When I am trying to connect to a sever using ssh, I happen to see the following statements in the server side logs:
none for user User rejected because it is unavailable
password for user User accepted
I am able to connect to the server, but I am getting that "rejected" message in logs.
What I want to do is to eliminate that message. So when I did some digging around I came to know that the "none" authentication method is used to determine the types of authentication methods available and only in rare cases is the "none" authentication method supported by the server.
So is there any way I can tell the ssh not to use the "none" authentication method?
I already tried specifying the preferred authentication method using:
-o PreferredAuthentications=password
but still I am getting that error message.
So is there any way I can tell ssh not to use the none authentication method/
In that case it just displays the possibe authentication method and exits. But it i give the method as "password" first it is taking "none" and then taking "password". The connection is ok
When connecting to a server with ssh if there is a public key/private key authentication token between server, the ssh will try to use that key. If for some reason the key does not work, then ssh will try asking for a password. Key based authentication won't work if the .ssh directory is world or group writable, readable or executable or the home directory is world writable. You may want to check the permissions on your home and .ssh directories.
Ok i understand the issue.This happened from ssh server and i guess the is mandatory.Maybe you are using the Vshell and
if there is an parameter called the name is like "NoneAuthentication" method and i m not sure , if this can be eliminated bt this but just u can try.
or you can use the ssh-1 but i think your server is not permitted this and this cannot be preferred.
and you can the look the more infos at the below links.
The SSH-2 protocol is more flexible: the server informs the client which authentication methods are usable at any point in the exchange,
as opposed to just once at the beginning of the connection, as in SSH-1.
Thus, an SSH-2 server can, for example, decide to disallow public-key authentication after two unsuccessful attempts
but still continue allowing the password method only.
One use of this feature is interesting to note.
SSH-2 clients usually first make an authentication request using a special method, "none."
It always fails and returns the real authentication methods permitted by the server.
If you see puzzling references in the SSH logs indicating that the method "none" has "failed," now you know what's going on (and it's normal).
Thanks for the reply, but from that other issue that you posted, I got to know that this is a default behavior. But it does not says how to avoid using "none" authentication method.
I tried with the NoneAuthentication option and it says it is not supported.
command-line: line 0: Bad configuration option: NoneAuthentication
Connection closed
1 - (open)-ssh client asks the server for auth-methods as in the normal ssh-client-work as userauth-request
(because almost ssh clients wants to know which auth methods that the server supports) )
and cannot change this behaviour with add parameters as far as i m know for the open-ssh client
and therefore you must change the server config
if there is possibility of use the different ssh clients and then may you can this.
for exa i tested bitvise ssh client with selected "initial method" option to any (password,pubkey,gssapi,keyboard-interactive..)
and this is SuCcess so "ssh-connection method none [preauth]" is not logging any mode (debug[1-3],verbose or any others)
lastly this ssh client allow the authenticaton methods which we want to choose any methods...
And you will not see the message that is "rejected ....." in your server logs.
this is just a choise.I dont know its applicability.
2 - i wanted to test the vshell server but i cant download it.
below is the answer to me from vandyke and they give late response.
Hello Yucel,
Thank you for your interest in VShell(R).
We apologize for the inconvenience, unfortunately, U.S.
export regulations do not allow automated downloads to some
countries.
However, by providing some additional information, you can
still download and evaluate VShell.
.............
Sincerely,
Leslie Tyk
Orders Department
VanDyke Software, Inc.
505-332-5710
505-332-5701 (fax)
sales@vandyke.com
www.vandyke.com
3 - u can check the loglevel on the server-side.*(sshd_config -> vshelld_config)
I have already tried out not logging the "auth" events in vShell and that seems to work.
I got to thinking that since the client is initiating the ssh session, it will be the client that sends the "none" auth method request and from my other searches was able to confirm this as well. So I came to the conclusion that there will be some option within the ssh config files which prevents sending out the "none" auth request and hence my futile searches.
I will try out the rest of your suggestions and get back to when I have some results.
---------- Post updated at 11:30 PM ---------- Previous update was at 11:26 AM ----------
I tried changing the AuthenticationsAllowed and AuthenticationsRequired to "password" only in vShell, but still it is using the "none" authentication first and then only it is going for password.
---------- Post updated 05-27-14 at 04:42 AM ---------- Previous update was 05-26-14 at 11:30 PM ----------
I have one query. You said you were able to connect to server with any initial auth method using bitvise client. I also tried that and noticed the same,i.e , I am not getting that "none rejected" message.
So how is this bitvise client able to choose the initial auth method? If they are able to do it, why cannot we do the same. After all they too will be using the same open-ssh only(may be with some modifications). And I think it is the only one were none is listed as an auth method.
---------- Post updated at 07:42 AM ---------- Previous update was at 04:42 AM ----------
It is set to no. Initially it was commented out. Tried with that parameter set to "no" and still the it is taking "none" as initial authentication method.
it has differ codes in the bitvise ssh client ( executable) and it does not send to ssh-server with none-method as in its source code files for know the auth-methods.(written in that way)
and it does not use the openssh sources, it uses FlowSsh libraries and compiled from c++ platform for windows.