HPE Community
Operating System - HP-UX
1830973 Members
2408 Online
110018 Solutions
New Discussion

ssh problem

 
Saraswathy_1
Advisor

‎01-01-2006 06:37 AM

‎01-01-2006 06:37 AM

ssh problem

We have secured shell client in our nerwork.
Suddenly from this morning its giving problem for one user.
The problem is while doing ssh from production box to test box shell is prompting for passwd.Not sure what has happened.
None of the file has been changed.
Moreover for other users its working fine.
0 Kudos
Reply
10 REPLIES 10
Patrick Wallek
Honored Contributor

‎01-01-2006 06:57 AM

‎01-01-2006 06:57 AM

Re: ssh problem

Check /var/adm/syslog on the destination and see what kind of information is being logged.

You could also try 'ssh -vvv sys_name' to more verbose messages when doing the ssh to the other system.
0 Kudos
Reply
Saraswathy_1
Advisor

‎01-01-2006 07:08 AM

‎01-01-2006 07:08 AM

Re: ssh problem

syslog on traget server:-

Jan 1 12:01:10 server1 sshd[2278]: error: PAM: Authentication failed for bv from server1

From Source I executed ssh -v

$ssh -v server1
OpenSSH_3.8, OpenSSL 0.9.7d 17 Mar 2004
HP-UX_Secure_Shell-A.03.81.002, HP_UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to server1 [12.23.45.5] port 22.
debug1: Connection established.
debug1: identity file /home/bv/.ssh/id_rsa type 1
debug1: identity file /home/bv/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8
debug1: match: OpenSSH_3.8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'shm3sc1' is known and matches the RSA host key.
debug1: Found key in /home/bv/.ssh/known_hosts:87
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/bv/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/bv/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:


Lastly prompting for passwd.
Not sure were is the problem. Please advice in this matter.
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-01-2006 11:24 AM

‎01-01-2006 11:24 AM

Re: ssh problem

For an automated login (ie, no password), both computers must have they keys setup. If this was working, someone has probably changed the keyfile, moved or removed the file, or perhaps the user is logging in under a different account. Was anything restored to either system from backup? It's possibile that an old copy of the file replaced the latest version.


Bill Hassell, sysadmin
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎01-01-2006 07:22 PM

‎01-01-2006 07:22 PM

Re: ssh problem

Is there anything in /etc/pam_user.conf file. May be because of key file moving or renaming or content change. Try to recreate key for that user.

-Muthu
Easy to suggest when don't know about the problem!
0 Kudos
Reply
Michael Selvesteen_2
Trusted Contributor

‎01-01-2006 09:18 PM

‎01-01-2006 09:18 PM

Re: ssh problem

Hi,

You can try the following

1. Check the Permissions of the both private and public keys (644 for /home/bv/.ssh/id_rsa.pub & 600 for /home/bv/.ssh/id_rsa).

2. Ensure the server supports publickey authentication ( check Publickeyauthentication is yes in sshd_config )

Post the server log ( /opt/ssh/sbin/sshd -ddde ) if possible for more analysis

All the best
0 Kudos
Reply
Saraswathy_1
Advisor

‎01-01-2006 10:21 PM

‎01-01-2006 10:21 PM

Re: ssh problem

Here is the server log.

/opt/ssh/sbin/sshd -ddde
debug3: Seeding PRNG from /opt/ssh/libexec/ssh-rand-helper
debug2: read_server_config: filename /opt/ssh/etc/sshd_config
debug1: sshd version OpenSSH_3.8 [ HP-UX_Secure_Shell-A.03.81.002 ]
Could not load host key: /opt/ssh/etc/ssh_host_key
Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
Could not load host key: /opt/ssh/etc/ssh_host_dsa_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.

Could some one clarify which is server and client.Moreover I need only one way communication with out passwd.

Please advice
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎01-02-2006 01:32 AM

‎01-02-2006 01:32 AM

Re: ssh problem

It looks like someone has removed your keyfile:

Could not load host key: /opt/ssh/etc/ssh_host_key
Could not load host key: /opt/ssh/etc/ssh_host_rsa_key
Could not load host key: /opt/ssh/etc/ssh_host_dsa_key
Disabling protocol version 2. Could not load host key

Clients and server are defined the same way as for telnet or other connections. The user typing on the keyboard is the client (clients start the connection) and the server is the remote system that you want to contact.

You'll need to rebuild (or restore from backup) the keyfile on the server (the remote side).


Bill Hassell, sysadmin
0 Kudos
Reply
Sivakumar TS
Honored Contributor

‎01-02-2006 03:05 AM

‎01-02-2006 03:05 AM

Re: ssh problem


Dear Saraswathy,

Check this link,

http://cc.in2p3.fr/doc/phpman.php/man/ssh-keysign/8

Hope this helps.

With Regards,

Siva.
Nothing is Impossible !
0 Kudos
Reply
Michael Selvesteen_2
Trusted Contributor

‎01-02-2006 07:58 PM

‎01-02-2006 07:58 PM

Re: ssh problem

Hi Again,

As you lost your host keys you can try the following

1. If you have a backup of host keys you can replace with correct permissions

2. If possible try re-installing the HP Secure Shell



For more information about Hostkey and public key(password less) authentication you can refer the following link

http://cfm.gs.washington.edu/security/ssh/client-pkauth/

you can also find some useful information from /opt/ssh/README.hp and HP Secure Shell release notes

All the Best
0 Kudos
Reply
Saraswathy_1
Advisor

‎01-02-2006 10:11 PM

‎01-02-2006 10:11 PM

Re: ssh problem

FYI:- For other users I do not have any problem. Only for one user Iam facing this problem.
From client only for one user shell is prompting password. Others are fine.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.