HPE Community
Operating System - HP-UX
1838703 Members
3497 Online
110128 Solutions
New Discussion

trouble with ssh

 
SOLVED
Go to solution
Oliver Schmitz
Regular Advisor

‎06-12-2003 07:32 AM

‎06-12-2003 07:32 AM

trouble with ssh

Hi again,

I inastalled the OpenSSH tools included on the core OS CD for HP-UX 11.i TCOE. It semmed to work fine because I only tried to go out from my local maschine. Unfortunately It comes out that it definetely is not working as I intended in the other direction.

I looked to the configuration files and checked them as good as I understood the description in the man pages. I found no error and I would like to ask everybody here to have a look and help me to find a mistake. Are there any other things to pay attention on?

Thnak you very much,

Oliver

P.S.: If I try to access the maschine from outward with ssh/scp/sftp I got an "Permission denied" and on a Linux maschine the message "Local: Key does not match.". Does this help further?
Oliver Schmitz
0 Kudos
Reply
8 REPLIES 8
Kevin Wright
Honored Contributor

‎06-12-2003 07:39 AM

‎06-12-2003 07:39 AM

Solution

Re: trouble with ssh

ensure the sshd daemon is running, and from a remote host run
ssh -v -v -v

post whatever error you get.

Make sure you have created your host keys, and you might want to comment out Strictmodes, restart sshd, and try again.
Reply
David_246
Trusted Contributor

‎06-12-2003 07:49 AM

‎06-12-2003 07:49 AM

Re: trouble with ssh

 
@yourservice
Reply
Elena Leontieva
Esteemed Contributor

‎06-12-2003 08:02 AM

‎06-12-2003 08:02 AM

Re: trouble with ssh

Oliver,
I just was thinking if you want to double check your configuration steps:
1.3 Configuring HP-UX Secure Shell

Use the following information as a supplement to the manpages and O'Reilly's
SSH, The Secure Shell -- The Definitive Guide.

HP recommends using SSH-2 to eliminate the risk of an insertion attack. The
installation script generates RSA1, RSA, and DSA server keys if these did
not previously exist. The following is a list of the host keys generated and
placed in /opt/ssh/etc/ upon installation:

------------------------------------------------------------------------
Table 1-4: Host Keys HP-UX Secure Shell Generates Upon Installation

Description Host Key

RSA1 private and public host ssh_host_key ssh_host_key.pub
keys for SSH-1

RSA private and public host keys ssh_host_rsa_key ssh_host_rsa_key.pub
for SSH-2

DSA private and public host keys ssh_host_dsa_key ssh_host_dsa_key.pub
for SSH-2

------------------------------------------------------------------------

You will find the HP-UX Secure Shell configuration files at the following
locations:
------------------------------------------------------------------------
Table 1-5: Configuration Files

File Location

server configuration file /opt/ssh/etc/sshd_config

client configuration file /opt/ssh/etc/ssh_config

------------------------------------------------------------------------

PAM

sshd uses its own configuration lines in /etc/pam.conf. You can create a
link to sshd and change the service name in /etc/pam.conf to the link name.
The service name in /etc/pam.conf must match the name of the daemon invoked.
For example, if you create a link to sshd named lsshd and you invoke lsshd,
PAM looks for the service name lsshd. If you invoke sshd, PAM looks for the
service name sshd. See the pam.conf(4) manpage for more information about
configuring PAM.

Key Generation

By default, HP-UX Secure Shell is set to use SSH-2 only. The default setting
for ssh-keygen is null. You must specify which type of keys you want
ssh-keygen to generate. ssh-keygen can create SSH-1 (RSA1) and SSH-2 (RSA,
DSA) key pairs. Use the -t option to generate SSH-2 key pairs. For example,
ssh-keygen -t dsa generates SSH-2 DSA key pairs.

Public Key Authentication

You must generate key pairs that match the protocol type (SSH-1 or SSH-2)
when using public key authentication. Use RSA1 keys for SSH-1. Use RSA or
DSA keys for SSH-2. Generate the key pair locally as the user of Secure
Shell. Add the public part of the key pair to ~/.ssh/.authorized_keys for
the appropriate user on the target system.

Reply
Chris Vail
Honored Contributor

‎06-12-2003 08:33 AM

‎06-12-2003 08:33 AM

Re: trouble with ssh

Do check the ownership and permission of the various files. They MUST be exactly 644 for the id_dsa.pub and known_hosts files as well as the .ssh directory itself. The home directory for the user must be 755 ONLY. Attached is my usual document that describes how to install and implement this.


Chris
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎06-12-2003 10:32 AM

‎06-12-2003 10:32 AM

Re: trouble with ssh

Can you post debugging output from sshd?

Run a copy of sshd on a non-reserved port like this:

/opt/ssh/sbin/sshd -p 2222 -d -d -d

and connect to it from your linux box as

ssh -p 2222

Then post the output from the sshd.

-p will run it on port 2222, and runin the foreground (no daemon mode). It will also exit after one connection.

-d will cause sshd to print debugging output. Using it up to three times on the command line causes more verbose output.
0 Kudos
Reply
Oliver Schmitz
Regular Advisor

‎06-23-2003 03:24 AM

‎06-23-2003 03:24 AM

Re: trouble with ssh

Dear all,

was ill for two weeks. I started today again with searching my missconfigurations etc.

Thank you for the detailed hints. I will work through them and post some message here again.

SY,

Oliver
Oliver Schmitz
0 Kudos
Reply
Zeev Schultz
Honored Contributor

‎06-23-2003 03:50 AM

‎06-23-2003 03:50 AM

Re: trouble with ssh

Oliver,
I'm not going to post ssh configuration docs here as I think they are pretty good somewhere else on the Web :))
Anyway,key not match can point to the fact that
you didn't copy the key for authorized user to that other ssh server (linux in your case?).If Linux is and ssh client - check that key is copied to the user's file with his login you're trying to access.
As to sftp - are you sure that the usual ftp works well and only secure ftp isn't?

Zeev
So computers don't think yet. At least not chess computers. - Seymour Cray
0 Kudos
Reply
Oliver Schmitz
Regular Advisor

‎06-23-2003 03:52 AM

‎06-23-2003 03:52 AM

Re: trouble with ssh

Dear Kevin,

I did was you sugested. Here the output (I put instead of my PC name (- ):

ssh -v -v -v 134.94.245.118
SSH Version 1.2.27 [i686-unknown-linux], protocol version 1.5.
Standard version. Does not use RSAREF.
SSH Version 1.2.27 [i686-unknown-linux], protocol version 1.5.
Standard version. Does not use RSAREF.
SSH Version 1.2.27 [i686-unknown-linux], protocol version 1.5.
Standard version. Does not use RSAREF.
: ssh_connect: getuid 5750 geteuid 5750 anon 1
: Connecting to 13x.xxx.xxx.xxx port 22.
: Connection established.
: Remote protocol version 2.0, remote software version OpenSSH_3.1p1
: Waiting for server public key.
Local: Bad packet length 1349676916.


Thanks again for some ideas, Oliver
Oliver Schmitz
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.