Problem with ssh on target server.


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Problem with ssh on target server.
# 1  
Old 09-12-2019
Problem with ssh on target server.

ssh works from source server srcuser@10.8.44.13 to all other target servers except one which is target server trguser@10.8.44.43

On target the <trguser-home>/.ssh folder is set to permission 700 and authorized_keys file is set to permissions 600

cksum for id_rsa.pub on source 10.8.44.13 and authorized_keys on target is the same and the same has been verified to be good using cat -ev <filename>

The debug for failing ssh is as below.

Code:
ssh -vvvv trguser@10.8.44.43
OpenSSH_6.0p1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): Could not load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
System error: No such file or directory

debug1: Error loading Kerberos, disabling Kerberos auth.
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.8.44.43 [10.8.44.43] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/wd/srcuser/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /wd/srcuser/.ssh/id_rsa type 1
debug1: identity file /wd/srcuser/.ssh/id_rsa-cert type -1
debug1: identity file /wd/srcuser/.ssh/id_dsa type -1
debug1: identity file /wd/srcuser/.ssh/id_dsa-cert type -1
debug1: identity file /wd/srcuser/.ssh/id_ecdsa type -1
debug1: identity file /wd/srcuser/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "10.8.44.43" from file "/wd/srcuser/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /wd/srcuser/.ssh/known_hosts:183
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh...01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh...00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,gss-gex-sha1-,gss-group14-sha1-
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: kex_parse_kexinit: aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA eb:d3:81:e8:25:7c:31:6a:0d:13:02:07:68:5d:7f:70
debug3: load_hostkeys: loading entries for host "10.8.44.43" from file "/wd/srcuser/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /wd/srcuser/.ssh/known_hosts:183
debug3: load_hostkeys: loaded 1 keys
debug1: Host '10.8.44.43' is known and matches the ECDSA host key.
debug1: Found key in /wd/srcuser/.ssh/known_hosts:183
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /wd/srcuser/.ssh/id_rsa (200631d8)
debug2: key: /wd/srcuser/.ssh/id_dsa (0)
debug2: key: /wd/srcuser/.ssh/id_ecdsa (0)
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /wd/srcuser/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /wd/srcuser/.ssh/id_dsa
debug3: no such identity: /wd/srcuser/.ssh/id_dsa
debug1: Trying private key: /wd/srcuser/.ssh/id_ecdsa
debug3: no such identity: /wd/srcuser/.ssh/id_ecdsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
trguser@10.8.44.43's password:

I tried to create authorized_keys outside the home directory on the target server and modify the sshd configuration to point to use this authorized keys and restarted the sshd service but that too did not help.

I can share a successful ssh from the same source to a different target if that helps debug the issue.

Can you please suggest what could be the issue.
# 2  
Old 09-12-2019
How about permissions on $HOME folder of user ( <trguser-home>) ?
Is it writable by others ?

Regards
Peasant.
# 3  
Old 09-12-2019
Quote:
Originally Posted by Peasant
How about permissions on $HOME folder of user ( <trguser-home>) ?
Is it writable by others ?

Regards
Peasant.
The permissions for the HOME folder for working targets and non-working one is the same i.e. 755
# 4  
Old 09-13-2019
Any clues / suggestions please?

Code:
ls -ltrd /app/trguser
drwxr-xr-x. 25 trguser trguser 4096 Aug 12 17:54 /app/trguser

Code:
uname -a
Linux targethost 3.10.0-957.21.3.el7.x86_64 #1 SMP Fri Jun 14 02:54:29 EDT 2019 x86_64 x86_64 x86_64 GNU/Linux

# 5  
Old 09-13-2019
Try to ssh in from other servers on the network and see if you can isolate the problem to the client-side, the network, or the server configuration.

That is my suggestion.... trouble shoot your problem in a step-by-step manner.
# 6  
Old 09-13-2019
Check the log of the ssh server and increase log level of the ssh server before that to DEBUG/DEBUG2.

I'm sorry I didn't read the ssh debug output. It's difficult to read on my very small mobile phone.

Did you compare the debug output of the failed ssh-client with those which are working?

Last edited by stomp; 09-13-2019 at 04:19 AM..
# 7  
Old 09-13-2019
Quote:
Originally Posted by stomp
Check the log of the ssh server and increase log level of the ssh server before that to DEBUG/DEBUG2.

I'm sorry I didn't read the ssh debug output. It's difficult to read on my very small mobile phone.

Did you compare the debug output of the failed ssh-client with those which are working?
I could not figure out the problem.

Here is a working ssh Debug:

Quote:
BINPRDAPDM:/wd/usersrc/.ssh> ssh -vvvv workinguser@10.8.8.42
OpenSSH_6.0p1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): Could not load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
System error: No such file or directory

debug1: Error loading Kerberos, disabling Kerberos auth.
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.8.8.42 [10.8.8.42] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/wd/usersrc/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /wd/usersrc/.ssh/id_rsa type 1
debug1: identity file /wd/usersrc/.ssh/id_rsa-cert type -1
debug1: identity file /wd/usersrc/.ssh/id_dsa type -1
debug1: identity file /wd/usersrc/.ssh/id_dsa-cert type -1
debug1: identity file /wd/usersrc/.ssh/id_ecdsa type -1
debug1: identity file /wd/usersrc/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "10.8.8.42" from file "/wd/usersrc/.ssh/known_hosts"
debug3: load_hostkeys: found key type DSA in file /wd/usersrc/.ssh/known_hosts:165
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-dss-cert-v01@openssh.com,ssh-dss...00@openssh.com,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss-cert-v01@openssh.com,ssh-dss...00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,gss-gex-sha1-,gss-group14-sha1-
debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: kex_parse_kexinit: aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm...28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: DSA 2e:e8:34:3f:53:0a:9d:63:47:29:bb:56:ea:9e:de:f1
debug3: load_hostkeys: loading entries for host "10.8.8.42" from file "/wd/usersrc/.ssh/known_hosts"
debug3: load_hostkeys: found key type DSA in file /wd/usersrc/.ssh/known_hosts:165
debug3: load_hostkeys: loaded 1 keys
debug1: Host '10.8.8.42' is known and matches the DSA host key.
debug1: Found key in /wd/usersrc/.ssh/known_hosts:165
debug1: ssh_dss_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /wd/usersrc/.ssh/id_rsa (200631d8)
debug2: key: /wd/usersrc/.ssh/id_dsa (0)
debug2: key: /wd/usersrc/.ssh/id_ecdsa (0)
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /wd/usersrc/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 7b:09:38:16:15:59:52:dd:78:c7:bd:b0:4d:df:0c:95
debug3: sign_and_send_pubkey: RSA 7b:09:38:16:15:59:52:dd:78:c7:bd:b0:4d:df:0c:95
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to 10.8.8.42 ([10.8.8.42]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug2: callback start
debug2: client_session2_setup: id 0
debug3: packet_set_tos: set IP_TOS 0x10
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Thu Sep 12 03:31:18 2019 from 10.9.40.130
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

VxWorks target server

hi all. i have omniswitch 6800 that runs vxworks 5.4.x The folder that is result of compiling my image consists of : -rw-r--r-- 1 root other 8128249 Jun 21 05:21 Kbase.img -rw-r--r-- 1 root other 971810 Jun 21 06:07 Kos.img -rw-r--r-- 1 root other 295076 Jun 21... (0 Replies)
Discussion started by: sadgb
0 Replies

2. UNIX for Dummies Questions & Answers

Problem setting up SSH keys between my laptop and a server.

This is probably somewhat trivial but it's driving me crazy. I have 6 servers with identical configurations. I'm trying to set up ssh keys between my laptop (windows XP using cygwin) and these servers (rhel). On 5 of the machines this works perfectly, but on one, no matter what I do, it gives me a... (2 Replies)
Discussion started by: DeCoTwc
2 Replies

3. Shell Programming and Scripting

Problem running ssh from remote server

So I have a script which performs some basic commands on another server via ssh. It works great, no issues at all. Let's call this "Script A" BUT, this working script is to be executed remotely from a different UNIX script on another server, also by ssh. Let's call this "Script B". When... (1 Reply)
Discussion started by: newerakb
1 Replies

4. Shell Programming and Scripting

copy files from remote server (B) to target server (A)?

Hi All, what is the comand to log off the remote server? I have 2 servers A, B. I need to find all files older than 7 days on server B and copy over to server A. My logic is: login the remote server: ================= ssh hostB cd /data/test find . -mtime -7 -ls | awk '{print... (4 Replies)
Discussion started by: Beginer0705
4 Replies

5. Solaris

Improperly formatted value for 'tftp-server' error while booting the target from LAN

Hi, I wish to install solaris 10 on a target machine (t1000) by using Jumpstart. I have configured by jumpstart environment for the same. When i boot the target with the option "boot net -v install" i get the following error... {0} ok boot net -v install Boot device: /pci@7c0/pci@0/network@4... (3 Replies)
Discussion started by: hemalsid
3 Replies

6. Shell Programming and Scripting

Shell script to transfer the files from source to target server.

I need to write a shell script to transfer the files every hour from source - target server. The cron job should be running every hour and shouldn't copy already copied files to the remote server ? I was able to write intial script but not able to get the logic for (in the next run it should... (12 Replies)
Discussion started by: radhirk
12 Replies

7. AIX

Problem in SSH Install in AIX 4.3 Server.

Hi Friends I am trying to install ssh in one of my AIX4.3 server. I downloaded openssh and openssl from IBM site. While installing them openssh failed. The lpcheck command display looks like this: # lppchk -v lppchk: The following filesets need to be installed or corrected to bring ... (5 Replies)
Discussion started by: efunds
5 Replies

8. Solaris

network config problem - how to set the server for others to ssh without password

Hi, I want to ssh the linux server without inputting the password, how can I config this server? Thanks in advance! (1 Reply)
Discussion started by: GCTEII
1 Replies

9. Programming

Problem in registering new netfilter target module

Friends I'm facing a big problem trying to extend the netfilter. Somone please help me with your quick reply (any hint) as I've to meet a deadline. My problem is that I've written a new netfilter target module and its corresponding userspace program for iptables to change the packet type of a... (0 Replies)
Discussion started by: Rakesh Ranjan
0 Replies
Login or Register to Ask a Question