HPE Community
Operating System - HP-UX
1829457 Members
1580 Online
109992 Solutions
New Discussion

SSH login

 
sheevm
Regular Advisor

‎04-11-2007 03:43 AM

‎04-11-2007 03:43 AM

SSH login


Hi All,

We recently upgraded SSH to 4.40 version.

when user login using SSH they receive a message about “keyboard interactive” and are prompted for a password (even when all the public keys have been installed), they hit enter and can get in

Does anyone out there know how to fix this?

Thanks.
be good and do good
0 Kudos
Reply
6 REPLIES 6
Steven Schweda
Honored Contributor

‎04-11-2007 03:53 AM

‎04-11-2007 03:53 AM

Re: SSH login

You might be amazed by how much more useful
actual commands with their actual output can
be in diagnosing problems like this, when
compared with an incomplete, vague
description of what happened.

Log in from where/what? Log into what?

Adding "-v" to the "ssh" command might also
be useful, while you're at it. And even
"ssh -V".
0 Kudos
Reply
Marco A.
Esteemed Contributor

‎04-20-2007 06:37 AM

‎04-20-2007 06:37 AM

Re: SSH login

Read more about it at .:

http://docs.hp.com/en/T1471-90015/ch01s16.html

and ..

http://docs.hp.com/en/T1471-90015/T1471-90015.pdf

Actually you can select what you want to use, PAM, or the Keyboard-Interactive.

Regards
Just unplug and plug in again ....
0 Kudos
Reply
Clay Jordan
Advisor

‎04-20-2007 10:21 AM

‎04-20-2007 10:21 AM

Re: SSH login

If you have access, you might also try running sshd in the foreground on the server with 'sshd -D -d -p ' and then connecting from one of the problem clients specifying the same port. You should get an the order and success/failure of the various authentication methods you have enabled.
0 Kudos
Reply
Rasheed Tamton
Honored Contributor

‎04-21-2007 12:12 AM

‎04-21-2007 12:12 AM

Re: SSH login

Hi,

SSH is sensitive to file permissions. Please make sure your permissions on file/dirs are correct.

chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/*

Also, check whether the publickey authentication is enabled in /opt/ssh/etc/sshd_config file or not.

ssh -vvv -l username hostname

and see the output.


Regards.
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎04-23-2007 01:56 AM

‎04-23-2007 01:56 AM

Re: SSH login

This sounds strange,
because an upgrade of SSH should by most generate new host keys during some post-install routine.
If that happened, and you forgot to recover the old host keys then your users would likely see a screen like this (apart from the deviating fingerprint) when they try to login:


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
85:44:38:4e:74:99:e4:77:d1:2e:01:46:4f:ea:e7:15.
Please contact your system administrator.
Add correct host key in /home/grothe/.ssh/known_hosts to get rid of this message
.
Offending key in /home/grothe/.ssh/known_hosts:943
RSA host key for tiber has changed and you have requested strict checking.
Host key verification failed.


As said, before annoying your users and requiring them to edit their $HOME/.ssh/known_hosts file to replace the offending key (if at all they know how to do this),
you should move the old host keys from before the update in place (e.g. /opt/ssh/etc/ssh_host_{rsa,dsa}_key*)

Whereas, your users' public keys should not have been affected by the upgrade.
Madness, thy name is system administration
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎04-23-2007 02:06 AM

‎04-23-2007 02:06 AM

Re: SSH login

Shalom,

Check permission and ownership on keys and .ssh and home directory.

Consider clearing out the known_hosts file.

Consider not using .zero releases they are often buggy.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.