HPE Community
Operating System - HP-UX
1833669 Members
3964 Online
110062 Solutions
New Discussion

Re: SSH authentication issues

 
SOLVED
Go to solution
dictum9
Super Advisor

‎11-16-2006 02:33 AM

‎11-16-2006 02:33 AM

SSH authentication issues

This is on 11.11

I restored the passwd file and /tcb encrypted passwd database. (The system wasn't trusted and I hope it made it trusted). Telnet still works but it broke ssh and I cannot figure out why. The UID seem to be consistent between the home directories and the passwd file.

I even tried generating new keys to no avail.



debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /.ssh/id_rsa type -1
debug3: Not a RSA1 key file /.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /.ssh/id_dsa type 2
ssh_exchange_identification: Connection closed by remote host
debug1: Calling cleanup 0x4000a8fa(0x0)
debug1: Calling cleanup 0x4000a902(0x0)
debug1: writing PRNG seed to file //.ssh/prng_seed

0 Kudos
Reply
6 REPLIES 6
Ivan Ferreira
Honored Contributor

‎11-16-2006 02:44 AM

‎11-16-2006 02:44 AM

Solution

Re: SSH authentication issues

Use cat -e to check your public key, it seems that some extra characters are in the file:

debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'

As if the file where break in the BEGIN/END blocks. It should look like:

---- BEGIN SSH2 PUBLIC KEY ----
---- END SSH2 PUBLIC KEY ----
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
Jaime Bolanos Rojas.
Honored Contributor

‎11-16-2006 02:48 AM

‎11-16-2006 02:48 AM

Re: SSH authentication issues

Etc,

Looks like I got confused:

"I restored the passwd file and /tcb encrypted passwd database. (The system wasn't trusted and I hope it made it trusted)."

What do you mean the system was not trusted, but you trusted by restoring the /tcb database...?

Regards,

Jaime.

Work hard when the need comes out.
Reply
dictum9
Super Advisor

‎11-16-2006 02:53 AM

‎11-16-2006 02:53 AM

Re: SSH authentication issues

I figured out what the problem was. The newly restored /etc/passwd did not have the sshd user. I was fairly certain that the backed up file from the old system did have it, but it didn't. It had ssh for sure. But I upgraded ssh and now it seems to require a user in /etc/passwd.

Anyway, it works now.

Re: Trusted system --- Here is the deal, the system crashed and I installed an entirely new OS and restored /etc/passwd and /tcb/* tree. The new system off the DVDs was not trusted and I think that by restoring the /tcb tree and /etc/passwd I made it trusted. I hope some weird errors don't come up in the future.
0 Kudos
Reply
Jaime Bolanos Rojas.
Honored Contributor

‎11-16-2006 03:01 AM

‎11-16-2006 03:01 AM

Re: SSH authentication issues

etc,

looks like it's working for you. I would have trusted the system first and then override the /tcb and /.secure

Do not really know if your steps are supported but it's working so far.

Regards,

Jaime.
Work hard when the need comes out.
Reply
dictum9
Super Advisor

‎11-16-2006 03:27 AM

‎11-16-2006 03:27 AM

Re: SSH authentication issues

That's true. What other things happen when you make a system trusted? In other words, when you make a system trusted manually, by restoring the /tcb directory, are there any important files left out?

0 Kudos
Reply
Jaime Bolanos Rojas.
Honored Contributor

‎11-16-2006 05:26 AM

‎11-16-2006 05:26 AM

Re: SSH authentication issues

Etc,

Looks like this is all that it does:

Creating secure password database...
Directories created.
Making default files.
System default file created...
Terminal default file created...
Device assignment file created...
Moving passwords...
secure password database installed.
Converting at and crontab jobs...
At and crontab files converted.

Regards,

Jaime.
Work hard when the need comes out.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.