Login or Register to Ask a Question and Join Our Community


Solaris

SSH weirdness

 
Thread Tools Search this Thread
Operating Systems Solaris SSH weirdness
Prev   Next
# 1  
Old 11-22-2009
SSH weirdness
I've configured a new container/zone on Solaris 10 (Sparc) and I'm using Centrify for LDAP authentication to AD. My ssh client is as follows

Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

I'm seeing some strange behavior from ssh. When I ssh onto the new zone to myself (non-root user) either from elsewhere or from the zone itself, I get the following error:

Server had a GSS-API error; the connection will close (851968/0):
Unspecified GSS failure. Minor code may provide more information
No error

Use the GssKeyEx option to disable GSS-API key exchange and try again.
Disconnecting: The server had a GSS-API error during GSS-API protected SSHv2 key exchange

This is accompanied by the following error in /var/adm/messages:

sshd[15808]: [ID 800047 auth.crit] fatal: accept_ctx died

The problem does NOT present if I ssh to the zone from root OR if I use the host's IP address instead of hostname. I have no problem ssh'ing away from the zone - only when inbound.

Here's the debug output from ssh -vvv:

Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to balloonv1 [10.38.35.100] port 22.
debug1: Connection established.
debug1: identity file /users/cmorgan/.ssh/identity type -1
debug1: identity file /users/cmorgan/.ssh/id_rsa type -1
debug1: identity file /users/cmorgan/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.1
debug1: match: Sun_SSH_1.1.1 pat Sun_SSH_1.1.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.1
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-AU
debug2: kex_parse_kexinit: en-AU
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: ssh_gssapi_init_ctx(706a8, balloonv1, 0, 0, ffbff714)
debug3: ssh_gssapi_import_name: snprintf() returned 14, expected 15
debug2: GSS-API Mechanism encoded as toWM5Slw5Ew8Mqkay+al2g==
debug1: SSH2_MSG_KEXINIT sent
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,null
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-AU
debug2: kex_parse_kexinit: en-AU
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-AU,en-NZ,i-default
debug2: kex_parse_kexinit: en-AU,en-NZ,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: en-AU,en-NZ,i-default
debug1: Peer sent proposed langtags, stoc: en-AU,en-NZ,i-default
debug1: We proposed langtags, ctos: en-AU
debug1: We proposed langtags, stoc: en-AU
debug1: Negotiated lang: en-AU
debug1: dh_gen_key: priv key bits set: 119/256
debug1: bits set: 497/1024
debug1: Calling gss_init_sec_context
debug1: ssh_gssapi_init_ctx(d2458, balloonv1, 0, 0, ffbff7d4)
debug3: ssh_gssapi_import_name: snprintf() returned 14, expected 15
debug1: Remote: Negotiated main locale: en_AU.UTF-8
debug1: Remote: Negotiated messages locale: en_AU.UTF-8
debug1: Received KEXGSS_HOSTKEY
Server had a GSS-API error; the connection will close (851968/0):
Unspecified GSS failure. Minor code may provide more information
No error

Use the GssKeyEx option to disable GSS-API key exchange and try again.
Disconnecting: The server had a GSS-API error during GSS-API protected SSHv2 key exchange

debug1: Calling cleanup 0x348a4(0x0)

Curiously, if I run kdestroy, I can then ssh sucessfully but only for that login session.

I'm not familiar with kerberos. What's happening here?

- CDM
 
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Ssh script to validate ssh connection to multiple serves with status

Hi, I want to validate ssh connection one after one for multiple servers..... password less keys already setup but now i want to validate if ssh is working fine or not... I have .sh script like below and i have servers.txt contains all the list of servers #/bin/bash for host in $(cat... (3 Replies)
Discussion started by: sreeram4
3 Replies

2. Shell Programming and Scripting

Joining 3 line weirdness

Hi all you Unix/Linux gurus, So, I have something strage going on and need a sanity check... I have 2 files that both contain 3 lines of text... File1 - called t: CN66270E90 94:57:a5:d3:db:aa 94:57:a5:d3:db:ab File2 - called tt: hostname 5.7.2.7 72:8C:36:3B:5A:17 (2 Replies)
Discussion started by: joeg1484
2 Replies

3. Solaris

Solaris 11 sysconfig and zones weirdness

when I create a new zone either via zfs export template or installing the OS from the .iso I get a weird problem. once I create the zone and login for the first time to the console I get the sysconfig menu. I do the config setup and exit the zone boots normally. The next time I reboot, I have to do... (0 Replies)
Discussion started by: os2mac
0 Replies

4. Solaris

Zpool device weirdness

Weird duplicate device in one of my nested raidz1s - device is shown as both online and unavailable, with a hot spare showing up as degraded as well. Any thoughts on how I should proceed? root@storage# zpool status tank pool: tank state: DEGRADED status: One or more devices are... (6 Replies)
Discussion started by: DoohanMcGirk
6 Replies

5. Shell Programming and Scripting

Ssh = ssh expect and keep everything not change include parameter postion

I have write a script which contains ssh -p 12345 dcplatform@10.125.42.50 ssh 127.0.0.1 -p 5555 "$CMD" ssh root@$GUEST_IP "$CMD" before I use public key, it works well, now I want to change to "expect", BUT I don't want to change above code and "parameter position" I can post a... (1 Reply)
Discussion started by: yanglei_fage
1 Replies

6. Shell Programming and Scripting

File path weirdness

I want to be able to drag and drop a file into a script in the terminal but it doesn't like the /home/user prefix. How do I get around this? (8 Replies)
Discussion started by: pluto7777
8 Replies

7. UNIX for Dummies Questions & Answers

gedit newline weirdness

I have this file cd /media/AUDIO/WAVE/9780743561181 ~/Desktop/mp3-to-m4b 9780743561181-UNLEASHING THE IDEA VIRUS "UNLEASHING THE IDEA VIRUS" "GODIN, SETH" 2006 n cd /media/AUDIO/WAVE/9780743561204 ~/Desktop/mp3-to-m4b 9780743561204-STALIN'S GHOST "STALIN'S GHOST" "SMITH, MARTIN" 2007 n cd... (1 Reply)
Discussion started by: glev2005
1 Replies

8. IP Networking

ftp and ssh weirdness

i've just setup my desktop (ubuntu 8.04) to run vsftpd and sshd. i have two laptops, both running linux. on one laptop i can connect to the desktop via ftp and ssh and everything works fine. so i don't think there's a problem with the server. on the other laptop i can't connect to the desktop... (3 Replies)
Discussion started by: darkmatter14B
3 Replies

9. UNIX for Dummies Questions & Answers

cygwin bash startup command weirdness (part 1)

I am running (I believe) the latest stable version of cygwin CYGWIN_NT-5.1 1.5.24(0.156/4/2) 2007-01-31 10:57 i686 Cygwin on a win xp sp2 laptop. Suppose, to make things simple for now (but I may do a part 2 posting...), that I am in a dos shell, and I want to create a bash shell and have it... (1 Reply)
Discussion started by: fabulous2
1 Replies
Login or Register to Ask a Question