Descobri que o arquivo de configuração neste sistema foi alterado para forçar um comando específico "sftp" para conexões ssh. Removendo essa força (restaurando o arquivo de configuração para original) restaurou a funcionalidade completa do ssh.
Isso costumava funcionar bem, agora eu de repente não consigo fazer ssh no meu servidor Mac OS X Leão da Montanha. Nem mesmo para localhost. Parece autenticar, mas nunca lança o shell, por isso apenas congela. Aqui está a saída de 'ssh -vvv -o LogLevel = DEBUG3 localhost:'
miniserve:~ owen$ ssh -vvv -o LogLevel=DEBUG3 localhost
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /Users/owen/.ssh/id_rsa type -1
debug1: identity file /Users/owen/.ssh/id_rsa-cert type -1
debug1: identity file /Users/owen/.ssh/id_dsa type -1
debug1: identity file /Users/owen/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug2: fd 5 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "localhost" from file "/Users/owen/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/owen/.ssh/known_hosts:7
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 121/256
debug2: bits set: 513/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 66:28:76:d2:aa:ce:bd:90:e2:11:8d:91:00:fb:85:b4
debug3: load_hostkeys: loading entries for host "localhost" from file "/Users/owen/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /Users/owen/.ssh/known_hosts:7
debug3: load_hostkeys: loaded 1 keys
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/owen/.ssh/known_hosts:7
debug2: bits set: 509/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/owen/.ssh/id_rsa (0x0)
debug2: key: /Users/owen/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Miscellaneous failure (see text)
No credentials cache file found
debug1: An invalid name was supplied
unknown mech-code 0 for mech 1 2 752 43 14 2
debug1: Miscellaneous failure (see text)
unknown mech-code 0 for mech 1 3 6 1 5 5 14
debug2: we sent a gssapi-with-mic packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: An unsupported mechanism was requested
unknown mech-code 0 for mech 1 3 5 1 5 2 7
debug1: Miscellaneous failure (see text)
unknown mech-code 0 for mech 1 3 6 1 5 2 5
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/owen/.ssh/id_rsa
debug3: no such identity: /Users/owen/.ssh/id_rsa
debug1: Trying private key: /Users/owen/.ssh/id_dsa
debug3: no such identity: /Users/owen/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 24 padlen 8 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to localhost ([127.0.0.1]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: fd 5 setting TCP_NODELAY
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
O log do servidor não mostra nada significativo:
Jul 16 11:49:41 miniserve.xxx.com sshd[80459]: Accepted keyboard-interactive/pam for owen from 65.196.54.199 port 12358 ssh2
Jul 16 11:49:42 miniserve.xxx.com sshd[80459]: USER_PROCESS: 80462 ttys000
Jul 16 11:49:42 miniserve.xxx.com sftp-server[80463]: session opened for local user owen from [65.196.54.199]
Jul 16 11:50:56 miniserve.xxx.com sshd[80510]: /etc/sshd_config line 70: Unsupported option KerberosGetAFSToken
Jul 16 11:50:56 miniserve.xxx.com ssh[80508]: gss_init_sec_context is called on main thread, its a blocking api
Jul 16 11:51:00 miniserve.xxx.com sshd[80510]: Accepted keyboard-interactive/pam for owen from 127.0.0.1 port 58417 ssh2
Jul 16 11:51:00 miniserve.xxx.com sshd[80510]: USER_PROCESS: 80516 ttys005
Jul 16 11:51:00 miniserve.xxx.com sftp-server[80517]: session opened for local user owen from [127.0.0.1]
Eu apreciaria qualquer ajuda que você puder fornecer. Obrigado.
Descobri que o arquivo de configuração neste sistema foi alterado para forçar um comando específico "sftp" para conexões ssh. Removendo essa força (restaurando o arquivo de configuração para original) restaurou a funcionalidade completa do ssh.