HPE Community
Operating System - HP-UX
1836438 Members
3593 Online
110100 Solutions
New Discussion

ssh issue

 
Alex Ferreira
Frequent Advisor

‎05-14-2007 12:24 PM

‎05-14-2007 12:24 PM

ssh issue

Greetings All,
I currently have an issue with ssh.
Scenario..

I have switched disks on two boxes, all seems to be working except for ssh.

The box I am trying to connect to is in DMZ. Currently running Hp 11i, and running latest patches, ssh version is 4.30.014

Box trying to connect from runs AIX. Was working on the previous set of disks.

Need help getting ssh running.

Thanks,

Alex.
0 Kudos
12 REPLIES 12
Olivier Masse
Honored Contributor

‎05-14-2007 12:46 PM

‎05-14-2007 12:46 PM

Re: ssh issue

If the switch you're talking about is swapping some data disks from system A to system B, you must be sure that system B has the same host key that system A used to have. Currently, the AIX systems tries to talk to system B, expecting the host key from system A, and it fails with a "security breach" message (or similar).

If that is the case, simply copy all the files named /opt/ssh/etc/ssh_host_key and ssh_host_*_key from A to B and it should work again.
0 Kudos
Alex Ferreira
Frequent Advisor

‎05-14-2007 02:22 PM

‎05-14-2007 02:22 PM

Re: ssh issue

Olivier,

thank you for replying so quickly. I have tried what you suggested but no go. When I try to start ssh back up it comes up with the following error :
PRNG seed extraction failed
ssh-rand-helper child produced insufficient date
exit code:255

Now, what I did, was basically copy * in /opt/ssh/etc. Was this correct, or was I ONLY to copy the host keys*
0 Kudos
Jov
Honored Contributor

‎05-14-2007 02:35 PM

‎05-14-2007 02:35 PM

Re: ssh issue

Hi Alex,

Trying recopying the /opt/ssh/etc (or was it /etc/sshd) content with -p to perserve the datestamps of the files.

See how it goes.

Jov
0 Kudos
Alex Ferreira
Frequent Advisor

‎05-14-2007 03:01 PM

‎05-14-2007 03:01 PM

Re: ssh issue

Jov,

tried it but no good...

Any other suggestions?
0 Kudos
Jov
Honored Contributor

‎05-14-2007 03:15 PM

‎05-14-2007 03:15 PM

Re: ssh issue

Hi,

See if these threads will help

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=494030&admit=-682735245+1179198565796+28353475

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=226042

From the error (PRNG) it's related to the underlying random generated used. The 2nd thread should me most helpful.


Jov
0 Kudos
Alex Ferreira
Frequent Advisor

‎05-14-2007 03:41 PM

‎05-14-2007 03:41 PM

Re: ssh issue

I copied all files from /opt/ssh/etc/ except for the ssh_prng_cmds file and it has let me start ssh up, but still no good. Seems like the connection is timing out.

The server is closing the connection and not letting me connect..ARGH!!!
0 Kudos
Jov
Honored Contributor

‎05-14-2007 03:54 PM

‎05-14-2007 03:54 PM

Re: ssh issue

Hi,

I am not familar with PRNG, but you'll probably need to regenerate ssh_prng_cmds.


Jov
0 Kudos
Jov
Honored Contributor

‎05-14-2007 03:57 PM

‎05-14-2007 03:57 PM

Re: ssh issue

Hi Alex,

Have a read of this..

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=319327

Jov
0 Kudos
Alex Ferreira
Frequent Advisor

‎05-14-2007 05:23 PM

‎05-14-2007 05:23 PM

Re: ssh issue

No joy.

I have checked the syslogs and it is showing /opt/ssh/etc/primes has bad descriptions.

Funny thing though, don't have a primes that I can find. Anyone know what this /opt/ssh/etc/primes is?

Alex
0 Kudos
Jov
Honored Contributor

‎05-14-2007 10:50 PM

‎05-14-2007 10:50 PM

Re: ssh issue

Have a read of this http://www.snailbook.com/faq/ossh-primes-file.auto.html


Jov
0 Kudos
Alex Ferreira
Frequent Advisor

‎05-20-2007 12:00 PM

‎05-20-2007 12:00 PM

Re: ssh issue

Hi there,

I have not been able to fix this ssh issue, with the latest ssh version. I had to go to an older version and I can now login remotely.

I want to thank you both for your suggestions. I have assigned points to you both for taking time out of your busy schedules and posting your suggestions.

I will need to setup a test env and play a little more.

Again, thanks heaps for replying.

Alex
0 Kudos
Alex Ferreira
Frequent Advisor

‎05-20-2007 12:01 PM

‎05-20-2007 12:01 PM

Re: ssh issue

Thanks Again.

Alex
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.