Login or Register to Ask a Question and Join Our Community


Red Hat

SSH Keys between RHEL 5 and Solaris 10

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat SSH Keys between RHEL 5 and Solaris 10
# 22  
Old 01-19-2012
I don't see an entry for AuthorizedKeysFile in the sshd_config file.

Should I run
Code:
root$ sshd -D -vvv -p2222

on the server and then connect from the client again using
Code:
client$ ssh -p2222 host

?
# 23  
Old 01-19-2012
If there's no entry that's fine, just means sshd uses the default location in the users .ssh dir which is fine.

Go ahead with the verbose output from the sshd.
# 24  
Old 01-19-2012
I'm getting this error;
Code:
root@solarishost:/# /usr/lib/ssh/sshd -D -vvv -p2222
sshd: illegal option -- v
sshd version Sun_SSH_1.1.2

# 25  
Old 01-19-2012
Ahh sorry, i gave you openssh syntax (my excuse is we install openssh on solaris 10, we don't use sun's version), for solaris it's:

Quote:
sshd -d -d -d -p2222
# 26  
Old 01-20-2012
This attempt was from the Redhat VM I set up to the Solaris server. The output is what I got on the Solaris server from the command
Code:
/usr/lib/ssh/sshd -d -d -d -p2222

Code:
debug3: cipher ok: aes128-cbc [aes128-cbc,blowfish-cbc,3des-cbc]
debug3: cipher ok: blowfish-cbc [aes128-cbc,blowfish-cbc,3des-cbc]
debug3: cipher ok: 3des-cbc [aes128-cbc,blowfish-cbc,3des-cbc]
debug3: ciphers ok: [aes128-cbc,blowfish-cbc,3des-cbc]
debug2: mac_init: found hmac-sha1
debug3: mac ok: hmac-sha1 [hmac-sha1,hmac-md5]
debug2: mac_init: found hmac-md5
debug3: mac ok: hmac-md5 [hmac-sha1,hmac-md5]
debug3: macs ok: [hmac-sha1,hmac-md5]
debug1: sshd version Sun_SSH_1.1.2
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug1: Server will not fork when running in debugging mode.
Connection from xx.xx.xx.xx port 57514
debug1: Client protocol version 2.0; client software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.2
debug2: Waiting for monitor
monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
monitor debug2: Monitor pid 21144, unprivileged child pid 21145
debug2: Monitor signalled readiness
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: list_hostkey_types: ssh-rsa,ssh-dss
monitor debug1: reading the context from the child
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: ar-EG,en-CA,es-MX,ar,en-US,es,fr,fr-CA,i-default
debug2: kex_parse_kexinit: ar-EG,en-CA,es-MX,ar,en-US,es,fr,fr-CA,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: GSS-API Mechanism encoded as toWM5Slw5Ew8Mqkay+al2g==
debug1: SSH2_MSG_KEXINIT sent
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: ar-EG,en-CA,es-MX,ar,en-US,es,fr,fr-CA,i-default
debug2: kex_parse_kexinit: ar-EG,en-CA,es-MX,ar,en-US,es,fr,fr-CA,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: Peer sent proposed langtags, ctos:
debug1: Peer sent proposed langtags, stoc:
debug1: We proposed langtags, ctos: ar-EG,en-CA,es-MX,ar,en-US,es,fr,fr-CA,i-default
debug1: We proposed langtags, stoc: ar-EG,en-CA,es-MX,ar,en-US,es,fr,fr-CA,i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 120/256
debug1: bits set: 494/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 483/1024
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user user service ssh-connection method none
debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
debug3: Trying to reverse map address xx.xx.xx.xx.
debug2: input_userauth_request: setting up authctxt for user
debug2: input_userauth_request: try method none
debug1: userauth_banner: sent
Failed none for user from xx.xx.xx.xx port 57514 ssh2
debug1: userauth-request for user user service ssh-connection method publickey
debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 139/1 (e=0/0)
debug1: trying public key file /home/directory/.ssh/authorized_keys
debug3: secure_filename: checking '/home/directory/.ssh'
debug3: secure_filename: checking '/home/directory'
Authentication refused: bad ownership or modes for directory /home/directory
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 139/1 (e=0/0)
debug1: trying public key file /home/directory/.ssh/authorized_keys2
debug1: restore_uid: 0/0
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Failed publickey for user from xx.xx.xx.xx port 57514 ssh2
debug1: userauth-request for user user service ssh-connection method keyboard-interactive
debug1: attempt 2 initial attempt 0 failures 2 initial failures 0
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug2: Starting PAM service sshd-kbdint for method keyboard-interactive
debug2: Calling pam_authenticate()
debug2: PAM echo off prompt: Password:
debug2: Nesting dispatch_run loop
debug1: got 1 responses
debug2: Nested dispatch_run loop exited
debug1: PAM conv function returns PAM_SUCCESS
debug2: kbd-int: pam_authenticate() succeeded
debug2: kbd-int: success (pam->state == 7)
Accepted keyboard-interactive for user from xx.xx.xx.xx port 57514 ssh2
debug2: Unprivileged server process dropping privileges
debug1: permanently_set_uid: 139/1
debug1: sending auth context to the monitor
debug1: will send 39 bytes of auth context to the monitor
monitor debug3: got SSH2_PRIV_MSG_ALTPRIVSEP
monitor debug3: uid/gid/username 139/1/user
monitor debug3: read session ID (20 B)
monitor debug1: finished reading the context
monitor debug2: Monitor started
monitor debug1: use_engine is 'yes'
monitor debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
monitor debug1: pkcs11 engine initialization complete
monitor debug3: Recording SSHv2 session login in wtmpx
monitor debug3: packet_set_fds: saving 7, installing 3
monitor debug3: not writing utmpx entry
monitor debug3: restoring 7 to connection_in/out
monitor debug1: Entering monitor loop.
monitor debug1: fd 9 setting O_NONBLOCK
monitor debug1: fd 10 setting O_NONBLOCK
debug3: setting handler to forward re-key packets to the monitor
debug1: Entering interactive session for SSH2.
debug1: fd 9 setting O_NONBLOCK
debug1: fd 10 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug3: server_init_dispatch_20 -- should we dispatch_set(KEXINIT) here? 1 && !0
debug3: server_init_dispatch_20 -- skipping dispatch_set(KEXINIT) in unpriv proc
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/4
debug3: tty_parse_modes: SSH2 n_bytes 256
debug3: tty_parse_modes: ospeed 38400
debug3: tty_parse_modes: ispeed 38400
debug3: tty_parse_modes: 1 3
debug3: tty_parse_modes: 2 28
debug3: tty_parse_modes: 3 127
debug3: tty_parse_modes: 4 21
debug3: tty_parse_modes: 5 4
debug3: tty_parse_modes: 6 0
debug3: tty_parse_modes: 7 0
debug3: tty_parse_modes: 8 17
debug3: tty_parse_modes: 9 19
debug3: tty_parse_modes: 10 26
debug3: tty_parse_modes: 12 18
debug3: tty_parse_modes: 13 23
debug3: tty_parse_modes: 14 22
debug3: tty_parse_modes: 18 15
debug3: tty_parse_modes: 30 0
debug3: tty_parse_modes: 31 0
debug3: tty_parse_modes: 32 0
debug3: tty_parse_modes: 33 0
debug3: tty_parse_modes: 34 0
debug3: tty_parse_modes: 35 0
debug3: tty_parse_modes: 36 1
debug3: tty_parse_modes: 37 0
debug3: tty_parse_modes: 38 1
debug3: tty_parse_modes: 39 0
debug3: tty_parse_modes: 40 0
debug3: tty_parse_modes: 41 0
debug3: tty_parse_modes: 50 1
debug3: tty_parse_modes: 51 1
debug3: tty_parse_modes: 52 0
debug3: tty_parse_modes: 53 1
debug3: tty_parse_modes: 54 1
debug3: tty_parse_modes: 55 1
debug3: tty_parse_modes: 56 0
debug3: tty_parse_modes: 57 0
debug3: tty_parse_modes: 58 0
debug3: tty_parse_modes: 59 1
debug3: tty_parse_modes: 60 1
debug3: tty_parse_modes: 61 1
debug3: tty_parse_modes: 62 0
debug3: tty_parse_modes: 70 1
debug3: tty_parse_modes: 71 0
debug3: tty_parse_modes: 72 1
debug3: tty_parse_modes: 73 0
debug3: tty_parse_modes: 74 0
debug3: tty_parse_modes: 75 0
debug3: tty_parse_modes: 90 1
debug3: tty_parse_modes: 91 1
debug3: tty_parse_modes: 92 0
debug3: tty_parse_modes: 93 0
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Received request for environment variable LANG=en_US.UTF-8
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: Setting controlling tty using TIOCSCTTY.
monitor debug3: writing utmpx entry
debug1: fd 4 setting TCP_NODELAY
debug1: fd 12 setting O_NONBLOCK
debug2: fd 11 is O_NONBLOCK
debug3: channel_set_wait_for_exit 0, 1 (type: 4)

# 27  
Old 01-20-2012
Code:
debug1: trying public key file /home/directory/.ssh/authorized_keys
debug3: secure_filename: checking '/home/directory/.ssh'
debug3: secure_filename: checking '/home/directory'
Authentication refused: bad ownership or modes for directory /home/directory

I'm sticking a lottery ticket on tonight :-)
# 28  
Old 01-20-2012
Smilie I saw that as well. What should the permissions be? 400?

---------- Post updated at 04:11 PM ---------- Previous update was at 02:11 PM ----------

I don't know hey. I've played around with different permissions.

I think the issue might lie with the communication from the server to the client when the client user tries to log in. The server has an internet facing IP to which the client connects whereas the client does not and therefore the server won't be able to hit the client IP directly when trying to authenticate.

Code:
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /home/directory/.ssh/id_dsa
debug3: no such identity: /home/directory/.ssh/id_dsa
debug2: we did not send a packet, disable method

I could be totally wrong as well because even from a Redhat client on the same network and IP range as the server, I can't get the key pairs to work. Something needs to change on the server.
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Find active SSH servers w/ ssh keys on LAN

Hi, I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step: #!/bin/bash # LAN SSH KEYS DISCOVERY SCRIPT </etc/passwd \ grep /bin/bash | cut -d: -f6 | sudo xargs -i -- sh -c ' && cat... (11 Replies)
Discussion started by: syrius
11 Replies

2. Solaris

help with SSH keys

Hello, I could use some help with my ssh keys and agent. This is the issue. I have 2 different UNIX systems at work. One is the normal Solaris servers with my uid being the same throughout all the servers. I now have a different system for my desktop. A contractor came in and installed some SUN... (0 Replies)
Discussion started by: bitlord
0 Replies

3. Red Hat

cannot ssh (use NFS) on RHEL box, but can mount external & ssh out of RHEL box

Ok, Im trying to get NFS working on my RHEL 5 box, apparently i can use the box as a client, but not as a server. If it helps i cant ssh into the box (server), but as a client ssh works fine. Ive configured server: /etc/hosts.allow: all : all all :all@all setup my /etc/exports file... (4 Replies)
Discussion started by: drs.grid
4 Replies

4. Shell Programming and Scripting

What are public keys in ssh and how do we create the public keys??

Hi All, I am having knowledge on some basics of ssh and wanted to know what are the public keys and how can we create and implement it in connecting server. Please provide the information for the above, it would be helpful for me. Thanks, Ravindra (1 Reply)
Discussion started by: ravi3cha
1 Replies

5. UNIX for Dummies Questions & Answers

ssh keys monitoring

Hi, I have ssh keys (id_rsa and id_rsa.pub). However, every once in a while, someone deletes these keys. here's what i want to do : 1. on my server, it will ssh user@password into the target machine(where ssh keys are located). 2. check the date/filesize of id_rsa, id_rsa.pub). 3.... (0 Replies)
Discussion started by: tungaw2004
0 Replies

6. UNIX for Dummies Questions & Answers

SSH keys

Hi everyone, i wanted to generate ssh keys so that i can include the public key in the remote sever, so that for subsequent logins, i can do away with the keying in of the password. I consulted the man ssh-keygen man pages. "..Normally each user wishing to use SSH with RSA or DSA... (1 Reply)
Discussion started by: new2ss
1 Replies

7. UNIX for Advanced & Expert Users

SSH Keys Help

Hello, I'm wondering if anyone has a step-by-step instruction set for setting up ssh keys? I've gone through many of the manuals online (most seem to be from the same source) and it's a little bit unclear when the documentation is talking about the server versus the client machine. I'm missing... (1 Reply)
Discussion started by: sysera
1 Replies
Login or Register to Ask a Question