Fwd: Fwd: Re: [mcs-systems #53361] can no longer access itaps.mcs.anl.gov

Tim Tautges tautges at mcs.anl.gov
Thu Sep 23 11:37:13 CDT 2010 

For those needing access to the itaps machine, make sure you have requested access to that resource, since now the 
system is checking for that.

- tim

-------- Original Message --------
Subject: Fwd: Re: [mcs-systems #53361] can no longer access itaps.mcs.anl.gov
Date: Thu, 23 Sep 2010 11:20:33 -0500
From: Jason Kraftcheck <kraftche at cae.wisc.edu>
To: Tim Tautges <tautges at mcs.anl.gov>

In case anyone else has the same problem:


-------- Original Message --------
Subject: Re: [mcs-systems #53361] can no longer access itaps.mcs.anl.gov
Date: Thu, 23 Sep 2010 11:19:11 -0500
From: Kenneth Raffenetti <raffenet at mcs.anl.gov>
To: systems at mcs.anl.gov, Jason Kraftcheck <kraftche at cae.wisc.edu>

Jason,

Can you request the ITAPS resource at
https://accounts.mcs.anl.gov/resources.php?  It looks like you never had
the resource, and a recent configuration change only allowed logins to
people with it.

Ken

On 09/23/2010 11:14 AM, Jason Kraftcheck wrote:
> It seems that I am no longer able to log into itaps.mcs.anl.gov.  My ssh key
> seems to work fine for other MCS machines (e.g. terra).  Here's the output
> of 'ssh -vv itaps.mcs.anl.gov':
>
>> OpenSSH_5.5p1 Debian-4, OpenSSL 0.9.8o 01 Jun 2010
>> debug1: Reading configuration data /home/jason/.ssh/config
>> debug1: Applying options for *.anl.gov
>> debug1: Applying options for *
>> debug1: /home/jason/.ssh/config line 119: Deprecated option "FallBackToRsh"
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: Applying options for *
>> debug2: ssh_connect: needpriv 0
>> debug1: Connecting to itaps.mcs.anl.gov [140.221.8.125] port 22.
>> debug1: Connection established.
>> debug1: identity file /home/jason/.ssh/identity type -1
>> debug1: identity file /home/jason/.ssh/identity-cert type -1
>> debug2: key_type_from_name: unknown key type '-----BEGIN'
>> debug2: key_type_from_name: unknown key type '-----END'
>> debug1: identity file /home/jason/.ssh/id_rsa type 1
>> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
>> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
>> debug1: identity file /home/jason/.ssh/id_rsa-cert type -1
>> debug1: identity file /home/jason/.ssh/id_dsa type -1
>> debug1: identity file /home/jason/.ssh/id_dsa-cert type -1
>> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu4
>> debug1: match: OpenSSH_5.3p1 Debian-3ubuntu4 pat OpenSSH*
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4
>> debug2: fd 3 setting O_NONBLOCK
>> debug1: SSH2_MSG_KEXINIT sent
>> debug1: SSH2_MSG_KEXINIT received
>> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>> debug2: kex_parse_kexinit: ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ssh-rsa,ssh-dss
>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
>> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
>> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
>> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
>> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
>> debug2: kex_parse_kexinit: none,zlib at openssh.com
>> debug2: kex_parse_kexinit: none,zlib at openssh.com
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit:
>> debug2: kex_parse_kexinit: first_kex_follows 0
>> debug2: kex_parse_kexinit: reserved 0
>> debug2: mac_setup: found hmac-md5
>> debug1: kex: server->client aes128-ctr hmac-md5 none
>> debug2: mac_setup: found hmac-md5
>> debug1: kex: client->server aes128-ctr hmac-md5 none
>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>> debug2: dh_gen_key: priv key bits set: 129/256
>> debug2: bits set: 500/1024
>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>> debug1: Host 'itaps.mcs.anl.gov' is known and matches the RSA host key.
>> debug1: Found key in /home/jason/.ssh/known_hosts:44
>> debug2: bits set: 517/1024
>> debug1: ssh_rsa_verify: signature correct
>> debug2: kex_derive_keys
>> debug2: set_newkeys: mode 1
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug2: set_newkeys: mode 0
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: Roaming not allowed by server
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>> debug2: service_accept: ssh-userauth
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug2: key: /home/jason/.ssh/identity ((nil))
>> debug2: key: /home/jason/.ssh/id_rsa (0x7f0c90e27f50)
>> debug2: key: /home/jason/.ssh/id_dsa ((nil))
>> debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,hostbased
>> debug1: Next authentication method: gssapi-keyex
>> debug1: No valid Key exchange context
>> debug2: we did not send a packet, disable method
>> debug1: Next authentication method: gssapi-with-mic
>> debug1: Unspecified GSS failure.  Minor code may provide more information
>> Credentials cache file '/tmp/krb5cc_1000' not found
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more information
>> Credentials cache file '/tmp/krb5cc_1000' not found
>>
>> debug1: Unspecified GSS failure.  Minor code may provide more information
>>
>>
>> debug2: we did not send a packet, disable method
>> debug1: Next authentication method: publickey
>> debug1: Trying private key: /home/jason/.ssh/identity
>> debug1: Offering public key: /home/jason/.ssh/id_rsa
>> debug2: we sent a publickey packet, wait for reply
>> debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,hostbased
>> debug1: Trying private key: /home/jason/.ssh/id_dsa
>> debug2: we did not send a packet, disable method
>> debug1: Next authentication method: password
>> kraftche at itaps.mcs.anl.gov's password:
>> debug2: we sent a password packet, wait for reply
>> Connection closed by 140.221.8.125
>
>

More information about the tstt-interface mailing list