HPE Community
Operating System - HP-UX
1753396 Members
7172 Online
108792 Solutions
New Discussion

Re: ssh wants passwd

 
SOLVED
Go to solution
Debbie Smith
Advisor

‎01-04-2006 10:46 AM

‎01-04-2006 10:46 AM

ssh wants passwd

I am using Secure_Shell 3.81.002 on hpux lli
on both systems. ssh is not working for one
user only but works fine for all others.

this is the output from ssh -v
OpenSSH_3.8, OpenSSL 0.9.7d 17 Mar 2004
HP-UX_Secure_Shell-A.03.81.002, HP_UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to shm3ts1 [15.1.27.77] port 22.
debug1: Connection established.
debug1: identity file /home/ops/.ssh/id_rsa type 1
debug1: identity file /home/ops/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8
debug1: match: OpenSSH_3.8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'shm3ts1' is known and matches the RSA host key.
debug1: Found key in /home/ops/.ssh/known_hosts:42
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/ops/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /home/ops/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:

I am not using dsa only rsa. I tried removing .ssh directory and did ssh-keygen -t rsa and using the defaults but am still having the same problem. Upgrading is not an option at this time.
0 Kudos
7 REPLIES 7
Doug O'Leary
Honored Contributor

‎01-04-2006 11:35 AM

‎01-04-2006 11:35 AM

Re: ssh wants passwd

Hey;

Check /var/adm/syslog/syslog.log; that will usually tell you why it blew off the key. Also, check permissions on ~ops/.ssh - it must be 700. Also check permissions on ~ops/.ssh/authorized_keys; that shouldn't allow write access to anyone other than the owner.

If all those check out, I'm leaning towards a server config. Your debug output seems to suggest that it read the ssh key and accepted it.

Ensure these two options are set to yes:

RSAAuthentication yes
PubkeyAuthentication yes

Checking those things should give you something to go on...

HTH;

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Jov
Honored Contributor

‎01-04-2006 03:07 PM

‎01-04-2006 03:07 PM

Re: ssh wants passwd

Hi,

You've recreated the .ssh/ and the require contents and also entered the passphrase as well? Or are you using an empty passhrase, thus not require user interaction?

If you can elaborate the ssh setup it might help.


Jov
0 Kudos
RAC_1
Honored Contributor

‎01-04-2006 03:12 PM

‎01-04-2006 03:12 PM

Re: ssh wants passwd

Looking at ssh -v output, makes me think that it is working. It is just asking for the password.

Is that the case??? If not, post following.

ssh -vvv "server_name" - From client

sshd -ddd - From server
There is no substitute to HARDWORK
0 Kudos
Ralph Grothe
Honored Contributor

‎01-04-2006 07:27 PM

‎01-04-2006 07:27 PM

Re: ssh wants passwd

Silly question,
have you checked your /opt/ssh/etc/sshd_config that it actually would accept .shosts files?
As you can see from man sshd_config the default if not explicitly set is for obvious security reasons to disable HostBasedAuthentication and especially assumes IgnoreRhosts being set to yes.
If that's the case chage those to directives accordingly and issue

# kill -1 $(cat /var/run/sshd.pid)
Madness, thy name is system administration
0 Kudos
Debbie Smith
Advisor

‎01-05-2006 03:58 AM

‎01-05-2006 03:58 AM

Re: ssh wants passwd

Here are some answers to your questions:
For the ssh-keygen setup no entries only
Was working before and with no changes to the system â
stopped just for this one user.

It looks like to me that it wants the dsa authentication
which I am not using and never was using, just the
rsa

The same server user can ssh to other users on the same client
and it is only requesting the rsa authentication: (meaning it works correctly)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/bv/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.

Here is the client syslog.log:
Jan 5 08:29:17 shm3ts1 sshd[12115]: error: PAM: Authentication failed for bv from shs1xx
Jan 5 08:29:17 shm3ts1 sshd[12115]: Failed keyboard-interactive/pam for bv from 15.1.xx.xx port 54694 ssh2
Jan 5 08:29:17 shm3ts1 sshd[12115]: Failed password for bv from 15.1.xx.xx port 54694 ssh2
Jan 5 08:29:17 shm3ts1 sshd[12115]: error: PAM: Authentication failed for bv from shs1xx
Jan 5 08:29:25 shm3ts1 above message repeats 2 times
Jan 5 08:29:17 shm3ts1 sshd[12115]: Failed keyboard-interactive/pam for bv from 15.1.xx.xx port 54694 ssh2
Jan 5 08:29:19 shm3ts1 sshd[12115]: Failed password for bv from 15.1.xx.xx port 54694 ssh2
Jan 5 08:29:25 shm3ts1 above message repeats 2 times

I guess I am confused why is it asking for the dsa authentication for this one user only.
The permissions are 700 on .ssh and 600 authorized_keys, also tried 644 on authorized_keys.
0 Kudos
baiju_3
Esteemed Contributor

‎01-05-2006 04:06 AM

‎01-05-2006 04:06 AM

Solution

Re: ssh wants passwd

I am sure that you are getting a password prompt for this user . Please check the user account status on the remote server .

If the remote is trusted , check the account status using /usr/lbin/getprpw user_name .


thx,
bl.
Good things Just Got better (Plz,not stolen from advertisement -:) )
0 Kudos
Debbie Smith
Advisor

‎01-05-2006 04:58 AM

‎01-05-2006 04:58 AM

Re: ssh wants passwd

Thanks BL! the system is not trusted but the user password was * for some reason.
It is now working!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.