HPE Community
Operating System - HP-UX
1752806 Members
6523 Online
108789 Solutions
New Discussion юеВ

Re: How to ssh auto login from AIX to HP-UX

 
Attapol123
Occasional Advisor

тАО06-19-2011 08:47 PM

тАО06-19-2011 08:47 PM

How to ssh auto login from AIX to HP-UX

I'm try genkey on aix (AIX:/home/user1) .
Now I have id_rsa.pub and id_dsa.pub . I select
id_rsa.pub copy key to hp-ux(HP-UX:/home/user1/.ssh) and insert key id_rsa.pub to authorized_keys.But I test ssh from AIX:/home/user1 to HP-UX:/home/user2 it ask password why? But I test with root to root it work.But user1 not work.
Please help me...
0 Kudos
Reply
12 REPLIES 12
Attapol123
Occasional Advisor

тАО06-19-2011 08:54 PM

тАО06-19-2011 08:54 PM

Re: How to ssh auto login from AIX to HP-UX

I try genkey ssh with user1 from HP-UX to AIX(user1)
it can login without password.But AIX to HP-UX can't . Please help me....
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО06-19-2011 10:11 PM

тАО06-19-2011 10:11 PM

Re: How to ssh auto login from AIX to HP-UX

> Please help me...

You first.

uname -a
ssh -V

> [...] But I test ssh [...]

As usual, showing actual commands with their
actual output can be more helpful than vague
descriptions or interpretations.

Adding "-v" (or "-vv", ...) to an "ssh"
command can provide some helpful diagnostics.
The system log file(s) on the server may also
contain helpful error messages.

Comparing the diagnostic output from a
working session with that from a failing
session is often helpful.

A Forum search for "ssh" should find many old
threads like this one. Common problems
include bad file ownership, bad file
permissions, bad key formats, ...
0 Kudos
Reply
Attapol123
Occasional Advisor

тАО06-19-2011 10:22 PM

тАО06-19-2011 10:22 PM

Re: How to ssh auto login from AIX to HP-UX


Thank you. Steven Schweda for instructions.


[EAIUsr@seacap01 /home/EAIUsr ]#ssh -vv sesapap1
OpenSSH_4.1p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.

debug1: Error loading Kerberos, disabling Kerberos auth.
debug2: ssh_connect: needpriv 0
debug1: Connecting to sesapap1 [10.153.1.108] port 22.
debug1: Connection established.
debug1: identity file /home/EAIUsr/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/EAIUsr/.ssh/id_rsa type 1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/EAIUsr/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.0p1+sftpfilecontrol-v1.2-hpn13v1
debug1: match: OpenSSH_5.0p1+sftpfilecontrol-v1.2-hpn13v1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.1
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 143/256
debug2: bits set: 511/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sesapap1' is known and matches the RSA host key.
debug1: Found key in /home/EAIUsr/.ssh/known_hosts:24
debug2: bits set: 514/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/EAIUsr/.ssh/identity (0)
debug2: key: /home/EAIUsr/.ssh/id_rsa (20034298)
debug2: key: /home/EAIUsr/.ssh/id_dsa (200342b8)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/EAIUsr/.ssh/identity
debug1: Offering public key: /home/EAIUsr/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /home/EAIUsr/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
0 Kudos
Reply
Attapol123
Occasional Advisor

тАО06-19-2011 10:44 PM

тАО06-19-2011 10:44 PM

Re: How to ssh auto login from AIX to HP-UX



[EAIUsr@seacap01 /home/EAIUsr ]#uname -a
AIX hostaname1 3 5 000DF7CCD600

[EAIUsr@sesapap1:/home/EAIUsr]#uname -a
HP-UX hostname2 B.11.23 U ia64 3282047521 unlimited-user license
[EAIUsr@sesapap1:/home/EAIUsr]#
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО06-19-2011 11:11 PM

тАО06-19-2011 11:11 PM

Re: How to ssh auto login from AIX to HP-UX

> debug1: Trying private key: /home/EAIUsr/.ssh/identity
> debug1: Offering public key: /home/EAIUsr/.ssh/id_rsa
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug1: Offering public key: /home/EAIUsr/.ssh/id_dsa
> debug2: we sent a publickey packet, wait for reply
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug1: Next authentication method: keyboard-interactive

Apparently, the server hates your keys. When
this happens, the server normally sends error
messages to the system log file. All it
tells the client is that the stuff failed.
So you should look at the system log file on
the (HP-UX) server system. Perhaps:
/var/adm/syslog/syslog.log

I don't do very much with my AIX system, and
I don't seem to have ssh installed on it, so
I can't show you exactly what it does when it
works.

> uname -a
> ssh -V

Still wondering.
0 Kudos
Reply
Attapol123
Occasional Advisor

тАО06-19-2011 11:38 PM

тАО06-19-2011 11:38 PM

Re: How to ssh auto login from AIX to HP-UX

This below is log on syslog.log .
Detail show ( Authentication refused: bad ownership or modes for directory /home/EAIUsr/.ssh)

how do it change owner or permision?



Jun 20 13:56:13 sesapap1 sshd[23492]: SSH: Server;Ltype: Version;Remote: 10.153.2.28-62873;Protocol: 2.0;Client: OpenSSH_4.1
Jun 20 13:56:14 sesapap1 sshd[23492]: Authentication refused: bad ownership or modes for directory /home/EAIUsr/.ssh
Jun 20 13:56:17 sesapap1 sshd[23492]: Accepted keyboard-interactive/pam for EAIUsr from 10.153.2.28 port 62873 ssh2
Jun 20 13:56:23 sesapap1 sshd[23498]: SSH: Server;LType: Throughput;Remote: 10.153.2.28-62873;IN: 2704;OUT: 816;Duration: 5.7;tPut_in: 474.5;tPut_out: 143.2
Jun 20 13:56:14 sesapap1 sshd[23492]: Authentication refused: bad ownership or modes for directory /home/EAIUsr/.ssh
Jun 20 13:56:25 sesapap1 sshd[23513]: SSH: Server;Ltype: Version;Remote: 10.153.2.28-62889;Protocol: 2.0;Client: OpenSSH_4.1
Jun 20 13:56:25 sesapap1 sshd[23513]: Authentication refused: bad ownership or modes for directory /home/EAIUsr/.ssh
Jun 20 13:56:32 sesapap1 sshd[23513]: error: PAM: Authentication failed for EAIUsr from seacap01
Jun 20 13:56:40 sesapap1 sshd[23513]: Accepted keyboard-interactive/pam for EAIUsr from 10.153.2.28 port 62889 ssh2
Jun 20 13:56:25 sesapap1 sshd[23513]: Authentication refused: bad ownership or modes for directory /home/EAIUsr/.ssh
Jun 20 13:56:45 sesapap1 sshd[23516]: SSH: Server;LType: Throughput;Remote: 10.153.2.28-62889;IN: 2768;OUT: 912;Duration: 5.3;tPut_in: 522.7;tPut_out: 172.2
Jun 20 13:56:36 sesapap1 sshd[23513]: error: PAM: Authentication failed for EAIUsr from seacap01
Jun 20 13:57:07 sesapap1 su: + ta root-EAIUsr
Jun 20 13:58:48 sesapap1 su: + tty?? root-sfmdb
Jun 20 13:59:42 sesapap1 sshd[23639]: SSH: Server;Ltype: Version;Remote: 10.153.2.28-63223;Protocol: 2.0;Client: OpenSSH_4.1
Jun 20 13:59:42 sesapap1 sshd[23639]: Authentication refused: bad ownership or modes for directory /home/EAIUsr/.ssh
Jun 20 14:00:00 sesapap1 su: + tty?? root-pr1adm
Jun 20 13:59:42 sesapap1 sshd[23639]: Authentication refused: bad ownership or modes for directory /home/EAIUsr/.ssh

I run command ssh -V on two server it different of ssh.What should I do.


[EAIUsr@seacap01 /home/EAIUsr ]#uname -a
AIX seacap01 3 5 000DF7CCD600
[EAIUsr@seacap01 /home/EAIUsr ]#ssh -V sesapap1
OpenSSH_4.1p1, OpenSSL 0.9.7l 28 Sep 2006

[root@sesapap1:/var/adm/syslog]#ssh -V
OpenSSH_5.0p1+sftpfilecontrol-v1.2-hpn13v1, OpenSSL 0.9.7m 23 Feb 2007
HP-UX Secure Shell-A.05.00.022, HP-UX Secure Shell version
0 Kudos
Reply
Ralph Grothe
Honored Contributor

тАО06-19-2011 11:57 PM

тАО06-19-2011 11:57 PM

Re: How to ssh auto login from AIX to HP-UX

Here the sshd told you why it didn't accept the presented keys:

>Jun 20 13:56:25 sesapap1 sshd[23513]: >Authentication refused: bad ownership or >modes for directory /home/EAIUsr/.ssh


Probably the remote login's $HOME has write perms for group or other permission bits set too liberal.
Check ownership and perms first.

Madness, thy name is system administration
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО06-20-2011 12:08 AM

тАО06-20-2011 12:08 AM

Re: How to ssh auto login from AIX to HP-UX

>Authentication refused: bad ownership or modes for directory /home/EAIUsr/.ssh

What does "ll -d /home/EAIUsr/.ssh /home/EAIUsr" show?
0 Kudos
Reply
Attapol123
Occasional Advisor

тАО06-20-2011 12:19 AM

тАО06-20-2011 12:19 AM

Re: How to ssh auto login from AIX to HP-UX

permision on AIX
[EAIUsr@seacap01 /home/EAIUsr ]#ls -ld /home/EAIUsr/.ssh
drwx------ 2 EAIUsr EAIGroup 256 Jun 16 12:14 /home/EAIUsr/.ssh

permision on hp-ux
[root@sesapap1:#ll -d /home/EAIUsr/.ssh
drwxrwxrwx 2 EAIUsr users 8192 Jun 20 13:55 /home/EAIUsr/.ssh
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.