- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: ssh via token does not work (telnet works
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2010 03:23 AM
тАО06-08-2010 03:23 AM
ssh via token does not work (telnet works
telnet works fine now however ssh still is a problem.
Is there a mismatch in the config file?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2010 04:08 AM
тАО06-08-2010 04:08 AM
Re: ssh via token does not work (telnet works
Do you have an RSA agent (ACE client)installed in this server that would authenticate the token against the RSA server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2010 04:23 AM
тАО06-08-2010 04:23 AM
Re: ssh via token does not work (telnet works
[nlxsts01:/root]# swlist -l product |grep PAM
HPUX-PAM-RADIUS A.01.00.00 HP-UX PAM RADIUS
PAM-Kerberos D.01.24 PAM-Kerberos Version 1.24
[nlxsts01:/root]#
cat /etc/pam.conf
#
# PAM configuration
#
# This pam.conf file is intended as an example only.
# see pam.conf(4) for more details
#
################################################################
# This sample file will authenticate the user who belongs to #
# either RADIUS or Unix system. Using this configuration file #
# if the user is authenticated through RADIUS then the Unix #
# authentication will not be invoked. However,if the RADIUS #
# authentication fails for the user, then the fallback #
# authentication mechanism PAM-Unix will be invoked to #
# authenticate the user.The assumption is the user is either #
# present in RADIUS or in Unix system. #
# #
# In case, the administrator wants the password for all the #
# users to be synchronous between RADIUS and Unix systems, #
# then the control flag should to be set to "required" for all #
# the entries with user_first_pass option set for pam_unix. #
# If password synchronization is optional then try_first_pass #
# option need to be set for pam_unix, so that the user can #
# login using the appropriate passwords. #
################################################################
#
# Authentication management
#
login auth sufficient libpam_radius.so.1 debug default_realm=atosorigin.com
login auth required libpam_unix.so.1 try_first_pass
su auth sufficient libpam_radius.so.1
su auth required libpam_unix.so.1 try_first_pass
dtlogin auth sufficient libpam_radius.so.1
dtlogin auth required libpam_unix.so.1 try_first_pass
dtaction auth sufficient libpam_radius.so.1
dtaction auth required libpam_unix.so.1 try_first_pass
ftp auth sufficient libpam_radius.so.1
ftp auth required libpam_unix.so.1 try_first_pass
sshd auth sufficient libpam_radius.so.1 debug
sshd auth required libpam_unix.so.1 debug try_first_pass
OTHER auth required libpam_unix.so.1
#
# Account management
#
login account required libpam_unix.so.1
su account required libpam_unix.so.1
dtlogin account required libpam_unix.so.1
dtaction account required libpam_unix.so.1
ftp account required libpam_unix.so.1
sshd account required libpam_unix.so.1 debug
OTHER account required libpam_unix.so.1
#
# Session management
#
login session sufficient libpam_radius.so.1
login session required libpam_unix.so.1
su session sufficient libpam_radius.so.1
su session required libpam_unix.so.1
dtlogin session sufficient libpam_radius.so.1
dtlogin session required libpam_unix.so.1
dtaction session sufficient libpam_radius.so.1
dtaction session required libpam_unix.so.1
ftp session sufficient libpam_radius.so.1
ftp session required libpam_unix.so.1
sshd session sufficient libpam_radius.so.1 debug
sshd session required libpam_unix.so.1
OTHER session required libpam_unix.so.1
#
# Password management
#
login password required libpam_unix.so.1
passwd password required libpam_unix.so.1
dtlogin password required libpam_unix.so.1
dtaction password required libpam_unix.so.1
OTHER password required libpam_unix.so.1
If I neet to plase more please give me the comands?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2010 04:37 AM
тАО06-08-2010 04:37 AM
Re: ssh via token does not work (telnet works
ssh failure
Jun 8 14:31:49 nlxsts01 sshd[22532]: pam_radius_auth: Error sending RADIUS packet to server 127.0.0.1:1645: Error 0
Jun 8 14:31:49 nlxsts01 sshd[22532]: pam_radius_auth: Error sending RADIUS packet to server 161.89.57.7:1645: Error 0
Jun 8 14:31:49 nlxsts01 sshd[22532]: pam_radius_auth: Error sending RADIUS packet to server 161.89.145.76:1645: Error 0
Jun 8 14:31:49 nlxsts01 sshd[22532]: pam_radius_auth: All RADIUS servers failed to respond.
succes whit telnet
Jun 8 14:33:13 nlxsts01 login: pam_radius_auth: RADIUS server 127.0.0.1:1645 failed to respond
I have changed the sshd lines from the /etc/pam.conf so they look the same as login.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2010 04:37 AM
тАО06-08-2010 04:37 AM
Re: ssh via token does not work (telnet works
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2010 04:51 AM
тАО06-08-2010 04:51 AM
Re: ssh via token does not work (telnet works
Yes, I can login to this server using telnet and a token. hoever ssh does not works.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2010 05:10 AM
тАО06-08-2010 05:10 AM
Re: ssh via token does not work (telnet works
The radius error messages is a different issue. It is configured in the pam.conf on this server. You need to figure out what the requirements are for this server. Use radius or use RSA? You need to spend some time to become familiar with radius and RSA authentications.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2010 05:36 AM
тАО06-08-2010 05:36 AM
Re: ssh via token does not work (telnet works
login auth required libpam_hpsec.so.1
login auth required libpam_unix.so.1
I can telnet using a passwd
if I configere /etc/pam.conf like:
login auth sufficient libpam_radius.so.1 debug default_realm=atosorigin.com
login auth required libpam_unix.so.1 try_first_pass
I can login whit my keycart.
if I configgure ssh like:
sshd auth required libpam_hpsec.so.1
sshd auth required libpam_unix.so.1
I can login whit a password
if I configer it like:
sshd auth sufficient libpam_radius.so.1 debug default_realm=atosorigin.com
sshd auth required libpam_unix.so.1 try_first_pass
I first am asked for
Password:
Here I have to type my keycartnr
And then I am asked to type my
System Password:
After typing my passwd I am in...
Is there a way to remove the passwd part so I only have to type my keycart nr?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2010 05:47 AM
тАО06-08-2010 05:47 AM
Re: ssh via token does not work (telnet works
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1433958
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2010 06:13 AM
тАО06-08-2010 06:13 AM
Re: ssh via token does not work (telnet works
/opt/iexpress/tcpdump/sbin]# tcpdump host 161.89.57.7
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan0, link-type EN10MB (Ethernet), capture size 96 bytes
16:01:06.963199 IP nlxsts01.18407 > scauts-eur2.ao-srv.com.1645: RADIUS, Access Request (1), id: 0x62 length: 126
16:01:06.984387 IP scauts-eur2.ao-srv.com.1645 > nlxsts01.18407: RADIUS, Access Reject (3), id: 0x62 length: 20
16:01:22.223135 IP nlxsts01.18407 > scauts-eur2.ao-srv.com.1645: RADIUS, Access Request (1), id: 0x9c length: 124
16:01:25.470077 IP scauts-eur2.ao-srv.com.1645 > nlxsts01.18407: RADIUS, Access Accept (2), id: 0x9c length: 26
16:01:26.473090 IP nlxsts01.18407 > scauts-eur2.ao-srv.com.1646: RADIUS, Accounting Request (4), id: 0x5a length: 76
16:01:26.474877 IP scauts-eur2.ao-srv.com.1646 > nlxsts01.18407: RADIUS, Accounting Response (5), id: 0x5a length: 20
But I do not see anny responce If I use ssh...
my pam.conf looks like:
sshd auth sufficient libpam_radius.so.1 debug
sshd auth required libpam_unix.so.1 debug try_first_pass
login auth sufficient libpam_radius.so.1 debug default_realm=atosorigin.com
login auth required libpam_unix.so.1 try_first_pass
Why does ssh does not like to conect to my radius server and telnet seems to work fine...
anny ID?
the syslog is also tells me it is trying to send a packet, however tcpdump does not see anything...
Jun 8 16:08:42 nlxsts01 sshd[17700]: pam_radius_auth: Error sending RADIUS packet to server 127.0.0.1:1645: Error 0
Jun 8 16:08:42 nlxsts01 sshd[17700]: pam_radius_auth: Error sending RADIUS packet to server 161.89.57.7:1645: Error 0
Jun 8 16:08:42 nlxsts01 sshd[17700]: pam_radius_auth: Error sending RADIUS packet to server 161.89.145.76:1645: Error 0
Jun 8 16:08:42 nlxsts01 sshd[17700]: pam_radius_auth: All RADIUS servers failed to respond.
anny sugestions are welcome.