login about faq

Hi all,

New here but have arrived out of desperation... please forgive the wordy question.

I have Tectia Server 4.4.7 installed on a DL360 server running Windows 2003 Server SP2, and it's set up for public key authentication only. This works flawlessly - I can ssh2 into the server from a separate host (also Tectia 4.4.7) and authentication is swift and successful every time.

Due to restructuring I have to convert this server into a domain controller. After I run dcpromo and promote the server to a DC, ssh2 into the server then sometimes fails and sometimes works, and there doesn't seem to be any pattern of when or how it succeeds.

Any help or advice will be gratefully received!! I've tried doing dcpromo before installing Tectia, that made no difference. It seems to be that just being a DC causes intermittent failure. It's like the authentication is going along well and is going to succeed, but something drops the connection before it gets all the way.

Running ssh2 in verbose mode gives me the following output when it fails:

C:\Documents and Settings\moosepig>ssh2 -v DOMAIN\moosepig@test_server
debug: Ssh2: Crypto library version: SSH Cryptographic Library, version 1.2.7
debug: Ssh2: User config file not found, using defaults. (Looked for 'C:/Documents and Settings/moosepig/Application Data/SSH/ssh2_config')
debug: Ssh2: Parent process check: VIM emulation is enabled
debug: Ssh2: Running in FIPS mode: No
debug: Connecting to test_server, port 22... (SOCKS not used)
debug: SshProtoTransport: My version: SSH-1.99-4.4.7.23 SSH Secure Shell Windows Client
debug: client supports 5 auth methods: 'gssapi-with-mic,gssapi,publickey,keyboard-interactive,password'
debug: Ssh2Common: local ip = 192.168.77.40, local port = 1153
debug: Ssh2Common: remote ip = 192.168.77.55, remote port = 22
debug: SshProtoConnection: Wrapping...
debug: Remote version: SSH-2.0-4.4.7.23 SSH Secure Shell Windows NT Server
debug: Major: 4 Minor: 4 Revision: 7
debug: SshProtoTransport: SSH Client version is 4.x and more then 4.3.3 so server                                  will
use stub-based way of term. emul.
debug: SshProtoTransport: lang s to c: `', lang c to s: `'
debug: SshProtoTransport: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none
debug: SshProtoTransport: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Ssh2Client: Keys match.
debug: Remote host key found from database.
debug: Ssh2Common: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: Ssh2Common: DISCONNECT received: Connection closed.
warning: Authentication failed.
Disconnected (local); connection lost (Connection closed.).
debug: Ssh2Common: Destroying SshCommon object.
debug: SshProtoConnection: Destroying SshConn object.
Disconnect reason 10, exit code = 74
C:\Documents and Settings\moosepig>

Many thanks in advance :)

Cheers, Moosepig

UPDATE: if I run ssh2 DOMAIN\ Administrator @test_server, it always authenticates, every time. I tried adding the user moosepig to the Administrators group, but that had no effect. This is a weird thing, I don't get how it sometimes authenticates but mostly doesn't. If I run ssh2 DOMAIN\moosepig@test_server over and over again, it will authenticate perhaps 1 time in 10.

UPDATE2: configured test_server so I could run ssh2 on the local machine instead of over the network - same symptoms, so it's not related to network infrastructure. Also, I then deliberately set up the keys so that they would always fail - in that case, I sometimes get error code 78, but more often get error code 74 as above. This seems to confirm that the connection is being dropped before authentication has a chance to complete (whether successful or not).

UPDATE3: I discovered that neither NIC had a default gateway configured, so I did this on one of the NICs, and the problem seems to have gone away - time will tell, as it is very difficult to prove that something is not happening! Once I'm convinced, I'll write up an answer.

UPDATE4: Nope, that wasn't it. Went back to a clean build with tested and working Tectia server, made sure one NIC had a default gateway... promoted to DC, and lo the original problem is still happening, exactly the same. This is doing my head in.

UPDATE5: Ran the server side in debug mode... THE PROBLEM GOES AWAY!! Argh!! (Where's the smiley for bashing my head against a wall?) So it now looks like some kind of crazy race condition: slow down the server by making it process debug (even at level 1) and the problem vanishes. Any idea, anyone?

asked May 30 '14 at 16:21

moosepig's gravatar image

moosepig
1112

edited Jun 05 '14 at 14:05

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×54
×30
×1
×1

Asked: May 30 '14 at 16:21

Seen: 8,785 times

Last updated: Jun 05 '14 at 14:05

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.