Login or Register to Ask a Question and Join Our Community


AIX

2nd SSH doesn't work with AD

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX 2nd SSH doesn't work with AD
# 1  
Old 11-08-2012
2nd SSH doesn't work with AD
Recently I decided to intall second daemon of SSH for Winbind users.
I mean I have configuration AIX + Samba + AD and I can login to the server via SSH with AD accounts to 22 port without any problems.
But now I have second installation of OpenSSH and don't understand why I can't do the same with that ?
I compiled it with :
$ ./configure --prefix=/opt/openssh --with-pam --with-kerberos5=/usr/krb5
$ make
$ make install
... and was nothing errors.

My config files on both daemons ssh is equal except Port (22 / 222)

Code:
$ cat /etc/ssh/sshd_config | egrep -v "(^#.|^$)"
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
PasswordAuthentication yes
ChallengeResponseAuthentication yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
UseLogin yes
PermitUserEnvironment yes
PidFile /var/run/sshd.pid
Subsystem       sftp    /usr/sbin/sftp-server -e -l DEBUG3

On the second new one SSH I can login only with local users, but can't login with Winbind : (
# 2  
Old 11-12-2012
Is 222 defined as a named service in /etc/services or whatever? What's in /etc/pam.d/* files?

BTW, why 2 servers?
# 3  
Old 11-16-2012
Ok, I added two lines in /etc/services, but nothing changed
Code:
[root@wb53tst /]$ cat /etc/services | grep ssh
ssh                     22/tcp          # SSH Remote Login Protocol
ssh                     22/udp          # SSH Remote Login Protocol
ssh                     222/tcp
ssh                     222/udp

About PAM
Code:
#
# Authentication
#
dtaction auth   required        pam_aix
dtsession auth  required        pam_aix
dtlogin auth    required        pam_aix
ftp     auth    required        pam_aix
imap    auth    required        pam_aix
login   auth    required        pam_aix
rexec   auth    required        pam_aix
rlogin  auth    sufficient      pam_rhosts_auth
rlogin  auth    required        pam_aix
rsh     auth    required        pam_rhosts_auth
snapp   auth    required        pam_aix
su      auth    sufficient      pam_allowroot
su      auth    required        pam_aix
telnet  auth    required        pam_aix
OTHER   auth    required        pam_prohibit

#
# Account Management
#
dtlogin account required        pam_aix
ftp     account required        pam_aix
login   account required        pam_aix
rexec   account required        pam_aix
rlogin  account required        pam_aix
rsh     account required        pam_aix
su      account sufficient      pam_allowroot
su      account required        pam_aix
telnet  account required        pam_aix
OTHER   account required        pam_prohibit

#
# Password Management
#
dtlogin password  required      pam_aix
login   password  required      pam_aix
passwd  password  required      pam_aix
rlogin  password  required      pam_aix
su      password  required      pam_aix
telnet  password  required      pam_aix
OTHER   password  required      pam_prohibit

#
# Session Management
#
dtlogin session required        pam_aix
ftp     session required        pam_aix
imap    session required        pam_aix
login   session required        pam_aix
rexec   session required        pam_aix
rlogin  session required        pam_aix
rsh     session required        pam_aix
snapp   session required        pam_aix
su      session required        pam_aix
telnet  session required        pam_aix
OTHER   session required        pam_prohibit

# 4  
Old 11-16-2012
I think /etc/services needs a one-to-one (per protocol) to work correctly, so you might want to rename this service 'ssh2' or the like.

This fellow made it entirely a different service except for any internal strings in code: tgharold.com: Tech Blog: Setup sshd to run a second instance

PAM setup for ssh involves several files in the pam dir. Did you update them?
# 5  
Old 11-18-2012
I think you confused.
In AIX is not present /etc/pam.d catalog. I saw it only in Linux systems.
PAM is not native AIX enviroinment.
# 6  
Old 11-20-2012
Hi
I am unable to download ssh tried through IBM ID but unable to create an ID. Can any one help I want to work out the commands n check.
# 7  
Old 11-20-2012
Well, the config files tend to move around and change from O/S to O/S, but the basics are still the same. His second ssh worked because it was an entirely different service and executable name, so it was not getting cpnfused with the configuration of the first ssh, just as configuration elements for http or ftp never get confused with ssh.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

PING to AIX works but TELNET FTP SSH doesn't work

root@PRD /> rsh DR KFAFH_DR: protocol failure due to unexpected closure from server end root@PRD /> telnet DR Trying... Connected to DR. Escape character is '^]'. Connection closed. root@PRD /> ftp DR Connected to KFAFH_DR. 421 Service not available, remote server has closed connection... (2 Replies)
Discussion started by: filosophizer
2 Replies

2. Shell Programming and Scripting

Exit 1 doesn't work

Hi tail -f $PROGPATH/NBU_pgbaserestore_$1.log | while read LOGLINE do if ] && ! ] then date "+%d.%B.%Y %H:%M:%S" echo "ERROR: NBU" echo "$LOGLINE" TAILKILL=$(pgrep -P $$ -x tail) kill -9 $TAILKILL exit 1 ... (3 Replies)
Discussion started by: kvaikla
3 Replies

3. Shell Programming and Scripting

-ne 0 doesn't work -le does

Hi, I am using korn shell. until ] do echo "\$# = " $# echo "$1" shift done To the above script, I passed 2 parameters and the program control doesn't enter inside "until" loop. If I change it to until ] then it does work. Why numeric comparison is not working with -ne and works... (3 Replies)
Discussion started by: ab_2010
3 Replies

4. Shell Programming and Scripting

Ssh remote command doesn't work from script file

I have 10 application servers in a distributed architecture generating their own application logs. Each server has application utility to continuously tail the log. for example following command follows tails and follows new logfiles as they are generated server1$ logutility logtype When I run... (8 Replies)
Discussion started by: indianya
8 Replies

5. UNIX for Dummies Questions & Answers

Why doesn't this work?

find . -name "05_scripts" -type d -exec mv -f {}/'*.aep\ Logs' {}/.LogFiles \; Returns this failure: mv: rename ./019_0120_WS_WH_gate_insideTEST/05_scripts/*.aep\ Logs to ./019_0120_WS_WH_gate_insideTEST/05_scripts/.LogFiles/*.aep\ Logs: No such file or directory I don't know why it's trying... (4 Replies)
Discussion started by: scribling
4 Replies

6. UNIX for Advanced & Expert Users

remsh doesn't work

Hi, I need to use remsh inside a ksh script. The script would remsh to another machine (maybe different OS) and then execute commands. A Simple Script: #!/usr/bin/ksh remsh sun7656 -l myuser "cd /user.3/MyFolder; ls -lart" But this gives me the error: permission denied I also... (4 Replies)
Discussion started by: som.nitk
4 Replies

7. UNIX for Dummies Questions & Answers

SSH-KEYGEN doesn't work

Hi, Am running the following commands on our server to generate a key for passwordless SSH, however we are getting 100% blank key files. E.g. when looking id_dsa.pub or id_dsa they are 100% empty - the files get created, but contain no content and have a file size of 0b. mkdir ~/.ssh... (3 Replies)
Discussion started by: gjp
3 Replies

8. Shell Programming and Scripting

for loop doesn't work

I have a script which uses below for loop: for (( i = 0 ; i <= 5; i++ )) do echo "Welcome $i times" done But when I run the script, it gives error message: Syntex Error : Bad for loop variable Can anyone guide to run it? Thanks in advance. (10 Replies)
Discussion started by: naw_deepak
10 Replies

9. UNIX for Dummies Questions & Answers

Script doesn't work, but commands inside work

Howdie everyone... I have a shell script RemoveFiles.sh Inside this file, it only has two commands as below: rm -f ../../reportToday/temp/* rm -f ../../report/* My problem is that when i execute this script, nothing happened. Files remained unremoved. I don't see any error message as it... (2 Replies)
Discussion started by: cheongww
2 Replies

10. Shell Programming and Scripting

Why doesn't this work?

cat .servers | while read LINE; do ssh jason@$LINE $1 done exit 1 ./command.ksh "ls -l ~jason" Why does this ONLY iterate on the first server in the list? It's not doing the command on all the servers in the list, what am I missing? Thanks! JP (2 Replies)
Discussion started by: jpeery
2 Replies
Login or Register to Ask a Question