Thread: [JSch-users] com.jcraft.jsch.JSchException: Auth fail
Status: Alpha
Brought to you by:
ymnk
Menu
▾
▴
jsch-users
|
From: Waseem W. <ww...@it...> - 2005-04-12 20:34:19
|
I'm a new jsch user. We are using jsch standalone (as well as from = within ant -- sshexec and scp tasks). The problem is that it seems to = work fine when connecting to servers (running linux and freebsd) inside = our network (behind a firewall), but for connection to servers outside = the network, we can't get it to work. I tried the Sftp.java example, as = well the above mentioned ant tasks. The result is the same: It fails = with the exception com.jcraft.jsch.JSchException: Auth fail I should mention that ssh/sftp works using clients such as putty or = psftp. Following is the debug trace for sshd: BSDELR01:/root # sshd -ddd -p 1022 debug2: read_server_config: filename /etc/ssh/sshd_config debug1: sshd version OpenSSH_3.8.1p1 FreeBSD-20040419 debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #0 type 2 DSA debug1: Bind to port 1022 on ::. Server listening on :: port 1022. debug1: Bind to port 1022 on 0.0.0.0. Server listening on 0.0.0.0 port 1022. debug1: Server will not fork when running in debugging mode. debug1: res_init() Connection from 205.161.40.110 port 4697 debug1: Client protocol version 2.0; client software version JSCH-0.1.20 debug1: no match: JSCH-0.1.20 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 FreeBSD-20040419 debug2: Network child is on pid 18911 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: privsep user:group 22:22 debug1: permanently_set_uid: 22/22 debug1: list_hostkey_types: ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: = diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: = aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cb= c,rij...@ly...,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: = aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cb= c,rij...@ly...,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: = hmac-md5,hmac-sha1,hmac-ripemd160,hma...@op...,hmac-sha1-96= ,hmac-md5-96 debug2: kex_parse_kexinit: = hmac-md5,hmac-sha1,hmac-ripemd160,hma...@op...,hmac-sha1-96= ,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: = diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server 3des-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client 3des-cbc hmac-md5 none debug2: dh_gen_key: priv key bits set: 190/384 debug2: bits set: 497/1024 debug1: expecting SSH2_MSG_KEXDH_INIT debug2: bits set: 497/1024 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug3: mm_answer_sign: signature 0x8077340(55) debug3: mm_request_send entering: type 5 debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user elr service ssh-connection method none debug1: attempt 0 failures 0 debug3: mm_getpwnamallow entering debug3: mm_request_send entering: type 6 debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_request_receive entering debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_request_receive_expect entering: type 7 debug3: mm_request_receive entering debug2: input_userauth_request: setting up authctxt for elr debug3: mm_start_pam entering debug3: mm_request_send entering: type 45 debug3: monitor_read: checking request 45 debug1: PAM: initializing for "elr" debug1: PAM: setting PAM_RHOST to "205.161.40.110" debug2: monitor_read: 45 used once, disabling now debug3: mm_request_receive entering debug3: mm_inform_authserv entering debug3: mm_request_send entering: type 3 debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=3Dssh-connection, style=3D debug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug2: input_userauth_request: try method none Failed none for elr from 205.161.40.110 port 4697 ssh2 Received disconnect from 205.161.40.110: 3: = com.jcraft.jsch.JSchException: Auth fail debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering Any help would be much appreciated. |
|
From: Dean P. <dea...@gm...> - 2006-07-25 14:25:42
|
I know this is covered in the mailing lists but I've still not come to a conclusion on how to fix it. com.jcraft.jsch.JSchException: Auth fail occurs when I run the scp ant task. PasswordAuthentication is set to yes in /etc/ssh/sshd_config And yes, UserAuthKI.java works when run. Any ideas? Thanks in advance, Dean. |
|
From: Adam G. <ada...@re...> - 2006-07-25 15:01:01
|
Dean- What's your ant task look like? cheers, -Adam Dean Pullen wrote: > I know this is covered in the mailing lists but I've still not come to > a conclusion on how to fix it. > > com.jcraft.jsch.JSchException: Auth fail occurs when I run the scp ant task. > > PasswordAuthentication is set to yes in /etc/ssh/sshd_config > > And yes, UserAuthKI.java works when run. > > Any ideas? Thanks in advance, > > Dean. > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > JSch-users mailing list > JSc...@li... > https://lists.sourceforge.net/lists/listinfo/jsch-users > |
|
From: Dean P. <dea...@gm...> - 2006-07-25 15:07:03
|
Here it is:
<scp todir="username:password@:host"
trust="yes"
verbose="true">
<fileset dir="temp/eardir">
<include name="*.xml"/>
<include name="earname.ear"/>
</fileset>
</scp>
Obviously I've replaced the original values.
|
|
From: Adam G. <ada...@re...> - 2006-07-25 15:28:18
|
Dean- A couple of things I see right off the bat: 1. I believe the colon before "host" is out of place...should be after....along with a destination directory/path... Also, as a test, make sure you can ssh into "host" using the specified username and password as a sanity check. cheers, -Adam Dean Pullen wrote: > Here it is: > > <scp todir="username:password@:host" > trust="yes" > verbose="true"> > <fileset dir="temp/eardir"> > <include name="*.xml"/> > <include name="earname.ear"/> > </fileset> > </scp> > > Obviously I've replaced the original values. > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > JSch-users mailing list > JSc...@li... > https://lists.sourceforge.net/lists/listinfo/jsch-users > |
|
From: Adam G. <ada...@re...> - 2006-07-25 17:22:13
|
Dean- Hmmm. That's odd.... Try breaking out the parameters in "todir," i.e., use the "password" attribute. Also try to just copy one file, ala: <scp file="myfile.txt" password="moo" todir="user@somehost:/home/chuck"/> If those don't work then I'm out of ideas....other than trying key-based authentication...but I've had mixed results with that too... Looking at my sshd_config file, a few other things: 1. Do you use PermitEmptyPasswords? Is your password empty? 2. You might also want to change the LogLevel to something more fine and then run the scp task to see if it's failing on the ssh side or the scp-task side. 3. sshd is runing on port 22, right? -adam Dean Pullen wrote: > Yes I definitely can SSH to the host using the username password combo > I'm using in the deploy script. > > My mistake about the colon, its a typo - it isn't actually there in > the file. > Its actually: > username:password@host:directory > > > On 7/25/06, Adam Gordon <ada...@re...> wrote: >> Dean- >> >> A couple of things I see right off the bat: >> >> 1. I believe the colon before "host" is out of place...should be >> after....along with a destination directory/path... >> >> Also, as a test, make sure you can ssh into "host" using the specified >> username and password as a sanity check. >> >> cheers, >> >> -Adam >> >> Dean Pullen wrote: >> > Here it is: >> > >> > <scp todir="username:password@:host" >> > trust="yes" >> > verbose="true"> >> > <fileset dir="temp/eardir"> >> > <include name="*.xml"/> >> > <include name="earname.ear"/> >> > </fileset> >> > </scp> >> > >> > Obviously I've replaced the original values. >> > >> > >> ------------------------------------------------------------------------- >> >> > Take Surveys. Earn Cash. Influence the Future of IT >> > Join SourceForge.net's Techsay panel and you'll get the chance to >> share your >> > opinions on IT & business topics through brief surveys -- and earn >> cash >> > >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> >> > _______________________________________________ >> > JSch-users mailing list >> > JSc...@li... >> > https://lists.sourceforge.net/lists/listinfo/jsch-users >> > >> >> ------------------------------------------------------------------------- >> >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to >> share your >> opinions on IT & business topics through brief surveys -- and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> >> _______________________________________________ >> JSch-users mailing list >> JSc...@li... >> https://lists.sourceforge.net/lists/listinfo/jsch-users >> |
|
From: Dean P. <dea...@gm...> - 2006-07-28 02:12:44
|
That sort of playing around with the xml params doesn't work, tried it already. Yep, port 22. But... Set PermitEmptyPasswords to yes and it worked....even though the password is not empty... On 7/25/06, Adam Gordon <ada...@re...> wrote: > Dean- > > Hmmm. That's odd.... > > Try breaking out the parameters in "todir," i.e., use the "password" > attribute. Also try to just copy one file, ala: > > <scp file="myfile.txt" password="moo" todir="user@somehost:/home/chuck"/> > > If those don't work then I'm out of ideas....other than trying key-based > authentication...but I've had mixed results with that too... > > Looking at my sshd_config file, a few other things: > > 1. Do you use PermitEmptyPasswords? Is your password empty? > 2. You might also want to change the LogLevel to something more fine > and then run the scp task to see if it's failing on the ssh side or the > scp-task side. > 3. sshd is runing on port 22, right? > > -adam > > Dean Pullen wrote: > > Yes I definitely can SSH to the host using the username password combo > > I'm using in the deploy script. > > > > My mistake about the colon, its a typo - it isn't actually there in > > the file. > > Its actually: > > username:password@host:directory > > > > > > On 7/25/06, Adam Gordon <ada...@re...> wrote: > >> Dean- > >> > >> A couple of things I see right off the bat: > >> > >> 1. I believe the colon before "host" is out of place...should be > >> after....along with a destination directory/path... > >> > >> Also, as a test, make sure you can ssh into "host" using the specified > >> username and password as a sanity check. > >> > >> cheers, > >> > >> -Adam > >> > >> Dean Pullen wrote: > >> > Here it is: > >> > > >> > <scp todir="username:password@:host" > >> > trust="yes" > >> > verbose="true"> > >> > <fileset dir="temp/eardir"> > >> > <include name="*.xml"/> > >> > <include name="earname.ear"/> > >> > </fileset> > >> > </scp> > >> > > >> > Obviously I've replaced the original values. > >> > > >> > > >> ------------------------------------------------------------------------- > >> > >> > Take Surveys. Earn Cash. Influence the Future of IT > >> > Join SourceForge.net's Techsay panel and you'll get the chance to > >> share your > >> > opinions on IT & business topics through brief surveys -- and earn > >> cash > >> > > >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> > >> > _______________________________________________ > >> > JSch-users mailing list > >> > JSc...@li... > >> > https://lists.sourceforge.net/lists/listinfo/jsch-users > >> > > >> > >> ------------------------------------------------------------------------- > >> > >> Take Surveys. Earn Cash. Influence the Future of IT > >> Join SourceForge.net's Techsay panel and you'll get the chance to > >> share your > >> opinions on IT & business topics through brief surveys -- and earn cash > >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> > >> _______________________________________________ > >> JSch-users mailing list > >> JSc...@li... > >> https://lists.sourceforge.net/lists/listinfo/jsch-users > >> > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > JSch-users mailing list > JSc...@li... > https://lists.sourceforge.net/lists/listinfo/jsch-users > |
|
From: <ym...@jc...> - 2006-07-26 23:51:25
|
Hi, +-From: "Dean Pullen" <dea...@gm...> -- |_Date: Tue, 25 Jul 2006 15:25:39 +0100 ________ | |I know this is covered in the mailing lists but I've still not come to |a conclusion on how to fix it. |com.jcraft.jsch.JSchException: Auth fail occurs when I run the scp ant task. |PasswordAuthentication is set to yes in /etc/ssh/sshd_config How about 'UsePAM' in '/etc/ssh/sshd_config'? |And yes, UserAuthKI.java works when run. The scp task included in Ant 1.6.5 does not support the keyboard-interactive authentication method. Try nightly builds[1]. The code[2] for that method has been already committed to its SVN repository. [1] http://svn.apache.org/snapshots/ant/ [2] http://marc.theaimsgroup.com/?l=ant-dev&m=111959408515300&w=2 Sincerely, -- Atsuhiko Yamanaka JCraft,Inc. 1-14-20 HONCHO AOBA-KU, SENDAI, MIYAGI 980-0014 Japan. Tel +81-22-723-2150 +1-415-578-3454 Fax +81-22-224-8773 Skype callto://jcraft/ |
|
From: Dean P. <dea...@gm...> - 2006-07-26 08:58:18
|
Thanks for your help, another colleague has previously patched the jar to include the patch and we're now using that. On 7/26/06, Atsuhiko Yamanaka <ym...@jc...> wrote: > Hi, > > +-From: "Dean Pullen" <dea...@gm...> -- > |_Date: Tue, 25 Jul 2006 15:25:39 +0100 ________ > | > |I know this is covered in the mailing lists but I've still not come to > |a conclusion on how to fix it. > |com.jcraft.jsch.JSchException: Auth fail occurs when I run the scp ant task. > |PasswordAuthentication is set to yes in /etc/ssh/sshd_config > > How about 'UsePAM' in '/etc/ssh/sshd_config'? > > |And yes, UserAuthKI.java works when run. > > The scp task included in Ant 1.6.5 does not support the keyboard-interactive > authentication method. Try nightly builds[1]. The code[2] for that method > has been already committed to its SVN repository. > > [1] http://svn.apache.org/snapshots/ant/ > [2] http://marc.theaimsgroup.com/?l=ant-dev&m=111959408515300&w=2 > > Sincerely, > -- > Atsuhiko Yamanaka > JCraft,Inc. > 1-14-20 HONCHO AOBA-KU, > SENDAI, MIYAGI 980-0014 Japan. > Tel +81-22-723-2150 > +1-415-578-3454 > Fax +81-22-224-8773 > Skype callto://jcraft/ > |
|
From: <ym...@jc...> - 2006-07-28 05:42:12
|
Hi,
+-From: "Dean Pullen" <dea...@gm...> --
|_Date: Tue, 25 Jul 2006 15:25:39 +0100 ________
|
|I know this is covered in the mailing lists but I've still not come to
|a conclusion on how to fix it.
|com.jcraft.jsch.JSchException: Auth fail occurs when I run the scp ant task.
|PasswordAuthentication is set to yes in /etc/ssh/sshd_config
|And yes, UserAuthKI.java works when run.
May I ask you to try UserAuthKI.java again with enabling following lines
in 'promptKeyboardInteractive' method ?
System.out.println("destination: "+destination);
System.out.println("name: "+name);
System.out.println("instruction: "+instruction);
System.out.println("prompt.length: "+prompt.length);
System.out.println("prompt: "+prompt[0]);
Will that method really be invoked,? If invoked, one time or two time?
Sincerely,
--
Atsuhiko Yamanaka
JCraft,Inc.
1-14-20 HONCHO AOBA-KU,
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
+1-415-578-3454
Fax +81-22-224-8773
Skype callto://jcraft/
|
|
From: Dan M. <dm...@do...> - 2005-04-12 20:58:30
|
I think i had a problem with this too a while ago, so I'm guessing a little, but it could be in the sshd_config file the setting: # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no try making it yes. On Tue, 2005-04-12 at 13:33 -0700, Waseem Wahid wrote: > jsc...@li... -- Dan Mingus dm...@do... voice: 303-445-3351 |
|
From: Waseem W. <ww...@it...> - 2005-04-12 21:39:01
|
That seems to fix it. Thanks!! But I wonder why clients such as psftp would work without having to change this setting... Also, wouldn't permitting clear text passwords (even though tunneled) be a security risk? ----- Original Message ----- From: "Dan Mingus" <dm...@do...> To: "Waseem Wahid" <ww...@it...>; <jsc...@li...> Sent: Tuesday, April 12, 2005 1:57 PM Subject: Re: [JSch-users] com.jcraft.jsch.JSchException: Auth fail >I think i had a problem with this too a while ago, so I'm guessing a > little, but it could be in the sshd_config file the setting: > > # To disable tunneled clear text passwords, change to no here! > PasswordAuthentication no > > try making it yes. > > On Tue, 2005-04-12 at 13:33 -0700, Waseem Wahid wrote: >> jsc...@li... > -- > Dan Mingus > dm...@do... > voice: 303-445-3351 > |
|
From: <no...@no...> - 2005-04-12 21:42:26
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Waseem Wahid schrieb: Hi, > com.jcraft.jsch.JSchException: Auth fail One solution might be to activate the option "PasswordAuthentication" in your sshd.conf This solved my problem concerning "Auth fail" errors. If this does not help: Sorry... Bye, Christian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCXEC5nTWygOCSLe4RAnNtAKCEJPBel3t3EGrEyaW0y7DdViTnUACeLW8v +lZGQN2jELXXCgYUG1zpCwY= =2SIg -----END PGP SIGNATURE----- |
|
From: <ym...@jc...> - 2005-04-14 02:27:54
|
Hi, +-From: "Waseem Wahid" <ww...@it...> -- |_Date: Tue, 12 Apr 2005 13:33:02 -0700 _____ | |I'm a new jsch user. We are using jsch standalone (as well as from |within ant -- sshexec and scp tasks). The problem is that it |seems to work fine when connecting to servers (running linux and |freebsd) inside =ur network (behind a firewall), but for |connection to servers outside the network, we can't get it to |work. I tried the Sftp.java example, as well the above mentioned |ant tasks. The result is the same: It fails with the exception |com.jcraft.jsch.JSchException: Auth fail |I should mention that ssh/sftp works using clients such as putty |or psftp. |Following is the debug trace for sshd: Thank you for your feedback. According to debug lines from sshd, it seems there are problems in getting response sforathe uthentication method 'none'. # By using method 'none', we can know what kinds of auth-methods are # supported on the remote sshd. If your sshd is on DMZ and is accessible from the Internet, may I ask you to allow me to get access to your sshd for debugging? The login access is not required in this case. If it is acceptable, please write me IP-address of that sshd to ym...@jc.... Thanks, -- ymnk |
|
From: <ym...@jc...> - 2005-04-19 00:52:20
|
Hi, +-From: "Waseem Wahid" <ww...@it...> -- |_Date: Tue, 12 Apr 2005 13:33:02 -0700 _____ | | The problem is that it seems to |work fine when connecting to servers (running linux and freebsd) inside |our network (behind a firewall), but for connection to servers outside |the network, we can't get it to work. I tried the Sftp.java example, as |well the above mentioned ant tasks. The result is the same: It fails |with the exception |com.jcraft.jsch.JSchException: Auth fail |Following is the debug trace for sshd: |BSDELR01:/root # sshd -ddd -p 1022 |debug2: read_server_config: filename /etc/ssh/sshd_config |debug1: sshd version OpenSSH_3.8.1p1 FreeBSD-20040419 |debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. Thank you for your help. I tried your sshd. At a glance to your sshd log, I had worried that there may be a problem in handing 'none' user auth method, but after accessing to your sshd and checking its configuration, I guess there is not problem in jsch. The reason is that your sshd only supports public-key and keyboard-interactive authentication. Try 'examples/UserAuthKI.java'. Thanks, -- ymnk |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X