- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: ssh wants passwd
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2006 10:46 AM
01-04-2006 10:46 AM
on both systems. ssh is not working for one
user only but works fine for all others.
this is the output from ssh -v
OpenSSH_3.8, OpenSSL 0.9.7d 17 Mar 2004
HP-UX_Secure_Shell-A.03.81.002, HP_UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to shm3ts1 [15.1.27.77] port 22.
debug1: Connection established.
debug1: identity file /home/ops/.ssh/id_rsa type 1
debug1: identity file /home/ops/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8
debug1: match: OpenSSH_3.8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'shm3ts1' is known and matches the RSA host key.
debug1: Found key in /home/ops/.ssh/known_hosts:42
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/ops/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /home/ops/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
I am not using dsa only rsa. I tried removing .ssh directory and did ssh-keygen -t rsa and using the defaults but am still having the same problem. Upgrading is not an option at this time.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2006 11:35 AM
01-04-2006 11:35 AM
Re: ssh wants passwd
Check /var/adm/syslog/syslog.log; that will usually tell you why it blew off the key. Also, check permissions on ~ops/.ssh - it must be 700. Also check permissions on ~ops/.ssh/authorized_keys; that shouldn't allow write access to anyone other than the owner.
If all those check out, I'm leaning towards a server config. Your debug output seems to suggest that it read the ssh key and accepted it.
Ensure these two options are set to yes:
RSAAuthentication yes
PubkeyAuthentication yes
Checking those things should give you something to go on...
HTH;
Doug
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2006 03:07 PM
01-04-2006 03:07 PM
Re: ssh wants passwd
You've recreated the .ssh/ and the require contents and also entered the passphrase as well? Or are you using an empty passhrase, thus not require user interaction?
If you can elaborate the ssh setup it might help.
Jov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2006 03:12 PM
01-04-2006 03:12 PM
Re: ssh wants passwd
Is that the case??? If not, post following.
ssh -vvv "server_name" - From client
sshd -ddd - From server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2006 07:27 PM
01-04-2006 07:27 PM
Re: ssh wants passwd
have you checked your /opt/ssh/etc/sshd_config that it actually would accept .shosts files?
As you can see from man sshd_config the default if not explicitly set is for obvious security reasons to disable HostBasedAuthentication and especially assumes IgnoreRhosts being set to yes.
If that's the case chage those to directives accordingly and issue
# kill -1 $(cat /var/run/sshd.pid)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2006 03:58 AM
01-05-2006 03:58 AM
Re: ssh wants passwd
For the ssh-keygen setup no entries only
Was working before and with no changes to the system â
stopped just for this one user.
It looks like to me that it wants the dsa authentication
which I am not using and never was using, just the
rsa
The same server user can ssh to other users on the same client
and it is only requesting the rsa authentication: (meaning it works correctly)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/bv/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Here is the client syslog.log:
Jan 5 08:29:17 shm3ts1 sshd[12115]: error: PAM: Authentication failed for bv from shs1xx
Jan 5 08:29:17 shm3ts1 sshd[12115]: Failed keyboard-interactive/pam for bv from 15.1.xx.xx port 54694 ssh2
Jan 5 08:29:17 shm3ts1 sshd[12115]: Failed password for bv from 15.1.xx.xx port 54694 ssh2
Jan 5 08:29:17 shm3ts1 sshd[12115]: error: PAM: Authentication failed for bv from shs1xx
Jan 5 08:29:25 shm3ts1 above message repeats 2 times
Jan 5 08:29:17 shm3ts1 sshd[12115]: Failed keyboard-interactive/pam for bv from 15.1.xx.xx port 54694 ssh2
Jan 5 08:29:19 shm3ts1 sshd[12115]: Failed password for bv from 15.1.xx.xx port 54694 ssh2
Jan 5 08:29:25 shm3ts1 above message repeats 2 times
I guess I am confused why is it asking for the dsa authentication for this one user only.
The permissions are 700 on .ssh and 600 authorized_keys, also tried 644 on authorized_keys.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2006 04:06 AM
01-05-2006 04:06 AM
SolutionIf the remote is trusted , check the account status using /usr/lbin/getprpw user_name .
thx,
bl.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2006 04:58 AM
01-05-2006 04:58 AM
Re: ssh wants passwd
It is now working!