04-20-2012
SSH: internal working but external not working
Hi, This is a strange issue: We have an sftp server. Users can ssh to it from internal LAN without any issue, but they can not ssh to it externally via firewall. Here is what I got:
Quote:
$ ssh -v sshuser@198.111.10.98
OpenSSH_5.2p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 198.111.10.98 [198.111.10.98] port 22.
debug1: Connection established.
debug1: identity file /Users/sshuser/.ssh/identity type -1
debug1: identity file /Users/sshuser/.ssh/id_rsa type 1
debug1: identity file /Users/sshuser/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version 3.2.9.1 SSH Secure Shell (non-commercial)
debug1: no match: 3.2.9.1 SSH Secure Shell (non-commercial)
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '198.111.10.98' is known and matches the DSA host key.
debug1: Found key in /Users/sshuser/.ssh/known_hosts:25
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/sshuser/.ssh/identity
debug1: Offering public key: /Users/sshuser/.ssh/id_rsa
debug1: Authentications that can continue: password
debug1: Next authentication method: password
sshuser@198.111.10.98's password:
debug1: Authentications that can continue: password
Permission denied, please try again.
sshuser@198.111.10.98's password:
debug1: Authentications that can continue: password
Permission denied, please try again.
sshuser@198.111.10.98's password:
debug1: Authentications that can continue:
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/sshuser/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
debug1: Next authentication method: password
debug1: No more authentication methods to try.
Permission denied ().
OS is Solaris 9. No hosts.allow and hosts.deny files.
Quote:
sshserver# uname -a
SunOS psftp 5.9 Generic_118558-13 sun4u sparc SUNW,UltraAX-i2
sshserver# ls -l /etc/host*
-rw-r--r-- 1 root root 6 Jul 16 2004 /etc/hostname.eri0
-rw-r--r-- 1 root other 7 Jul 16 2004 /etc/hostname.eri1
lrwxrwxrwx 1 root root 12 Apr 6 2004 /etc/hosts -> ./inet/hosts
Please help. Thank you in advance!
8 More Discussions You Might Find Interesting
1. HP-UX
Please help me >
How to diag the external DVD-ROM drive issue whether it is working or not? on HP 9000 server rp7400
I needed to install HP 11i v1 using external DVD-ROM drive on HP 9000 server rp7400. While boot in CO> “search” command is not showing DVD-ROM device only showing all disks >... (0 Replies)
Discussion started by: tpuser
0 Replies
2. UNIX for Advanced & Expert Users
old clunker - rp74000
How to diag the external DVD-ROM drives issue whether it is working or not? on HP 9000 server rp7400
Please help me > I needed to install HP 11i v1 using external DVD-ROM drive on HP 9000 server rp7400. While boot in CO> “search” command is not showing DVD-ROM device... (1 Reply)
Discussion started by: tpuser
1 Replies
3. AIX
Guy's
I have AIX 6.1 SSH in it is not working but is up and Active .....
server1/etc>lssrc -s sshd
Subsystem Group PID Status
sshd ssh 450686 active
from my PC can I login by SSH but SSH from Server1 to Server2 is not accepting it's giving me this message
server1/etc>ssh sever2... (4 Replies)
Discussion started by: ITHelper
4 Replies
4. HP-UX
When we ssh -i private key user@ip we get the password prompt. The sending servers public key is in the receiving server. We have blown away the known_hosts file on the sending server and restarted the ssh connection. We don't know what else to do. Any other suggestions? (15 Replies)
Discussion started by: jastanle84
15 Replies
5. Shell Programming and Scripting
Hi Experts
Say I have a huge text file. I want to add a header line to the file. We can get it done in many ways. One is using a temporary file, other way say using 'sed -i' which edits the file in-place. sed is always recommended for better performance. My question is: Internally sed also might... (6 Replies)
Discussion started by: guruprasadpr
6 Replies
6. UNIX for Dummies Questions & Answers
I'm trying to setup a link between my home pc (work-machine) and a server at work (tar-machine) that is behind a gateway (hop-machine) and not directly accessible.
my actions:
work-machine$ ssh -L 1234:tar-machine:22 hop-machine
work-machine$ ssh -p 1234 user@127.0.0.1
- shh access on... (1 Reply)
Discussion started by: Vathau
1 Replies
7. Red Hat
Hi,
I have a server running RHEL 6.0.
While logging in through root ,I can login.But if I try to login through "integ" user,I am unable to login.
/var/log/secure messages:::
May 20 15:25:23 punsyncserv su: pam_unix(su-l:session): session opened for user integ by root(uid=0)
May 20 15:29:44... (4 Replies)
Discussion started by: nowornever
4 Replies
8. AIX
I am trying to ssh the same host where I am logged in.It's asking for the password.
Please assist me with the troubleshooting steps for this.
Best regards,
Vishal (4 Replies)
Discussion started by: Vishal_dba
4 Replies
LEARN ABOUT MINIX
ssh-keysign
ssh-keysign(1M) ssh-keysign(1M)
NAME
ssh-keysign - ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication
with SSH protocol version 2. This signature is of data that includes, among other items, the name of the client host and the name of the
client user.
ssh-keysign is disabled by default and can be enabled only in the global client configuration file /etc/ssh/ssh_config by setting Host-
basedAuthentication to yes.
ssh-keysign is not intended to be invoked by the user, but from ssh. See ssh(1) and sshd(1M) for more information about host-based authen-
tication.
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, readable
only by root, and not accessible to others. Because they are readable only by root, ssh-keysign must be set-uid root if host-based
authentication is used.
ssh-keysign will not sign host-based authentication data under the following conditions:
o If the HostbasedAuthentication client configuration parameter is not set to yes in /etc/ssh/ssh_config. This setting cannot be overri-
den in users' ~/.ssh/ssh_config files.
o If the client hostname and username in /etc/ssh/ssh_config do not match the canonical hostname of the client where ssh-keysign is
invoked and the name of the user invoking ssh-keysign.
In spite of ssh-keysign's restrictions on the contents of the host-based authentication data, there remains the ability of users to use it
as an avenue for obtaining the client's private host keys. For this reason host-based authentication is turned off by default.
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWsshu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
ssh(1), sshd(1M), ssh_config(4), attributes(5)
AUTHORS
Markus Friedl, markus@openbsd.org
HISTORY
ssh-keysign first appeared in Ox 3.2.
9 Jun 2004 ssh-keysign(1M)