ssh fails from one server only with expecting SSH2_MSG_KEXDH_REPLY message


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting ssh fails from one server only with expecting SSH2_MSG_KEXDH_REPLY message
# 1  
Old 01-09-2020
ssh fails from one server only with expecting SSH2_MSG_KEXDH_REPLY message

I have two linux servers viz 12.7.44.18 and 12.7.45.18

I wish to ssh from both these server to a destination AiX server 12.7.33.18

The ssh works from 12.7.44.18 -> 12.7.33.18 but fails from 12.7.45.18 -> 12.7.33.18

The openssl version on both linux source 12.7.44.18 and 12.7.45.18 is the same.

Code:
openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

Successful ssh verbose from 12.7.44.18 -> 12.7.33.18 below:

Code:
$ ssh -vvv remoteuser@12.7.33.18
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "12.7.33.18" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 12.7.33.18 [12.7.33.18] port 22.
debug1: Connection established.
debug1: identity file /app/was/misc_automation/was_id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /app/was/misc_automation/was_id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 12.7.33.18:22 as 'remoteuser'
debug3: hostkeys_foreach: reading file "/home/localuser/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/localuser/.ssh/known_hosts:12
debug3: load_hostkeys: loaded 1 keys from 12.7.33.18
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: MACs ctos: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@openssh.com compression: none
debug1: kex: ecdh-sha2-nistp256 need=16 dh_need=16
debug1: kex: ecdh-sha2-nistp256 need=16 dh_need=16
debug3: send packet: type 30
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:wxeB4GcDmJ5fuiWN8zPwasp+lH+dXzw9bU82DqhOfu0
debug3: hostkeys_foreach: reading file "/home/localuser/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/localuser/.ssh/known_hosts:12
debug3: load_hostkeys: loaded 1 keys from 12.7.33.18
debug1: Host '12.7.33.18' is known and matches the ECDSA host key.
debug1: Found key in /home/localuser/.ssh/known_hosts:12
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /app/was/misc_automation/was_id_rsa (0x55b8e6a6c1b0), explicit
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 53
debug3: input_userauth_banner
This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel. In the course of monitoring individuals improperly using this system, or in the course of system maintenance, the activities of authorized users may also be monitored. Anyone using this system expressly consents to such monitoring and is advised that if such such monitoring reveals possible evidence of criminal activity, system personnel may provide the evidence of such monitoring to the law enforcement officials
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /app/was/misc_automation/was_id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp SHA256:qTxzzn6L6mSAjT9HLvjOvl/gs/FihJZk/SvDtSQZKZw
debug3: sign_and_send_pubkey: RSA SHA256:qTxzzn6L6mSAjT9HLvjOvl/gs/FihJZk/SvDtSQZKZw
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to 12.7.33.18 ([12.7.33.18]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env HOSTNAME
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env SSH_CLIENT
debug3: Ignored env QTDIR
debug3: Ignored env QTINC
debug3: Ignored env SSH_TTY
debug3: Ignored env QT_GRAPHICSSYSTEM_CHECKED
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env JENKINS_HOME
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env PWD
debug3: Ignored env JAVA_HOME
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env KDEDIRS
debug3: Ignored env HISTCONTROL
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env LOGNAME
debug3: Ignored env QTLIB
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env LESSOPEN
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env QT_PLUGIN_PATH
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last unsuccessful login: Tue Jul 18 19:38:40 IST 2017 on ssh from mprdapp2
Last login: Thu Jan  9 12:04:20 IST 2020 on ssh from 12.7.44.18

Failing ssh verbose from 12.7.44.18 -> 12.7.33.18 below:
Code:
$ ssh -vvv remoteuser@12.7.33.18
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,gss-gex-sha1-,gss-group14-sha1-]
debug2: resolving "12.7.33.18" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 12.7.33.18 [12.7.33.18] port 22.
debug1: Connection established.
debug1: identity file /app/was/misc_automation/was_id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /app/was/misc_automation/was_id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 12.7.33.18:22 as 'remoteuser'
debug3: hostkeys_foreach: reading file "/home/localuser/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,gss-gex-sha1-,gss-group14-sha1-,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
debug2: ciphers ctos: aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: MACs ctos: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: diffie-hellman-group14-sha1
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-cbc MAC: umac-64@openssh.com compression: none
debug1: kex: client->server cipher: aes128-cbc MAC: umac-64@openssh.com compression: none
debug1: kex: diffie-hellman-group14-sha1 need=16 dh_need=16
debug1: kex: diffie-hellman-group14-sha1 need=16 dh_need=16
debug1: sending SSH2_MSG_KEXDH_INIT
debug2: bits set: 1032/2048
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEXDH_REPLY
Connection closed by 12.7.33.18 port 22

I tried the following solutions but both of them dont seem to help. I get the same error.

Code:
ssh -o HostKeyAlgorithms=ssh-rsa remoteuser@12.7.33.18
ssh -o MACs=hmac-sha1 remoteuser@12.7.33.18

The openssl on the target AiX host is:
Code:
OpenSSL 1.0.1e 11 Feb 2013

I have checked the file folder permissions on both the source IPs (successful & failing) and the permissions are correct[744 for folders and 600 for authorized file].

I'm also using private rsa key which I pass using the -i id_rsa ssh option.

Can you please suggest ?
# 2  
Old 01-09-2020
Quote:
Originally Posted by mohtashims
. . .
The openssl version on both linux source 12.7.44.18 and 12.7.45.18 is the same.
.
.
.
Sure the setup / configuration is identical on the two linux machines? The authentication processes don't indicate they are:


Code:
$ diff -by file[12] | grep "[<>|]"
                                                              > debug3: kex names ok: [curve25519-sha256,curve25519-sha256@li
debug3: record_hostkey: found key type ECDSA in file /home/lo <
debug3: load_hostkeys: loaded 1 keys from 12.7.33.18          <
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nis <
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@l | debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@l
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@ope | debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@ope
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ct | debug2: ciphers ctos: aes128-cbc,aes192-cbc,aes256-cbc,aes128
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ct | debug2: ciphers stoc: aes128-cbc,aes192-cbc,aes256-cbc,aes128
debug1: kex: algorithm: ecdh-sha2-nistp256                    | debug1: kex: algorithm: diffie-hellman-group14-sha1
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64@o | debug1: kex: server->client cipher: aes128-cbc MAC: umac-64@o
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64@o | debug1: kex: client->server cipher: aes128-cbc MAC: umac-64@o
debug1: kex: ecdh-sha2-nistp256 need=16 dh_need=16            | debug1: kex: diffie-hellman-group14-sha1 need=16 dh_need=16
debug1: kex: ecdh-sha2-nistp256 need=16 dh_need=16            | debug1: kex: diffie-hellman-group14-sha1 need=16 dh_need=16
                                                              > debug1: sending SSH2_MSG_KEXDH_INIT
                                                              > debug2: bits set: 1032/2048
debug1: sending SSH2_MSG_KEX_ECDH_INIT                        | debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY                     | Connection closed by 12.7.33.18 port 22
debug3: receive packet: type 31                               <
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:wxeB4GcDm <
 debug3: hostkeys_foreach: reading file "/home/localuser/.ssh/ <


Compare and report back.
# 3  
Old 01-09-2020
The servers were setup by a different team so I'm not sure if they were setup identical.

Here is the requested output [Left side is success | Right side is failure]:

Code:
$ diff -by /tmp/12.7.44.18.out /tmp/12.7.45.18.out | grep "[<>|]"
                                                              > debug3: kex names ok: [curve25519-sha256,curve25519-sha256@li
debug3: record_hostkey: found key type ECDSA in file /ho      <
debug3: load_hostkeys: loaded 1 keys from 12.7.33.18          <
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha      <
debug2: KEX algorithms: curve25519-sha256,curve25519-sha      | debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@l
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v0      | debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@ope
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes1      | debug2: ciphers ctos: aes128-cbc,aes192-cbc,aes256-cbc,aes128
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes1      | debug2: ciphers stoc: aes128-cbc,aes192-cbc,aes256-cbc,aes128
debug1: kex: algorithm: ecdh-sha2-nistp256                    | debug1: kex: algorithm: diffie-hellman-group14-sha1
debug1: kex: server->client cipher: aes128-ctr MAC: umac      | debug1: kex: server->client cipher: aes128-cbc MAC: umac-64@o
debug1: kex: client->server cipher: aes128-ctr MAC: umac      | debug1: kex: client->server cipher: aes128-cbc MAC: umac-64@o
debug1: kex: ecdh-sha2-nistp256 need=16 dh_need=16            | debug1: kex: diffie-hellman-group14-sha1 need=16 dh_need=16
debug1: kex: ecdh-sha2-nistp256 need=16 dh_need=16            | debug1: kex: diffie-hellman-group14-sha1 need=16 dh_need=16
                                                              > debug1: sending SSH2_MSG_KEXDH_INIT
                                                              > debug2: bits set: 1032/2048
debug1: sending SSH2_MSG_KEX_ECDH_INIT                        | debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY                     | Connection closed by 12.7.33.18 port 22
debug3: receive packet: type 31                               <
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:wxeB      <
debug3: hostkeys_foreach: reading file "/home/localuser/      <
debug3: record_hostkey: found key type ECDSA in file /ho      <
debug3: load_hostkeys: loaded 1 keys from 12.7.33.18          <
debug1: Host '12.7.33.18' is known and matches the ECDSA      <
debug1: Found key in /home/localuser/.ssh/known_hosts:12      <
debug3: send packet: type 21                                  <
debug2: set_newkeys: mode 1                                   <
debug1: rekey after 4294967296 blocks                         <
debug1: SSH2_MSG_NEWKEYS sent                                 <
debug1: expecting SSH2_MSG_NEWKEYS                            <
debug3: receive packet: type 21                               <
debug1: SSH2_MSG_NEWKEYS received                             <
debug2: set_newkeys: mode 0                                   <
debug1: rekey after 4294967296 blocks                         <
debug2: key: /app/was/misc_automation/was_id_rsa (0x55b8      <
debug3: send packet: type 5                                   <
debug3: receive packet: type 6                                <
debug2: service_accept: ssh-userauth                          <
debug1: SSH2_MSG_SERVICE_ACCEPT received                      <
debug3: send packet: type 50                                  <
debug3: receive packet: type 53                               <
debug3: input_userauth_banner                                 <
This system is for the use of authorized users only. Ind      <
debug3: receive packet: type 51                               <
debug1: Authentications that can continue: publickey,pas      <
debug3: start over, passed a different list publickey,pa      <
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey      <
debug3: authmethod_lookup publickey                           <
debug3: remaining preferred: keyboard-interactive,passwo      <
debug3: authmethod_is_enabled publickey                       <
debug1: Next authentication method: publickey                 <
debug1: Offering RSA public key: /app/was/misc_automatio      <
debug3: send_pubkey_test                                      <
debug3: send packet: type 50                                  <
debug2: we sent a publickey packet, wait for reply            <
debug3: receive packet: type 60                               <
debug1: Server accepts key: pkalg ssh-rsa blen 279            <
debug2: input_userauth_pk_ok: fp SHA256:qTxzzn6L6mSAjT9H      <
debug3: sign_and_send_pubkey: RSA SHA256:qTxzzn6L6mSAjT9      <
debug3: send packet: type 50                                  <
debug3: receive packet: type 52                               <
debug1: Authentication succeeded (publickey).                 <
Authenticated to 12.7.33.18 ([12.7.33.18]:22).                <
debug1: channel 0: new [client-session]                       <
debug3: ssh_session2_open: channel_new: 0                     <
debug2: channel 0: send open                                  <
debug3: send packet: type 90                                  <
debug1: Requesting no-more-sessions@openssh.com               <
debug3: send packet: type 80                                  <
debug1: Entering interactive session.                         <
debug1: pledge: network                                       <
debug3: receive packet: type 91                               <
debug2: callback start                                        <
debug2: fd 3 setting TCP_NODELAY                              <
debug3: ssh_packet_set_tos: set IP_TOS 0x10                   <
debug2: client_session2_setup: id 0                           <
debug2: channel 0: request pty-req confirm 1                  <
debug3: send packet: type 98                                  <
debug1: Sending environment.                                  <
debug3: Ignored env XDG_SESSION_ID                            <
debug3: Ignored env HOSTNAME                                  <
debug3: Ignored env TERM                                      <
debug3: Ignored env SHELL                                     <
debug3: Ignored env HISTSIZE                                  <
debug3: Ignored env SSH_CLIENT                                <
debug3: Ignored env QTDIR                                     <
debug3: Ignored env QTINC                                     <
debug3: Ignored env SSH_TTY                                   <
debug3: Ignored env QT_GRAPHICSSYSTEM_CHECKED                 <
debug3: Ignored env USER                                      <
debug3: Ignored env LS_COLORS                                 <
debug3: Ignored env JENKINS_HOME                              <
debug3: Ignored env MAIL                                      <
debug3: Ignored env PATH                                      <
debug3: Ignored env PWD                                       <
debug3: Ignored env JAVA_HOME                                 <
debug1: Sending env LANG = en_US.UTF-8                        <
debug2: channel 0: request env confirm 0                      <
debug3: send packet: type 98                                  <
debug3: Ignored env KDEDIRS                                   <
debug3: Ignored env HISTCONTROL                               <
debug3: Ignored env SHLVL                                     <
debug3: Ignored env HOME                                      <
debug3: Ignored env LOGNAME                                   <
debug3: Ignored env QTLIB                                     <
debug3: Ignored env XDG_DATA_DIRS                             <
debug3: Ignored env SSH_CONNECTION                            <
debug3: Ignored env LESSOPEN                                  <
debug3: Ignored env XDG_RUNTIME_DIR                           <
debug3: Ignored env QT_PLUGIN_PATH                            <
debug3: Ignored env _                                         <
debug2: channel 0: request shell confirm 1                    <
debug3: send packet: type 98                                  <
debug2: callback done                                         <
debug2: channel 0: open confirm rwindow 0 rmax 32768          <
debug3: receive packet: type 99                               <
debug2: channel_input_status_confirm: type 99 id 0            <
debug2: PTY allocation request accepted on channel 0          <
debug2: channel 0: rcvd adjust 2097152                        <
debug3: receive packet: type 99                               <
debug2: channel_input_status_confirm: type 99 id 0            <
debug2: shell request accepted on channel 0                   <
Last unsuccessful login: Tue Jul 18 19:38:40 IST 2017 on      <
Last login: Thu Jan  9 12:04:20 IST 2020 on ssh from 12.      <


Last edited by mohtashims; 01-09-2020 at 05:18 AM..
# 4  
Old 01-09-2020
Well - compare configurations and report back, that is...
This User Gave Thanks to RudiC For This Post:
# 5  
Old 01-09-2020
Quote:
Originally Posted by RudiC
Well - compare configurations and report back, that is...
I do have root access but I m not a system admin. I checked sshd.conf and found them to be identical on both the source systems.

Can you please give me pointers as to which file / configuration and what to check ?
# 6  
Old 01-09-2020
The ssh daemon is relevant on the target server. Compare e.g. ssh.conf.
This User Gave Thanks to RudiC For This Post:
# 7  
Old 01-10-2020
Quote:
Originally Posted by RudiC
The ssh daemon is relevant on the target server. Compare e.g. ssh.conf.
I dont find the file ssh.conf on either of the source servers:

Code:
[root@mymac /]# pwd
/
[root@mymac /]# find . -name ssh.conf
[root@mymac /]# find . -name ssh*.conf
find: ‘./proc/43193': No such file or directory
[root@mymac /]# find . -name *ssh*.conf
[root@mymac /]# pwd
/

I do find ssh_config & sshd_config which i compared and made them identical. Restarted the ssh service and the issue is now resolved.

Last edited by mohtashims; 01-10-2020 at 12:44 AM..
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Ssh fails for one of two users on the same server.

I have two users on dest_host server viz wlsadm & wasadm. From src_host server with root user I m able to passwordless login to wlsadm@dest_host however, the same fails for wasadm@dest_host Below is the debug for both first the working ssh and then the non-working ssh. Works: ... (6 Replies)
Discussion started by: mohtashims
6 Replies

2. Shell Programming and Scripting

Ssh fails due to argument position.

I have a constraint to follow organization policy. So i do not have much liberty. ssh -i /opt/nonprod user1@hostone -t bash works while ssh -i /opt/nonprod -t bash user1@hostone fails How can I get this to work when I am enforced to put -t bash before the user@hostname ? Will share debug... (3 Replies)
Discussion started by: mohtashims
3 Replies

3. IP Networking

Insmod custom module fails with message : disagrees about version of symbol ...

Hello : I want to make a netfilter conntrack module for myself. So I copy all the source code about netfilter conntrack from kernel source tree to my external directory. It can be insmod after compiled. Then I add some members to the struct nf_conn, and it 's compiled successfully. However, it... (1 Reply)
Discussion started by: 915086731
1 Replies

4. Shell Programming and Scripting

Windows exe file fails when triggered from ssh

Hi, I am triggering a windows exe file using the below command. ssh user@remoteserver command.exe -option1:xx /option2:yy This command is working fine from windows command prompt. When I am triggering the same command from ssh I get the error message cant load Any ideas to deal with... (2 Replies)
Discussion started by: ahmedwaseem2000
2 Replies

5. Shell Programming and Scripting

While loop not reading all files if ssh fails

The below while loop is in ksh on a SunOs server: SPARC-Enterprise 5.10 The ksh version is: Version M-11/16/88i The intention of the below while loop is to read through a list of file names in files.txt and delete each file from a server, one at a time. The delete works, the problem is that if... (6 Replies)
Discussion started by: LES2013
6 Replies

6. Solaris

Usbcopy fails with the error message sol-11_1-live-x86.usb is not a multiple of 512

I am trying to create a live image of solaris 11.1. I have used #pkg image-update to upgrade from 11 to 11.1 already. (since only 11.1 can make images of 11.1 due to using new grub) then from within 11.1 I used pkg install install distribution-constructor to get latest usbcopy that should be... (1 Reply)
Discussion started by: taltamir
1 Replies

7. Ubuntu

Passwordless ssh authentication fails

Unable to set ssh passwordless authentication I am unable to ssh with passwordless authentication from Windows client onto UBuntu server. The ssh version on UBuntu is OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e , while SSH on Windows Client is OpenSSH_5.1p1, OpenSSL 0.9.8k. I turned on ssh... (5 Replies)
Discussion started by: tkota
5 Replies

8. Shell Programming and Scripting

Need Help with expect when ssh fails

I'm trying to write a script using expect. I'd like the script to execute several commands when the ssh succeeds and i want it to exit if the ssh fails. Does this require to define a time out for the ssh command so that if the prompt is back before this defined time the next commands are executed??... (2 Replies)
Discussion started by: Hossam_Nox
2 Replies

9. Shell Programming and Scripting

How to capture actual error message when a command fails to execute

I want to capture actual error message in case the commands I use in my shell script fails. For eg: ls -l abc.txt 2>>errorlog.txt In this case I understand the error message is written to the errorlog.txt and I assume its bacause the return code from the command ls -l abc might return 2 if... (3 Replies)
Discussion started by: prathima
3 Replies

10. Shell Programming and Scripting

unzip command fails in ssh

I'm trying to run a set of commands on a remote machine using ssh in a shell script. One of the commands is unzip. But when the execution reaches this command, the script fails with an error that unzip is not found. Below is the code and the error snippet. sourceDir=$1 ; filename=$3 ; destDir=$2... (4 Replies)
Discussion started by: farahzaiba
4 Replies
Login or Register to Ask a Question