ssh connection issue

Sergio Bascur — Wed, 11 Aug 2010 19:48:30 GMT

Hi all,
I am trying to log in between 2 server with ssh.
I`ve already generated the private and public keys on both server and I added the certificate on the .ssh/authorized_keys file on both path home users on both servers, but I can do the login just in one way and not bidirectionally.
The details of machines/users are follow:

CLUXDS03/bckpuser --> CLUXDS04/ora1102 (ora1102 user has the same user id than oracle user on CLUXDS04)

When I try to connect from CLUXDS04 to CLUXDS03 with ora1102 or oracle user I don't have any problem...

Thanks in advices!

Re: ssh connection issue

Steven Schweda — Wed, 11 Aug 2010 21:39:01 GMT

Is this problem any different from the one in
your earlier posting?

http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1443187

The diagnostic procedure suggested there is
the same one I'd suggest here.

> I`ve already generated [...]

From your description, we don't know how many
sets of key data files you've generated,
where you put them all, who owns them, what
their permissions are, or any number of other
(potentially important) details. As usual,
showing actual commands with their actual
output can be more helpful than vague (or
incomplete) descriptions and interpretations.
"ls -l" is popular.

But I'd start with that "ssh -v[v[v]] [...]"
command, as previously suggested. If you
compare the output from that for a successful
"ssh" command with that for a failing "ssh"
command, then you may be able to diagnose the
problem yourself.

Re: ssh connection issue

Viktor Balogh — Thu, 12 Aug 2010 12:21:55 GMT

Hi Sergio,

First of all, check the permissions of .ssh and the files in it. In most cases this solves the keyed ssh problems.

# chmod 0700 $HOME/.ssh
# chmod 0600 $HOME/.ssh/authorized_keys

If it doesn't help, I would suggest you to try to consolidate the userIDs. What is the reason for having two users sharing the same ID? For permission purposes you could assign them to a common group, and just set the group permission on the files.

Re: ssh connection issue

djoshi — Thu, 12 Aug 2010 12:31:18 GMT

Hi,

Can you please review your sshd_config file and see?

Thx,

Re: ssh connection issue

Sergio Bascur — Thu, 12 Aug 2010 18:56:42 GMT

Hi master, sorry if my explanation wasn't clear.
Look what I want to confirm is:

Can I make a bidirectional ssh connection if in one of the servers the user who make the connection has a duplicated userid?

I have already bidirectional ssh connection between this 2 two servers with other users and I don`t have any matter, but when I made ssh to the server who has the duplicated userid connection ask me by a password, even when I already put the "id_rsa.pub" file content in the "authorized_keys" on the remote machine.

Here I put the details of the connection with and without verbose mode:

$ ssh ora1102@cluxds04
Restricted Access to the System. Only Authorized Users Allowed.
Password:

$ ssh -vvv ora1102@cluxds04
OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5, OpenSSL 0.9.8l 5 Nov 2009
HP-UX Secure Shell-A.05.30.008, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to cluxds04 [10.101.241.45] port 22.
debug1: Connection established.
debug1: identity file /home/bckpuser/.ssh/identity type -1
debug3: Not a RSA1 key file /home/bckpuser/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/bckpuser/.ssh/id_rsa type 1
debug1: identity file /home/bckpuser/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5
debug1: match: OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5
debug2: fd 4 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 792 bytes for a total of 844
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: REQUESTED ENC.NAME is 'aes128-ctr'
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 868
debug2: dh_gen_key: priv key bits set: 129/256
debug2: bits set: 510/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 144 bytes for a total of 1012
debug3: check_host_in_hostfile: filename /home/bckpuser/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 8
debug3: check_host_in_hostfile: filename /home/bckpuser/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 9
debug1: Host 'cluxds04' is known and matches the RSA host key.
debug1: Found key in /home/bckpuser/.ssh/known_hosts:8
debug2: bits set: 530/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1028
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 48 bytes for a total of 1076
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/bckpuser/.ssh/identity (0)
debug2: key: /home/bckpuser/.ssh/id_rsa (400482a0)
debug2: key: /home/bckpuser/.ssh/id_dsa (0)
debug3: Wrote 64 bytes for a total of 1140
debug3: input_userauth_banner
Restricted Access to the System. Only Authorized Users Allowed.
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/bckpuser/.ssh/identity
debug3: no such identity: /home/bckpuser/.ssh/identity
debug1: Offering public key: /home/bckpuser/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1508
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/bckpuser/.ssh/id_dsa
debug3: no such identity: /home/bckpuser/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: Wrote 96 bytes for a total of 1604
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:

Any clue about it??
Thanks everybody...

Re: ssh connection issue

Steven Schweda — Thu, 12 Aug 2010 20:56:35 GMT

> Here I put the details of the connection
> with and without verbose mode:

That's half of what I asked for.

> [...] If you
> compare the output from that for a successful
> "ssh" command with that for a failing "ssh"
> command, then you may be able to diagnose the
> problem yourself.

> [...]
> debug3: Not a RSA1 key file /home/bckpuser/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> [...]

Where did you get that key file? This looks
as if you have an SSH2-format key file
instead of an OpenSSH-format key file.

> debug1: Offering public key: /home/bckpuser/.ssh/id_rsa
> debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
> debug3: Wrote 368 bytes for a total of 1508
> debug1: Authentications that can continue: publickey,password,keyboard-interactive

That key failed. (Which is not amazing, if
it has the wrong format.)

> [...] I already put the "id_rsa.pub" file
> content in the "authorized_keys" on the
> remote machine.

And what did that look like?
---- BEGIN SSH2 PUBLIC KEY ----
[...]
or:
ssh-dss blah-blah-blah-...
or what?

> [...] 2 server [...]

What, exactly, are these "2 server"?

uname -a
ssh -V

> [...] As usual,
> showing actual commands with their actual
> output can be more helpful than vague (or
> incomplete) descriptions and interpretations.

Still true.

topic Re: ssh connection issue in Operating System - HP-UX

ssh connection issue

Re: ssh connection issue

Re: ssh connection issue

Re: ssh connection issue

Re: ssh connection issue

Re: ssh connection issue