Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Can't Log into Solaris 10 u10 due to Pam and DH errors
Operating Systems Solaris Can't Log into Solaris 10 u10 due to Pam and DH errors Post 302907505 by ieee99 on Saturday 28th of June 2014 08:04:17 PM
Old 06-28-2014
Can't Log into Solaris 10 u10 due to Pam and DH errors
Dears,,
i hope everything is going fine with you,,

Yesterday i was trying to log into My Solaris 10 u10 x86 Via SSH , But it showing me many error message and refusing to login even with with the root account and below you can find the error message:

Code:
[root@home:~] # ssh -v root@192.168.10.1
Sun_SSH_1.1.4, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 192.168.10.1 [192.168.10.1] port 22.
debug1: Connection established.
debug1: identity file /export/home/root/.ssh/identity type -1
debug1: identity file /export/home/root/.ssh/id_rsa type -1
debug1: identity file /export/home/root/.ssh/id_dsa type -1
debug1: Logging to host: 192.168.10.1
debug1: Local user: root Remote user: root
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.5
debug1: match: Sun_SSH_1.1.5 pat Sun_SSH_1.1.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.4
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
no common kex alg: client 'diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1', server 'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g=='
debug1: Calling cleanup 0x807177a(0x0)

After google if found that i have to delete the /etc/ssh/ssh_host_*
So i logged into the system Via Fail safe > mounted the / to /a and deleted the ssh_hos_*

After reboot the machine i found there is another logs (also the diffie-hellman error still exist :

Code:
/usr/lib/security/pam_authtok_get.so.1 writable by group
/usr/lib/security/pam_dhkeys.so.1 writable by group

That's make me very confused, after more searching i found topic advising to check for the permission for the pam files, so loged into the system Via fail-safe and found out that all files taking full permission and i believe it's not good, below you can find the permission:

Code:
-rwxrwxrwx+

So i will be appreciated if you help me in this case is really it make me confused.

BR
Ahmed
 

9 More Discussions You Might Find Interesting

1. Programming

Not able to compile Pro*c file due - give errors and points to /usr/include/.. file

I am trying to compile the pro*C file but gives errors. It says it encountered "std" while it was expecting ; , = ( $ $ORACLE_HOME/bin/proc tradewind/dataaccess/Blob.pcc Pro*C/C++: Release 10.2.0.3.0 - Production on Fri May 9 11:10:54 2008 Copyright (c) 1982, 2005, Oracle. All rights... (0 Replies)
Discussion started by: shafi2all
0 Replies

2. Solaris

PAM, Solaris, Openssh and Forcing a password change

Here's the issue. Currently when I run passwd -f "username" on any account, when I try to login with said account I don't get prompted to change my password I just keep getting prompted to input a password. (Of course this works just fine with telnet)Is there something i need to add to... (7 Replies)
Discussion started by: woodson2
7 Replies

3. Solaris

Solaris 8 PAM question

How do we know if PAM is turned on? I think that there is no process or anything that we can check for. Anyway to ensure that rather than doing a configuration and "physical" testing on a machine? (5 Replies)
Discussion started by: incredible
5 Replies

4. Solaris

SSH and PAM authentication issues on Solaris 10

This is a zone running Solaris 10u8 on a 6320 blade. The global zone is also running 10u8. One my users is attempting to change his password and getting a following screen: $ ssh remotesys Password: Warning: Your password has expired, please change it now. New Password: Re-enter new... (1 Reply)
Discussion started by: bluescreen
1 Replies

5. Solaris

Solaris and PAM Password policy

Hello All, I have Sun DSEE7 (11g) on Solaris 10. I have run idsconfig and initialized ldap client with profile created using idsconfig. My ldap authentication works. Here is my pam.conf # Authentication management # # login service (explicit because of pam_dial_auth) # login ... (3 Replies)
Discussion started by: pandu345
3 Replies

6. SuSE

PAM password change failed, pam error 20

Hi, I use a software which can create account on many system or application. One of resource which is managed by this soft his a server SUSE Linux Enterprise Server 10 (x86_64). patch level 3. This application which is an IBM application use ssh to launch command to create account in... (3 Replies)
Discussion started by: scabarrus
3 Replies

7. Solaris

Solaris U10 - Crash OS

Hello, I an triyng to write an emergency procedure, and I need your help, or point of view. I trying to find a way to get connected to an U10 Sun Solaris by the serial port to be able to get access to the system to debug systeme crash before restarting the server. The SUN U10 does not... (3 Replies)
Discussion started by: Aswex
3 Replies

8. Ubuntu

What is solution for this error "tar: Exiting with failure status due to previous errors"?

Does anyone know what is solution for this error ?tar: Exiting with failure status due to previous errors from last 3 days I am trying to take backup of home/user directory getting again and again same error please anyone give me solution (8 Replies)
Discussion started by: Akshay Hegde
8 Replies

9. Solaris

How to recover x86 Solaris 10 u10 boot record/grub menu overwritten by Debian 9?

I installed x86 Solaris 10 update 10 after Windows XP, later I removed xp and installed Debian 9 stretch on the same partition but, Debian couldn't find any other os so it deleted Solaris 10 grub or did something like that I couldn't got. I thought I would be able to recover the lost record by... (0 Replies)
Discussion started by: vectrum
0 Replies

LEARN ABOUT OSX

ssh-keysign

SSH-KEYSIGN(8)						    BSD System Manager's Manual 					    SSH-KEYSIGN(8)

NAME

     ssh-keysign -- ssh helper program for host-based authentication

SYNOPSIS

     ssh-keysign

DESCRIPTION

     ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
     SSH protocol version 2.

     ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
     EnableSSHKeysign to ``yes''.

     ssh-keysign is not intended to be invoked by the user, but from ssh(1).  See ssh(1) and sshd(8) for more information about host-based authen-
     tication.

FILES

     /etc/ssh/ssh_config
	     Controls whether ssh-keysign is enabled.

     /etc/ssh/ssh_host_dsa_key
     /etc/ssh/ssh_host_ecdsa_key
     /etc/ssh/ssh_host_rsa_key
	     These files contain the private parts of the host keys used to generate the digital signature.  They should be owned by root, read-
	     able only by root, and not accessible to others.  Since they are readable only by root, ssh-keysign must be set-uid root if host-
	     based authentication is used.  Note that ssh-keysign is not set-uid by default on Mac OS X.

     /etc/ssh/ssh_host_dsa_key-cert.pub
     /etc/ssh/ssh_host_ecdsa_key-cert.pub
     /etc/ssh/ssh_host_rsa_key-cert.pub
	     If these files exist they are assumed to contain public certificate information corresponding with the private keys above.

SEE ALSO

     ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY

     ssh-keysign first appeared in OpenBSD 3.2.

AUTHORS

     Markus Friedl <markus@openbsd.org>

BSD
								  August 31, 2010							       BSD
All times are GMT -4. The time now is 09:54 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy