Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: PING to AIX works but TELNET FTP SSH doesn't work
Operating Systems AIX PING to AIX works but TELNET FTP SSH doesn't work Post 303031668 by filosophizer on Monday 4th of March 2019 04:16:38 AM
Old 03-04-2019
PING to AIX works but TELNET FTP SSH doesn't work
Code:
root@PRD /> rsh DR
KFAFH_DR: protocol failure due to unexpected closure from server end

root@PRD /> telnet DR
Trying...
Connected to DR.
Escape character is '^]'.
Connection closed.

root@PRD /> ftp DR
Connected to KFAFH_DR.
421 Service not available, remote server has closed connection
ftp> bye

root@PRD /> ssh 10.10.10.42
ssh_exchange_identification: Connection closed by remote host

root@PRD /> telnet 10.10.10.42
Trying...
Connected to 10.10.10.42.
Escape character is '^]'.

#1 It was working: no services were taken down

#2 Suddenly couldn't connect

#3 After 1 hour, was able to telnet

How to identify the problem?
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

FTP Server doesn't work??

I appreciate iif anybody can help me with this issue. I set up a Linux FTP server which is authorized user ID from AD. I do some configuration on vsftpd.conf file but it doesn't work out. I copy these configuration, can you help me to check again as when i connect through browser it always give me... (2 Replies)
Discussion started by: cthinh
2 Replies

2. UNIX for Dummies Questions & Answers

FTP doesn't work

Hi! I have 2 servers. The firts has vsftpd server with this configuration: # Example config file /etc/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all... (2 Replies)
Discussion started by: Torquemada
2 Replies

3. UNIX for Dummies Questions & Answers

SSH-KEYGEN doesn't work

Hi, Am running the following commands on our server to generate a key for passwordless SSH, however we are getting 100% blank key files. E.g. when looking id_dsa.pub or id_dsa they are 100% empty - the files get created, but contain no content and have a file size of 0b. mkdir ~/.ssh... (3 Replies)
Discussion started by: gjp
3 Replies

4. Shell Programming and Scripting

Perl variables inside Net::Telnet::Cisco Module doesn't work

I am writing perl script to configure Cisco device but Variables inside Net::Telnet::Cisco Module doesn't work and passed to device without resolving. Please advise. here is a sample of script: use Net::Telnet::Cisco; $device = "10.14.199.1"; ($o1, $o2, $o3, $o4) = split(/\./,$device);... (5 Replies)
Discussion started by: ahmed_zaher
5 Replies

5. Shell Programming and Scripting

sed command works on Fedora/Ubuntu, but doesn't work in Mac

Hi, I have a question. I define a function using sed command: replace() { searchterm=$1 replaceterm=$2 sed -e "s/$searchterm/$replaceterm/ig" $3 > $WORK'tempfile.tmp' mv $WORK'tempfile.tmp' $3 } Then I call replace 'test = 0' 'test = 1' $myfileThis code works well in... (1 Reply)
Discussion started by: Dark2Bright
1 Replies

6. Shell Programming and Scripting

sed command works on Fedora/Ubuntu, but doesn't work in Mac

Hi, I have a question. I define a function using sed command: replace() { searchterm=$1 replaceterm=$2 sed -e "s/$searchterm/$replaceterm/ig" $3 > $WORK'tempfile.tmp' mv $WORK'tempfile.tmp' $3 } Then I call replace 'test = 0' 'test = 1' $myfile This code... (1 Reply)
Discussion started by: Dark2Bright
1 Replies

7. AIX

2nd SSH doesn't work with AD

Recently I decided to intall second daemon of SSH for Winbind users. I mean I have configuration AIX + Samba + AD and I can login to the server via SSH with AD accounts to 22 port without any problems. But now I have second installation of OpenSSH and don't understand why I can't do the same... (6 Replies)
Discussion started by: jess_t03
6 Replies

8. Solaris

Drop_caches doesn't work on Solaris but works on RHEL6

Hello Experts, I am performing performance tests on a few mysql select queries. I use the following command to clear the memory disk caches. sync && echo 3 | sudo tee /proc/sys/vm/drop_caches I however see that the above command works on RHEL6 but doesn't work on Solaris 10. I asked... (4 Replies)
Discussion started by: Anirudh Kumar
4 Replies

9. Shell Programming and Scripting

SSh works but sftp doesn't for all users except root

I am sorry if i post in wrong Form. i have AIX server in which ssh works for all users but sftp only works for root user . it is too much important for me to solve this . Your help will be greatly appreciated. (1 Reply)
Discussion started by: khalid khanAIB
1 Replies

10. UNIX for Advanced & Expert Users

Cant ssh, but ping works

I cant ping to some of my machines, but ping works. I attach screenshots. Port is open and it is 22. I can't figure out why i cant access. https://www.unix.com/attachments/unix-for-advanced-and-expert-users/7492d1541541072-cant-ssh-but-ping-works-sshlisten-jpg... (17 Replies)
Discussion started by: tomislav91
17 Replies

LEARN ABOUT OPENDARWIN

pamd

PAMD(8) 						     DACS Web Services Manual							   PAMD(8)

NAME

       pamd - PAM transaction server

SYNOPSIS

       pamd [dacsoptions[1]] [-daemon] [-fork] [-h hostname] [-http] [-inetd] [-nofork]
	    [-p portnum] [-policy name] [-secure] [-unsecure]

DESCRIPTION

       This program is part of the DACS suite.

       The pamd server is required by the local_pam_authenticate[2] authentication module. It acts as a proxy for local_pam_authenticate, calling
       PAM functions on its behalf. The pamd server may be started from inetd(8)[3] or from the command line, but it must be running for DACS to
       perform PAM-based authentication.

       Each pamd process is involved in an arbitrarily long "conversation" or "transaction" with one or more executions of local_pam_authenticate.
       For instance, pamd's initial response to local_pam_authenticate might be that it requires an account name; upon receiving the account name
       from local_pam_authenticate, pamd's response might be that it requires the password for the account; and upon receiving the password, pamd
       would indicate success or failure, depending on whether an acceptable username/password pair was received. The eventual outcome of a
       transaction is that authentication succeeds, fails, or could not be completed because an error occurs.

       pamd must be run on the host where pam(3)[4] processing is being performed, which is not necessarily the same host where
       local_pam_authenticate is executed.

	   Security
	   o   pamd will usually be run as root so that it can access the files it needs to perform authentication.

	   o   pamd is not a DACS web service and is not protected by DACS.

	   o   The protocol between pamd and its client may include sensitive material, such as passwords. If both programs are run on the same
	       host, this is probably not an issue. If there is any possibility of eavesdropping etc. by an attacker, however, communication
	       should be secured through an SSL wrapper.

	   o   pamd should probably not be run on a world-accessible server, since it would offer a way for attackers to try to guess passwords.

       The operating system's PAM policy file is consulted - see pam.conf(5)[5]. The default PAM service name is "dacs" (see pam_start(3)[6]),
       which may be used by PAM to locate the appropriate policy file. A different policy name can be specified using the -policy flag.

       The prompts that passed from PAM to pamd to local_pam_authenticate to dacs_authenticate (or dacsauth) are simply displayed to the user. The
       user must understand what the prompts mean (e.g., that "Login:" means to provide a Unix account name).

       pamd can be used by non-DACS applications. The protocol, though simple, is not yet documented other than within the source code. A program
       called pamd-client is available for testing and debugging pamd; it is built when PAM support is required, but is neither installed nor
       documented (see the source code for basic instructions).

OPTIONS

       In addition to the standard dacsoptions[1], pamd recognizes these command line flags:

       -daemon
	   Wait for a connection, then service the request. Mutually exclusive with -inetd.

       -fork
	   Create a new process to service each request. It implies the -daemon flag.

       -h hostname
	   If pamd is running on a host with multiple IP addresses, this specifies the hostname (or IP address) to listen to for incoming
	   requests. If not provided, the PAMD_HOST[7] directive will be consulted; if unavailable, gethostname(3)[8] will be used.

       -http
	   This flag is reserved for future use.

       -inetd
	   The server assumes it has been started by inetd(8)[3] and therefore does not wait for a connection. It exits after servicing the
	   request. This is the default behaviour and preferred way to configure pamd. This mode of operation assumes that an entry has been added
	   to inetd.conf(5)[9] that looks much like this:

	       dacs-pamd stream tcp nowait root /usr/local/dacs/sbin/pamd pamd -uj EXAMPLE -inetd

       -nofork
	   This flag, which implies the -daemon, causes the pamd server to exit after servicing one request (which is useful when debugging). This
	   is the default behaviour of -daemon mode.

       -p portnum
	   This specifies the port number to listen to, overriding any PAMD_PORT[10] directive in effect. It can also be a service name. Any
	   otherwise unassigned port number on the system from 49152 through 65535 (i.e., one in the dynamic and/or private range) ought to be
	   acceptable.

	   If neither this flag nor a PAMD_PORT directive is provided, the program will try to find the port associated with the dacs-pamd service
	   name in services(5)[11]. For example:

	       dacs-pamd       17000/tcp  # DACS pamd

       -policy name
	   Use name as the PAM policy name instead of the default.

       -secure
	   The client must supply valid DACS administrative credentials encapsulated within a DACS cookie. This is the default.

       -unsecure
	   Administrative credentials are not required, but if they are provided they must be valid. This should probably be used only when
	   testing or if client identification is not an issue or has been addressed in some other way.

	   Note
	   When the -secure flag is in effect, pamd must be associated with a jurisdiction. Therefore, the DACS configuration files are read and
	   the jurisdiction must be specified on the command line (e.g., using the -uj flag).

EXAMPLE

       For testing purposes, or to better understand how pamd works, you can run it manually and interact with it using telnet(1)[12], for
       example, which takes the place of local_pam_authenticate. You must have PAM authentication configured on the host where you run pamd and
       you will probably need to run it as root. This is best done using two windows; start pamd in the first window and then telnet to it from
       the second window.

       An interaction to perform username/password authentication will look something like the following (substitute your jurisdiction's name for
       myjur, your jurisdiction's domain name or IP address for myjur.example.com, and use a username and password pair that is recognized on your
       system). The first telnet connection receives a prompt for a username (labeled "Login:" and assigned the variable name AUTH_PROMPT_VAR1)
       from pamd, a transaction identifier (TRANSID) "10.0.0.124:56372:66664:53983facb39881b2" for this session, and port number to use for
       subsequent operations belonging to this transaction (62475). The second telnet connection provides the TRANSID and username
       (AUTH_PROMPT_VAR1="auggie"), and receives a prompt for a password ("Password:", assigned the variable name AUTH_PROMPT_VAR2). The third
       telnet connection provides the TRANSID and the password (AUTH_PROMPT_VAR2="doggy"), and receives the result of authentication ("Success").

	   # ./pamd -uj myjur -ll debug -daemon -unsecure -nofork
	   pamd[info]: Site config file is "/usr/local/dacs/federations/site.conf"
	   pamd[info]: Config file is "/usr/local/dacs/federations/dacs.conf"
	   pamd[info]: This is jurisdiction DSS::myjur
	   pamd[info]: Secure mode is off
	   pamd[debug]: Waiting for initial input block...
	   pamd[debug]: No username
	   pamd[debug]: Calling pam_authenticate
	   pamd[debug]: pamd_conv: reply to port 62475
	   pamd[debug]: TRANSID is "10.0.0.124:56372:66664:53983facb39881b2"
	   pamd[debug]:   type="text"
	   pamd[debug]:   label="Login:"
	   pamd[debug]:   varname="AUTH_PROMPT_VAR1"
	   pamd[debug]: pamd_conv: waiting 60 seconds for reply
	   pamd[debug]: pamd_conv: received connection
	   pamd[debug]: Reading reply...
	   pamd[debug]: pamd_conv: reply to port 62475
	   pamd[debug]: TRANSID is "10.0.0.124:62475:66695:fc855a7d68e8b1eb"
	   pamd[debug]:   type="password"
	   pamd[debug]:   label="Password:"
	   pamd[debug]:   varname="AUTH_PROMPT_VAR2"
	   pamd[debug]: pamd_conv: waiting 60 seconds for reply
	   pamd[debug]: pamd_conv: received connection
	   pamd[debug]: Reading reply...
	   pamd[debug]: Success
	   pamd[debug]: result="ok"
	   pamd[debug]: username="auggie"

	   % telnet myjur.example.com 17000
	   Trying 10.0.0.124...
	   Connected to bsd6.dss.bc.ca.
	   Escape character is '^]'.

	   Connection closed by foreign host.
	   % telnet myjur.example.com 62475
	   Trying 10.0.0.124...
	   Connected to bsd6.dss.bc.ca.
	   Escape character is '^]'.
	   TRANSID="10.0.0.124:62475:66695:fc855a7d68e8b1eb"
	   AUTH_PROMPT_VAR1="auggie"

	   Connection closed by foreign host.
	   % telnet myjur.example.com 62475
	   Trying 10.0.0.124...
	   Connected to bsd6.dss.bc.ca.
	   Escape character is '^]'.
	   TRANSID="10.0.0.124:62475:66695:fc855a7d68e8b1eb"
	   AUTH_PROMPT_VAR2="doggy"

	   result="ok"
	   username="auggie"
	   Connection closed by foreign host.

DIAGNOSTICS

       The program exits 0 if everything was fine, 1 if an error occurred.

BUGS

       The -daemon flag should cause the process to detach and put itself in the background unless overridden by another flag; at present it must
       be started in the background "manually".

       The -http flag, which would allow a pamd session to be started with a web service request, is not implemented.

SEE ALSO

       dacs_authenticate(8)[13], dacsauth(1)[14], pam(3)[15], X/Open Single Sign-On Service (XSSO) preliminary specification[16]

AUTHOR

       Distributed Systems Software (www.dss.ca[17])

COPYING

       Copyright2003-2012 Distributed Systems Software. See the LICENSE[18] file that accompanies the distribution for licensing information.

NOTES

	1. dacsoptions
	   http://dacs.dss.ca/man/dacs.1.html#dacsoptions

	2. local_pam_authenticate
	   http://dacs.dss.ca/man/dacs_authenticate.8.html#local_pam_authenticate

	3. inetd(8)
	   http://www.freebsd.org/cgi/man.cgi?query=inetd&apropos=0&sektion=8&manpath=FreeBSD+9.0-RELEASE&format=html

	4. pam(3)
	   http://www.freebsd.org/cgi/man.cgi?query=pam&apropos=0&sektion=0&manpath=FreeBSD+9.0-RELEASE&format=html

	5. pam.conf(5)
	   http://www.freebsd.org/cgi/man.cgi?query=pam.conf&apropos=0&sektion=5&manpath=FreeBSD+9.0-RELEASE&format=html

	6. pam_start(3)
	   http://www.freebsd.org/cgi/man.cgi?query=pam_start&apropos=0&sektion=3&manpath=FreeBSD+9.0-RELEASE&format=html

	7. PAMD_HOST
	   http://dacs.dss.ca/man/dacs.conf.5.html#PAMD_HOST

	8. gethostname(3)
	   http://www.freebsd.org/cgi/man.cgi?query=gethostname&apropos=0&sektion=3&manpath=FreeBSD+9.0-RELEASE&format=html

	9. inetd.conf(5)
	   http://www.freebsd.org/cgi/man.cgi?query=inetd.conf&apropos=0&sektion=5&manpath=FreeBSD+9.0-RELEASE&format=html

       10. PAMD_PORT
	   http://dacs.dss.ca/man/dacs.conf.5.html#PAMD_PORT

       11. services(5)
	   http://www.freebsd.org/cgi/man.cgi?query=services&apropos=0&sektion=5&manpath=FreeBSD+9.0-RELEASE&format=html

       12. telnet(1)
	   http://www.freebsd.org/cgi/man.cgi?query=telnet&apropos=0&sektion=1&manpath=FreeBSD+9.0-RELEASE&format=html

       13. dacs_authenticate(8)
	   http://dacs.dss.ca/man/dacs_authenticate.8.html

       14. dacsauth(1)
	   http://dacs.dss.ca/man/dacsauth.1.html

       15. pam(3)
	   http://www.freebsd.org/cgi/man.cgi?query=pam&apropos=0&sektion=3&manpath=FreeBSD+9.0-RELEASE&format=html

       16. X/Open Single Sign-On Service (XSSO) preliminary specification
	   http://www.opengroup.org/pubs/catalog/p702.htm

       17. www.dss.ca
	   http://www.dss.ca

       18. LICENSE
	   http://dacs.dss.ca/man/../misc/LICENSE

DACS 1.4.27b							    10/22/2012								   PAMD(8)
All times are GMT -4. The time now is 07:10 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy