HPE Community
Operating System - HP-UX
1846311 Members
3438 Online
110256 Solutions
New Discussion

Re: ssh problem

 
Amit Manna_6
Regular Advisor

‎07-31-2005 11:55 PM

‎07-31-2005 11:55 PM

ssh problem

Hi
I am doing a ssh to a server from my user account.
My home directory contains a direciotry called .ssh which contains the following files

total 10
drwxr-xr-x 2 akm03 users 96 Jun 9 16:13 .
drwx------ 3 akm03 users 1024 Jun 9 14:07 ..
-rw------- 1 akm03 users 528 Jun 9 14:07 identity
-rw-r--r-- 1 akm03 users 332 Jun 9 14:07 identity.pub
-rw------- 1 akm03 users 325 Jun 9 16:13 known_hosts
-rw------- 1 akm03 users 512 Aug 1 12:19 random_seed


for another user when i am tryiong to do ssh it says permission denied.

The home directory of that user contains a directory called .ssh which contains the following files :

otal 6
drwxr-xr-x 2 iefit dba 96 Aug 1 12:50 .
drwxr-xr-x 6 iefit dba 1024 Aug 1 12:50 ..
-rw------- 1 iefit dba 325 Aug 1 12:50 known_hosts
-rw------- 1 iefit dba 512 Aug 1 12:51 random_seed


Can anybody suggest what may be the problem and whats the workaround for this.

Thanks in advance.


0 Kudos
Reply
7 REPLIES 7
Mauro Gatti
Valued Contributor

‎07-31-2005 11:59 PM

‎07-31-2005 11:59 PM

Re: ssh problem

Have you tried to change .ssh permission in 700?
Anyway 700 would have to be the correct permission mask.

RGDS
Ubi maior, minor cessat!
0 Kudos
Reply
RAC_1
Honored Contributor

‎08-01-2005 12:37 AM

‎08-01-2005 12:37 AM

Re: ssh problem

Give more details.

ssh -vvv from client.

sshd -ddd from server you are trying to log onto.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Marvin Strong
Honored Contributor

‎08-01-2005 01:41 AM

‎08-01-2005 01:41 AM

Re: ssh problem

chances are its permissions somewhere along the path.

ll -d /home/${user} 755 or better
ll -d /home/${user}/.ssh 700

failing that the syslog should tell you the exact problem.

0 Kudos
Reply
Alessandro Pilati
Esteemed Contributor

‎08-01-2005 02:21 AM

‎08-01-2005 02:21 AM

Re: ssh problem

Amit,
the permissions of .ssh dir must be 700, otherwise SSH client will not start ssh session.
After the change of these permissions ( that in your case are wrongly set to 755 ), have a look in the identity file and verify with "vi" if there are bad characters, spaces at the end of the line and if your keys are registered one for line.

Rgds,
Alex
if you don't try, you'll never know if you are able to
0 Kudos
Reply
generic_1
Respected Contributor

‎08-01-2005 02:28 AM

‎08-01-2005 02:28 AM

Re: ssh problem

Assuming you have setup your keys correctly.
I think you just locked something down too far, but dont open too wide either :) that can cause you problems too.
0 Kudos
Reply
Amit Manna_6
Regular Advisor

‎08-01-2005 02:49 AM

‎08-01-2005 02:49 AM

Re: ssh problem

Please find the error below:
when i ran ssh -l command for the problematic account

ssh -l iefit -v tldnms
SSH Version 1.2.27 [hppa1.0-hp-hpux10.20], protocol version 1.5.
Standard version. Does not use RSAREF.
michael: ssh_connect: getuid 16776 geteuid 16776 anon 1
michael: Connecting to tldnms [10.220.6.17] port 22.
michael: Connection established.
michael: Remote protocol version 1.5, remote software version 1.2.27
michael: Waiting for server public key.
michael: Received server public key (768 bits) and host key (1024 bits).
michael: Host 'tldnms' is known and matches the host key.
michael: Initializing random; seed file /home/akm03/.ssh/random_seed
michael: Encryption type: idea
michael: Sent encrypted session key.
michael: Installing crc compensation attack detector.
michael: Received encrypted confirmation.
michael: No agent.
michael: Trying RSA authentication with key 'akm03@michael'
michael: Server refused our key.
Permission denied.

Please suggest
0 Kudos
Reply
Doug O'Leary
Honored Contributor

‎08-01-2005 07:41 AM

‎08-01-2005 07:41 AM

Re: ssh problem

Hey;

A couple of things to suggest. As the vererated M.Strong suggested, examine the /var/adm/syslog/syslog.log to see what errors are there. If there are any, post them here.

Second, try the ssh with a different user. Does that work? If it's limited to this particular user, then it's almost certainly a directory permissions problem. If it affects more than one user, continue reading:

The error suggests that ssh server version running on tldnms doesn't support RSA. There are two possibilities for this. First possibliity is that the server version is a commercail ssh version which only supports DSA. If that's the case, regenerate your keys using DSA as the protocol.

Second possiblity, which seems more likely based on the error output, is that the ssh server is ssh ver 1 which only supports rsa version 1. If that's the case, regenerate your keys using rsa1 instead of rsa.

You can try one or both key types or you can log into the server and execute ssh -V to get the versions supported.

Hope that helps.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.