HPE Community
Operating System - HP-UX
1834741 Members
2933 Online
110070 Solutions
New Discussion

SSH: cannot log in anywhere, even in localhost

 
SOLVED
Go to solution
Filipe_1
Frequent Advisor

‎11-29-2004 05:49 AM

‎11-29-2004 05:49 AM

SSH: cannot log in anywhere, even in localhost


Dear Forumers, here is the scenario:


- HP-UX 11.0, HP-UX_Secure Shell A.03.81.002 from an official HP-UX depot;

- Can login by ssh from any hosts, no problem here;

- Cannot login to anyhost, even to localhost;

- known_hosts is not being populated; No idea why;

- Get the "Host key verification failed" message whenever I try to login;

A piece of the log is below. The coplete log, as well as sshd_config and ssh_config is attached.

Any help would be much appreciated. Thanks in advance, folks!

Filipe.


---
(...)
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 128/256
debug2: bits set: 501/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /.ssh/known_hosts
debug3: check_host_in_hostfile: filename /opt/ssh/etc/ssh_known_hosts
debug3: check_host_in_hostfile: filename /.ssh/known_hosts
debug3: check_host_in_hostfile: filename /opt/ssh/etc/ssh_known_hosts
debug2: no key of type 0 for host localhost
debug3: check_host_in_hostfile: filename /.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /opt/ssh/etc/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /.ssh/known_hosts
debug3: check_host_in_hostfile: filename /opt/ssh/etc/ssh_known_hosts
debug2: no key of type 2 for host localhost
Host key verification failed.





0 Kudos
13 REPLIES 13
Steven E. Protter
Exalted Contributor

‎11-29-2004 06:44 AM

‎11-29-2004 06:44 AM

Re: SSH: cannot log in anywhere, even in localhost

This may be a little silly but:

ps -ef | grep sshd

Is the sshd daemon running on localhost?

If not:
/sbin/init.d/secsh start


Also wondering if you can ping the hosts you are trying to connect to. If you can't ping or prove network connectivity please start there.

You can also test with telnet.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
James A. Donovan
Honored Contributor

‎11-29-2004 06:49 AM

‎11-29-2004 06:49 AM

Re: SSH: cannot log in anywhere, even in localhost

"no key of type 2 for host localhost"

Have you generated host keys for this host?

Check your /opt/ssh/etc directory for the files: ssh_host_dsa_key, ssh_host_dsa_key.pub, ssh_host_rsa_key and ssh_host_rsa_key.pub. These would be the version 2 host keys. If they don't exist you'll need to generate them using ssh-keygen.

# ssh-keygen -t dsa -f /opt/ssh/etc/ssh_host_dsa_key -N ""
# ssh-keygen -t rsa /opt/ssh/etc/ssh_host_rsa_key -N ""

If they do exist, try recreating them.
Remember, wherever you go, there you are...
0 Kudos
James A. Donovan
Honored Contributor

‎11-29-2004 06:50 AM

‎11-29-2004 06:50 AM

Re: SSH: cannot log in anywhere, even in localhost

typo...second one should be:

# ssh-keygen -t rsa -f /opt/ssh/etc/ssh_host_rsa_key -N ""
Remember, wherever you go, there you are...
0 Kudos
Filipe_1
Frequent Advisor

‎11-29-2004 06:52 AM

‎11-29-2004 06:52 AM

Re: SSH: cannot log in anywhere, even in localhost

Yes, sshd is running...

Yes, it was generated:

optg3:/etc# ls -l /opt/ssh/etc/
total 250
-r--r--r-- 1 bin bin 111892 Jun 23 10:36 moduli
-r--r--r-- 1 bin bin 1154 Nov 18 08:56 ssh_config
-rw------- 1 root sys 672 Nov 11 15:53 ssh_host_dsa_key
-rw-r--r-- 1 root sys 600 Nov 11 15:53 ssh_host_dsa_key.pub
-rw------- 1 root sys 525 Nov 11 15:52 ssh_host_key
-rw-r--r-- 1 root sys 324 Nov 11 15:52 ssh_host_key.pub
-rw------- 1 root sys 887 Nov 11 15:53 ssh_host_rsa_key
-rw-r--r-- 1 root sys 220 Nov 11 15:53 ssh_host_rsa_key.pub
-rw-r--r-- 1 root sys 459 Nov 29 17:29 ssh_known_hosts
-r--r--r-- 1 bin bin 2811 Jun 23 11:59 ssh_prng_cmds
-r--r--r-- 1 bin bin 2522 Jul 5 02:28 sshd_config
0 Kudos
Filipe_1
Frequent Advisor

‎11-29-2004 06:56 AM

‎11-29-2004 06:56 AM

Re: SSH: cannot log in anywhere, even in localhost

Folks,

- I added the "localhost" entry on /opt/ssh/etc/ssh_known_hosts manually.

Yes, it is finding the key now but..., it is not authenticating. I cant figure out a good reason to do so.

---
ebug1: Found key in /opt/ssh/etc/ssh_known_hosts:2
debug2: bits set: 496/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /.ssh/id_rsa (00000000)
debug2: key: /.ssh/id_dsa (00000000)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
---

Still clueless.

Filipe.
0 Kudos
Steven E. Protter
Exalted Contributor

‎11-29-2004 07:00 AM

‎11-29-2004 07:00 AM

Re: SSH: cannot log in anywhere, even in localhost

I'm a bit stumped.

Is ipfilter running on the box? That firewall can be programmed to supress ssh connectivity.

I am assuming at this point that other forms of connectivity, ftp/telnet whatever have been proven to work.

Has it ever worked?

If so, what has changed on the system or with your network since the process last suceeded.

Sherlock Holmes time.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
James A. Donovan
Honored Contributor

‎11-29-2004 07:01 AM

‎11-29-2004 07:01 AM

Re: SSH: cannot log in anywhere, even in localhost

If you modify the Protocol line sshd_config to read:

Protocol 2,1

and restart the daemon, are you able to login?
Remember, wherever you go, there you are...
0 Kudos
Filipe_1
Frequent Advisor

‎11-29-2004 07:09 AM

‎11-29-2004 07:09 AM

Re: SSH: cannot log in anywhere, even in localhost


Steven,
No ipfiter. The sshd is accepting conections, but doesnt authenticate for localhost...

Telnet/FTP/whatever are working fine.

No, I dont know if it worked once. The server was cold installed recently.

Jim, I will give it a try, and will ket you know.



0 Kudos
Myles McManus
Frequent Advisor

‎11-29-2004 09:57 AM

‎11-29-2004 09:57 AM

Re: SSH: cannot log in anywhere, even in localhost

Just a thought, permissions on known_hosts? Also, why is it checking more than one?
There's no place like $HOME.
0 Kudos
Ermin Borovac
Honored Contributor

‎11-29-2004 04:32 PM

‎11-29-2004 04:32 PM

Solution

Re: SSH: cannot log in anywhere, even in localhost

In your ssh_config file you have

BatchMode yes

Please try setting this option to 'no'.

BatchMode
If set to ``yes'', passphrase/password querying will be disabled. This option is useful in scripts and other batch jobs where no user is present to supply the password. The argument must be ``yes'' or ``no''. The default is ``no''.
0 Kudos
Sridhar Bhaskarla
Honored Contributor

‎11-29-2004 05:00 PM

‎11-29-2004 05:00 PM

Re: SSH: cannot log in anywhere, even in localhost

Hi,

//debug2: key: /.ssh/id_rsa (00000000)
debug2: key: /.ssh/id_dsa (00000000)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa //

What's up with those id_dsa|rsa files?. Look in /.ssh/ directory and see if those files are corrupted or of zero length. Try moving them as .old and see if there is anyluck.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Filipe_1
Frequent Advisor

‎11-30-2004 12:10 AM

‎11-30-2004 12:10 AM

Re: SSH: cannot log in anywhere, even in localhost

Thanks Ermin,

You nailed that.

The funny thing is that no level of verbosity gave the clue.

0 Kudos
Filipe_1
Frequent Advisor

‎11-30-2004 12:10 AM

‎11-30-2004 12:10 AM

Re: SSH: cannot log in anywhere, even in localhost

Thanks folks! This is a great forum.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.