• Updated 2023-07-12: Hello, Guest! Welcome back, and be sure to check out this follow-up post about our outage a week or so ago.

OpenBSD @ SE/30 => no SSH login?

sbreit

sbreit

Active member
Hi there!

Maybe one of you guys might have an idea about this:

I've installed OpenBSD 5.1 to my SE/30. Works OK except for the fact that I can't SSH to the box. Making SSH connections from the SE/30 to other machines on the other hand works just fine.

This is what the client sees:

Code: 
debug2: mac_setup: found hmac-md5-96
debug1: kex: server->client aes128-ctr hmac-md5-96 none
debug2: mac_setup: found hmac-md5-96
debug1: kex: client->server aes128-ctr hmac-md5-96 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 125/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
and then fails.

The server will log the incoming connection and then after a few minutes prints "Timeout before authentication".

I already tried "Ciphers none" and "MACs hmac-md5-96" and also SSH protocol version 1 without much success. xx(

Any other hints?

Regards

Steffen

 
ChristTrekker

ChristTrekker

Well-known member
May be a stupid question, but is the ssh daemon running? If the SE30 isn't listening, nothing's ever going to connect to it.

 
sbreit

sbreit

Active member
May be a stupid question, but is the ssh daemon running? If the SE30 isn't listening, nothing's ever going to connect to it.
Click to expand...
If it wasn't running, the client would exit with "ssh: connect to host $hostname port 22: Connection refused" rather than starting to negotiate the key exhange. ;)

Oh, and the sever wouldn't log anything SSH-wise, would it? :D

 
Charlieman

Charlieman

Well-known member
Err, enable verbose logging on the SE/30 if possible. Then talk to the devs -- in the bug report, identify model and OpenBSD version.

 
sbreit

sbreit

Active member
Err, enable verbose logging on the SE/30 if possible. Then talk to the devs -- in the bug report, identify model and OpenBSD version.
Click to expand...
I already raised the loglevel for the sshd to DEBUG3. As the standard log facility is the AUTH log, I suppose I should be able to see everything in the auth log, which kind of isn't verbose at all :?:

Is there an other log (given that I didn't change the log facilities/log file locations) that I should look into?

 
sbreit

sbreit

Active member
Solved it. :beige:

The logging facility was correct, but the syslog configuration wasn't. I had to change the /etc/syslog.conf line

auth.info /var/log/authlog

to

auth.* /var/log/authlog

to get the debug level messages.

On the server, I always got something like

sshd[17111]: fatal: Timeout before authentication for 192.168.23.26

in the log file. This timeout was cased by the LoginGraceTime parameter in the sshd_config. I set that to 10m now and voila: I can ssh to my Mac! ;D

It, quite obviously, tages ages to log in, tough ;)

 
You must log in or register to reply here.
Top