HPE Community
Operating System - HP-UX
1834130 Members
2970 Online
110064 Solutions
New Discussion

Secure Shell A.03.50.000 SSH2

 
Ivan A. Marshall
Occasional Contributor

‎07-15-2003 07:22 AM

‎07-15-2003 07:22 AM

Secure Shell A.03.50.000 SSH2

Does anyone know of any issues with this new version and SSH2 (SSH Comm. , not OpenSSH) servers ..??

I recently installed the new version, and I was able to connect to other HP Secure Shell machines ...

but as soon as I tried to connect to an SSH2 machine I was refused entry ...

I tried doing the connection with multiple v's , but it showed nothing in error .. just "connection closed" ..

Help ..??

Could this have anything to do with the fact that HP has now put in the Priv. Seperation?
NT sucks ... Let Mac rule the world
0 Kudos
Reply
6 REPLIES 6
Sridhar Bhaskarla
Honored Contributor

‎07-15-2003 07:25 AM

‎07-15-2003 07:25 AM

Re: Secure Shell A.03.50.000 SSH2

Hi,

Priv. seperation is not HP's but Openssh's parameter that has been introduced since ssh 3.4 version.

Try from the server side. Enable sshd with "-d" option and observe the output. During this debug mode, the existing ssh sessions will work but new connections will be refused except for the first connection after you enabled sshd with -d.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎07-15-2003 07:38 AM

‎07-15-2003 07:38 AM

Re: Secure Shell A.03.50.000 SSH2

Also, you could try starting up a second sshd using -d and -p. The -p command specifies an alternate port to use, so

sshd -d -p 2222

will run an instance of the sshd daemon on port 2222 in debugging mode.

ssh -p 2222

from a client will connect to the debugging-mode sshd.
0 Kudos
Reply
Ollie R
Respected Contributor

‎07-15-2003 08:49 PM

‎07-15-2003 08:49 PM

Re: Secure Shell A.03.50.000 SSH2

Hi Ivan,

I'm presuming the problem that you see is that you cannot get a public/private keypair to work between your OpenSSH and you SSH2 systems?

I'll continue as if this is the case - if not, then please forgive me!

Basically, the format of the public and private keyfiles are different and incompatible between OpenSSH and SSH2.

Note that SSH2 and SSH Protocol Version 2 are NOT the same thing!

What you need to do is create your keypair on one of the system and then convert the public key to the other format.

If you create the keypair on the OpenSSH system, you will need to run:

ssh-keygen -e -f [PUBLIC KEYFILE] > [NEW PUBLIC KEYFILE]

If you create the keypair on the SSH2 system, you will need to run:

ssh-keygen -i -f [PUBLIC KEYFILE] > [NEW PUBLIC KEYFILE]

If you then copy the keyfile to the other system, it should work.

Just a few things:

1) Ensure that the user you are trying to connect as has a valid password, otherwise you will get "permission denied" messages

2) Check the permissions of the ".ssh" (".ssh2" directory on SSH2 systems) and the contents to make sure they are tight enough - 700 for directories and 600 for files

3) Make sure you set up the files correctly for the different versions of SSH

Good luck and let us know how you get on!

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎07-19-2003 04:14 PM

‎07-19-2003 04:14 PM

Re: Secure Shell A.03.50.000 SSH2

Hi,

Nowadays, OpenSSH comes pre-built with tcpwrappers. tcpd reads the /etc/hosts.deny and /etc/hosts.allow depending on which one or both are applicable.

Here's some troubleshooting steps to some of the common problems.

Try telnet to the SSH2 machine's SSH port e.g.:
# telnet ssh2_machine 22

Check the message that is displayed. If no version number is shown, tcpwrapper is most likely wrapping the connection and you will need to configure /etc/hosts.deny and/or /etc/hosts.allow to allow access from your client.

If you see the version number, check that protocol 2 is displayed. If you notice only protocol 1, it is likely that either there was a misconfiguration at the server end or SSHD 2 was not installed.

Note that Protocol 1 has a string of security vulnerabilities tied with it in the past. As such, it is always advisable to disable Protocol 1 compatibility in your SSH configuration file.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎07-19-2003 06:12 PM

‎07-19-2003 06:12 PM

Re: Secure Shell A.03.50.000 SSH2

Just went through the same thing...

Placed a call with HP - here's the solution:

This issue can be checked easily enough, and
pertains directly to connecting to Windows running sshd version 3.2.3.
Please check and see if you have the /etc/krb5.conf file. If not, please execute:
# touch /etc/krb5.conf

see:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x2e8b227a6ab4d711900a0090279cd0f9,00.html


Rgds...Geoff


Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-19-2003 06:46 PM

‎07-19-2003 06:46 PM

Re: Secure Shell A.03.50.000 SSH2

I've been able to get HP machines to talk to other machines with public keys using a Chris Vail doc.

I'm attaching it in case its helpful.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.