HPE Community
Operating System - HP-UX
1819681 Members
3658 Online
109605 Solutions
New Discussion юеВ

ssh pubkeyauthentication problem

 
yangk
Frequent Advisor

тАО05-27-2010 02:24 AM

тАО05-27-2010 02:24 AM

ssh pubkeyauthentication problem

Hi All,

I have encountered a strange problem only with the non-root user to do the pubkey authentication.My machine is 11.23 PA machine.

file /opt/ssh/sbin/sshd
/opt/ssh/sbin/sshd: ELF-64 executable object file - PA-RISC 2.0 (LP64)

the sshd is 64 bit,and here is the debug message from the ssh client:
$ hostname
sshpa4

$ ssh sshpa4 -vvv
........
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/yangk/.ssh/identity
debug3: no such identity: /home/yangk/.ssh/identity
debug1: Offering public key: /home/yangk/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp ac:7a:a0:2a:7c:8b:a2:a3:5e:9d:f3:91:0f:ba:a6:17
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: Final hpn_buffer_size = 131072
debug1: HPN Disabled: 1, HPN Buffer Size: 131072
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t3 r-1 i0/0 o0/0 fd 6/7 cfd -1)

debug3: channel 0: close_fds r 6 w 7 e 8 c -1
Connection to sshpa4 closed by remote host.
Connection to sshpa4 closed.
Transferred: sent 2128, received 2072 bytes, in 0.0 seconds
Bytes per second: sent 70717.0, received 68856.1
debug1: Exit status -1

the publickey authentication is succeeded, but it is closed by the server.


But if I switch the 64 sshd to the 32 sshd, then it can work, that is so strange.
Here is the details:

root@sshpa4# file /opt/ssh/sbin/sshd
/opt/ssh/sbin/sshd: PA-RISC2.0 shared executable dynamically linked

$ ssh localhost -vvv
...............
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/yangk/.ssh/identity
debug3: no such identity: /home/yangk/.ssh/identity
debug1: Offering public key: /home/yangk/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp ac:7a:a0:2a:7c:8b:a2:a3:5e:9d:f3:91:0f:ba:a6:17
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: Final hpn_buffer_size = 131072
debug1: HPN Disabled: 1, HPN Buffer Size: 131072
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: fd 5 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 65536
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last successful login: Thu May 27 18:16:40 EAT 2010 localhost
Last login: Thu May 27 18:07:43 2010 from sshpa5.chn.hp.com
(c)Copyright 1983-2003 Hewlett-Packard Development Company, L.P.
(c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California
(c)Copyright 1980, 1984, 1986 Novell, Inc.
(c)Copyright 1986-2000 Sun Microsystems, Inc.
(c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
(c)Copyright 1989-1993 The Open Software Foundation, Inc.
(c)Copyright 1990 Motorola, Inc.
(c)Copyright 1990, 1991, 1992 Cornell University
(c)Copyright 1989-1991 The University of Maryland
(c)Copyright 1988 Carnegie Mellon University
(c)Copyright 1991-2003 Mentat Inc.
(c)Copyright 1996 Morning Star Technologies, Inc.
(c)Copyright 1996 Progressive Systems, Inc.


RESTRICTED RIGHTS LEGEND
Use, duplication, or disclosure by the U.S. Government is subject to
restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in
Technical Data and Computer Software clause in DFARS 252.227-7013.


Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA 94304 U.S.A.

Rights for non-DOD U.S. Government Departments and Agencies are as set
forth in FAR 52.227-19(c)(1,2).
$ uname -a
HP-UX sshpa4 B.11.23 U 9000/800 3267743753 unlimited-user license

As you see,i can log into the localhost with publickey authentication.

So why the 64 bit sshd do not let the ssh login with publickey authentication ,but 32 bit sshd can allow?

This problem has so strange to me.
Could somebody give me help about this?
Thanks in advance!

Kevin
0 Kudos
Reply
4 REPLIES 4
yangk
Frequent Advisor

тАО05-27-2010 02:26 AM

тАО05-27-2010 02:26 AM

Re: ssh pubkeyauthentication problem

one thing to supplement the ssh client and the ssh server is the same machine which is sshpa4.
0 Kudos
Reply
chenn_1
Advisor

тАО05-27-2010 02:42 AM

тАО05-27-2010 02:42 AM

Re: ssh pubkeyauthentication problem

Additionally, we've installed exactly the same SSH depot on another 11.23PA machine. And it works fine there. Seems that only "sshpa4" has this kind of issue. FYI.
0 Kudos
Reply
mvpel
Trusted Contributor

тАО05-27-2010 05:23 AM

тАО05-27-2010 05:23 AM

Re: ssh pubkeyauthentication problem

Your test cases aren't quite identical - in the first you ssh to sshpa4, in the second you ssh to localhost. I seem to recall that sshd can treat the loopback interface differently in some cases.

Try doing an "ssh localhost" with the 64-bit sshd just to be sure.
0 Kudos
Reply
yangk
Frequent Advisor

тАО05-27-2010 08:09 PM

тАО05-27-2010 08:09 PM

Re: ssh pubkeyauthentication problem

Hi mvpel,

the sshpa4 and localhost has the same issue.

Thanks!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.