HPE Community
Operating System - HP-UX
1833601 Members
3219 Online
110061 Solutions
New Discussion

Re: OpenSSH not connecting - closed by foreign host

 
John Peace
Frequent Advisor

‎02-12-2003 06:57 AM

‎02-12-2003 06:57 AM

OpenSSH not connecting - closed by foreign host

HP K580 HPUX 11.0 to/from HP K410 HPUX 11.0
I have OpenSSH 3.5p1 installed on both machines. They are both inside my firewall. I can ssh from each machine to the other with root, but not with my account. I can telnet from one to the other. I think I have everything set up correctly. I have not uncommented anything in the sshd_config file to begin with. I think the default settings are good. Attached is a ssh -v from one to the other. What is causing the problem? Points will be awarded
0 Kudos
Reply
8 REPLIES 8
Sridhar Bhaskarla
Honored Contributor

‎02-12-2003 07:13 AM

‎02-12-2003 07:13 AM

Re: OpenSSH not connecting - closed by foreign host

Hi,

If root is able to do ssh, then I believe ssh setup is ok. There are the following things to check for that user on the remote system.

1. Make sure you can be able to do telnet. Password expiry will not let ssh to prompt for the new password.

2. There could be a problem with the permissions on the home directory of the user. sshd_config by default will be enabled with "Strictmodes yes". So, the permission at the max you can have is 750. Try changing the permissions of the users home directory on the remote system and see if it works

You will get more details on the servers side by running sshd with debug (-d) option.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Chris Vail
Honored Contributor

‎02-12-2003 07:27 AM

‎02-12-2003 07:27 AM

Re: OpenSSH not connecting - closed by foreign host

I suspect that this is a permissions problem with the ~/.ssh directory, or the files therein for your user. Permissions on the authorized_keys files should be 644. Permissions on the home directory itself should be 755. I've attached a document I wrote that explains how to set up secure shell properly. Its a little lengthy, but worth the effort.
0 Kudos
Reply
Christian Gebhardt
Honored Contributor

‎02-12-2003 07:29 AM

‎02-12-2003 07:29 AM

Re: OpenSSH not connecting - closed by foreign host

Hi

check your sshd-logfile of machine test02, maybe there is a hint.

Chris
0 Kudos
Reply
John Peace
Frequent Advisor

‎02-12-2003 07:58 AM

‎02-12-2003 07:58 AM

Re: OpenSSH not connecting - closed by foreign host

Permissions are as follows

/home 750
/home/jpeace 750 jpeace is owner
/home/jpeace/.ssh 750 jpeace is the owner
/home/jpeace/.ssh/authorized_keys 644 jpeace owner

I restarted sshd with -d and have attached my attempt. Is the problem:

debug1: PAM setting tty to "/dev/pts/0"
PAM session setup failed[33]: General Commercial Security error

What would cause this?
0 Kudos
Reply
Chris Vail
Honored Contributor

‎02-12-2003 11:02 AM

‎02-12-2003 11:02 AM

Re: OpenSSH not connecting - closed by foreign host

Again: your home directories should have an ownership of 755, not 750. Secure shell is very, very picky about this.


Chris
0 Kudos
Reply
John Peace
Frequent Advisor

‎02-12-2003 12:19 PM

‎02-12-2003 12:19 PM

Re: OpenSSH not connecting - closed by foreign host

The settings are now:

/home 755
/home/jpeace 755
/home/jpeace/.ssh 755
/home/jpeace/.ssh/authorized_keys 644

On both machines. I have uninstalled, removed all files, reinstalled and reconfigured on test02. I still got the same debug messages as the attachment from my last message. The main problem still seemed to be.

debug1: PAM setting tty to "/dev/pts/0"
PAM session setup failed[33]: General Commercial Security error

I then edited the sshd_config. I uncommented and changed to:
UsePrivilegeSeparation no


It worked. Will this cause me problems in the future?


Any ideas?
0 Kudos
Reply
Chris Vail
Honored Contributor

‎02-12-2003 03:44 PM

‎02-12-2003 03:44 PM

Re: OpenSSH not connecting - closed by foreign host

I suspect that you're using version 1 of the ssh protocol. This is not considered secure. I urge you to run the command "ssh-keygen -t dsa" to build a version 2 dsa keyset. Then restore the sshd_config file as default, and re-test.
If this problem still occurs, then I haven't a notion as to what else to do. We're using ssh here on 31 HP-UX 11.0 and 11i machines without complaint, issue, or modification of the sshd_config file. Every one of the 31 machines was configured using the document that I previously attached. We also use secureCRT, winSCP2, and puTTY without incident.


Chris
0 Kudos
Reply
John Peace
Frequent Advisor

‎02-13-2003 11:28 AM

‎02-13-2003 11:28 AM

Re: OpenSSH not connecting - closed by foreign host

I changed all my keys to dsa and still have the same problem when

UsePrivilegeSeparation yes

Once I change it to

UsePrivilegeSeparation no

it works. I will keep doing research. Thanks for all the help Chris. If I ever figure it out I will post here.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.