HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: openssh client ignores public key authenticati...
Operating System - HP-UX
1827007
Members
2559
Online
109712
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2004 12:02 AM
02-18-2004 12:02 AM
Hello,
I have compiled openssh 3.6.1p1 and 3.7.1p2 for HPUX 10.20 (unfortunately we can not migrate to HPUX 11xx for various reasons)
Due to some security bugs we need to use 3.7.1p2.
With 3.6.1p1 I was able to connect from HPUX via public key so that I could run non-interactive commands and logins.
With 3.7.1p2 the ssh client on HPUX completely fails to authenticate via public key.
I have attached the debug output and I would greatly appreciate if someone had a solution to my problem.
Detailed description:
The sshd daemon works OK. I can use public key authentication from Linux or Windows TO HPUX without problems.
The public/private key pair is rsa-2 and it is OK as it works between Linux systems and also FROM Linux or Windows TO my HPUX Machine.
When I try ssh FROM HPUX to other hosts or even to myself (as done in the attached example) sshd always asks for a password.
It seems that the ssh client skips the public key authentication step as can be seen from the debug output.
I even tried to enable rhost authentication but the effect was the same, the authentication step is simply skipped.
As HP-UX does not support PAM I did not use the with-pam flag for compilation.
The openssh version 3.6.1p1 does not show the described effect, i.e. I can connect from HP-UX using public key authentication without problems.
Does anybody have a clue what is going on here?
Peter Kielbasiewicz
Philips medical systems Germany
I have compiled openssh 3.6.1p1 and 3.7.1p2 for HPUX 10.20 (unfortunately we can not migrate to HPUX 11xx for various reasons)
Due to some security bugs we need to use 3.7.1p2.
With 3.6.1p1 I was able to connect from HPUX via public key so that I could run non-interactive commands and logins.
With 3.7.1p2 the ssh client on HPUX completely fails to authenticate via public key.
I have attached the debug output and I would greatly appreciate if someone had a solution to my problem.
Detailed description:
The sshd daemon works OK. I can use public key authentication from Linux or Windows TO HPUX without problems.
The public/private key pair is rsa-2 and it is OK as it works between Linux systems and also FROM Linux or Windows TO my HPUX Machine.
When I try ssh FROM HPUX to other hosts or even to myself (as done in the attached example) sshd always asks for a password.
It seems that the ssh client skips the public key authentication step as can be seen from the debug output.
I even tried to enable rhost authentication but the effect was the same, the authentication step is simply skipped.
As HP-UX does not support PAM I did not use the with-pam flag for compilation.
The openssh version 3.6.1p1 does not show the described effect, i.e. I can connect from HP-UX using public key authentication without problems.
Does anybody have a clue what is going on here?
Peter Kielbasiewicz
Philips medical systems Germany
Solved! Go to Solution.
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2004 12:08 AM
02-18-2004 12:08 AM
Re: openssh client ignores public key authentication
Run through the doc I'm attaching, pay special attention to the permissions. I use cat instead of X but you get the idea.
SEP
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2004 12:14 AM
02-18-2004 12:14 AM
Re: openssh client ignores public key authentication
Seems it has to somewith with config files.
Is there some setting (may be in sshd_config/ssh_config file) that talks about preferred authentication method.
(This is there in HP's ssh version)
Setting this to exchange of public/private keys should resolve your problem.
Is there some setting (may be in sshd_config/ssh_config file) that talks about preferred authentication method.
(This is there in HP's ssh version)
Setting this to exchange of public/private keys should resolve your problem.
There is no substitute to HARDWORK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2004 12:40 AM
02-18-2004 12:40 AM
Re: openssh client ignores public key authentication
As far as I remember password was required
after ssh session for some reason passed over
public key and moved to pam authentication (which in hp-ux goes by default to /etc/password). I'd check proper libraries (~/.ssh if I'm correct) permissions.The compile flags for 3.6 and 3.7 were the same?
It could also be a matter of configuration, compare ssh_config for both 3.6 and 3.7.
after ssh session for some reason passed over
public key and moved to pam authentication (which in hp-ux goes by default to /etc/password). I'd check proper libraries (~/.ssh if I'm correct) permissions.The compile flags for 3.6 and 3.7 were the same?
It could also be a matter of configuration, compare ssh_config for both 3.6 and 3.7.
So computers don't think yet. At least not chess computers. - Seymour Cray
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2004 01:04 AM
02-18-2004 01:04 AM
Re: openssh client ignores public key authentication
by the way this a full (i guess) page
for ssh possible authentication errors, pass over and check:
http://secu.zzu.edu.cn/book/NetWork/NetworkingBookshelf_2ndEd/ssh/ch12_02.htm
for ssh possible authentication errors, pass over and check:
http://secu.zzu.edu.cn/book/NetWork/NetworkingBookshelf_2ndEd/ssh/ch12_02.htm
So computers don't think yet. At least not chess computers. - Seymour Cray
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2004 01:42 AM
02-18-2004 01:42 AM
Re: openssh client ignores public key authentication
I am aware of critical access rights to the files and directories and they are correct.
As I said I can connect from other platforms to my HPUX sshd daemon with my private key, so there is no problem here.
For testing I just ssh to myself on my HPUX box.
When I use openssh 3.6.1p1 everything works fine so access rights and my public/private key pair must be correct.
As can be seen from the debug output openssh 3.7.1p2 just says that it did not send a packet (see below), i.e. it does not even try to use the key authentication.
The problem is definitely on the ssh side not on the sshd daemon.
I have attached my ssh_config file which is just the defaults that I got from the sources and it is the same as with 3.6.1p1.
Also I think my compilation can not have problems with library access rights as in both versions of ssh I have compiled a statically linked package so that I do not need any extra packages like zlib, openssl or tcp_wrappers.
For reference I have also attached my compile script.
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
As I said I can connect from other platforms to my HPUX sshd daemon with my private key, so there is no problem here.
For testing I just ssh to myself on my HPUX box.
When I use openssh 3.6.1p1 everything works fine so access rights and my public/private key pair must be correct.
As can be seen from the debug output openssh 3.7.1p2 just says that it did not send a packet (see below), i.e. it does not even try to use the key authentication.
The problem is definitely on the ssh side not on the sshd daemon.
I have attached my ssh_config file which is just the defaults that I got from the sources and it is the same as with 3.6.1p1.
Also I think my compilation can not have problems with library access rights as in both versions of ssh I have compiled a statically linked package so that I do not need any extra packages like zlib, openssl or tcp_wrappers.
For reference I have also attached my compile script.
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2004 02:00 AM
02-19-2004 02:00 AM
Solution
Peter,
I came across the same problem with HP-UX 11.00. If you search through the "List Archive" on the Openssh site, you will find that the problem you are experiencing has been an issue on HP-UX with all releases after OpenSSH_3.6.1p1.
My solution was as follows:
1. Retain OpenSSH_3.6.1p1 and implement the
patch found at
http://openssh.com/txt/buffer.adv.
2. I couldn't figure out how the HP "patch"
command worked on HP-UX, so I installed
the patch on a Linux box and copied the
source over to the HP server to compile.
Did the following on a Linux box:
cp patch.txt openssh-3.6.1p1
cd openssh-3.6.1p1
patch < patch.txt
Hope this helps (with 10.20)...
Ted
I came across the same problem with HP-UX 11.00. If you search through the "List Archive" on the Openssh site, you will find that the problem you are experiencing has been an issue on HP-UX with all releases after OpenSSH_3.6.1p1.
My solution was as follows:
1. Retain OpenSSH_3.6.1p1 and implement the
patch found at
http://openssh.com/txt/buffer.adv.
2. I couldn't figure out how the HP "patch"
command worked on HP-UX, so I installed
the patch on a Linux box and copied the
source over to the HP server to compile.
Did the following on a Linux box:
cp patch.txt openssh-3.6.1p1
cd openssh-3.6.1p1
patch < patch.txt
Hope this helps (with 10.20)...
Ted
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP