<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> On 04/25/2013 03:10 PM, naresh reddy wrote: <blockquote cite="mid:1366917048.25714.YahooMailNeo@web162103.mail.bf1.yahoo.com" type="cite"> <div style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); font-family: times new roman,new york,times,serif; font-size: 10pt;"> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 10pt;"><span>Hi Rob</span></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><span><br> </span></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><span>Sorry for the trouble </span></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><span>I am still struggling</span></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><span>my open ssh version is 6.1</span></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><span>sssd version is 1.8</span></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><span><br> </span></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><span>can you please suggest me </span></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><span><br> </span></div> </div> </blockquote> <br> Naresh, some of our SSH specialists are in Europe so they will take a look at your setup in the morning.<br> Thank you for patience.<br> <br> <br> <blockquote cite="mid:1366917048.25714.YahooMailNeo@web162103.mail.bf1.yahoo.com" type="cite"> <div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:10pt"> <div style="background-color: transparent;"><span> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">[domain/eng.switchlab.net]</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2"><br> </font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">cache_credentials = True</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">krb5_store_password_if_offline = True</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">ipa_domain = eng.switchlab.net</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">id_provider = ipa</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">auth_provider = ipa</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">access_provider = ipa</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">ipa_hostname = ldap1.eng.switchlab.net</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">chpass_provider = ipa</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">ipa_server = _srv_, ldap0.eng.switchlab.net</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">ldap_tls_cacert = /etc/ipa/ca.crt</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">[sssd]</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">services = nss, pam, ssh</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">config_file_version = 2</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2"><br> </font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">domains = eng.switchlab.net</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">[nss]</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2"><br> </font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">[pam]</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2"><br> </font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">[sudo]</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2"><br> </font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">[autofs]</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2"><br> </font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">[ssh]</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2"><br> </font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">[pac]</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2"><br> </font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2"><br> </font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2">my sshd config at the remote end</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2"><br> </font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal; background-color: transparent;"><font size="2"> <div style="background-color: transparent;"># $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># This is the sshd server system-wide configuration file. See</div> <div style="background-color: transparent;"># sshd_config(5) for more information.</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># This sshd was compiled with PATH=/usr/local/bin:/usr/bin</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># The strategy used for options in the default sshd_config shipped with</div> <div style="background-color: transparent;"># OpenSSH is to specify options with their default value where</div> <div style="background-color: transparent;"># possible, but leave them commented. Uncommented options override the</div> <div style="background-color: transparent;"># default value.</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># If you want to change the port on a SELinux system, you have to tell</div> <div style="background-color: transparent;"># SELinux about this change.</div> <div style="background-color: transparent;"># semanage port -a -t ssh_port_t -p tcp #PORTNUMBER</div> <div style="background-color: transparent;">#</div> <div style="background-color: transparent;">Port 22</div> <div style="background-color: transparent;">#AddressFamily any</div> <div style="background-color: transparent;">#ListenAddress 0.0.0.0</div> <div style="background-color: transparent;">#ListenAddress ::</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># The default requires explicit activation of protocol 1</div> <div style="background-color: transparent;">#Protocol 2</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># HostKey for protocol version 1</div> <div style="background-color: transparent;">#HostKey /etc/ssh/ssh_host_key</div> <div style="background-color: transparent;"># HostKeys for protocol version 2</div> <div style="background-color: transparent;">#HostKey /etc/ssh/ssh_host_rsa_key</div> <div style="background-color: transparent;">#HostKey /etc/ssh/ssh_host_dsa_key</div> <div style="background-color: transparent;">#HostKey /etc/ssh/ssh_host_ecdsa_key</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># Lifetime and size of ephemeral version 1 server key</div> <div style="background-color: transparent;">#KeyRegenerationInterval 1h</div> <div style="background-color: transparent;">#ServerKeyBits 1024</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># Logging</div> <div style="background-color: transparent;"># obsoletes QuietMode and FascistLogging</div> <div style="background-color: transparent;">#SyslogFacility AUTH</div> <div style="background-color: transparent;">SyslogFacility AUTHPRIV</div> <div style="background-color: transparent;">#LogLevel INFO</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># Authentication:</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;">#LoginGraceTime 2m</div> <div style="background-color: transparent;">#PermitRootLogin yes</div> <div style="background-color: transparent;">#StrictModes yes</div> <div style="background-color: transparent;">#MaxAuthTries 6</div> <div style="background-color: transparent;">#MaxSessions 10</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;">#RSAAuthentication yes</div> <div style="background-color: transparent;">#PubkeyAuthentication yes</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2</div> <div style="background-color: transparent;"># but this is overridden so installations will only check .ssh/authorized_keys</div> <div style="background-color: transparent;">#AuthorizedKeysFile .ssh/authorized_keys</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;">#AuthorizedKeysCommand none</div> <div style="background-color: transparent;">#AuthorizedKeysCommandUser nobody</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;">#AuthorizedPrincipalsFile none</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># For this to work you will also need host keys in /etc/ssh/ssh_known_hosts</div> <div style="background-color: transparent;">#RhostsRSAAuthentication no</div> <div style="background-color: transparent;"># similar for protocol version 2</div> <div style="background-color: transparent;">#HostbasedAuthentication no</div> <div style="background-color: transparent;"># Change to yes if you don't trust ~/.ssh/known_hosts for</div> <div style="background-color: transparent;"># RhostsRSAAuthentication and HostbasedAuthentication</div> <div style="background-color: transparent;">#IgnoreUserKnownHosts no</div> <div style="background-color: transparent;"># Don't read the user's ~/.rhosts and ~/.shosts files</div> <div style="background-color: transparent;">#IgnoreRhosts yes</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># To disable tunneled clear text passwords, change to no here!</div> <div style="background-color: transparent;">#PasswordAuthentication yes</div> <div style="background-color: transparent;">#PermitEmptyPasswords no</div> <div style="background-color: transparent;">#PasswordAuthentication no</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># Change to no to disable s/key passwords</div> <div style="background-color: transparent;">#ChallengeResponseAuthentication yes</div> <div style="background-color: transparent;">#ChallengeResponseAuthentication no</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># Kerberos options</div> <div style="background-color: transparent;">#KerberosAuthentication no</div> <div style="background-color: transparent;">#KerberosOrLocalPasswd yes</div> <div style="background-color: transparent;">#KerberosTicketCleanup yes</div> <div style="background-color: transparent;">#KerberosGetAFSToken no</div> <div style="background-color: transparent;">#KerberosUseKuserok yes</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># GSSAPI options</div> <div style="background-color: transparent;">#GSSAPIAuthentication yes</div> <div style="background-color: transparent;">#GSSAPICleanupCredentials yes</div> <div style="background-color: transparent;">#GSSAPICleanupCredentials yes</div> <div style="background-color: transparent;">#GSSAPIStrictAcceptorCheck yes</div> <div style="background-color: transparent;">#GSSAPIKeyExchange no</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># Set this to 'yes' to enable PAM authentication, account processing,</div> <div style="background-color: transparent;"># and session processing. If this is enabled, PAM authentication will</div> <div style="background-color: transparent;"># be allowed through the ChallengeResponseAuthentication and</div> <div style="background-color: transparent;"># PasswordAuthentication. Depending on your PAM configuration,</div> <div style="background-color: transparent;"># PAM authentication via ChallengeResponseAuthentication may bypass</div> <div style="background-color: transparent;"># the setting of "PermitRootLogin without-password".</div> <div style="background-color: transparent;"># If you just want the PAM account and session checks to run without</div> <div style="background-color: transparent;"># PAM authentication, then enable this but set PasswordAuthentication</div> <div style="background-color: transparent;"># and ChallengeResponseAuthentication to 'no'.</div> <div style="background-color: transparent;"># WARNING: 'UsePAM no' is not supported in Fedora and may cause several</div> <div style="background-color: transparent;"># problems.</div> <div style="background-color: transparent;">#UsePAM no</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;">#AllowAgentForwarding yes</div> <div style="background-color: transparent;">#AllowTcpForwarding yes</div> <div style="background-color: transparent;">#GatewayPorts no</div> <div style="background-color: transparent;">#X11Forwarding no</div> <div style="background-color: transparent;">X11Forwarding yes</div> <div style="background-color: transparent;">#X11DisplayOffset 10</div> <div style="background-color: transparent;">#X11UseLocalhost yes</div> <div style="background-color: transparent;">#PrintMotd yes</div> <div style="background-color: transparent;">#PrintLastLog yes</div> <div style="background-color: transparent;">#TCPKeepAlive yes</div> <div style="background-color: transparent;">#UseLogin no</div> <div style="background-color: transparent;">UsePrivilegeSeparation sandbox # Default for new installations.</div> <div style="background-color: transparent;">#PermitUserEnvironment no</div> <div style="background-color: transparent;">#Compression delayed</div> <div style="background-color: transparent;">#ClientAliveInterval 0</div> <div style="background-color: transparent;">#ClientAliveCountMax 3</div> <div style="background-color: transparent;">#ShowPatchLevel no</div> <div style="background-color: transparent;">#UseDNS yes</div> <div style="background-color: transparent;">#PidFile /var/run/sshd.pid</div> <div style="background-color: transparent;">#MaxStartups 10</div> <div style="background-color: transparent;">#PermitTunnel no</div> <div style="background-color: transparent;">#ChrootDirectory none</div> <div style="background-color: transparent;">#VersionAddendum none</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># no default banner path</div> <div style="background-color: transparent;">#Banner none</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># Accept locale-related environment variables</div> <div style="background-color: transparent;">AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES</div> <div style="background-color: transparent;">AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT</div> <div style="background-color: transparent;">AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE</div> <div style="background-color: transparent;">AcceptEnv XMODIFIERS</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># override default of no subsystems</div> <div style="background-color: transparent;">Subsystem sftp /usr/libexec/openssh/sftp-server</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># Uncomment this if you want to use .local domain</div> <div style="background-color: transparent;">#Host *.local</div> <div style="background-color: transparent;"># CheckHostIP no</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"># Example of overriding settings on a per-user basis</div> <div style="background-color: transparent;">#Match User anoncvs</div> <div style="background-color: transparent;"># X11Forwarding no</div> <div style="background-color: transparent;"># AllowTcpForwarding no</div> <div style="background-color: transparent;"># ForceCommand cvs server</div> <div style="background-color: transparent;"><br> </div> <div style="background-color: transparent;"> KerberosAuthentication no</div> <div style="background-color: transparent;"> PubkeyAuthentication yes</div> <div style="background-color: transparent;"> UsePAM yes</div> <div style="background-color: transparent;"># GSSAPIAuthentication yes</div> <div style="background-color: transparent;"> AuthorizedKeysCommand '/usr/bin/sss_ssh_authorizedkeys %u'</div> <div style="background-color: transparent;"> RSAAuthentication yes</div> <div style="background-color: transparent;"> AuthorizedKeysCommandUser nobody</div> <div style="background-color: transparent;"># PasswordAuthentication yes</div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal;"><br> </div> </font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal;">debug of the ssh session</div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal;"><br> </div> <div> <div><font size="2">OpenSSH_6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013</font></div> <div><font size="2">debug1: Reading configuration data /etc/ssh/ssh_config</font></div> <div><font size="2">debug1: /etc/ssh/ssh_config line 55: Applying options for *</font></div> <div><font size="2">debug2: ssh_connect: needpriv 0</font></div> <div><font size="2">debug1: Connecting to ldap1.eng.switchlab.net [10.30.1.135] port 22.</font></div> <div><font size="2">debug1: Connection established.</font></div> <div><font size="2">debug3: Incorrect RSA1 identifier</font></div> <div><font size="2">debug3: Could not load "/home/np/.ssh/id_rsa" as a RSA1 public key</font></div> <div><font size="2">debug1: identity file /home/np/.ssh/id_rsa type 1</font></div> <div><font size="2">debug1: identity file /home/np/.ssh/id_rsa-cert type -1</font></div> <div><font size="2">debug1: identity file /home/np/.ssh/id_dsa type -1</font></div> <div><font size="2">debug1: identity file /home/np/.ssh/id_dsa-cert type -1</font></div> <div><font size="2">debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1</font></div> <div><font size="2">debug1: match: OpenSSH_6.1 pat OpenSSH*</font></div> <div><font size="2">debug1: Enabling compatibility mode for protocol 2.0</font></div> <div><font size="2">debug1: Local version string SSH-2.0-OpenSSH_6.1</font></div> <div><font size="2">debug2: fd 3 setting O_NONBLOCK</font></div> <div><font size="2">debug3: load_hostkeys: loading entries for host "ldap1.eng.switchlab.net" from file "/home/np/.ssh/known_hosts"</font></div> <div><font size="2">debug3: load_hostkeys: found key type RSA in file /home/np/.ssh/known_hosts:1</font></div> <div><font size="2">debug3: load_hostkeys: loaded 1 keys</font></div> <div><font size="2">debug3: load_hostkeys: loading entries for host "ldap1.eng.switchlab.net" from file "/var/lib/sss/pubconf/known_hosts"</font></div> <div><font size="2">debug3: load_hostkeys: found key type RSA in file /var/lib/sss/pubconf/known_hosts:1</font></div> <div><font size="2">debug3: load_hostkeys: found key type DSA in file /var/lib/sss/pubconf/known_hosts:2</font></div> <div><font size="2">debug3: load_hostkeys: loaded 2 keys</font></div> <div><font size="2">debug3: order_hostkeyalgs: prefer hostkeyalgs: <a class="moz-txt-link-abbreviated" href="mailto:ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss">ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss</a></font></div> <div><font size="2">debug1: SSH2_MSG_KEXINIT sent</font></div> <div><font size="2">debug1: SSH2_MSG_KEXINIT received</font></div> <div><font size="2">debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1</font></div> <div><font size="2">debug2: kex_parse_kexinit: <a class="moz-txt-link-abbreviated" href="mailto:ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss">ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss</a>,</font></div> <div><font size="2">debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a class="moz-txt-link-abbreviated" href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a class="moz-txt-link-abbreviated" href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a class="moz-txt-link-abbreviated" href="mailto:umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96">umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a class="moz-txt-link-abbreviated" href="mailto:umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96">umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: none,<a class="moz-txt-link-abbreviated" href="mailto:zlib@openssh.com,zlib">zlib@openssh.com,zlib</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: none,<a class="moz-txt-link-abbreviated" href="mailto:zlib@openssh.com,zlib">zlib@openssh.com,zlib</a></font></div> <div><font size="2">debug2: kex_parse_kexinit:</font></div> <div><font size="2">debug2: kex_parse_kexinit:</font></div> <div><font size="2">debug2: kex_parse_kexinit: first_kex_follows 0</font></div> <div><font size="2">debug2: kex_parse_kexinit: reserved 0</font></div> <div><font size="2">debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1</font></div> <div><font size="2">debug2: kex_parse_kexinit: ssh-rsa,ssh-dss</font></div> <div><font size="2">debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a class="moz-txt-link-abbreviated" href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a class="moz-txt-link-abbreviated" href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a class="moz-txt-link-abbreviated" href="mailto:umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96">umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a class="moz-txt-link-abbreviated" href="mailto:umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96">umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: none,<a class="moz-txt-link-abbreviated" href="mailto:zlib@openssh.com">zlib@openssh.com</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: none,<a class="moz-txt-link-abbreviated" href="mailto:zlib@openssh.com">zlib@openssh.com</a></font></div> <div><font size="2">debug2: kex_parse_kexinit:</font></div> <div><font size="2">debug2: kex_parse_kexinit:</font></div> <div><font size="2">debug2: kex_parse_kexinit: first_kex_follows 0</font></div> <div><font size="2">debug2: kex_parse_kexinit: reserved 0</font></div> <div><font size="2">debug2: mac_setup: found hmac-md5</font></div> <div><font size="2">debug1: kex: server->client aes128-ctr hmac-md5 none</font></div> <div><font size="2">debug2: mac_setup: found hmac-md5</font></div> <div><font size="2">debug1: kex: client->server aes128-ctr hmac-md5 none</font></div> <div><font size="2">debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent</font></div> <div><font size="2">debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP</font></div> <div><font size="2">debug2: dh_gen_key: priv key bits set: 126/256</font></div> <div><font size="2">debug2: bits set: 492/1024</font></div> <div><font size="2">debug1: SSH2_MSG_KEX_DH_GEX_INIT sent</font></div> <div><font size="2">debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY</font></div> <div><font size="2">debug1: Server host key: RSA 22:fd:38:1c:25:80:fc:15:87:31:7b:b9:7b:59:f6:07</font></div> <div><font size="2">debug3: load_hostkeys: loading entries for host "ldap1.eng.switchlab.net" from file "/home/np/.ssh/known_hosts"</font></div> <div><font size="2">debug3: load_hostkeys: found key type RSA in file /home/np/.ssh/known_hosts:1</font></div> <div><font size="2">debug3: load_hostkeys: loaded 1 keys</font></div> <div><font size="2">debug3: load_hostkeys: loading entries for host "ldap1.eng.switchlab.net" from file "/var/lib/sss/pubconf/known_hosts"</font></div> <div><font size="2">debug3: load_hostkeys: found key type RSA in file /var/lib/sss/pubconf/known_hosts:1</font></div> <div><font size="2">debug3: load_hostkeys: found key type DSA in file /var/lib/sss/pubconf/known_hosts:2</font></div> <div><font size="2">debug3: load_hostkeys: loaded 2 keys</font></div> <div><font size="2">debug3: load_hostkeys: loading entries for host "10.30.1.135" from file "/home/np/.ssh/known_hosts"</font></div> <div><font size="2">debug3: load_hostkeys: found key type RSA in file /home/np/.ssh/known_hosts:2</font></div> <div><font size="2">debug3: load_hostkeys: loaded 1 keys</font></div> <div><font size="2">debug3: load_hostkeys: loading entries for host "10.30.1.135" from file "/var/lib/sss/pubconf/known_hosts"</font></div> <div><font size="2">debug3: load_hostkeys: loaded 0 keys</font></div> <div><font size="2">debug1: Host 'ldap1.eng.switchlab.net' is known and matches the RSA host key.</font></div> <div><font size="2">debug1: Found key in /home/np/.ssh/known_hosts:1</font></div> <div><font size="2">debug2: bits set: 518/1024</font></div> <div><font size="2">debug1: ssh_rsa_verify: signature correct</font></div> <div><font size="2">debug2: kex_derive_keys</font></div> <div><font size="2">debug2: set_newkeys: mode 1</font></div> <div><font size="2">debug1: SSH2_MSG_NEWKEYS sent</font></div> <div><font size="2">debug1: expecting SSH2_MSG_NEWKEYS</font></div> <div><font size="2">debug2: set_newkeys: mode 0</font></div> <div><font size="2">debug1: SSH2_MSG_NEWKEYS received</font></div> <div><font size="2">debug1: Roaming not allowed by server</font></div> <div><font size="2">debug1: SSH2_MSG_SERVICE_REQUEST sent</font></div> <div><font size="2">debug2: service_accept: ssh-userauth</font></div> <div><font size="2">debug1: SSH2_MSG_SERVICE_ACCEPT received</font></div> <div><font size="2">debug2: key: /home/np/.ssh/id_rsa (0x7f310a31cd60)</font></div> <div><font size="2">debug2: key: /home/np/.ssh/id_dsa ((nil))</font></div> <div><font size="2">debug1: Authentications that can continue: publickey,password,keyboard-interactive</font></div> <div><font size="2">debug3: start over, passed a different list publickey,password,keyboard-interactive</font></div> <div><font size="2">debug3: preferred publickey,keyboard-interactive,password</font></div> <div><font size="2">debug3: authmethod_lookup publickey</font></div> <div><font size="2">debug3: remaining preferred: keyboard-interactive,password</font></div> <div><font size="2">debug3: authmethod_is_enabled publickey</font></div> <div><font size="2">debug1: Next authentication method: publickey</font></div> <div><font size="2">debug1: Offering RSA public key: /home/np/.ssh/id_rsa</font></div> <div><font size="2">debug3: send_pubkey_test</font></div> <div><font size="2">debug2: we sent a publickey packet, wait for reply</font></div> <div><font size="2">debug1: Authentications that can continue: publickey,password,keyboard-interactive</font></div> <div><font size="2">debug1: Trying private key: /home/np/.ssh/id_dsa</font></div> <div><font size="2">debug3: no such identity: /home/np/.ssh/id_dsa</font></div> <div><font size="2">debug2: we did not send a packet, disable method</font></div> <div><font size="2">debug3: authmethod_lookup keyboard-interactive</font></div> <div><font size="2">debug3: remaining preferred: password</font></div> <div><font size="2">debug3: authmethod_is_enabled keyboard-interactive</font></div> <div><font size="2">debug1: Next authentication method: keyboard-interactive</font></div> <div><font size="2">debug2: userauth_kbdint</font></div> <div><font size="2">debug2: we sent a keyboard-interactive packet, wait for reply</font></div> <div><font size="2">debug2: input_userauth_info_req</font></div> <div><font size="2">debug2: input_userauth_info_req: num_prompts 1</font></div> <div><font size="2">Password:</font></div> <div><font size="2">debug3: packet_send2: adding 32 (len 17 padlen 15 extra_pad 64)</font></div> <div><font size="2"><br> </font></div> <div><font size="2"><br> </font></div> <div><font size="2"><br> </font></div> <div><font size="2">^X^C</font></div> <div><font size="2">[np@ldap0 ~]$ ssh -vvv <a class="moz-txt-link-abbreviated" href="mailto:np@eng.switchlab.net@ldap1.eng.switchlab.net">np@eng.switchlab.net@ldap1.eng.switchlab.net</a></font></div> <div><font size="2">OpenSSH_6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013</font></div> <div><font size="2">debug1: Reading configuration data /etc/ssh/ssh_config</font></div> <div><font size="2">debug1: /etc/ssh/ssh_config line 55: Applying options for *</font></div> <div><font size="2">debug2: ssh_connect: needpriv 0</font></div> <div><font size="2">debug1: Connecting to ldap1.eng.switchlab.net [10.30.1.135] port 22.</font></div> <div><font size="2">debug1: Connection established.</font></div> <div><font size="2">debug3: Incorrect RSA1 identifier</font></div> <div><font size="2">debug3: Could not load "/home/np/.ssh/id_rsa" as a RSA1 public key</font></div> <div><font size="2">debug1: identity file /home/np/.ssh/id_rsa type 1</font></div> <div><font size="2">debug1: identity file /home/np/.ssh/id_rsa-cert type -1</font></div> <div><font size="2">debug1: identity file /home/np/.ssh/id_dsa type -1</font></div> <div><font size="2">debug1: identity file /home/np/.ssh/id_dsa-cert type -1</font></div> <div><font size="2">debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1</font></div> <div><font size="2">debug1: match: OpenSSH_6.1 pat OpenSSH*</font></div> <div><font size="2">debug1: Enabling compatibility mode for protocol 2.0</font></div> <div><font size="2">debug1: Local version string SSH-2.0-OpenSSH_6.1</font></div> <div><font size="2">debug2: fd 3 setting O_NONBLOCK</font></div> <div><font size="2">debug3: load_hostkeys: loading entries for host "ldap1.eng.switchlab.net" from file "/home/np/.ssh/known_hosts"</font></div> <div><font size="2">debug3: load_hostkeys: found key type RSA in file /home/np/.ssh/known_hosts:1</font></div> <div><font size="2">debug3: load_hostkeys: loaded 1 keys</font></div> <div><font size="2">debug3: load_hostkeys: loading entries for host "ldap1.eng.switchlab.net" from file "/var/lib/sss/pubconf/known_hosts"</font></div> <div><font size="2">debug3: load_hostkeys: found key type RSA in file /var/lib/sss/pubconf/known_hosts:1</font></div> <div><font size="2">debug3: load_hostkeys: found key type DSA in file /var/lib/sss/pubconf/known_hosts:2</font></div> <div><font size="2">debug3: load_hostkeys: loaded 2 keys</font></div> <div><font size="2">debug3: order_hostkeyalgs: prefer hostkeyalgs: <a class="moz-txt-link-abbreviated" href="mailto:ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss">ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss</a></font></div> <div><font size="2">debug1: SSH2_MSG_KEXINIT sent</font></div> <div><font size="2">debug1: SSH2_MSG_KEXINIT received</font></div> <div><font size="2">debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1</font></div> <div><font size="2">debug2: kex_parse_kexinit: <a class="moz-txt-link-abbreviated" href="mailto:ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss">ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss</a>,</font></div> <div><font size="2">debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a class="moz-txt-link-abbreviated" href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a class="moz-txt-link-abbreviated" href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a class="moz-txt-link-abbreviated" href="mailto:umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96">umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a class="moz-txt-link-abbreviated" href="mailto:umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96">umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: none,<a class="moz-txt-link-abbreviated" href="mailto:zlib@openssh.com,zlib">zlib@openssh.com,zlib</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: none,<a class="moz-txt-link-abbreviated" href="mailto:zlib@openssh.com,zlib">zlib@openssh.com,zlib</a></font></div> <div><font size="2">debug2: kex_parse_kexinit:</font></div> <div><font size="2">debug2: kex_parse_kexinit:</font></div> <div><font size="2">debug2: kex_parse_kexinit: first_kex_follows 0</font></div> <div><font size="2">debug2: kex_parse_kexinit: reserved 0</font></div> <div><font size="2">debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1</font></div> <div><font size="2">debug2: kex_parse_kexinit: ssh-rsa,ssh-dss</font></div> <div><font size="2">debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a class="moz-txt-link-abbreviated" href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a class="moz-txt-link-abbreviated" href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a class="moz-txt-link-abbreviated" href="mailto:umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96">umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<a class="moz-txt-link-abbreviated" href="mailto:umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96">umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: none,<a class="moz-txt-link-abbreviated" href="mailto:zlib@openssh.com">zlib@openssh.com</a></font></div> <div><font size="2">debug2: kex_parse_kexinit: none,<a class="moz-txt-link-abbreviated" href="mailto:zlib@openssh.com">zlib@openssh.com</a></font></div> <div><font size="2">debug2: kex_parse_kexinit:</font></div> <div><font size="2">debug2: kex_parse_kexinit:</font></div> <div><font size="2">debug2: kex_parse_kexinit: first_kex_follows 0</font></div> <div><font size="2">debug2: kex_parse_kexinit: reserved 0</font></div> <div><font size="2">debug2: mac_setup: found hmac-md5</font></div> <div><font size="2">debug1: kex: server->client aes128-ctr hmac-md5 none</font></div> <div><font size="2">debug2: mac_setup: found hmac-md5</font></div> <div><font size="2">debug1: kex: client->server aes128-ctr hmac-md5 none</font></div> <div><font size="2">debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent</font></div> <div><font size="2">debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP</font></div> <div><font size="2">debug2: dh_gen_key: priv key bits set: 128/256</font></div> <div><font size="2">debug2: bits set: 503/1024</font></div> <div><font size="2">debug1: SSH2_MSG_KEX_DH_GEX_INIT sent</font></div> <div><font size="2">debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY</font></div> <div><font size="2">debug1: Server host key: RSA 22:fd:38:1c:25:80:fc:15:87:31:7b:b9:7b:59:f6:07</font></div> <div><font size="2">debug3: load_hostkeys: loading entries for host "ldap1.eng.switchlab.net" from file "/home/np/.ssh/known_hosts"</font></div> <div><font size="2">debug3: load_hostkeys: found key type RSA in file /home/np/.ssh/known_hosts:1</font></div> <div><font size="2">debug3: load_hostkeys: loaded 1 keys</font></div> <div><font size="2">debug3: load_hostkeys: loading entries for host "ldap1.eng.switchlab.net" from file "/var/lib/sss/pubconf/known_hosts"</font></div> <div><font size="2">debug3: load_hostkeys: found key type RSA in file /var/lib/sss/pubconf/known_hosts:1</font></div> <div><font size="2">debug3: load_hostkeys: found key type DSA in file /var/lib/sss/pubconf/known_hosts:2</font></div> <div><font size="2">debug3: load_hostkeys: loaded 2 keys</font></div> <div><font size="2">debug3: load_hostkeys: loading entries for host "10.30.1.135" from file "/home/np/.ssh/known_hosts"</font></div> <div><font size="2">debug3: load_hostkeys: found key type RSA in file /home/np/.ssh/known_hosts:2</font></div> <div><font size="2">debug3: load_hostkeys: loaded 1 keys</font></div> <div><font size="2">debug3: load_hostkeys: loading entries for host "10.30.1.135" from file "/var/lib/sss/pubconf/known_hosts"</font></div> <div><font size="2">debug3: load_hostkeys: loaded 0 keys</font></div> <div><font size="2">debug1: Host 'ldap1.eng.switchlab.net' is known and matches the RSA host key.</font></div> <div><font size="2">debug1: Found key in /home/np/.ssh/known_hosts:1</font></div> <div><font size="2">debug2: bits set: 500/1024</font></div> <div><font size="2">debug1: ssh_rsa_verify: signature correct</font></div> <div><font size="2">debug2: kex_derive_keys</font></div> <div><font size="2">debug2: set_newkeys: mode 1</font></div> <div><font size="2">debug1: SSH2_MSG_NEWKEYS sent</font></div> <div><font size="2">debug1: expecting SSH2_MSG_NEWKEYS</font></div> <div><font size="2">debug2: set_newkeys: mode 0</font></div> <div><font size="2">debug1: SSH2_MSG_NEWKEYS received</font></div> <div><font size="2">debug1: Roaming not allowed by server</font></div> <div><font size="2">debug1: SSH2_MSG_SERVICE_REQUEST sent</font></div> <div><font size="2">debug2: service_accept: ssh-userauth</font></div> <div><font size="2">debug1: SSH2_MSG_SERVICE_ACCEPT received</font></div> <div><font size="2">debug2: key: /home/np/.ssh/id_rsa (0x7fdfaf20fd60)</font></div> <div><font size="2">debug2: key: /home/np/.ssh/id_dsa ((nil))</font></div> <div><font size="2">debug1: Authentications that can continue: publickey,password,keyboard-interactive</font></div> <div><font size="2">debug3: start over, passed a different list publickey,password,keyboard-interactive</font></div> <div><font size="2">debug3: preferred publickey,keyboard-interactive,password</font></div> <div><font size="2">debug3: authmethod_lookup publickey</font></div> <div><font size="2">debug3: remaining preferred: keyboard-interactive,password</font></div> <div><font size="2">debug3: authmethod_is_enabled publickey</font></div> <div><font size="2">debug1: Next authentication method: publickey</font></div> <div><font size="2">debug1: Offering RSA public key: /home/np/.ssh/id_rsa</font></div> <div><font size="2">debug3: send_pubkey_test</font></div> <div><font size="2">debug2: we sent a publickey packet, wait for reply</font></div> <div><font size="2">debug1: Authentications that can continue: publickey,password,keyboard-interactive</font></div> <div><font size="2">debug1: Trying private key: /home/np/.ssh/id_dsa</font></div> <div><font size="2">debug3: no such identity: /home/np/.ssh/id_dsa</font></div> <div><font size="2">debug2: we did not send a packet, disable method</font></div> <div><font size="2">debug3: authmethod_lookup keyboard-interactive</font></div> <div><font size="2">debug3: remaining preferred: password</font></div> <div><font size="2">debug3: authmethod_is_enabled keyboard-interactive</font></div> <div><font size="2">debug1: Next authentication method: keyboard-interactive</font></div> <div><font size="2">debug2: userauth_kbdint</font></div> <div><font size="2">debug2: we sent a keyboard-interactive packet, wait for reply</font></div> <div><font size="2">debug2: input_userauth_info_req</font></div> <div><font size="2">debug2: input_userauth_info_req: num_prompts 1</font></div> <div><font size="2">Password:</font></div> <div><font size="2">debug3: packet_send2: adding 32 (len 23 padlen 9 extra_pad 64)</font></div> <div><font size="2">debug1: Authentications that can continue: publickey,password,keyboard-interactive</font></div> <div><font size="2">debug2: userauth_kbdint</font></div> <div><font size="2">debug2: we sent a keyboard-interactive packet, wait for reply</font></div> <div><font size="2">debug2: input_userauth_info_req</font></div> <div><font size="2">debug2: input_userauth_info_req: num_prompts 1</font></div> <div style="color: rgb(0, 0, 0); font-family: 'times new roman', 'new york', times, serif; font-size: 13px; font-style: normal;"><br> </div> </div> </span></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 10pt;"> </div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 10pt;">Nareshchandra Paturi<br> <br> 14, St. Augustine’s Court, <br> Mornington Road,<br> london.<br> E11 3BQ.<br> Mob:07466666001,07856918100<br> Ph:02082579579<br> </div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 10pt;"> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt;"> <div dir="ltr"> <hr size="1"> <font face="Arial" size="2"> <b><span style="font-weight:bold;">From:</span></b> Rob Crittenden <a class="moz-txt-link-rfc2396E" href="mailto:rcritten@redhat.com"><rcritten@redhat.com></a><br> <b><span style="font-weight: bold;">To:</span></b> naresh reddy <a class="moz-txt-link-rfc2396E" href="mailto:nareshbtech@yahoo.com"><nareshbtech@yahoo.com></a>; <a class="moz-txt-link-rfc2396E" href="mailto:freeipa-users@redhat.com">"freeipa-users@redhat.com"</a> <a class="moz-txt-link-rfc2396E" href="mailto:freeipa-users@redhat.com"><freeipa-users@redhat.com></a> <br> <b><span style="font-weight: bold;">Sent:</span></b> Tuesday, April 23, 2013 4:14 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Freeipa-users] Freeipa -ssh keys<br> </font> </div> <div class="y_msg_container"><br> naresh reddy wrote:<br> > Hi Rob<br> ><br> > Thank you very much<br> > but i tried the same with two fedora systems<br> > and got the similar issue<br> ><br> > i think the error is due to kerberos not installed but i can see it is<br> > installed on the client and sever<br> > please suggest.<br> <br> sssd needs to look up the keys in IPA so the client needs to be enrolled <br> for this to work.<br> <br> rob<br> <br> ><br> > [<a moz-do-not-send="true" ymailto="mailto:np@ldap" href="mailto:np@ldap">np@ldap</a> ~]$ ssh -vvv <a moz-do-not-send="true" ymailto="mailto:np@eng.switchlab.net" href="mailto:np@eng.switchlab.net">np@eng.switchlab.net</a>@ldap1.eng.switchlab.net<br> > OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010<br> > debug1: Reading configuration data /etc/ssh/ssh_config<br> > debug1: Applying options for *<br> > debug2: ssh_connect: needpriv 0<br> > debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy<br> > -p 22 ldap1.eng.switchlab.net<br> > debug1: identity file /home/np/.ssh/identity type -1<br> > debug3: Not a RSA1 key file /home/np/.ssh/id_rsa.<br> > debug2: key_type_from_name: unknown key type '-----BEGIN'<br> > debug3: key_read: missing keytype<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug3: key_read: missing whitespace<br> > debug2: key_type_from_name: unknown key type '-----END'<br> > debug3: key_read: missing keytype<br> > debug1: identity file /home/np/.ssh/id_rsa type 1<br> > debug1: identity file /home/np/.ssh/id_dsa type -1<br> > debug1: permanently_drop_suid: 501<br> > debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1<br> > debug1: match: OpenSSH_6.1 pat OpenSSH*<br> > debug1: Enabling compatibility mode for protocol 2.0<br> > debug1: Local version string SSH-2.0-OpenSSH_5.3<br> > debug2: fd 5 setting O_NONBLOCK<br> > debug2: fd 4 setting O_NONBLOCK<br> > debug1: SSH2_MSG_KEXINIT sent<br> > debug3: Wrote 792 bytes for a total of 813<br> > debug1: SSH2_MSG_KEXINIT received<br> > debug2: kex_parse_kexinit:<br> > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1<br> > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss<br> > debug2: kex_parse_kexinit:<br> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a moz-do-not-send="true" ymailto="mailto:rijndael-cbc@lysator.liu.se" href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a><br> > debug2: kex_parse_kexinit:<br> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a moz-do-not-send="true" ymailto="mailto:rijndael-cbc@lysator.liu.se" href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a><br> > debug2: kex_parse_kexinit:<br> > hmac-md5,hmac-sha1,<a moz-do-not-send="true" ymailto="mailto:umac-64@openssh.com" href="mailto:umac-64@openssh.com">umac-64@openssh.com</a>,hmac-ripemd160,<a moz-do-not-send="true" ymailto="mailto:hmac-ripemd160@openssh.com" href="mailto:hmac-ripemd160@openssh.com">hmac-ripemd160@openssh.com</a>,hmac-sha1-96,hmac-md5-96<br> > debug2: kex_parse_kexinit:<br> > hmac-md5,hmac-sha1,<a moz-do-not-send="true" ymailto="mailto:umac-64@openssh.com" href="mailto:umac-64@openssh.com">umac-64@openssh.com</a>,hmac-ripemd160,<a moz-do-not-send="true" ymailto="mailto:hmac-ripemd160@openssh.com" href="mailto:hmac-ripemd160@openssh.com">hmac-ripemd160@openssh.com</a>,hmac-sha1-96,hmac-md5-96<br> > debug2: kex_parse_kexinit: none,<a moz-do-not-send="true" ymailto="mailto:zlib@openssh.com" href="mailto:zlib@openssh.com">zlib@openssh.com</a>,zlib<br> > debug2: kex_parse_kexinit: none,<a moz-do-not-send="true" ymailto="mailto:zlib@openssh.com" href="mailto:zlib@openssh.com">zlib@openssh.com</a>,zlib<br> > debug2: kex_parse_kexinit:<br> > debug2: kex_parse_kexinit:<br> > debug2: kex_parse_kexinit: first_kex_follows 0<br> > debug2: kex_parse_kexinit: reserved 0<br> > debug2: kex_parse_kexinit:<br> > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1<br> > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss<br> > debug2: kex_parse_kexinit:<br> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a moz-do-not-send="true" ymailto="mailto:rijndael-cbc@lysator.liu.se" href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a><br> > debug2: kex_parse_kexinit:<br> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<a moz-do-not-send="true" ymailto="mailto:rijndael-cbc@lysator.liu.se" href="mailto:rijndael-cbc@lysator.liu.se">rijndael-cbc@lysator.liu.se</a><br> > debug2: kex_parse_kexinit:<br> > hmac-md5,hmac-sha1,<a moz-do-not-send="true" ymailto="mailto:umac-64@openssh.com" href="mailto:umac-64@openssh.com">umac-64@openssh.com</a>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,<a moz-do-not-send="true" ymailto="mailto:hmac-ripemd160@openssh.com" href="mailto:hmac-ripemd160@openssh.com">hmac-ripemd160@openssh.com</a>,hmac-sha1-96,hmac-md5-96<br> > debug2: kex_parse_kexinit:<br> > hmac-md5,hmac-sha1,<a moz-do-not-send="true" ymailto="mailto:umac-64@openssh.com" href="mailto:umac-64@openssh.com">umac-64@openssh.com</a>,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,<a moz-do-not-send="true" ymailto="mailto:hmac-ripemd160@openssh.com" href="mailto:hmac-ripemd160@openssh.com">hmac-ripemd160@openssh.com</a>,hmac-sha1-96,hmac-md5-96<br> > debug2: kex_parse_kexinit: none,<a moz-do-not-send="true" ymailto="mailto:zlib@openssh.com" href="mailto:zlib@openssh.com">zlib@openssh.com</a><br> > debug2: kex_parse_kexinit: none,<a moz-do-not-send="true" ymailto="mailto:zlib@openssh.com" href="mailto:zlib@openssh.com">zlib@openssh.com</a><br> > debug2: kex_parse_kexinit:<br> > debug2: kex_parse_kexinit:<br> > debug2: kex_parse_kexinit: first_kex_follows 0<br> > debug2: kex_parse_kexinit: reserved 0<br> > debug2: mac_setup: found hmac-md5<br> > debug1: kex: server->client aes128-ctr hmac-md5 none<br> > debug2: mac_setup: found hmac-md5<br> > debug1: kex: client->server aes128-ctr hmac-md5 none<br> > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent<br> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP<br> > debug3: Wrote 24 bytes for a total of 837<br> > debug2: dh_gen_key: priv key bits set: 144/256<br> > debug2: bits set: 516/1024<br> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent<br> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY<br> > debug3: Wrote 144 bytes for a total of 981<br> > debug3: check_host_in_hostfile: filename /home/np/.ssh/known_hosts<br> > debug3: check_host_in_hostfile: match line 2<br> > debug1: Host 'ldap1.eng.switchlab.net' is known and matches the RSA host<br> > key.<br> > debug1: Found key in /home/np/.ssh/known_hosts:2<br> > debug2: bits set: 499/1024<br> > debug1: ssh_rsa_verify: signature correct<br> > debug2: kex_derive_keys<br> > debug2: set_newkeys: mode 1<br> > debug1: SSH2_MSG_NEWKEYS sent<br> > debug1: expecting SSH2_MSG_NEWKEYS<br> > debug3: Wrote 16 bytes for a total of 997<br> > debug2: set_newkeys: mode 0<br> > debug1: SSH2_MSG_NEWKEYS received<br> > debug1: SSH2_MSG_SERVICE_REQUEST sent<br> > debug3: Wrote 48 bytes for a total of 1045<br> > debug2: service_accept: ssh-userauth<br> > debug1: SSH2_MSG_SERVICE_ACCEPT received<br> > debug2: key: /home/np/.ssh/identity ((nil))<br> > debug2: key: /home/np/.ssh/id_rsa (0x7f9ee71687b0)<br> > debug2: key: /home/np/.ssh/id_dsa ((nil))<br> > debug3: Wrote 80 bytes for a total of 1125<br> > debug1: Authentications that can continue:<br> > publickey,gssapi-keyex,gssapi-with-mic,password<br> > debug3: start over, passed a different list<br> > publickey,gssapi-keyex,gssapi-with-mic,password<br> > debug3: preferred<br> > gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password<br> > debug3: authmethod_lookup gssapi-keyex<br> > debug3: remaining preferred:<br> > gssapi-with-mic,publickey,keyboard-interactive,password<br> > debug3: authmethod_is_enabled gssapi-keyex<br> > debug1: Next authentication method: gssapi-keyex<br> > debug1: No valid Key exchange context<br> > debug2: we did not send a packet, disable method<br> > debug3: authmethod_lookup gssapi-with-mic<br> > debug3: remaining preferred: publickey,keyboard-interactive,password<br> > debug3: authmethod_is_enabled gssapi-with-mic<br> > debug1: Next authentication method: gssapi-with-mic<br> > debug1: Unspecified GSS failure. Minor code may provide more information<br> > Credentials cache file '/tmp/krb5cc_501' not found<br> ><br> > debug1: Unspecified GSS failure. Minor code may provide more information<br> > Credentials cache file '/tmp/krb5cc_501' not found<br> ><br> > debug1: Unspecified GSS failure. Minor code may provide more information<br> ><br> ><br> > debug1: Unspecified GSS failure. Minor code may provide more information<br> > Credentials cache file '/tmp/krb5cc_501' not found<br> ><br> > debug2: we did not send a packet, disable method<br> > debug3: authmethod_lookup publickey<br> > debug3: remaining preferred: keyboard-interactive,password<br> > debug3: authmethod_is_enabled publickey<br> > debug1: Next authentication method: publickey<br> > debug1: Trying private key: /home/np/.ssh/identity<br> > debug3: no such identity: /home/np/.ssh/identity<br> > debug1: Offering public key: /home/np/.ssh/id_rsa<br> > debug3: send_pubkey_test<br> > debug2: we sent a publickey packet, wait for reply<br> > debug3: Wrote 384 bytes for a total of 1509<br> > debug1: Authentications that can continue:<br> > publickey,gssapi-keyex,gssapi-with-mic,password<br> > debug1: Trying private key: /home/np/.ssh/id_dsa<br> > debug3: no such identity: /home/np/.ssh/id_dsa<br> > debug2: we did not send a packet, disable method<br> > debug3: authmethod_lookup password<br> > debug3: remaining preferred: ,password<br> > debug3: authmethod_is_enabled password<br> > debug1: Next authentication method: password<br> > <a moz-do-not-send="true" ymailto="mailto:np@eng.switchlab.net" href="mailto:np@eng.switchlab.net">np@eng.switchlab.net</a>@ldap1.eng.switchlab.net's password:<br> > debug3: packet_send2: adding 48 (len 75 padlen 5 extra_pad 64)<br> > debug2: we sent a password packet, wait for reply<br> > debug3: Wrote 144 bytes for a total of 1653<br> > debug1: Authentication succeeded (password).<br> > debug1: channel 0: new [client-session]<br> > debug3: ssh_session2_open: channel_new: 0<br> > debug2: channel 0: send open<br> > debug1: Requesting <a moz-do-not-send="true" ymailto="mailto:no-more-sessions@openssh.com" href="mailto:no-more-sessions@openssh.com">no-more-sessions@openssh.com</a><br> > debug1: Entering interactive session.<br> > debug3: Wrote 128 bytes for a total of 1781<br> > debug2: callback start<br> > debug2: client_session2_setup: id 0<br> > debug2: channel 0: request pty-req confirm 1<br> > debug1: Sending environment.<br> > debug3: Ignored env HOSTNAME<br> > debug3: Ignored env SHELL<br> > debug3: Ignored env TERM<br> > debug3: Ignored env HISTSIZE<br> > debug3: Ignored env USER<br> > debug3: Ignored env LS_COLORS<br> > debug3: Ignored env MAIL<br> > debug3: Ignored env PATH<br> > debug3: Ignored env PWD<br> > debug1: Sending env LANG = en_US.UTF-8<br> > debug2: channel 0: request env confirm 0<br> > debug3: Ignored env HISTCONTROL<br> > debug3: Ignored env SHLVL<br> > debug3: Ignored env HOME<br> > debug3: Ignored env LOGNAME<br> > debug3: Ignored env CVS_RSH<br> > debug3: Ignored env LESSOPEN<br> > debug3: Ignored env G_BROKEN_FILENAMES<br> > debug3: Ignored env _<br> > debug2: channel 0: request shell confirm 1<br> > debug2: callback done<br> > debug2: channel 0: open confirm rwindow 0 rmax 32768<br> > debug3: Wrote 448 bytes for a total of 2229<br> > debug2: channel_input_status_confirm: type 99 id 0<br> > debug2: PTY allocation request accepted on channel 0<br> > debug2: channel 0: rcvd adjust 2097152<br> > debug2: channel_input_status_confirm: type 99 id 0<br> > debug2: shell request accepted on channel 0<br> > Last failed login: Tue Apr 23 14:37:59 BST 2013 from 10.30.2.177 on<br> > ssh:notty<br> > There were 8 failed login attempts since the last successful login.<br> > -sh-4.2$ debug3: Wrote 48 bytes for a total of 2277<br> > edebug3: Wrote 48 bytes for a total of 2325<br> > xdebug3: Wrote 48 bytes for a total of 2373<br> > idebug3: Wrote 48 bytes for a total of 2421<br> > tdebug3: Wrote 48 bytes for a total of 2469<br> ><br> > logout<br> > debug2: channel 0: rcvd eof<br> > debug2: channel 0: output open -> drain<br> > debug2: channel 0: obuf empty<br> > debug2: channel 0: close_write<br> > debug2: channel 0: output drain -> closed<br> > debug1: client_input_channel_req: channel 0 rtype exit-status reply 0<br> > debug1: client_input_channel_req: channel 0 rtype <a moz-do-not-send="true" ymailto="mailto:eow@openssh.com" href="mailto:eow@openssh.com">eow@openssh.com</a> reply 0<br> > debug2: channel 0: rcvd eow<br> > debug2: channel 0: close_read<br> > debug2: channel 0: input open -> closed<br> > debug2: channel 0: rcvd close<br> > debug3: channel 0: will not send data after close<br> > debug2: channel 0: almost dead<br> > debug2: channel 0: gc: notify user<br> > debug2: channel 0: gc: user detached<br> > debug2: channel 0: send close<br> > debug2: channel 0: is dead<br> > debug2: channel 0: garbage collecting<br> > debug1: channel 0: free: client-session, nchannels 1<br> > debug3: channel 0: status: The following connections are open:<br> > #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)<br> ><br> > debug3: channel 0: close_fds r -1 w -1 e 7 c -1<br> > debug3: Wrote 32 bytes for a total of 2501<br> > debug3: Wrote 64 bytes for a total of 2565<br> > Connection to ldap1.eng.switchlab.net closed.<br> > Transferred: sent 2288, received 2656 bytes, in 1.5 seconds<br> > Bytes per second: sent 1563.3, received 1814.8<br> > debug1: Exit status 0<br> ><br> > Nareshchandra Paturi<br> ><br> > 14, St. Augustine’s Court,<br> > Mornington Road,<br> > london.<br> > E11 3BQ.<br> > Mob:07466666001,07856918100<br> > Ph:02082579579<br> > ------------------------------------------------------------------------<br> > *From:* Rob Crittenden <<a moz-do-not-send="true" ymailto="mailto:rcritten@redhat.com" href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>><br> > *To:* Naresh Chandra R Paturi <<a moz-do-not-send="true" ymailto="mailto:nareshbtech@yahoo.com" href="mailto:nareshbtech@yahoo.com">nareshbtech@yahoo.com</a>>;<br> > <a moz-do-not-send="true" ymailto="mailto:freeipa-users@redhat.com" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br> > *Sent:* Saturday, April 20, 2013 8:11 PM<br> > *Subject:* Re: [Freeipa-users] Freeipa -ssh keys<br> ><br> > Naresh Chandra R Paturi wrote:<br> > > Hi all<br> > ><br> > > I am new to freeipa<br> > > we have a group of linux servers where we are tyring to establish<br> > > password less logins, in order to do this we need to copy ssh keys of<br> > > all uses to each and every cleint server . so we are trying to establish<br> > > freeipa central server where we store the keys of all the users.<br> > > we got free ipa working with passwords but trying to authenticate with<br> > > keys.<br> > > is this achievable. if you please kindly direct me.<br> ><br> > With IPA 3.0 this is configured for you automatically by default on<br> > RHEL/Fedora systems.<br> ><br> > <a moz-do-not-send="true" href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#user-keys" target="_blank">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#user-keys</a><br> ><br> > I believe you will need an openssh patch for this to work on a<br> > Debian/Ubuntu client. I believe it also requires sssd.<br> ><br> > rob<br> ><br> ><br> <br> <br> <br> </div> </div> </div> </div> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <br> <br> <pre class="moz-signature" cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a> </pre> </body> </html>