Login or Register to Ask a Question and Join Our Community


AIX

Passwordless SSH problem with AIX machines

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Passwordless SSH problem with AIX machines
# 8  
Old 12-27-2012
On both machines

Code:
# cat /etc/syslog.conf | grep auth
#       kern,user,mail,daemon, auth,... (see syslogd(AIX Commands Reference))
#

So I edited the syslog.conf and added as requested


on machine A : 10.1.1.105 = standby
after doing few ssh from the user oraprod & root

Code:
# cat /var/adm/authlog

Dec 27 22:31:49 standby sshd[1237032]: warning: /etc/hosts.allow, line 1: missing ":" separator
Dec 27 22:31:51 standby sshd[1237032]: Accepted password for root from 10.1.1.120 port 34557 ssh2
Dec 27 22:32:07 standby sshd[1237038]: warning: /etc/hosts.allow, line 1: missing ":" separator
Dec 27 22:32:09 standby sshd[1237038]: Failed password for root from 10.1.1.120 port 34558 ssh2
Dec 27 22:32:09 standby syslog: ssh: failed login attempt for root from test1
Dec 27 22:32:11 standby sshd[1237038]: Failed password for root from 10.1.1.120 port 34558 ssh2
Dec 27 22:32:11 standby syslog: ssh: failed login attempt for root from test1
Dec 27 22:32:13 standby sshd[1237038]: Failed password for root from 10.1.1.120 port 34558 ssh2
Dec 27 22:32:13 standby sshd[1245272]: syslog: fopen on /dev/null failed, errno 2
Dec 27 22:32:13 standby syslog: ssh: failed login attempt for root from test1
Dec 27 22:32:45 standby sshd[1241136]: warning: /etc/hosts.allow, line 1: missing ":" separator
Dec 27 22:32:46 standby sshd[1245282]: syslog: fopen on /dev/null failed, errno 2
Dec 27 22:33:53 standby sshd[1241154]: warning: /etc/hosts.allow, line 1: missing ":" separator
Dec 27 22:33:53 standby sshd[213108]: syslog: fopen on /dev/null failed, errno 2
Dec 27 22:34:22 standby sshd[213118]: warning: /etc/hosts.allow, line 1: missing ":" separator
Dec 27 22:34:25 standby sshd[213118]: Accepted password for root from 10.1.1.120 port 34563 ssh2
Dec 27 22:34:36 standby su: from root to oraprod at /dev/pts/2
#


Machine B: 10.1.1.120 = test1

Code:
# cat /var/adm/authlog

Dec 28 01:34:13 test1 sshd[340120]: warning: /etc/hosts.allow, line 1: missing ":" separator
Dec 28 01:34:16 test1 sshd[335952]: syslog: fopen on /dev/null failed, errno 2
Dec 28 01:34:53 test1 sshd[360646]: warning: /etc/hosts.allow, line 1: missing ":" separator
Dec 28 01:34:53 test1 sshd[340122]: syslog: fopen on /dev/null failed, errno 2
#


Machine A /etc/hosts.allow had the ip address of Machine B which is
cat /etc/hosts.allow
10.1.1.120

and Machine B had the IP address of Machine A
cat /etc/hosts.allow
10.1.1.105

Then i removed the IP addresses from both files and the files are empty and did ssh from Machine A to Machine B and the log file is below

but when I do as a root the ssh log file will catch it
but when i do as oraprod
nothing appears in the log file

Code:
Dec 28 02:20:30 test1 sshd[336016]: Authentication refused: bad ownership or modes for file /.ssh/authorized_keys
Dec 28 02:20:30 test1 sshd[336016]: Authentication refused: bad ownership or modes for file /.ssh/authorized_keys
Dec 28 02:20:35 test1 sshd[336018]: Authentication refused: bad ownership or modes for file /.ssh/authorized_keys
Dec 28 02:20:35 test1 sshd[336018]: Authentication refused: bad ownership or modes for file /.ssh/authorized_keys
Dec 28 02:20:40 test1 sshd[364778]: Authentication refused: bad ownership or modes for file /.ssh/authorized_keys

I redited /etc/hosts.allow on both machines and added the following

$ cat /etc/hosts.allow
ALL:ALL

then log file

Code:
Machine A
Dec 27 23:34:18 standby sshd[303216]: Received signal 15; terminating.
Dec 27 23:34:21 standby sshd[303218]: Server listening on 0.0.0.0 port 22.
Dec 27 23:34:21 standby sshd[303218]: error: Bind to port 22 on :: failed: The socket name is already in use..
Dec 27 23:34:21 standby sshd[303218]: error: Couldn't create pid file "/usr/local/etc/sshd.pid": A file or directory in the path name does not exist.
Dec 27 23:34:50 standby su: from root to oraprod at /dev/pts/2


Machine B
Dec 27 23:23:54 test1 su: from root to oraprod at /dev/pts/2
Dec 27 23:34:11 test1 sshd[348340]: Received signal 15; terminating.
Dec 27 23:34:14 test1 sshd[348342]: Server listening on 0.0.0.0 port 22.
Dec 27 23:34:14 test1 sshd[348342]: error: Bind to port 22 on :: failed: The socket name is already in use..
Dec 27 23:34:14 test1 sshd[348342]: error: Couldn't create pid file "/usr/local/etc/sshd.pid": A file or directory in the path name does not exist.
Dec 27 23:35:13 test1 su: from root to oraprod at /dev/pts/2

Last edited by filosophizer; 12-27-2012 at 04:40 PM..
# 9  
Old 12-28-2012
I am not familar with the "host.allow" file. We doesn't use them Smilie
It is possible to delete this file for testing?

P.S.
To reduce the error messages when sshd starts, You can change the following lines in the sshd config (uncomment them):
ListenAddress 0.0.0.0
PidFile /var/run/sshd.pid
# 10  
Old 12-28-2012
Repeated the procedure once again.

Machine A and repeated the same on machine B
Code:
$hostname
standby
$whoami
oraprod
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oraprod/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oraprod/.ssh/id_rsa.
Your public key has been saved in /home/oraprod/.ssh/id_rsa.pub.
The key fingerprint is:
48:9a:0a:d5:6d:55:ab:8e:87:48:9a:09:64:23:65:54 oraprod@standby
The key's randomart image is:
+--[ RSA 2048]----+
| .+.E   ...      |
| o . . .   .     |
|.+. . +   .      |
|+..  = . .       |
|o   + . S        |
| o * . +         |
|  = . o o        |
|       .         |
|                 |
+-----------------+
$ cd .ssh

$ ls
id_rsa      id_rsa.pub

$ cat id_rsa.pub >> ~/.ssh/authorized_keys_4SecondaryServer

$ ls
authorized_keys_4SecondaryServer  id_rsa           id_rsa.pub

$ cat authorized_keys_4SecondaryServer
ssh-rsa <<deleted by the poster...line too big>>

FTP from the SecondaryServer the file authorized_keys

$ ls
authorized_keys_authorized_keys_4SecondaryServer  id_rsa
authorized_keys    id_rsa.pub

$ cp authorized_keys_4standby authorized_keys

$ chmod 600 authorized_keys

$ ls -ltra
total 48
drwxr-xr-x   3 oraprod  dba             256 Dec 28 14:19 ..
-rw-r--r--   1 oraprod  dba             397 Dec 28 14:20 id_rsa.pub
-rw-------   1 oraprod  dba            1675 Dec 28 14:20 id_rsa
-rw-------   1 oraprod  dba             395 Dec 28 14:29 authorized_keys
-rw-r--r--   1 oraprod  dba             398 Dec 28 14:32 known_hosts
drwx------   2 oraprod  dba             256 Dec 28 14:32 .

$ ls -ltra
total 80
-rwxr-----   1 oraprod  dba             254 Nov 30 21:15 .profile
drwxr-xr-x   6 bin      bin             256 Dec 02 18:30 ..
-rw-r--r--   1 oraprod  dba             205 Dec 10 19:24 smit.transaction
-rw-r--r--   1 oraprod  dba              81 Dec 10 19:24 smit.script
-rw-------   1 root     system          100 Dec 10 19:30 .bash_history
-rw-r--r--   1 oraprod  dba            3663 Dec 27 23:23 smit.log
-rw-r--r--   1 oraprod  dba             674 Dec 28 14:19 standby.txt
drwxr-xr-x   3 oraprod  dba             256 Dec 28 14:19 .
drwx------   2 oraprod  dba             256 Dec 28 14:32 .ssh
-rw-------   1 oraprod  dba           13942 Dec 28 14:38 .sh_history

$ ls -ltra
total 16
drwxr-xr-x   2 guest    usr             256 Dec 05 2004  guest
drwx------   2 root     system          256 Nov 29 20:15 lost+found
-rw-r--r--   1 root     system            1 Dec 02 18:30 .profile
drwxr-xr-x   6 bin      bin             256 Dec 02 18:30 .
drwxr-xr-x   2 applprod dba             256 Dec 07 17:26 applprod
drwxr-xr-x  26 root     system         4096 Dec 28 14:08 ..
drwxr-xr-x   3 oraprod  dba             256 Dec 28 14:19 oraprod


$ ssh test1 date
The authenticity of host 'test1 (10.1.1.120)' can't be established.
RSA key fingerprint is 71:3b:ba:cb:d1:bf:94:41:a8:6f:3a:00:10:d0:65:ca.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'test1,10.1.1.120' (RSA) to the list of known hosts.
Connection closed by 10.1.1.120

$ ssh test1 date
Connection closed by 10.1.1.120

Check the authlog on Machine B:

Code:
Dec 28 13:35:29 test1 sshd[348342]: Received signal 15; terminating.
Dec 28 13:38:52 test1 sshd[233588]: Server listening on 0.0.0.0 port 22.
Dec 28 13:38:52 test1 sshd[233588]: error: Bind to port 22 on :: failed: The socket name is already in use..
Dec 28 13:38:52 test1 sshd[233588]: error: Couldn't create pid file "/usr/local/etc/sshd.pid": A file or directory in the path name does not exist.
Dec 28 13:38:52 test1 tsm: 3004-035 TSM: write to /dev/vty2 failed.
Dec 28 14:09:23 test1 su: from root to oraprod at /dev/pts/0


Check the authlog on Machine A

Code:
Dec 28 13:35:12 standby sshd[303218]: Received signal 15; terminating.
Dec 28 13:38:55 standby sshd[254156]: Server listening on 0.0.0.0 port 22.
Dec 28 13:38:55 standby sshd[254156]: error: Bind to port 22 on :: failed: The socket name is already in use..
Dec 28 13:38:55 standby sshd[254156]: error: Couldn't create pid file "/usr/local/etc/sshd.pid": A file or directory in the path name does not exist.
Dec 28 13:38:56 standby tsm: 3004-035 TSM: write to /dev/vty2 failed.
Dec 28 13:44:36 standby syslog: pts/1: failed login attempt for UNKNOWN_USER from testserver
Dec 28 13:44:36 standby tsm: 3004-035 TSM: write to /dev/pts/1 failed.
Dec 28 14:08:36 standby su: from root to oraprod at /dev/pts/0


/etc/hosts.allow

Code:
Machine A

$ cat /etc/hosts.allow
ALL : ALL : allow
sshd : ALL : allow
$

Machine B
$ cat /etc/hosts.allow
ALL : ALL : allow
sshd : ALL : allow
$

/etc/hosts.deny
empty
Code:
Machine A
$ cat /etc/hosts.deny


Machine B
$ cat /etc/hosts.deny


Now making the changes as requested

Quote:
Originally Posted by -=XrAy=-
I am not familar with the "host.allow" file. We doesn't use them Smilie
It is possible to delete this file for testing?

P.S.
To reduce the error messages when sshd starts, You can change the following lines in the sshd config (uncomment them):
ListenAddress 0.0.0.0
PidFile /var/run/sshd.pid
deleted hosts.allow and hosts.deny

then
# stopsrc -s sshd ; startsrc -s sshd
# stopsrc -s syslogd ; startsrc -s syslogd


Now ssh from one Machine A to Machine B

Code:
Machine A
# su - oraprod
$ ssh test1 date
Connection closed by 10.1.1.120

Machine B
# su - oraprod
$ ssh standby date
Connection closed by 10.1.1.105

Machine A : Authlog
Dec 28 14:51:46 standby sshd[254156]: Received signal 15; terminating.
Dec 28 14:51:49 standby sshd[254158]: Server listening on 0.0.0.0 port 22.
Dec 28 14:51:49 standby sshd[254158]: error: Couldn't create pid file "/var/run/sshd.pid": A file or directory in the path name does not exist.
Dec 28 14:54:20 standby su: from root to oraprod at /dev/pts/0

Machine B: Authlog

Dec 28 13:35:29 test1 sshd[348342]: Received signal 15; terminating.
Dec 28 13:38:52 test1 sshd[233588]: Server listening on 0.0.0.0 port 22.
Dec 28 13:38:52 test1 sshd[233588]: error: Bind to port 22 on :: failed: The socket name is already in use..
Dec 28 13:38:52 test1 sshd[233588]: error: Couldn't create pid file "/usr/local/etc/sshd.pid": A file or directory in the path name does not exist.
Dec 28 13:38:52 test1 tsm: 3004-035 TSM: write to /dev/vty2 failed.
Dec 28 14:09:23 test1 su: from root to oraprod at /dev/pts/0
Dec 28 14:50:33 test1 sshd[233588]: Received signal 15; terminating.
Dec 28 14:50:37 test1 sshd[233590]: Server listening on 0.0.0.0 port 22.
Dec 28 14:50:37 test1 sshd[233590]: error: Couldn't create pid file "/var/run/sshd.pid": A file or directory in the path name does not exist.
Dec 28 14:53:53 test1 su: from root to root at /dev/pts/0
Dec 28 14:53:58 test1 su: from root to oraprod at /dev/pts/0

Last edited by filosophizer; 12-28-2012 at 08:00 AM..
# 11  
Old 12-28-2012
I am a little bit confused about your copy- and FTP-actions Smilie

on mashine [standby] in the file /home/oraprod/.ssh/authorized_keys
should be an entry like "ssh-rsa .....blablabla... oraprod@test1"


on mashine [test1] in the file /home/oraprod/.ssh/authorized_keys
should be an entry like "ssh-rsa .....blablabla... oraprod@standby"

is this correct?
# 12  
Old 12-28-2012
Quote:
Originally Posted by -=XrAy=-
I am a little bit confused about your copy- and FTP-actions Smilie

on mashine [standby] in the file /home/oraprod/.ssh/authorized_keys
should be an entry like "ssh-rsa .....blablabla... oraprod@test1"


on mashine [test1] in the file /home/oraprod/.ssh/authorized_keys
should be an entry like "ssh-rsa .....blablabla... oraprod@standby"

is this correct?
YES

Code:
Machine A = standby

$ cd ~/.ssh
$ ls
authorized_keys           authorized_keys_4test1    id_rsa.pub
authorized_keys_4standby  id_rsa                    known_hosts
$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5R/M....gwhw== oraprod@test1

Machine B = test1
$ ls
authorized_keys           authorized_keys_4test1    id_rsa.pub
authorized_keys_4standby  id_rsa                    known_hosts
$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtRNRN.....g4pDYV/w== oraprod@standby

# 13  
Old 12-28-2012
okay that looks good

Could you please delete or rename both files (hosts.allow and host.deny) on one server. Then restart the sshd daemon and test again - sorry i currently have no other idea - maybe a mistake in the network configuration
# 14  
Old 12-30-2012
Quote:
Originally Posted by -=XrAy=-
okay that looks good

Could you please delete or rename both files (hosts.allow and host.deny) on one server. Then restart the sshd daemon and test again - sorry i currently have no other idea - maybe a mistake in the network configuration
i deleted the files hosst.allow and hosts.deny on both.

but same results.

The tricky part is here:

when I delete everything inside .ssh directory in both machines,
ssh from machine A to Machine B will ask for password and vice versa.. It will work and ask for password.

But with the key : authorized_keys ==> I get the message connection closed !

so why without the key file it asks for password and with key file it doesn't even ask for anything ?

---------- Post updated 12-29-12 at 01:23 AM ---------- Previous update was 12-28-12 at 05:37 AM ----------

Folks, I think I have isolated the problem

1. When I delete everything in the .ssh folder on Machine A and Machine B
The scenario is
- no hosts.allow file
- no hosts.deny file
- no authorized_keys file

from machine A to machine B
ssh machineB date
> ask for password
> enter password
> works fine

from machine B to machine A
ssh machineA date
> ask for password
> enter password
> works fine

1. when you delete the authorized_keys and try to login with username and password, you got a valid login/shell? - or will you also disconnected after entering the password?

yes, I will get a valid login/shell.


2. Tried the same method in the same network on other Machines
Machine C and Machine D
it worked fine, no issues like what is happening with Machine A and Machine B

the difference between Machines C and Machine D is that did that using physical ports, and hostname and ip is registered in the MS DNS Server
Machines C and Machines D are physical machines using physical ports

whereas

Machine A and Machine B are LPARs under VIOS
they are using SEA = Shared Ethernet Adapter
hostname dns is also registered in the MS DNS Server

3. Could the problem be related to SEA = Shared Ethernet Adapter for LPARS ?

4. Now from Machine B to VIOS_SERVER ssh works fine
$ whoami
oraprod

$ hostname
test1

$ ssh ibmvios date
Date......

but from VIOS_SERVER to MACHINE B
same problem: connection closed !

The problem looks like in Machine A and Machine B --- how to troubleshoot and look into it ?

---------- Post updated at 08:25 AM ---------- Previous update was at 01:23 AM ----------

This what I did on VIOS server for creating SEA = Shared Ethernet Adapter

May be my SEA configuration is not right ?

Code:
# lsdev -Cc adapter
ent0      Available 08-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
ent1      Available 08-09 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
ent2      Available       Virtual I/O Ethernet Adapter (l-lan)
ent3      Available       Virtual I/O Ethernet Adapter (l-lan)
ent4      Available       Virtual I/O Ethernet Adapter (l-lan)
ent5      Available       Virtual I/O Ethernet Adapter (l-lan)



$ mkvdev -sea ent1 -vadapter ent2  -default ent2 -defaultid 1

# lsdev -Cc adapter
ent0      Available 08-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
ent1      Available 08-09 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
ent2      Available       Virtual I/O Ethernet Adapter (l-lan)
ent3      Available       Virtual I/O Ethernet Adapter (l-lan)
ent4      Available       Virtual I/O Ethernet Adapter (l-lan)
ent5      Available       Virtual I/O Ethernet Adapter (l-lan)
ent6      Available       Shared Ethernet Adapter

$ lsdev -dev ent6 -attr virt_adapters
value

ent2

$ lsdev -dev ent6 -attr real_adapter
value

ent1



$ viosecure -firewall view
Firewall      OFF

                          ALLOWED   PORTS
           Local   Remote
Interface  Port    Port    Service      IPAddress       Expiration Time(seconds)
---------  ----    ----    -------      ---------       ---------------
$

$ netstat -cdlistats | grep "Priority"
  Priority: 1  Active: True
  Priority: 1  Active: True
  Priority: 1  Active: True
  Priority: 1  Active: True

# ifconfig -a
en0: flags=5e080863,1c0<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),PSEG,LARGESEND,CHAIN>
        inet 10.1.1.110 netmask 0xffff0000 broadcast 10.1.255.255
         tcp_sendspace 131072 tcp_recvspace 65536 rfc1323 0
en6: flags=1e080863,180<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),CHAIN>
        inet 10.1.1.111 netmask 0xffff0000 broadcast 10.1.255.255
         tcp_sendspace 131072 tcp_recvspace 65536 rfc1323 0

---------- Post updated at 11:51 AM ---------- Previous update was at 08:25 AM ----------

Now,

From VIO_SERVER = ibmvios to test1


Code:
$ whoami
oraprod

$ ssh test1 date
Connection closed by 10.1.1.120
$ hostname
ibmvios
$ ssh -vv test1 date
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so):   0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
        0509-026 System error: A file or directory in the path name does not exist.

debug1: Error loading Kerberos, disabling Kerberos auth.
debug2: ssh_connect: needpriv 0
debug1: Connecting to test1 [10.1.1.120] port 22.
debug1: Connection established.
debug1: identity file /home/oraprod/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/oraprod/.ssh/id_rsa type 1
debug1: identity file /home/oraprod/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: Entering the function :kex_choose_conf

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 128/256
debug2: bits set: 522/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'test1' is known and matches the RSA host key.
debug1: Found key in /home/oraprod/.ssh/known_hosts:1
debug2: bits set: 509/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/oraprod/.ssh/identity (0)
debug2: key: /home/oraprod/.ssh/id_rsa (20032128)
debug2: key: /home/oraprod/.ssh/id_dsa (0)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: The Key: 0

debug1: Trying private key: /home/oraprod/.ssh/identity
debug1: After function load_identity_file

debug1: The Key: 1

debug1: Offering public key: /home/oraprod/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by 10.1.1.120
$

From test1 to ibmvios

Code:
$ whoami
oraprod
$ hostname
test1
$ ssh -vv ibmvios date
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so):   0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
        0509-026 System error: A file or directory in the path name does not exist.

debug1: Error loading Kerberos, disabling Kerberos auth.
debug2: ssh_connect: needpriv 0
debug1: Connecting to ibmvios [10.1.1.110] port 22.
debug1: Connection established.
debug1: identity file /home/oraprod/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/oraprod/.ssh/id_rsa type 1
debug1: identity file /home/oraprod/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 132/256
debug2: bits set: 511/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ibmvios' is known and matches the RSA host key.
debug1: Found key in /home/oraprod/.ssh/known_hosts:1
debug2: bits set: 519/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/oraprod/.ssh/identity (0)
debug2: key: /home/oraprod/.ssh/id_rsa (200485b8)
debug2: key: /home/oraprod/.ssh/id_dsa (0)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/oraprod/.ssh/identity
debug1: Offering public key: /home/oraprod/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp 45:1a:60:a1:01:13:a8:57:7d:5a:07:c7:74:1e:ba:d7
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug1: Sending command: date
debug2: channel 0: request exec confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
Sat Dec 29 16:50:32 CST 2012
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2176, received 2328 bytes, in 0.0 seconds
Bytes per second: sent 114484.3, received 122481.4
debug1: Exit status 0
$

---------- Post updated 12-30-12 at 11:11 AM ---------- Previous update was 12-29-12 at 11:51 AM ----------

Still no success...searching on google came across

Quote:
Finally came up with a workaround for the issue, as i needed the ssh without password for RAC configuration.

workaround:-
changes in sshd_config
Protocol 2

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
created keys using ssh-keygen -t rsa1
copied contents of .ssh/identity.pub to authorized_keys & restarted ssh service....walla

i knw ssh1 is less secured compared to ssh2, but desparate times needs desperate measures.

Hope this helps someone someday...
TC
ssh connection closed by ip
Did not work. The only thing with the above setup was that , there was no Connection Closed Message, rather it was asking for password.
This is one step ahead only.
Last edited by filosophizer; 12-29-2012 at 12:34 PM..
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Passwordless ssh

Hi I have created a user on a linux server and created a passwordless ssh key. I've echoed the key into the authorized_keys file for the user. I've added a series of forced commands to the key. From my laptop - logged in as myself - I can ssh into the server as that user and the commands... (3 Replies)
Discussion started by: steadyonabix
3 Replies

2. UNIX for Advanced & Expert Users

passwordless ssh connection problem

I need to ssh from Host A to Hosts B and C. A->B works, but A->C does not. I can do rcp/rcmd A->B and A->C. B and C are identical systems. All three are SCO OSR 5. More relevant info: Host A$ ssh -V OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004 Hosts B and C are:... (5 Replies)
Discussion started by: migurus
5 Replies

3. Shell Programming and Scripting

passwordless ssh

My main concern is, i have to login into 300 linux server and all are having same userid and password. I dont want to create any key for each server to login . Is there a way to run the shell script ? (3 Replies)
Discussion started by: Mani2512
3 Replies

4. Red Hat

Passwordless SSH from Linux to AIX

Hi, I am trying to setup passwordless SSH from Redhat Linux EL 5 to AIX 6 and it worked for few boxes and didn't for few other. Not sure as to why it's happening. Pl find below the log when i run ssh in verbose mode. TIA Reddy # ssh -v aixora04 OpenSSH_4.3p2, OpenSSL... (3 Replies)
Discussion started by: reddyr
3 Replies

5. UNIX for Dummies Questions & Answers

passwordless ssh

hi, i have tried with passwordless shh in google.. i followed the below steps ... user:~> ssh-keygen -t rsa Enter file in which to save the key (/home/cantin/.ssh/id_rsa):key.txt Enter passphrase (empty for no passphrase): Enter same passphrase again: till this step i... (0 Replies)
Discussion started by: arunmanas
0 Replies

6. Shell Programming and Scripting

ssh passwordless

Hi, I want to login to a remote server and sftp files without password prompting. So, I created private-public key pair as follows: user1@server1.com .ssh]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user1/.ssh/id_rsa): Enter... (7 Replies)
Discussion started by: dips_ag
7 Replies

7. HP-UX

Help on passwordless ssh...

Hi, Can someone help me on ssh-keygen usage...? I used ssh-keygen after which "id.pub" file was generated in system1's > .ssh directory... I copied the same into the remote system system2 > .ssh directory as "authorized_keys" file. Now i tried ssh connection from system 1 to system... (7 Replies)
Discussion started by: EmbedUX
7 Replies

8. AIX

Passwordless authentication via SSH

I am trying to implement passwordless authentication via ssh2. I have used the well documented technique of generating a key pair with a blank passphrase on my client machine, and installing the public key on the destination server (AIX 5.3) in the user's .ssh2 directory. I have used this technique... (1 Reply)
Discussion started by: RegX
1 Replies

9. AIX

Printing problem in AIX machines running SAP

Hi all, We have a intermittent problem with printing from SAP running on AIX5.2 . Version of Sap is 4.6b. When a print is fired from SAP, the spool is created fine and then transferred to the host spool system (in this case the AIX Print queue). The problem seems to be happening when AIX... (3 Replies)
Discussion started by: pauldavi26
3 Replies

10. Red Hat

X11 forwarding problem between 2 RHEL4 machines with SSH

X11 forwarding problem between 2 RHEL4 machines with SSH Already configured the following on both machines under /etc/ssh Under sshd_config: UsePAM no AllowTcpForwarding yes Under ssh_config: ForwardAgent yes ForwardX11 yes ForwardX11Trusted yes ----------------------------- Using... (1 Reply)
Discussion started by: panggou
1 Replies
Login or Register to Ask a Question