Login attempt for nonexistent user

Laurent Bourdel lbourdel at yahoo.fr
Tue Oct 30 06:18:16 AWST 2018 

Hi,
I fail to login with ssh client to dropbox
I use Udoo ARM board with busybox to install ssh server
I cross compiled dropbear under VirtualBox lubuntu and install binary to board ( /bin & /sbin)
I generate RSA key (ssh-keygen -t rsa ) under lubuntu and copied  content to /home/root/.ssh/authorized_keys on Udoo board
I run on Udoo board : dropbear -vFE
On VM lubuntu : ssh  -vvv root at 192.168.0.2
I add trace on dropbear sources and found problem come with function getpwnam to read /etc/password with 
 errno=0; pw = getpwnam(username);  dropbear_log(LOG_WARNING,"LBR %s %d %s",__FILE__ ,__LINE__, strerror(errno)); if (!pw) { return; }

[157] Jan 01 01:06:50 LBR common-session.c 595 No such file or directory
So it seems, there is problem to read /etc/password ?
It well located in correct folder :
~ # ls -l /etctotal 28drwx------    3 root     user          4096 Oct 29  2018 dropbear-rwxrwxrwx    1 root     user           192 Oct 28  2018 fstab-rw-r--r--    1 root     user            23 Oct 29  2018 group-rw-r--r--    1 root     user            10 Oct 29  2018 group-drwxrwxrwx    2 root     user          4096 Oct 28  2018 init.d-rwxrwxrwx    1 root     user           313 Oct 16  2018 inittab-rw-r--r--    1 root     user            34 Oct 29  2018 passwd

~ # cat /etc/passwd root::0:0:root:/home/root:/bin/sh
Below are logs for client & server
If you can jelp, thx in advance
Laurent
Server log : (dropbear)TRACE  (152) 0.000000: enter buf_get_rsa_priv_keyTRACE  (152) 0.001172: enter buf_get_rsa_pub_keyTRACE  (152) 0.002107: leave buf_get_rsa_pub_key: successTRACE  (152) 0.003313: leave buf_get_rsa_priv_keyTRACE  (152) 0.003505: leave loadhostkeyTRACE  (152) 0.012073: enter buf_get_dss_pub_keyTRACE  (152) 0.012952: leave buf_get_dss_pub_key: successTRACE  (152) 0.013182: leave loadhostkeyTRACE  (152) 0.022614: enter buf_get_ecdsa_priv_keyTRACE  (152) 0.022860: enter buf_get_ecc_raw_pubkeyTRACE  (152) 0.023920: leave buf_get_ecdsa_pub_keyTRACE  (152) 0.024171: leave loadhostkeyTRACE  (152) 0.024320: Disabling key type 3TRACE  (152) 0.024456: Disabling key type 4TRACE  (152) 0.034250: listensockets: 1 to tryTRACE  (152) 0.034549: listening on ':22'TRACE  (152) 0.034735: enter dropbear_listenTRACE  (152) 0.034902: dropbear_listen: all interfacesTRACE  (152) 0.106907: socket() failedTRACE  (152) 0.107232: leave dropbear_listen: success, 1 socks boundTRACE  (152) 0.107564: Couldn't set IPV6_TCLASS (Protocol not available)[152] Jan 01 01:06:43 Not backgrounding[157] Jan 01 01:06:49 Child connection from 192.168.0.1:59381TRACE  (157) 6.144213: enter session_initTRACE  (157) 6.144613: setnonblocking: 4TRACE  (157) 6.144776: leave setnonblockingTRACE  (157) 6.144903: setnonblocking: 4TRACE  (157) 6.145031: leave setnonblockingTRACE  (157) 6.145149: update_channel_prioTRACE  (157) 6.145267: update_channel_prio: not anyTRACE  (157) 6.145389: Dropbear priority transitioning 10 -> 11TRACE  (157) 6.145753: Couldn't set IPV6_TCLASS (Protocol not available)TRACE  (157) 6.146138: setnonblocking: 3TRACE  (157) 6.146320: leave setnonblockingTRACE  (157) 6.146443: setnonblocking: 5TRACE  (157) 6.146576: leave setnonblockingTRACE  (157) 6.147021: leave session_initTRACE  (157) 6.147548: kexinitialise()TRACE  (157) 6.147801: algolist add 'curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256'TRACE  (157) 6.148013: algolist add 'ecdsa-sha2-nistp256,ssh-rsa,ssh-dss'TRACE  (157) 6.148209: algolist add 'aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,3des-ctr,3des-cbc'TRACE  (157) 6.148403: algolist add 'aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,3des-ctr,3des-cbc'TRACE  (157) 6.148551: algolist add 'hmac-sha1-96,hmac-sha1,hmac-sha2-256'TRACE  (157) 6.148691: algolist add 'hmac-sha1-96,hmac-sha1,hmac-sha2-256'TRACE  (157) 6.148830: algolist add 'none'TRACE  (157) 6.148965: algolist add 'none'TRACE  (157) 6.149190: DATAALLOWED=0TRACE  (157) 6.149351: -> KEXINITTRACE  (157) 6.149522: enter set_connect_fdsTRACE  (157) 6.149850: maybe_empty_reply_queue - no data allowedTRACE  (157) 6.150025: enter handle_connect_fdsTRACE  (157) 6.150151: leave handle_connect_fds - end iterTRACE  (157) 6.150744: empty queue dequeingTRACE  (157) 6.150954: enter set_connect_fdsTRACE  (157) 6.215700: enter ident_readlnTRACE  (157) 6.217209: leave ident_readln: return 43TRACE  (157) 6.217443: remoteident: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10TRACE  (157) 6.217616: maybe_empty_reply_queue - no data allowedTRACE  (157) 6.217748: enter handle_connect_fdsTRACE  (157) 6.217870: leave handle_connect_fds - end iterTRACE  (157) 6.218013: enter set_connect_fdsTRACE  (157) 6.228750: process_packet: packet type = 20,  len 1960TRACE  (157) 6.228957: got expected packet 20 during kexinitTRACE  (157) 6.229102: <- KEXINITTRACE  (157) 6.229225: enter recv_msg_kexinitTRACE  (157) 6.229411: buf_match_algo: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-1TRACE  (157) 6.229688: kexguess2 1TRACE  (157) 6.229831: kex algo curve25519-sha256 at libssh.orgTRACE  (157) 6.229975: buf_match_algo: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521sTRACE  (157) 6.230222: hostkey algo ecdsa-sha2-nistp256TRACE  (157) 6.230484: buf_match_algo: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes256-gcm at openssh.com,eTRACE  (157) 6.230667: enc c2s is  aes128-ctrTRACE  (157) 6.230805: buf_match_algo: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes25cbc,3des-cbc,blowfeTRACE  (157) 6.230974: enc s2c is  aes128-ctrTRACE  (157) 6.231114: buf_match_algo: hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com,h2TRACE  (157) 6.564810: got expected packet 30 during kexinitTRACE  (157) 6.564951: enter recv_msg_kexdh_initTRACE  (157) 6.565082: enter send_msg_kexdh_replyTRACE  (157) 6.592669: buf_put_ecdsa_signTRACE  (157) 6.627674: leave send_msg_kexdh_replyTRACE  (157) 6.627738: enter send_msg_newkeysTRACE  (157) 6.627784: enter gen_new_keysTRACE  (157) 6.627901: leave gen_new_keysTRACE  (157) 6.627944: switch_keys transTRACE  (157) 6.627981: leave send_msg_newkeysTRACE  (157) 6.628014: leave recv_msg_kexdh_initTRACE  (157) 6.628048: enter handle_connect_fdsTRACE  (157) 6.628083: leave handle_connect_fds - end iterTRACE  (157) 6.628176: empty queue dequeingTRACE  (157) 6.628222: enter set_connect_fds  (157) 6.745923: process_packet: packet type = 21,  len 6TRACE  (157) 6.746215: got expected packet 21 during kexinitTRACE  (157) 6.746363: enter recv_msg_newkeysTRACE  (157) 6.746492: switch_keys recvTRACE  (157) 6.746709: switch_keys doneTRACE  (157) 6.746872: kexinitialise()TRACE  (157) 6.747007: leave recv_msg_newkeysTRACE  (157) 6.747140: enter handle_connect_fdsTRACE  (157) 6.747270: leave handle_connect_fds - end iterTRACE  (157) 6.747416: enter sTRACE  (157) 6.768252: process_packet: packet type = 5,  len 22TRACE  (157) 6.768469: enter recv_msg_service_requestTRACE  (157) 6.768620: accepting service ssh-userauthTRACE  (157) 6.768874: leave recv_msg_service_request: done ssh-userauthTRACE  (157) 6.769099: enter handle_connect_fdsTRACE  (157) 6.769238: leave handle_connect_fds - end iterTRACE  (157) 6.769514: empty queue dequeingTRACE  (157) 6.769699: enter set_connect_fdsTRACE  (157) 6.781262: process_packet: packet type = 50,  len 40TRACE  (157) 6.781607: enter recv_msg_userauth_request[157] Jan 01 01:06:50 LBR recv_msg_userauth_request root ssh-connection noneTRACE  (157) 6.782116: enter checkusername[157] Jan 01 01:06:50 LBR svr-auth.c 259[157] Jan 01 01:06:50 LBR svr-auth.c 264[157] Jan 01 01:06:50 LBR svr-auth.c 270[157] Jan 01 01:06:50 LBR svr-auth.c 272[157] Jan 01 01:06:50 LBR common-session.c 581  username root [157] Jan 01 01:06:50 LBR common-session.c 595 No such file or directory[157] Jan 01 01:06:50 LBR svr-auth.c 285[157] Jan 01 01:06:50 LBR svr-auth.c 293TRACE  (157) 6.794742: leave checkusername: user 'root' doesn't exist[157] Jan 01 01:06:50 Login attempt for nonexistent user:root from 192.168.0.1:59381[157] Jan 01 01:06:50 LBR valid_user = 0TRACE  (157) 6.795387: recv_msg_userauth_request: 'none' requestTRACE  (157) 6.795535: enter send_msg_userauth_failureTRACE  (157) 6.795684: auth fail: methods 6, 'publickey,password'[157] Jan 01 01:06:50 LBR send_msg_userauth_failure (null)TRACE  (157) 6.796226: leave send_msg_userauth_failureTRACE  (157) 6.796382: enter handle_connect_fdsTRACleave handle_connect_fds - end iterTRACE  (157) 6.796827: empty queue dequeingTRACE  (157) 6.797019: enter set_connect_fdsTRACE  (157) 6.799683: process_packet: packet type = 50,  len 340TRACE  (157) 6.799902: enter recv_msg_userauth_request[157] Jan 01 01:06:50 LBR recv_msg_userauth_request root ssh-connection publickeyTRACE  (157) 6.800636: enter checkusername[157] Jan 01 01:06:50 LBR svr-auth.c 259[157] Jan 01 01:06:50 LBR svr-auth.c 264[157] Jan 01 01:06:50 LBR svr-auth.c 270[157] Jan 01 01:06:50 LBR svr-auth.c 278[157] Jan 01 01:06:50 LBR svr-auth.c 285TRACE  (157) 6.801857: checkusername: returning cached failure[157] Jan 01 01:06:50 LBR valid_user = 0[157] Jan 01 01:06:50 LBR DROPBEAR_SVR_PASSWORD_AUTH[157] Jan 01 01:06:50 LBR svr-auth.c 190[157] Jan 01 01:06:50 LBR DROPBEAR_SVR_PUBKEY_AUTH send_msg_userauth_failureTRACE  (157) 6.802748: enter send_msg_userauth_failureTRACE  (157) 6.802899: auth fail: methods 6, 'publickey,password'[157] Jan 01 01:06:50 LBR send_msg_userauth_failure (null)TRACE  (157) 6.803403: leave send_msg_userauth_failureTRACE  (157) 6.803636: enter handle_connect_fdsTRACE  (157) 6.803772: leave handle_connect_fds - end iterTRACE  (157) 6.804073: empty queue dequeingTRACE  (157) 6.804250: enter set_connect_fds[157] Jan 01 01:08:08 Exit before auth: Exited normallyTRACE  (157) 85.377204: enter session_cleanupTRACE  (157) 85.377465: enter chancleanupTRACE  (157) 85.377622: leave chancleanupTRACE  (157) 85.378037: leave session_cleanup^C[152] Jan 01 01:08:14 Early exit: Terminated by signalTRACE  (152) 91.338894: enter session_cleanupTRACE  (152) 91.339131: leave session_cleanup: !ses.init_done~ # 


Client log: (ssh)debug1: Reading configuration data /etc/ssh/ssh_configdebug1: /etc/ssh/ssh_config line 19: Applying options for *debug2: ssh_connect: needpriv 0debug1: Connecting to 192.168.0.2 [192.168.0.2] port 22.debug1: Connection established.debug3: Incorrect RSA1 identifierdebug3: Could not load "/home/user/.ssh/id_rsa" as a RSA1 public keydebug1: identity file /home/user/.ssh/id_rsa type 1debug1: identity file /home/user/.ssh/id_rsa-cert type -1debug1: identity file /home/user/.ssh/id_dsa type -1debug1: identity file /home/user/.ssh/id_dsa-cert type -1debug1: identity file /home/user/.ssh/id_ecdsa type -1debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1debug1: identity file /home/user/.ssh/id_ed25519 type -1debug1: identity file /home/user/.ssh/id_ed25519-cert type -1debug1: Enabling compatibility mode for protocol 2.0debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10debug1: Remote protocol version 2.0, remote software version dropbear_2018.76debug1: no match: dropbear_2018.76debug2: fd 3 setting O_NONBLOCKdebug3: load_hostkeys: loading entries for host "192.168.0.2" from file "/home/user/.ssh/known_hosts"debug3: load_hostkeys: found key type ECDSA in file /home/user/.ssh/known_hosts:1debug3: load_hostkeys: loaded 1 keysdebug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521debug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ssh-ed25519,ssh-rsa,ssh-dssdebug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.sedebug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.sedebug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: none,zlib at openssh.com,zlibdebug2: kex_parse_kexinit: none,zlib at openssh.com,zlibdebug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,kexguess2 at matt.ucc.asn.audebug2: kex_parse_kexinit: ecdsa-sha2-nistp256,ssh-rsa,ssh-dssdebug2: kex_parse_kexinit: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,3des-ctr,3des-cbcdebug2: kex_parse_kexinit: aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,3des-ctr,3des-cbcdebug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-sha2-256debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-sha2-256debug2: kex_parse_kexinit: nonedebug2: kex_parse_kexinit: nonedebug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: setup hmac-sha1debug1: kex: server->client aes128-ctr hmac-sha1 nonedebug2: mac_setup: setup hmac-sha1debug1: kex: client->server aes128-ctr hmac-sha1 nonedebug1: sending SSH2_MSG_KEX_ECDH_INITdebug1: expecting SSH2_MSG_KEX_ECDH_REPLYdebug1: Server host key: ECDSA 46:38:97:c9:70:12:5d:0b:66:ba:b1:a9:cf:32:b9:7adebug3: load_hostkeys: loading entries for host "192.168.0.2" from file "/home/user/.ssh/known_hosts"debug3: load_hostkeys: found key type ECDSA in file /home/user/.ssh/known_hosts:1debug3: load_hostkeys: loaded 1 keysdebug1: Host '192.168.0.2' is known and matches the ECDSA host key.debug1: Found key in /home/user/.ssh/known_hosts:1debug1: ssh_ecdsa_verify: signature correctdebug2: kex_derive_keysdebug2: set_newkeys: mode 1debug1: SSH2_MSG_NEWKEYS sentdebug1: expecting SSH2_MSG_NEWKEYSdebug2: set_newkeys: mode 0debug1: SSH2_MSG_NEWKEYS receiveddebug1: SSH2_MSG_SERVICE_REQUEST sentdebug2: service_accept: ssh-userauthdebug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug2: key: /home/user/.ssh/id_rsa (0x80dffdf0),debug2: key: /home/user/.ssh/id_dsa ((nil)),debug2: key: /home/user/.ssh/id_ecdsa ((nil)),debug2: key: /home/user/.ssh/id_ed25519 ((nil)),debug1: Authentications that can continue: publickey,passworddebug3: start over, passed a different list publickey,passworddebug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,passworddebug3: authmethod_lookup publickeydebug3: remaining preferred: keyboard-interactive,passworddebug3: authmethod_is_enabled publickeydebug1: Next authentication method: publickeydebug1: Offering RSA public key: /home/user/.ssh/id_rsadebug3: send_pubkey_testdebug2: we sent a publickey packet, wait for replydebug1: Authentications that can continue: publickey,passworddebug1: Trying private key: /home/user/.ssh/id_dsadebug3: no such identity: /home/user/.ssh/id_dsa: No such file or directorydebug1: Trying private key: /home/user/.ssh/id_ecdsadebug3: no such identity: /home/user/.ssh/id_ecdsa: No such file or directorydebug1: Trying private key: /home/user/.ssh/id_ed25519debug3: no such identity: /home/user/.ssh/id_ed25519: No such file or directorydebug2: we did not send a packet, disable methoddebug3: authmethod_lookup passworddebug3: remaining preferred: ,passworddebug3: authmethod_is_enabled passworddebug1: Next authentication method: passwordroot at 192.168.0.2's password: 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20181029/b567b1bc/attachment-0001.htm

More information about the Dropbear mailing list