SSH password-less login issue between linux and solaris | Unix Linux Forums | Security

  Go Back    


Security Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

SSH password-less login issue between linux and solaris

Security


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 10-11-2012
error_lee error_lee is offline
Registered User
 
Join Date: Oct 2012
Last Activity: 17 October 2012, 11:06 PM EDT
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
SSH password-less login issue between linux and solaris

Hello Gurus,

I am trying to set up bidirectional password-less login between a linux and a Solaris. The way I am doing is very simple, which is creating pub/priv key pairs on each host and add the pub key to each other's authorized_keys file:
ssh-keygen -t rsa (I tried dsa, and it didn't work aslo)

Surprisingly enough, having done the same set up on both machines, only linux->solaris trusted connection works while solaris->linux does not

Here is the verbose logs I got when I try to ssh to linux from the solaris:


Code:
debug1: Next authentication method: publickey
debug1: Trying private key: /home/nyfcgstg/.ssh/identity
debug3: no such identity: /home/nyfcgstg/.ssh/identity
debug1: Offering public key: /home/nyfcgstg/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug2: input_userauth_pk_ok: fp 80:58:a9:ba:b7:f8:5d:21:16:bd:4c:f8:d1:e0:04:dc
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
Connection closed by xx.xx.xx.xxx
debug1: Calling cleanup 0x41afc(0x0)

After reading the private key the connection just closed by the Solaris.
The same pub key of linux is accepted by other Linux boxes so I am thinking this can be a cross-platform issue?

Open ssh on Linux: OpenSSH_5.2p1_q1.g463c730, OpenSSL 0.9.8k 25 Mar 2009
Open ssh on Solaris:OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003

Any pointers will be appreciated.

Aaron

Moderator's Comments:
edit by bakunin: Please view this code tag video for how to use code tags when posting code and data.

Last edited by bakunin; 10-11-2012 at 07:53 AM..
Sponsored Links
    #2  
Old 10-11-2012
bakunin bakunin is offline Forum Staff  
Bughunter Extraordinaire
 
Join Date: May 2005
Last Activity: 18 December 2014, 10:25 AM EST
Location: In the leftmost byte of /dev/kmem
Posts: 4,371
Thanks: 47
Thanked 853 Times in 674 Posts
I suppose the problem to be on the server side of the communication: check "/etc/sshd_config" or whatever else you use as a configuration file for "sshd". Restart "sshd" after any changes you make there to read in the new configuration.

I hope this helps.

bakunin
Sponsored Links
    #3  
Old 10-11-2012
error_lee error_lee is offline
Registered User
 
Join Date: Oct 2012
Last Activity: 17 October 2012, 11:06 PM EDT
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Question

Quote:
Originally Posted by bakunin View Post
I suppose the problem to be on the server side of the communication: check "/etc/sshd_config" or whatever else you use as a configuration file for "sshd". Restart "sshd" after any changes you make there to read in the new configuration.

I hope this helps.

bakunin
Thanks bakunin.

Unfortunately, I don't have the permission to restart sshd.

The thing is that I did not change anything in the sshd config, but simply generated the keys. You think this may be related?

Aaron
    #4  
Old 10-11-2012
bakunin bakunin is offline Forum Staff  
Bughunter Extraordinaire
 
Join Date: May 2005
Last Activity: 18 December 2014, 10:25 AM EST
Location: In the leftmost byte of /dev/kmem
Posts: 4,371
Thanks: 47
Thanked 853 Times in 674 Posts
Quote:
Originally Posted by error_lee View Post
Unfortunately, I don't have the permission to restart sshd.
Then get someone who can to analyze the problem.

Quote:
The thing is that I did not change anything in the sshd config, but simply generated the keys. You think this may be related?
No, not at all. But ssh-communication requires two things to work in accordance: the client side (ssh-client, authentication data) and the server side (the sshd daemon and its configuration).

I don't claim to know what went wrong in your case, but the debug output you provided makes me suppose the problem is with the server side. To verify this one will have to examine the server configuration and eventually reconfigure/restart it, as i have told you.

Alternatively you can try to set up communication from a third host to the problematic one: if i got you correctly "HostA->HostB" works, but "HostB->HostA" doesn't. Set up "HostC->HostA" and see if this works. If it does it is probably not the sshd in host A as such, but maybe just the configuration: there are different versions of open-ssl (the library which does the underlying encryption) and maybe you hit upon such a version incompatibility.

Fact is: i don't know and as long as you can't present more and better data probably nobody can. So we are left to suggestions and more or less educated guesses about possible reasons.

I hope this helps.

bakunin
Sponsored Links
    #5  
Old 10-18-2012
error_lee error_lee is offline
Registered User
 
Join Date: Oct 2012
Last Activity: 17 October 2012, 11:06 PM EDT
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Hi bakunin,

I used your method and found out the problem was with HostA, because it can connect to every hosts but none can connect to it. so I asked system admin to check on the netgroups that HostA belonged to and eventually we realized there was a particular netgroup hostA should be added to.

The connection is working now. A method or a thought to investigate a problem is more valuable than a direct answer, because that would help people to learn more stuff.

Thanks for your help.

Aaron
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
linux login issue jegaraman Red Hat 3 08-22-2012 09:50 PM
Solaris x86 console login issue mystition Hardware 5 04-20-2012 10:09 AM
SSH password login issue solaris_1977 Emergency UNIX and Linux Support 14 12-25-2011 01:56 PM
Encrypting the login password on Solaris 10 krackjack Shell Programming and Scripting 7 04-16-2010 03:46 AM
password less login from openssh to SSH Secure Shell 3.0.1 Sun solaris 7 newbewie Solaris 1 10-09-2007 02:11 PM



All times are GMT -4. The time now is 12:20 PM.