Bug#916843: SSH-Login problems

To: 916843@bugs.debian.org
Subject: Bug#916843: SSH-Login problems
From: andrew glaeser <bugs@irregulaire.info>
Date: Wed, 16 Jan 2019 12:39:47 +0100
Message-id: <[🔎] 20190116123947.0fc82de4@a68n.lokal>
Reply-to: andrew glaeser <bugs@irregulaire.info>, 916843@bugs.debian.org
References: <20181219135906.7c2f9a28@a68n.lokal>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This was confirmed as a configuration issue:

> andrew@a68n:~$ ssh user@detst
> ssh: connect to host detst port 22: Connection refused
> andrew@a68n:~$ ssh root@detst
> ssh: connect to host detst port 22: Connection refused
> andrew@a68n:~$ ssh user@detst
> Linux detst 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64
> 
> The programs included with the Debian GNU/Linux system are free software;
> the exact distribution terms for each program are described in the
> individual files in /usr/share/doc/*/copyright.
> 
> Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
> permitted by applicable law.
> Last login: Fri Dec 21 11:16:42 2018 from 192.168.0.58
> user@detst:~$ cat /etc/ssh/sshd_config 
> #       $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
> 
> # This is the sshd server system-wide configuration file.  See
> # sshd_config(5) for more information.
> 
> # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
> 
> # The strategy used for options in the default sshd_config shipped with
> # OpenSSH is to specify options with their default value where
> # possible, but leave them commented.  Uncommented options override the
> # default value.
> 
> #Port 22
> #AddressFamily any
> #ListenAddress 0.0.0.0
> #ListenAddress ::
> 
> #HostKey /etc/ssh/ssh_host_rsa_key
> #HostKey /etc/ssh/ssh_host_ecdsa_key
> #HostKey /etc/ssh/ssh_host_ed25519_key
> 
> # Ciphers and keying
> #RekeyLimit default none
> 
> # Logging
> #SyslogFacility
> AUTH #LogLevel
> INFO 
> #
> Authentication: 
> #LoginGraceTime
> 2m PermitRootLogin
> without-password #StrictModes
> yes #MaxAuthTries
> 6 #MaxSessions
> 10 
> #PubkeyAuthentication yes
> 
> # Expect .ssh/authorized_keys2 to be disregarded by default in future.
> #AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2
> 
> #AuthorizedPrincipalsFile none
> 
> #AuthorizedKeysCommand none
> #AuthorizedKeysCommandUser nobody
> 
> # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
> #HostbasedAuthentication no
> # Change to yes if you don't trust ~/.ssh/known_hosts for
> # HostbasedAuthentication
> #IgnoreUserKnownHosts no
> # Don't read the user's ~/.rhosts and ~/.shosts files
> #IgnoreRhosts yes
> 
> # To disable tunneled clear text passwords, change to no here!
> #PasswordAuthentication yes
> #PermitEmptyPasswords no
> 
> # Change to yes to enable challenge-response passwords (beware issues with
> # some PAM modules and threads)
> ChallengeResponseAuthentication no
> 
> # Kerberos options
> #KerberosAuthentication no
> #KerberosOrLocalPasswd yes
> #KerberosTicketCleanup yes
> #KerberosGetAFSToken no
> 
> # GSSAPI options
> #GSSAPIAuthentication no
> #GSSAPICleanupCredentials yes
> #GSSAPIStrictAcceptorCheck yes
> #GSSAPIKeyExchange no
> 
> # Set this to 'yes' to enable PAM authentication, account processing,
> # and session processing. If this is enabled, PAM authentication will
> # be allowed through the ChallengeResponseAuthentication and
> # PasswordAuthentication.  Depending on your PAM configuration,
> # PAM authentication via ChallengeResponseAuthentication may bypass
> # the setting of "PermitRootLogin without-password".
> # If you just want the PAM account and session checks to run without
> # PAM authentication, then enable this but set PasswordAuthentication
> # and ChallengeResponseAuthentication to 'no'.
> UsePAM yes
> 
> #AllowAgentForwarding yes
> #AllowTcpForwarding yes
> #GatewayPorts no
> X11Forwarding yes
> #X11DisplayOffset 10
> #X11UseLocalhost yes
> #PermitTTY yes
> PrintMotd no
> #PrintLastLog yes
> #TCPKeepAlive yes
> #PermitUserEnvironment no
> #Compression delayed
> #ClientAliveInterval 0
> #ClientAliveCountMax 3
> #UseDNS no
> #PidFile /var/run/sshd.pid
> #MaxStartups 10:30:100
> #PermitTunnel no
> #ChrootDirectory none
> #VersionAddendum none
> 
> # no default banner path
> #Banner none
> 
> # Allow client to pass locale environment variables
> AcceptEnv LANG LC_*
> 
> # override default of no subsystems
> #Subsystem      sftp    /usr/lib/openssh/sftp-server
> 
> # Example of overriding settings on a per-user basis
> #Match User anoncvs
> #       X11Forwarding no
> #       AllowTcpForwarding no
> #       PermitTTY no
> #       ForceCommand cvs server
> user@detst:~$ 

Particularly this:

> > # override default of no subsystems
> > #Subsystem      sftp    /usr/lib/openssh/sftp-server


-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTF9uNaslvnJpWt8kXn6sEfJS3nCwUCXD8YAwAKCRDn6sEfJS3n
C8TAAJ0Zj0e3mpjwWXx1dnCJ7JF30brU+QCfTKc4M7U+AJhy2FGm0Ychn5QIojI=
=B0h8
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Re: Json-c library installed into /lib/ instead of /usr/lib/ ... is that relevant anymore?
Next by Date: Processed: [initramfs-tools] update-initramfs -u warns: Unknown X keysym "dead_belowmacron"
Previous by thread: Re: Json-c library installed into /lib/ instead of /usr/lib/ ... is that relevant anymore?
Next by thread: Processed: [initramfs-tools] update-initramfs -u warns: Unknown X keysym "dead_belowmacron"
Index(es):
- Date
- Thread