SSH login hangs, serial console works Post: 302412448

Sponsored Content

Operating Systems AIX SSH login hangs, serial console works Post 302412448 by bakunin on Monday 12th of April 2010 02:26:09 PM

04-12-2010

Registered User

A typical problem is a removed access to the random-device. This is how it comes to this:

Some security-idiots without any semblance of UNIX-knowhow prescribe a UMASK of 277 (instead of the system default of 022). This causes new files, directories, etc. to be created without any access for users per default (which is a "great" idea in itself, because root is supposed not to work for the users anyway, is he?). If such a root-account now touches /dev/random somehow no user can use it any more and ssh (that is: the underlying OpenSSL-library) will hang, because this exception is not foreseen and hence not taken care of.

I have seen this sort of idiocy with the UMASK now at least 3 times in different places so i presume there is some "security"-primer out written by some malevolent computer-hater with a hidden agenda to render all UNIX-systems useless.

I hope this helps.

bakunin

bakunin

View Public Profile for bakunin

Find all posts by bakunin

9 More Discussions You Might Find Interesting

1. AIX

Installing via serial console

I'm stuck - when I boot the machine and hit 5 on the keyboard, all I get is an SP login. Can someone give me some tips on how to get to the install via the serial port?

2. AIX

Not able to login as normal users through console /telnet/ssh

Hi , I am having problem,users are not able to login through ssh or telnet.Only we can login as root user in console. Restarted telnet and sshd ,no luck. Any ideas. AIX -- 5.2 ML 07 Thanks, MNK

3. HP-UX

serial console hangs

I have a HP Visualize C200 running hpux that I am trying to boot into using a null modem through com1 from my Sun Ultra 10. I get all the way to the login prompt and then it becomes innactive and wont let me access the machine anymore. Any ideas?

4. Programming

Works from console but not when clicked in KDE

why is it that: #include <sys/stat.h> #include <stdio.h> int main(int argc, char **argv) { mkdir("testDir", S_IRUSR|S_IWUSR|S_IXUSR); return 0; } works from the console when i type ./a.out but when clicked on from a window manager, it does diddly squat??? Interested to...

5. Solaris

start /SP/console hangs in X4500

when I type start /SP/console... the console shows up but i cannot type anything over there. I do not understand what might be the reason for that. -> start /SP/console Are you sure you want to start /SP/console (y/n)? y Serial console started. To stop, type ESC ( I pressed enter many...

6. Solaris

script hangs when outputing to /dev/console

I am running solaris 8 on a sparcs box. The system is connected to a lightwave console server. I have a script that hangs when sending output to '/dev/console'. Any ideas? -V

7. UNIX for Dummies Questions & Answers

$USER is not set in remsh but works fine via ssh login

1) ssh a@b echo $USER it display the correct value as a (even though i have not defined it in .profile) 2) remsh b -l a echo $USER it does not display the value as a (variable is not set any idea why $USER variable is not initialized when i login via remsh or rlogin but shows the...

8. UNIX for Dummies Questions & Answers

IP Console Vs Serial console.

Hi Gurus, Can some one explain me the difference between a IP console and a serial console.

9. Solaris

How to setup a serial console?

i am running solaris 10 in my vmware workstation. How to setup a console for my solaris box. in Vmware i could see a serial port option. can some one help me on how i can setup a console .

LEARN ABOUT FREEBSD

ssh-keysign

SSH-KEYSIGN(8)						    BSD System Manager's Manual 					    SSH-KEYSIGN(8)

NAME

     ssh-keysign -- ssh helper program for host-based authentication

SYNOPSIS

     ssh-keysign

DESCRIPTION

     ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
     SSH protocol version 2.

     ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
     EnableSSHKeysign to ``yes''.

     ssh-keysign is not intended to be invoked by the user, but from ssh(1).  See ssh(1) and sshd(8) for more information about host-based authen-
     tication.

FILES

     /etc/ssh/ssh_config
	     Controls whether ssh-keysign is enabled.

     /etc/ssh/ssh_host_dsa_key
     /etc/ssh/ssh_host_ecdsa_key
     /etc/ssh/ssh_host_ed25519_key
     /etc/ssh/ssh_host_rsa_key
	     These files contain the private parts of the host keys used to generate the digital signature.  They should be owned by root, read-
	     able only by root, and not accessible to others.  Since they are readable only by root, ssh-keysign must be set-uid root if host-
	     based authentication is used.

     /etc/ssh/ssh_host_dsa_key-cert.pub
     /etc/ssh/ssh_host_ecdsa_key-cert.pub
     /etc/ssh/ssh_host_ed25519_key-cert.pub
     /etc/ssh/ssh_host_rsa_key-cert.pub
	     If these files exist they are assumed to contain public certificate information corresponding with the private keys above.

SEE ALSO

     ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY

     ssh-keysign first appeared in OpenBSD 3.2.

AUTHORS

     Markus Friedl <markus@openbsd.org>

BSD
								 December 7, 2013							       BSD