam_init_ctx entering
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 105
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 106
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query: waiting for
> MONITOR_ANS_PAM_QUERY [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive_expect entering:
> type 107 [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> [preauth]
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_receive entering
> May 2 17:10:42 neodymium sshd[752]: debug3: monitor_read: checking request 106
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_answer_pam_query
> May 2 17:10:42 neodymium sshd[752]: debug3: PAM: sshpam_query entering
> May 2 17:10:42 neodymium sshd[752]: debug3: ssh_msg_recv entering
> May 2 17:10:42 neodymium sshd[766]: debug3: PAM: sshpam_thread_conv entering, 1
> messages
> May 2 17:10:42 neodymium sshd[766]: debug3: ssh_msg_send: type 1
> May 2 17:10:42 neodymium sshd[766]: debug3: ssh_msg_recv entering
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_request_send entering: type 107
> May 2 17:10:42 neodymium sshd[752]: debug3: mm_sshpam_query: pam_query returned
> 0 [preauth]
> May 2 17:10:42 neodymium sshd[752]: Postponed keyboard-interactive for [
> mailto:adm.tiemen at clients.rdmedia.com | adm.tiemen at clients.rdmedia.com ] from
> 192.168.10.155 port 53106 ssh2 [preauth]
> --
> Tiemen Ruiten
> Systems Engineer
> R&D Media
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170502/b1db1467/attachment.htm>
More information about the Freeipa-users
mailing list