HPE Community
Operating System - HP-UX
1820177 Members
4067 Online
109620 Solutions
New Discussion юеВ

Re: OpenSSH login Issue

 
SOLVED
Go to solution
HPP
Regular Advisor

тАО06-13-2005 02:08 AM

тАО06-13-2005 02:08 AM

OpenSSH login Issue

Hi,
I installed OpenSSH version 4.0 (T1471AA) on one of our HP-UX 11.00. If I ssh from an another server or from local server, it accepts the password but closes the connection immediately. In the syslog it just gives

Jun 13 09:59:46 boxer sshd[2821]: Accepted keyboard-interactive/pam for root from 192.168.32.64 port 61613 ssh2

I tried removing and reinstalling with no luck. I have installed same version on so many other HP-UX 11.00 server and it works fine.

Help Please.
Thanks in advance
Be Teachable
0 Kudos
Reply
13 REPLIES 13
Sanjay_6
Honored Contributor

тАО06-13-2005 02:18 AM

тАО06-13-2005 02:18 AM

Re: OpenSSH login Issue

Hi,

Check the root profile or the /etc/profile on the remote server on which you are trying to login using root id.

It is possible that there is a syntax in the root profile or the /etc/profile that may force the root to logout if the login is not from a specific set of ttys say console only.

Hope this helps.

Regds
0 Kudos
Reply
Rick Garland
Honored Contributor

тАО06-13-2005 02:21 AM

тАО06-13-2005 02:21 AM

Re: OpenSSH login Issue

You can invoke ssh in a debug mode by using the -v option. This is a verbose mode and will print information. man ssh

As a wild guess, using different protocols? ssh1 vs. ssh2?

0 Kudos
Reply
HPP
Regular Advisor

тАО06-13-2005 02:27 AM

тАО06-13-2005 02:27 AM

Re: OpenSSH login Issue

Hi,
Thanks for quick response. I tried in debug mode ssh -v, and below is the output:

# ssh -v root@192.168.32.64
OpenSSH_4.1, OpenSSL 0.9.7e 25 Oct 2004
HP-UX Secure Shell-A.04.00.000, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to 192.168.32.64 [192.168.32.64] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/3
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.1
debug1: match: OpenSSH_4.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.32.64' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:38
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Mon Jun 13 10:22:40 2005 from atltest
debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to 192.168.32.64 closed.
debug1: Transferred: stdin 0, stdout 0, stderr 37 bytes in 1.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 31.9
debug1: Exit status -1
Be Teachable
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО06-13-2005 02:33 AM

тАО06-13-2005 02:33 AM

Re: OpenSSH login Issue

Check /var/adm/syslog/syslog.log on BOTH the source and destination machines. There should be more information there.

This is sometimes related to permissions on the home directory being too lax.
0 Kudos
Reply
HPP
Regular Advisor

тАО06-13-2005 02:45 AM

тАО06-13-2005 02:45 AM

Re: OpenSSH login Issue

Checked the /var/adm/syslog/syslog.log on both client and server, no messages for closing the connections.

Thanks
Be Teachable
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО06-13-2005 04:31 AM

тАО06-13-2005 04:31 AM

Re: OpenSSH login Issue

How about running the ssh with "ssh -vvv" for more debug output and adding something like a "set -x" to root's profile just be sure it's nothing to do w/ root's login closing the connection.

Have also narrowed this down to a root only login problem or does it happen for all users?

-denver
0 Kudos
Reply
HPP
Regular Advisor

тАО06-13-2005 05:18 AM

тАО06-13-2005 05:18 AM

Re: OpenSSH login Issue

Hi,
Its happening for all users. Below is the output of ssh -vvv.


ssh -vvv root@192.168.32.64
OpenSSH_4.1, OpenSSL 0.9.7e 25 Oct 2004
HP-UX Secure Shell-A.04.00.000, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.32.64 [192.168.32.64] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/3
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.1
debug1: match: OpenSSH_4.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.1
debug2: fd 4 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 144/256
debug2: bits set: 506/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /.ssh/known_hosts
debug3: check_host_in_hostfile: match line 38
debug1: Host '192.168.32.64' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:38
debug2: bits set: 496/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /.ssh/id_rsa (00000000)
debug2: key: /.ssh/id_dsa (00000000)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/id_rsa
debug3: no such identity: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa
debug3: no such identity: /.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 24 padlen 8 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 0
debug3: tty_make_modes: ospeed 300
debug3: tty_make_modes: ispeed 0
debug3: tty_make_modes: 1 3
debug3: tty_make_modes: 2 28
debug3: tty_make_modes: 3 8
debug3: tty_make_modes: 4 21
debug3: tty_make_modes: 5 4
debug3: tty_make_modes: 6 0
debug3: tty_make_modes: 7 255
debug3: tty_make_modes: 8 17
debug3: tty_make_modes: 9 19
debug3: tty_make_modes: 10 255
debug3: tty_make_modes: 11 255
debug3: tty_make_modes: 13 255
debug3: tty_make_modes: 14 255
debug3: tty_make_modes: 16 255
debug3: tty_make_modes: 30 0
debug3: tty_make_modes: 31 0
debug3: tty_make_modes: 32 0
debug3: tty_make_modes: 33 1
debug3: tty_make_modes: 34 0
debug3: tty_make_modes: 35 0
debug3: tty_make_modes: 36 1
debug3: tty_make_modes: 37 0
debug3: tty_make_modes: 38 1
debug3: tty_make_modes: 39 1
debug3: tty_make_modes: 40 1
debug3: tty_make_modes: 41 0
debug3: tty_make_modes: 50 1
debug3: tty_make_modes: 51 1
debug3: tty_make_modes: 52 0
debug3: tty_make_modes: 53 1
debug3: tty_make_modes: 54 1
debug3: tty_make_modes: 55 1
debug3: tty_make_modes: 56 0
debug3: tty_make_modes: 57 0
debug3: tty_make_modes: 58 0
debug3: tty_make_modes: 59 0
debug3: tty_make_modes: 60 0
debug3: tty_make_modes: 61 0
debug3: tty_make_modes: 62 0
debug3: tty_make_modes: 70 1
debug3: tty_make_modes: 71 0
debug3: tty_make_modes: 72 1
debug3: tty_make_modes: 73 0
debug3: tty_make_modes: 74 0
debug3: tty_make_modes: 75 0
debug3: tty_make_modes: 90 1
debug3: tty_make_modes: 91 1
debug3: tty_make_modes: 92 0
debug3: tty_make_modes: 93 0
debug2: channel 0: request shell confirm 0
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
Last login: Mon Jun 13 10:38:49 2005 from localhost
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
debug2: channel 0: rcvd close
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)

debug3: channel 0: close_fds r -1 w -1 e 7 c -1
Connection to 192.168.32.64 closed.
debug1: Transferred: stdin 0, stdout 0, stderr 37 bytes in 1.4 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 26.5
debug1: Exit status -1
Be Teachable
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО06-13-2005 06:30 AM

тАО06-13-2005 06:30 AM

Solution

Re: OpenSSH login Issue

I haven't been able to put my finger on it yet, but it's not using Password Auth when you get the error, it's failing with Keyboard-Interactive. Test your login w/ password auth only to see if it gets you past the ssh exit 255.

ssh -vvv -o PreferredAuthentications=password


-denver
Reply
RAC_1
Honored Contributor

тАО06-13-2005 06:41 AM

тАО06-13-2005 06:41 AM

Re: OpenSSH login Issue

Start the seperate sshd server (sshd -ddd -p "some_random_port")

Now from client try to connect to server ( ssh -vvv -p "random_port"

"the random_port is port that you chose for sarting sshd on server)
Post sshd -ddd output from server

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
RAC_1
Honored Contributor

тАО06-13-2005 06:58 AM

тАО06-13-2005 06:58 AM

Re: OpenSSH login Issue

Usually the error code -1 is fatal error. It is caused by wrong configuration.

Have you set pam=yes in sshd_config (or ssh_config-don't remember exact file)

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
HPP
Regular Advisor

тАО06-13-2005 07:22 AM

тАО06-13-2005 07:22 AM

Re: OpenSSH login Issue

Denver,
I used ssh -vvv -o PreferredAuthentications=password

and it worked. Also Made changes sshd_config.

Thanks to all who responded to my questions.

Points will be assigned.

Thank you very much.
Be Teachable
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО06-13-2005 07:29 AM

тАО06-13-2005 07:29 AM

Re: OpenSSH login Issue

If Password Auth worked then it leads me to belived there's either a problem with PAM or one sshd doesn't like something w/ PAM... maybe LDAP is used on this box??

Anyhow, if you troubleshoot further you should look at pam closer. Other wise set use pam to no in the sshd config.

-denver
0 Kudos
Reply
HPP
Regular Advisor

тАО06-13-2005 07:55 AM

тАО06-13-2005 07:55 AM

Re: OpenSSH login Issue

I have same version of Openssh on different HP-UX 11.00 machine and it works fine. But those machines have latest Patch set. The one which had problems has QPACK June 01. I think it might be OS patch issue.

Thanks again for the response.
Be Teachable
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.