×
UNIX.COM Login
Username:
Password:  
Show Password






👤
Admin Notice


HP-UX

HP-UX (Hewlett Packard UniX) is Hewlett-Packard's proprietary implementation of the Unix operating system, based on System V.

SSH Authentication issue.

👤 Login to reply

 
Thread Tools Search this Thread Display Modes
    #8  
Old 05-23-2014
ygemici ygemici is offline Forum Advisor  
sed_shell@LNU
 
Join Date: Feb 2010
Last Activity: 26 April 2017, 8:59 AM EDT
Location: istanbul
Posts: 1,713
Thanks: 4
Thanked 295 Times in 286 Posts
Quote:
Originally Posted by chacko193 View Post
Thanks for the reply, but from that other issue that you posted, I got to know that this is a default behavior. But it does not says how to avoid using "none" authentication method.

I tried with the NoneAuthentication option and it says it is not supported.


Code:
command-line: line 0: Bad configuration option: NoneAuthentication
Connection closed
What is your operating system.and what is your ssh version ?
To your ssh version then add the some options like below if it is has its in specs.


Code:
AllowedAuthentications hostbased,publickey,password


Last edited by ygemici; 05-23-2014 at 09:34 AM..
Sponsored Links
    #9  
Old 05-26-2014
chacko193 chacko193 is offline
Registered User
 
Join Date: Sep 2012
Last Activity: 27 September 2016, 1:55 AM EDT
Posts: 189
Thanks: 31
Thanked 33 Times in 33 Posts
My client is HP-UX and the remote server is windows 2008 server and in that I am running the vShell.

What I am doing now is to open a sftp session form the HP-UX to vShell.

I need to make changes in HPUX only.

I tried setting this option, but to no effect:


Code:
# allow the use of the none cipher
NoneEnabled no

Sponsored Links
    #10  
Old 05-26-2014
ygemici ygemici is offline Forum Advisor  
sed_shell@LNU
 
Join Date: Feb 2010
Last Activity: 26 April 2017, 8:59 AM EDT
Location: istanbul
Posts: 1,713
Thanks: 4
Thanked 295 Times in 286 Posts
Quote:
Originally Posted by chacko193 View Post
My client is HP-UX and the remote server is windows 2008 server and in that I am running the vShell.

What I am doing now is to open a sftp session form the HP-UX to vShell.

I need to make changes in HPUX only.

I tried setting this option, but to no effect:


Code:
# allow the use of the none cipher
NoneEnabled no
chacko193,

1 - (open)-ssh client asks the server for auth-methods as in the normal ssh-client-work as userauth-request
(because almost ssh clients wants to know which auth methods that the server supports) )
and cannot change this behaviour with add parameters as far as i m know for the open-ssh client
and therefore you must change the server config

if there is possibility of use the different ssh clients and then may you can this.
for exa i tested bitvise ssh client with selected "initial method" option to any (password,pubkey,gssapi,keyboard-interactive..)
and this is SuCcess so "ssh-connection method none [preauth]" is not logging any mode (debug[1-3],verbose or any others)
lastly this ssh client allow the authenticaton methods which we want to choose any methods...

And you will not see the message that is "rejected ....." in your server logs.
this is just a choise.I dont know its applicability.


******************************************************

2 - i wanted to test the vshell server but i cant download it.

below is the answer to me from vandyke and they give late response.


Code:
Hello Yucel,

Thank you for your interest in VShell(R).

We apologize for the inconvenience, unfortunately, U.S.
export regulations do not allow automated downloads to some
countries.

However, by providing some additional information, you can
still download and evaluate VShell.

.............

Sincerely,


Leslie Tyk
Orders Department
VanDyke Software, Inc.
505-332-5710
505-332-5701 (fax)
sales@vandyke.com
www.vandyke.com


3 - u can check the loglevel on the server-side.*(sshd_config -> vshelld_config)

a-) what is output ?


Code:
# findstr /I Log "vshelld_config"

a-1) lets try - We have to change this


Code:
LogTopicAuthentication xxxx

to


Code:
LogTopicAuthentication false

b-) what is output ?


Code:
# findstr /I Authentications "vshelld_config"

b-1) lets try - We have to change this


Code:
AuthenticationsAllowed xxxx

to


Code:
AuthenticationsAllowed publickey, password

and
*

Code:
AuthenticationsRequired xxxx

to


Code:
AuthenticationsRequired publickey, password

******************************************************

4 - and ask*(open the case) the vandyke.com.
or check the syslog.conf for eliminate the this messages.

******************************************************

5 - and is not related the ssl-ciphers.


regards
ygemici
The Following User Says Thank You to ygemici For This Useful Post:
chacko193 (05-26-2014)
    #11  
Old 05-27-2014
chacko193 chacko193 is offline
Registered User
 
Join Date: Sep 2012
Last Activity: 27 September 2016, 1:55 AM EDT
Posts: 189
Thanks: 31
Thanked 33 Times in 33 Posts
Thanks Ygemici for you reply!!

I have already tried out not logging the "auth" events in vShell and that seems to work.

I got to thinking that since the client is initiating the ssh session, it will be the client that sends the "none" auth method request and from my other searches was able to confirm this as well. So I came to the conclusion that there will be some option within the ssh config files which prevents sending out the "none" auth request and hence my futile searches.

I will try out the rest of your suggestions and get back to when I have some results.

---------- Post updated at 11:30 PM ---------- Previous update was at 11:26 AM ----------

I tried changing the AuthenticationsAllowed and AuthenticationsRequired to "password" only in vShell, but still it is using the "none" authentication first and then only it is going for password.

---------- Post updated 05-27-14 at 04:42 AM ---------- Previous update was 05-26-14 at 11:30 PM ----------

I have one query. You said you were able to connect to server with any initial auth method using bitvise client. I also tried that and noticed the same,i.e , I am not getting that "none rejected" message.

So how is this bitvise client able to choose the initial auth method? If they are able to do it, why cannot we do the same. After all they too will be using the same open-ssh only(may be with some modifications). And I think it is the only one were none is listed as an auth method.

---------- Post updated at 07:42 AM ---------- Previous update was at 04:42 AM ----------

Quote:
Originally Posted by Perderabo View Post
Look at your sshd_config file. Is PermitEmptyPasswords set to yes? If so, try turning it off.
It is set to no. Initially it was commented out. Tried with that parameter set to "no" and still the it is taking "none" as initial authentication method.

Last edited by chacko193; 05-27-2014 at 12:42 AM..
Sponsored Links
    #12  
Old 05-28-2014
ygemici ygemici is offline Forum Advisor  
sed_shell@LNU
 
Join Date: Feb 2010
Last Activity: 26 April 2017, 8:59 AM EDT
Location: istanbul
Posts: 1,713
Thanks: 4
Thanked 295 Times in 286 Posts
Quote:
Originally Posted by chacko193 View Post
Thanks Ygemici for you reply!!

I have already tried out not logging the "auth" events in vShell and that seems to work.

I got to thinking that since the client is initiating the ssh session, it will be the client that sends the "none" auth method request and from my other searches was able to confirm this as well. So I came to the conclusion that there will be some option within the ssh config files which prevents sending out the "none" auth request and hence my futile searches.

I will try out the rest of your suggestions and get back to when I have some results.

---------- Post updated at 11:30 PM ---------- Previous update was at 11:26 AM ----------

I tried changing the AuthenticationsAllowed and AuthenticationsRequired to "password" only in vShell, but still it is using the "none" authentication first and then only it is going for password.

---------- Post updated 05-27-14 at 04:42 AM ---------- Previous update was 05-26-14 at 11:30 PM ----------

I have one query. You said you were able to connect to server with any initial auth method using bitvise client. I also tried that and noticed the same,i.e , I am not getting that "none rejected" message.

So how is this bitvise client able to choose the initial auth method? If they are able to do it, why cannot we do the same. After all they too will be using the same open-ssh only(may be with some modifications). And I think it is the only one were none is listed as an auth method.

---------- Post updated at 07:42 AM ---------- Previous update was at 04:42 AM ----------
it has differ codes in the bitvise ssh client ( executable) and it does not send to ssh-server with none-method as in its source code files for know the auth-methods.(written in that way)
and it does not use the openssh sources, it uses FlowSsh libraries and compiled from c++ platform for windows.
Sponsored Links
    #13  
Old 05-28-2014
chacko193 chacko193 is offline
Registered User
 
Join Date: Sep 2012
Last Activity: 27 September 2016, 1:55 AM EDT
Posts: 189
Thanks: 31
Thanked 33 Times in 33 Posts
Well I always knew that was not going to work. But worth a try.

Thanks for clearing it up
Sponsored Links
    #14  
Old 06-07-2014
ygemici ygemici is offline Forum Advisor  
sed_shell@LNU
 
Join Date: Feb 2010
Last Activity: 26 April 2017, 8:59 AM EDT
Location: istanbul
Posts: 1,713
Thanks: 4
Thanked 295 Times in 286 Posts
Quote:
Originally Posted by chacko193 View Post
Well I always knew that was not going to work. But worth a try.

Thanks for clearing it up
Then u can go this way so ;

-> download the source code openssh 6.x.x tar.gz
(for exa openssh-6.4p1)

-> change the line is like below from the "sshconnect2.c"


Code:
int
userauth_none(Authctxt *authctxt)
{
        /* initial userauth request */
/* debug(" --> i am in userauth_none fonksiyonundayim" ); */
        packet_start(SSH2_MSG_USERAUTH_REQUEST);
        packet_put_cstring(authctxt->server_user);
        packet_put_cstring(authctxt->service);
  packet_put_cstring(authctxt->method->name);  -> packet_put_cstring("");
        packet_put_cstring("");
        packet_send();
        return 1;
}

-> compile it..


Code:
# cd openssh-6.4p1 && chmod +x ./configure ./mkinstalldirs && ./configure --with-md5-passwords --with-pam --with-ssl-dir=/YOUR_OPENSSL_PATH/ 
--with-zlib=/YOUR_ZLIB_DIRECTORY/ -with-libs --prefix=/usr/local/sshwithoutnone/ && make && make install

-> and the run


Code:
# /usr/local/sshwithoutnone/bin/ssh -l sshuser remotehost

Note : "--with-pam" options requires the pam-devel package.

regards
ygemici
Sponsored Links
👤 Login to reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Solaris 8 ssh public key authentication issue - Server refused our key aixlover Solaris 1 05-25-2011 04:07 PM
ssh into another machine without authentication stevensw Shell Programming and Scripting 2 05-19-2011 12:39 AM
SSH Public key Authentication Issue maverick_here Red Hat 3 12-20-2010 10:33 AM
Passwordless authentication via SSH RegX AIX 1 08-29-2007 09:42 AM
SSH key authentication stancwong UNIX for Dummies Questions & Answers 3 02-24-2006 05:19 AM



All times are GMT -4. The time now is 04:57 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.