04-20-2012
SSH: internal working but external not working
Hi, This is a strange issue: We have an sftp server. Users can ssh to it from internal LAN without any issue, but they can not ssh to it externally via firewall. Here is what I got:
Quote:
$ ssh -v sshuser@198.111.10.98
OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 198.111.10.98 [198.111.10.98] port 22.
debug1: Connection established.
debug1: identity file /Users/sshuser/.ssh/identity type -1
debug1: identity file /Users/sshuser/.ssh/id_rsa type 1
debug1: identity file /Users/sshuser/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version 3.2.9.1 SSH Secure Shell (non-commercial)
debug1: no match: 3.2.9.1 SSH Secure Shell (non-commercial)
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '198.111.10.98' is known and matches the DSA host key.
debug1: Found key in /Users/sshuser/.ssh/known_hosts:25
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/sshuser/.ssh/identity
debug1: Offering public key: /Users/sshuser/.ssh/id_rsa
debug1: Authentications that can continue: password
debug1: Next authentication method: password
sshuser@198.111.10.98's password:
debug1: Authentications that can continue: password
Permission denied, please try again.
sshuser@198.111.10.98's password:
debug1: Authentications that can continue: password
Permission denied, please try again.
sshuser@198.111.10.98's password:
debug1: Authentications that can continue:
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/sshuser/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
debug1: Next authentication method: password
debug1: No more authentication methods to try.
Permission denied ().
OS is Solaris 9. No hosts.allow and hosts.deny files.
Quote:
sshserver# uname -a
SunOS psftp 5.9 Generic_118558-13 sun4u sparc SUNW,UltraAX-i2
sshserver# ls -l /etc/host*
-rw-r--r-- 1 root root 6 Jul 16 2004 /etc/hostname.eri0
-rw-r--r-- 1 root other 7 Jul 16 2004 /etc/hostname.eri1
lrwxrwxrwx 1 root root 12 Apr 6 2004 /etc/hosts -> ./inet/hosts
Please help. Thank you in advance!
8 More Discussions You Might Find Interesting
1. HP-UX
Please help me >
How to diag the external DVD-ROM drive issue whether it is working or not? on HP 9000 server rp7400
I needed to install HP 11i v1 using external DVD-ROM drive on HP 9000 server rp7400. While boot in CO> “search” command is not showing DVD-ROM device only showing all disks >... (0 Replies)
Discussion started by: tpuser
0 Replies
2. UNIX for Advanced & Expert Users
old clunker - rp74000
How to diag the external DVD-ROM drives issue whether it is working or not? on HP 9000 server rp7400
Please help me > I needed to install HP 11i v1 using external DVD-ROM drive on HP 9000 server rp7400. While boot in CO> “search” command is not showing DVD-ROM device... (1 Reply)
Discussion started by: tpuser
1 Replies
3. AIX
Guy's
I have AIX 6.1 SSH in it is not working but is up and Active .....
server1/etc>lssrc -s sshd
Subsystem Group PID Status
sshd ssh 450686 active
from my PC can I login by SSH but SSH from Server1 to Server2 is not accepting it's giving me this message
server1/etc>ssh sever2... (4 Replies)
Discussion started by: ITHelper
4 Replies
4. HP-UX
When we ssh -i private key user@ip we get the password prompt. The sending servers public key is in the receiving server. We have blown away the known_hosts file on the sending server and restarted the ssh connection. We don't know what else to do. Any other suggestions? (15 Replies)
Discussion started by: jastanle84
15 Replies
5. Shell Programming and Scripting
Hi Experts
Say I have a huge text file. I want to add a header line to the file. We can get it done in many ways. One is using a temporary file, other way say using 'sed -i' which edits the file in-place. sed is always recommended for better performance. My question is: Internally sed also might... (6 Replies)
Discussion started by: guruprasadpr
6 Replies
6. UNIX for Dummies Questions & Answers
I'm trying to setup a link between my home pc (work-machine) and a server at work (tar-machine) that is behind a gateway (hop-machine) and not directly accessible.
my actions:
work-machine$ ssh -L 1234:tar-machine:22 hop-machine
work-machine$ ssh -p 1234 user@127.0.0.1
- shh access on... (1 Reply)
Discussion started by: Vathau
1 Replies
7. Red Hat
Hi,
I have a server running RHEL 6.0.
While logging in through root ,I can login.But if I try to login through "integ" user,I am unable to login.
/var/log/secure messages:::
May 20 15:25:23 punsyncserv su: pam_unix(su-l:session): session opened for user integ by root(uid=0)
May 20 15:29:44... (4 Replies)
Discussion started by: nowornever
4 Replies
8. AIX
I am trying to ssh the same host where I am logged in.It's asking for the password.
Please assist me with the troubleshooting steps for this.
Best regards,
Vishal (4 Replies)
Discussion started by: Vishal_dba
4 Replies
LEARN ABOUT REDHAT
ssh-keysign
SSH-KEYSIGN(8) BSD System Manager's Manual SSH-KEYSIGN(8)
NAME
ssh-keysign -- ssh helper program for hostbased authentication
SYNOPSIS
ssh-keysign
DESCRIPTION
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during hostbased authentication with
SSH protocol version 2.
ssh-keysign is disabled by default and can only be enabled in the the global client configuration file /etc/ssh/ssh_config by setting
HostbasedAuthentication to ``yes''.
ssh-keysign is not intended to be invoked by the user, but from ssh(1). See ssh(1) and sshd(8) for more information about hostbased authen-
tication.
FILES
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, read-
able only by root, and not accessible to others. Since they are readable only by root, ssh-keysign must be set-uid root if hostbased
authentication is used.
SEE ALSO
ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
AUTHORS
Markus Friedl <markus@openbsd.org>
HISTORY
ssh-keysign first appeared in OpenBSD 3.2.
BSD
May 24, 2002 BSD