GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Trusted connection between servers !
Operating System - HP-UX
1848449
Members
6427
Online
104029
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2006 10:58 AM
04-19-2006 10:58 AM
Hi !
I configured 2 servers (serverA and serverB) with public key authentication for establish a trust connection for one user throught the ssh command.
In fact i need to execute a remote shell from serverA to serverB with this user. I executed the complete cookbook for generate the keys pair, etc, but when i execute the command, i receive the password confirmation for this user in the serverB:
serverA# ssh -l afscoper serverB ll
password:
Obviusly i don´t want to enter the password for this user. I need that the execution will made without password.
Any idea ?.
My 2 servers has HPUX 11i and T1471AA A.04.20.004 HP-UX Secure Shell
Thank's in advance !
I configured 2 servers (serverA and serverB) with public key authentication for establish a trust connection for one user throught the ssh command.
In fact i need to execute a remote shell from serverA to serverB with this user. I executed the complete cookbook for generate the keys pair, etc, but when i execute the command, i receive the password confirmation for this user in the serverB:
serverA# ssh -l afscoper serverB ll
password:
Obviusly i don´t want to enter the password for this user. I need that the execution will made without password.
Any idea ?.
My 2 servers has HPUX 11i and T1471AA A.04.20.004 HP-UX Secure Shell
Thank's in advance !
"Enjoy the life .."
Solved! Go to Solution.
10 REPLIES 10
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2006 11:31 AM
04-19-2006 11:31 AM
Solution
Do an "ssh -vvv -l afxcoper serverB ll" and see what gets returned. The '-vvv' enables very verbose logging, so the problem should show up.
You could also take a look at /var/adm/syslog/syslog.log and see if it says anything about your login issue.
You could also take a look at /var/adm/syslog/syslog.log and see if it says anything about your login issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2006 11:33 AM
04-19-2006 11:33 AM
Re: Trusted connection between servers !
Shalom Ivan,
A common cause for this issue is ownership and permissions on the .ssh folder and the files within.
Last time this happened, the mysql user had been given ownerhip of roots home folder. By me. By accident.
SEP
A common cause for this issue is ownership and permissions on the .ssh folder and the files within.
Last time this happened, the mysql user had been given ownerhip of roots home folder. By me. By accident.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2006 11:49 AM
04-19-2006 11:49 AM
Re: Trusted connection between servers !
The exit of the ssh command was:
$ ssh -v -l afscoper b_inb_07 ll
OpenSSH_4.2p1-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.20.004, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to b_inb_07 [146.219.212.186] port 22.
debug1: Connection established.
debug1: identity file /home/afscoper/.ssh/id_rsa type 1
debug1: identity file /home/afscoper/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1-hpn
debug1: match: OpenSSH_4.2p1-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1-hpn
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'b_inb_07' is known and matches the RSA host key.
debug1: Found key in /home/afscoper/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Offering public key: /home/afscoper/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Trying private key: /home/afscoper/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
I receive the confirmation password again. I think that i need to change some properties in the sshd_config file, are you agree ?.
The permissions over the home directories for this user in both servers are:
ServerA:
drwxr-xr-x 2 afscoper sybase 8192 Apr 17 17:55 .ssh
# ll .ssh
-rw-r--r-- 1 afscoper sybase 399 Apr 17 17:13 authorized_keys2
-rw-r--r-- 1 afscoper sybase 1671 Apr 17 16:59 id_rsa
-rw-r--r-- 1 afscoper sybase 399 Apr 17 16:59 id_rsa.pub
-rw-r--r-- 1 afscoper sybase 540 Apr 17 17:32 known_hosts
-rw-r--r-- 1 afscoper sybase 1024 Apr 17 17:55 prng_seed
ServerB:
# ll -d .ssh
drwxr-xr-x 2 afscoper sybase 8192 Apr 19 18:33 .ssh
# ll .ssh
-rw-r--r-- 1 afscoper sybase 399 Apr 17 17:01 authorized_keys2
-rw-r--r-- 1 afscoper sybase 1675 Apr 17 17:08 id_rsa
-rw-r--r-- 1 afscoper sybase 399 Apr 17 17:08 id_rsa.pub
-rw-r--r-- 1 afscoper sybase 1080 Apr 17 17:10 known_hosts
-rw------- 1 afscoper sybase 1024 Apr 19 18:33 prng_seed
Some reference ?
$ ssh -v -l afscoper b_inb_07 ll
OpenSSH_4.2p1-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.20.004, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to b_inb_07 [146.219.212.186] port 22.
debug1: Connection established.
debug1: identity file /home/afscoper/.ssh/id_rsa type 1
debug1: identity file /home/afscoper/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1-hpn
debug1: match: OpenSSH_4.2p1-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1-hpn
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'b_inb_07' is known and matches the RSA host key.
debug1: Found key in /home/afscoper/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Offering public key: /home/afscoper/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Trying private key: /home/afscoper/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
I receive the confirmation password again. I think that i need to change some properties in the sshd_config file, are you agree ?.
The permissions over the home directories for this user in both servers are:
ServerA:
drwxr-xr-x 2 afscoper sybase 8192 Apr 17 17:55 .ssh
# ll .ssh
-rw-r--r-- 1 afscoper sybase 399 Apr 17 17:13 authorized_keys2
-rw-r--r-- 1 afscoper sybase 1671 Apr 17 16:59 id_rsa
-rw-r--r-- 1 afscoper sybase 399 Apr 17 16:59 id_rsa.pub
-rw-r--r-- 1 afscoper sybase 540 Apr 17 17:32 known_hosts
-rw-r--r-- 1 afscoper sybase 1024 Apr 17 17:55 prng_seed
ServerB:
# ll -d .ssh
drwxr-xr-x 2 afscoper sybase 8192 Apr 19 18:33 .ssh
# ll .ssh
-rw-r--r-- 1 afscoper sybase 399 Apr 17 17:01 authorized_keys2
-rw-r--r-- 1 afscoper sybase 1675 Apr 17 17:08 id_rsa
-rw-r--r-- 1 afscoper sybase 399 Apr 17 17:08 id_rsa.pub
-rw-r--r-- 1 afscoper sybase 1080 Apr 17 17:10 known_hosts
-rw------- 1 afscoper sybase 1024 Apr 19 18:33 prng_seed
Some reference ?
"Enjoy the life .."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2006 12:29 PM
04-19-2006 12:29 PM
Re: Trusted connection between servers !
Hi Ivan,
2 things...
1. The permissions of .ssh directory should be drwx------ (700)
2. I guess the you need to put the public key of the source server on the destination server in the file called authorized_keys not authorized_keys2.
I am sure this should solve the problem.
Cheers
Rajeev
2 things...
1. The permissions of .ssh directory should be drwx------ (700)
2. I guess the you need to put the public key of the source server on the destination server in the file called authorized_keys not authorized_keys2.
I am sure this should solve the problem.
Cheers
Rajeev
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2006 12:51 PM
04-19-2006 12:51 PM
Re: Trusted connection between servers !
nop, i made the last changes in the permissions and the name for the authorized file but i have the same result.
I think that the solution is in the sshd_config file, but i'm not sure what must change.
Best Regards !
I think that the solution is in the sshd_config file, but i'm not sure what must change.
Best Regards !
"Enjoy the life .."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2006 01:13 PM
04-19-2006 01:13 PM
Re: Trusted connection between servers !
Maybe you can be benifited if you post your sshd_config file here to have a look
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2006 01:38 PM
04-19-2006 01:38 PM
Re: Trusted connection between servers !
Make all files in the .ssh directories to be 640 or 600 permissions. They absolutely do NOT need to world readable.
Also, try the '-vvv', that is 3 v's, in the ssh command. That will make it more verbose.
Did you look in your syslog file? At times, errors do get logged there.
Also, try the '-vvv', that is 3 v's, in the ssh command. That will make it more verbose.
Did you look in your syslog file? At times, errors do get logged there.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2006 04:00 AM
04-20-2006 04:00 AM
Re: Trusted connection between servers !
Ready go!
$ ssh -vvv -l afscoper b_inb_07
OpenSSH_4.2p1-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.20.004, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: Seeding PRNG from /opt/ssh/libexec/ssh-rand-helper
debug2: ssh_connect: needpriv 0
debug1: Connecting to b_inb_07 [146.219.212.186] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /home/afscoper/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/afscoper/.ssh/id_rsa type 1
debug1: identity file /home/afscoper/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1-hpn
debug1: match: OpenSSH_4.2p1-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1-hpn
debug2: fd 4 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 126/256
debug2: bits set: 508/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/afscoper/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 4
debug3: check_host_in_hostfile: filename /home/afscoper/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'b_inb_07' is known and matches the RSA host key.
debug1: Found key in /home/afscoper/.ssh/known_hosts:4
debug2: bits set: 515/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/afscoper/.ssh/id_rsa (40031078)
debug2: key: /home/afscoper/.ssh/id_dsa (00000000)
debug3: input_userauth_banner
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug3: start over, passed a different list publickey,password,keyboard-interact
ive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/afscoper/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Trying private key: /home/afscoper/.ssh/id_dsa
debug3: no such identity: /home/afscoper/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
This message is interesant "debug3: no such identity: /home/afscoper/.ssh/id_dsa", some idea ?.
My sshd_config file in ServerA is:
# $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 2
HashKnownHosts yes
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes2
56-cbc
# EscapeChar ~
b_inb_07# more /opt/ssh/etc/sshd_config
# $OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /opt/ssh/etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /opt/ssh/etc/ssh_host_rsa_key
#HostKey /opt/ssh/etc/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#CountKeyAuthBadLogins no
# Auth selection
#
#HostbasedAuthAllowUsers
#HostbasedAuthDenyUsers
#PubkeyAuthAllowUsers
#PubkeyAuthDenyUsers
#KerberosAuthAllowUsers
#KerberosAuthDenyUsers
#KerberosOrLocalPasswdAllowUsers
#KerberosOrLocalPasswdDenyUsers
#PasswordAuthAllowUsers
#PasswordAuthDenyUsers
#ChallRespAuthAllowUsers [pam] user1 user2 ...
#ChallRespAuthDenyUsers [pam] user1 user2 ...
#ChallRespAuthAllowUsers [bsdauth] user1 user2 ...
#ChallRespAuthDenyUsers [bsdauth] user1 user2 ...
#ChallRespAuthAllowUsers [skey] user1 user2 ...
#ChallRespAuthDenyUsers [skey] user1 user2 ...
#ChallRespAuthAllowUsers [securid] user1 user2 ...
#ChallRespAuthDenyUsers [securid] user1 user2 ...
#GSSAPIAuthAllowUsers
#GSSAPIAuthDenyUsers
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
X11UseLocalhost no
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#EnforceSecureTTY no
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
# no default banner path
Banner /etc/issue
# override default of no subsystems
Subsystem sftp /opt/ssh/libexec/sftp-server
# sftp-server logging
#LogSftp no
#SftpLogFacility AUTH
#SftpLogLevel INFO
# sftp-server umask control
#SftpUmask
#SftpPermitChmod yes
#SftpPermitChown yes
Some messages in /var/adm/syslog/syslog.log:
Apr 20 10:57:38 b_inb_07 sshd[1559]: Authentication refused: bad ownership or mo
des for directory /home/afscoper
Thank's in advance !
$ ssh -vvv -l afscoper b_inb_07
OpenSSH_4.2p1-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.20.004, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: Seeding PRNG from /opt/ssh/libexec/ssh-rand-helper
debug2: ssh_connect: needpriv 0
debug1: Connecting to b_inb_07 [146.219.212.186] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /home/afscoper/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/afscoper/.ssh/id_rsa type 1
debug1: identity file /home/afscoper/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2p1-hpn
debug1: match: OpenSSH_4.2p1-hpn pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1-hpn
debug2: fd 4 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 126/256
debug2: bits set: 508/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/afscoper/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 4
debug3: check_host_in_hostfile: filename /home/afscoper/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'b_inb_07' is known and matches the RSA host key.
debug1: Found key in /home/afscoper/.ssh/known_hosts:4
debug2: bits set: 515/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/afscoper/.ssh/id_rsa (40031078)
debug2: key: /home/afscoper/.ssh/id_dsa (00000000)
debug3: input_userauth_banner
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug3: start over, passed a different list publickey,password,keyboard-interact
ive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/afscoper/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Trying private key: /home/afscoper/.ssh/id_dsa
debug3: no such identity: /home/afscoper/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
This message is interesant "debug3: no such identity: /home/afscoper/.ssh/id_dsa", some idea ?.
My sshd_config file in ServerA is:
# $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 2
HashKnownHosts yes
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes2
56-cbc
# EscapeChar ~
b_inb_07# more /opt/ssh/etc/sshd_config
# $OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /opt/ssh/etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /opt/ssh/etc/ssh_host_rsa_key
#HostKey /opt/ssh/etc/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#CountKeyAuthBadLogins no
# Auth selection
#
#HostbasedAuthAllowUsers
#HostbasedAuthDenyUsers
#PubkeyAuthAllowUsers
#PubkeyAuthDenyUsers
#KerberosAuthAllowUsers
#KerberosAuthDenyUsers
#KerberosOrLocalPasswdAllowUsers
#KerberosOrLocalPasswdDenyUsers
#PasswordAuthAllowUsers
#PasswordAuthDenyUsers
#ChallRespAuthAllowUsers [pam] user1 user2 ...
#ChallRespAuthDenyUsers [pam] user1 user2 ...
#ChallRespAuthAllowUsers [bsdauth] user1 user2 ...
#ChallRespAuthDenyUsers [bsdauth] user1 user2 ...
#ChallRespAuthAllowUsers [skey] user1 user2 ...
#ChallRespAuthDenyUsers [skey] user1 user2 ...
#ChallRespAuthAllowUsers [securid] user1 user2 ...
#ChallRespAuthDenyUsers [securid] user1 user2 ...
#GSSAPIAuthAllowUsers
#GSSAPIAuthDenyUsers
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
X11UseLocalhost no
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#EnforceSecureTTY no
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
# no default banner path
Banner /etc/issue
# override default of no subsystems
Subsystem sftp /opt/ssh/libexec/sftp-server
# sftp-server logging
#LogSftp no
#SftpLogFacility AUTH
#SftpLogLevel INFO
# sftp-server umask control
#SftpUmask
#SftpPermitChmod yes
#SftpPermitChown yes
Some messages in /var/adm/syslog/syslog.log:
Apr 20 10:57:38 b_inb_07 sshd[1559]: Authentication refused: bad ownership or mo
des for directory /home/afscoper
Thank's in advance !
"Enjoy the life .."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2006 04:27 AM
04-20-2006 04:27 AM
Re: Trusted connection between servers !
Ah HA----- Here is the KEY:
Apr 20 10:57:38 b_inb_07 sshd[1559]: Authentication refused: bad ownership or modes for directory /home/afscoper
The permissions on your home directory are too open.
The permissions on the home directory must be '755' or less. It would probably be better if it was '750'.
SSH is VERY VERY picky about permissions. If permissions are not just right, then it will not allow passwordless logins.
Apr 20 10:57:38 b_inb_07 sshd[1559]: Authentication refused: bad ownership or modes for directory /home/afscoper
The permissions on your home directory are too open.
The permissions on the home directory must be '755' or less. It would probably be better if it was '750'.
SSH is VERY VERY picky about permissions. If permissions are not just right, then it will not allow passwordless logins.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-20-2006 05:16 AM
04-20-2006 05:16 AM
Re: Trusted connection between servers !
That's right !. The problem were the permissions !.
Server A:
drwxr-xr-x 3 afscoper sybase 8192 Apr 20 12:03 afscoper
drwx------ 2 afscoper sybase 8192 Apr 20 12:06 .ssh
# ll
-rw------- 1 afscoper sybase 399 Apr 17 17:01 authorized_keys
-rw------- 1 afscoper sybase 1675 Apr 17 17:08 id_rsa
-rw------- 1 afscoper sybase 399 Apr 17 17:08 id_rsa.pub
-rw------- 1 afscoper sybase 1080 Apr 17 17:10 known_hosts
-rw------- 1 afscoper sybase 1024 Apr 20 12:06 prng_seed
Thank you for your help and time !
LFOD !
Server A:
drwxr-xr-x 3 afscoper sybase 8192 Apr 20 12:03 afscoper
drwx------ 2 afscoper sybase 8192 Apr 20 12:06 .ssh
# ll
-rw------- 1 afscoper sybase 399 Apr 17 17:01 authorized_keys
-rw------- 1 afscoper sybase 1675 Apr 17 17:08 id_rsa
-rw------- 1 afscoper sybase 399 Apr 17 17:08 id_rsa.pub
-rw------- 1 afscoper sybase 1080 Apr 17 17:10 known_hosts
-rw------- 1 afscoper sybase 1024 Apr 20 12:06 prng_seed
Thank you for your help and time !
LFOD !
"Enjoy the life .."
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2026 Hewlett Packard Enterprise Development LP