Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to log in to server with public key after changing server's password #1254

Closed
kentnek opened this issue Sep 23, 2018 · 9 comments
Closed

Unable to log in to server with public key after changing server's password #1254

kentnek opened this issue Sep 23, 2018 · 9 comments
Labels
Issue-Discussion-Deprecated/use GitHub discussions

Comments

@kentnek
Copy link

kentnek commented Sep 23, 2018
edited
Loading

Please answer the following

If it is a terminal issue then please go through wiki
https://github.com/PowerShell/Win32-OpenSSH/wiki/TTY-PTY-support-in-Windows-OpenSSH

"OpenSSH for Windows" version
7.7.2.0

Server OperatingSystem
Windows 10 Pro

Client OperatingSystem
Windows 10 Enterprise

What is failing
OpenSSH was installed using chocolatey. The client could ssh into my server (both are on the same network) until I changed the Windows password on the server itself. Now both password and public-key methods fail to work.

Expected output
Able to log in as before.

Actual output
Unable to log in using either password or public-key:

Permission denied, please try again.

Logs

PS C:\Windows\system32> psexec -s sshd.exe -ddd

PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com


debug2: load_server_config: filename __PROGRAMDATA__\\ssh/sshd_config
debug2: load_server_config: done config len = 159
debug2: parse_server_config: config __PROGRAMDATA__\\ssh/sshd_config len 159
debug3: __PROGRAMDATA__\\ssh/sshd_config:9 setting Port 22
debug3: __PROGRAMDATA__\\ssh/sshd_config:38 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: __PROGRAMDATA__\\ssh/sshd_config:76 setting Subsystem sftp      sftp-server.exe
debug1: sshd version OpenSSH_for_Windows_7.7, LibreSSL 2.6.4
debug1: private host key #0: ssh-rsa SHA256:/uBa1Za0z2zSGQ0Y9uik56pG0bxe73Cddh28izl2YD4
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:0fYsqA40DuV4zW2tim46pg0/cuC5/SBkbUMxmu3tMic
debug1: private host key #2: ssh-ed25519 SHA256:aM6mL06EnHRIxecmQ+wDxD0HRKm+DSqHTqoWSv5cjVc
debug1: rexec_argv[0]='sshd.exe'
debug1: rexec_argv[1]='-ddd'
debug2: fd 3 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 159
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
Connection from 192.168.50.130 port 63154 on 192.168.50.179 port 22
debug1: Client protocol version 2.0; client software version OpenSSH_7.7
debug1: match: OpenSSH_7.7 pat OpenSSH* compat 0x04000000
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug2: fd 5 setting O_NONBLOCK
debug3: spawning "C:\\Program Files\\OpenSSH-Win64\\sshd.exe" "-ddd" "-y"
debug2: Network child is on pid 16612
debug3: send_rexec_state: entering fd = 4 config len 159
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug3: ssh_msg_send: type 0
debug3: ssh_msg_send: type 0
debug3: preauth child monitor started
debug3: recv_rexec_state: entering fd = 3
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config: config __PROGRAMDATA__\\ssh/sshd_config len 159
debug3: __PROGRAMDATA__\\ssh/sshd_config:9 setting Port 22
debug3: __PROGRAMDATA__\\ssh/sshd_config:38 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: __PROGRAMDATA__\\ssh/sshd_config:76 setting Subsystem sftp      sftp-server.exe
debug1: sshd version OpenSSH_for_Windows_7.7, LibreSSL 2.6.4
debug3: ssh_msg_recv entering
debug3: ssh_msg_recv entering
debug2: fd 5 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none [preauth]
debug2: compression stoc: none [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c [preauth]
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc [preauth]
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none [preauth]
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: receive packet: type 30 [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: hostkey proof signature 0000025B92E482A0(100)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: send packet: type 31 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: send packet: type 7 [preauth]
debug3: receive packet: type 21 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug3: receive packet: type 5 [preauth]
debug3: send packet: type 6 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user kent service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug2: parse_server_config: config reprocess config len 159

This is where it gets weird:

debug1: get_passwd: LookupAccountName() failed: 1332.
Invalid user kent from 192.168.50.130 port 63154

Continue:

debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 0
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
debug3: send packet: type 51 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 4 used once, disabling now
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user kent service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug2: userauth_pubkey: disabled because of invalid user [preauth]

^ Public key is disabled due to the invalid user error.

debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
debug3: send packet: type 51 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user kent service ssh-connection method keyboard-interactive [preauth]
debug1: attempt 2 failures 1 [preauth]
debug2: input_userauth_request: try method keyboard-interactive [preauth]
debug1: keyboard-interactive devs  [preauth]
debug1: auth2_challenge: user=kent devs= [preauth]
debug1: kbdint_alloc: devices '' [preauth]
debug2: auth2_challenge_start: devices  [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
debug3: send packet: type 51 [preauth]
@kentnek kentnek changed the title Unable to log in to server after changing server's password Unable to log in to server with public key after changing server's password Sep 23, 2018
@rezeptpflichtig
Copy link

I have the same problem, I can ssh in with my personal domain account but not with my local admin account.

@manojampalam
Copy link
Contributor

manojampalam commented Sep 26, 2018
edited
Loading

Was not able to reproduce on my end.

1332 - "No mapping between account names and security IDs was done."

Can you check if the user account is in good shape? Are you able to login using those credentials interactively on your server? Can you try the same steps with a different/new account?

@kentnek
Copy link
Author

kentnek commented Sep 26, 2018

My server is actually my personal laptop with only one admin account, and yes I can normally login with the account's credentials. The client is just another laptop which I need to ssh to my personal laptop.

What's funny is the ssh setup worked before, until I changed my personal laptop (server)'s password.

By the way, the error I got was 1332, not 1322. May I know what the message is for that error (1332)?

@manojampalam
Copy link
Contributor

That was for 1332. Fixed it now. Recommend playing with one other account to scope down the issue

@bagajjal
Copy link
Collaborator

https://docs.microsoft.com/en-us/windows/desktop/Debug/system-error-codes--1300-1699-

ERROR_NONE_MAPPED

1332 (0x534)

No mapping between account names and security IDs was done.

@kentnek
Copy link
Author

kentnek commented Sep 26, 2018

Oh wow thanks everyone for the heads up. A quick search on the error itself led me to the netplwiz command, which allowed me to view the current user accounts on my laptop. It turned out for some weird reason, after changing my Windows password, the username became my full email address.

So I changed my username back to kent in netplwiz, and everything works now. Hence I'm closing the issue.

@kentnek kentnek closed this as completed Sep 26, 2018
@ipndeveloper
Copy link

Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> cd "C:\Program Files\OpenSSH-Win64"
PS C:\Program Files\OpenSSH-Win64> ssh-keygen -A
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
PS C:\Program Files\OpenSSH-Win64> sshd.exe -ddd
debug2: load_server_config: filename PROGRAMDATA\ssh/sshd_config
debug2: load_server_config: done config len = 253
debug2: parse_server_config: config PROGRAMDATA\ssh/sshd_config len 253
debug3: PROGRAMDATA\ssh/sshd_config:38 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: PROGRAMDATA\ssh/sshd_config:79 setting Subsystem sftp sftp-server.exe
debug3: checking syntax for 'Match Group administrators'
debug1: sshd version OpenSSH_for_Windows_7.9, LibreSSL 2.6.5
debug1: get_passwd: LookupAccountName() failed: 1332.
debug1: private host key #0: ssh-rsa SHA256:WBnE1br59auYc6fObiJVSEJMjWhS1E7KLlB1Hob7j6I
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:9snHnGsXJGTXNy8hc60s83fLhQl2liyVKA2LQ1vmv9Q
debug1: private host key #2: ssh-ed25519 SHA256:u+yhTRePA45NUp5rkjIaCg9zHkBoY/v9tIbPDgaZS5A
debug1: rexec_argv[0]='C:\Program Files\OpenSSH-Win64\sshd.exe'
debug1: rexec_argv[1]='-ddd'
debug2: fd 3 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.

error get_passwd: LookupAccountName() failed: 1332. ? what is the solution?

@NoMoreFood
Copy link

@ipndeveloper This error basically means that Windows couldn't find an account that matched the username string that you put in. Usually the LookupAccountName() is very forgiving so ensure that you're specifying an account that is valid on the destination system and/or try using a different format (username, DOMAIN\username, username@domain.com, etc). I also recommend opening a separate issue to discuss this.

@ipndeveloper
Copy link

@NoMoreFood thanks for answering , I followed the steps of this link
https://hostadvice.com/how-to/how-to-install-an-openssh-server-client-on-a-windows-2016-server/
but how can I establish the suggestion you mention?
when I execute this command ssh-keygen.exe -A 'the key is created, which then when executing sshd.exe -ddd reads the information of the generated keys is corraceto that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue-Discussion-Deprecated/use GitHub discussions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@kentnek @rezeptpflichtig @NoMoreFood @manojampalam @bagajjal @ipndeveloper