Login or Register to Ask a Question and Join Our Community


Solaris

SSH in geterogenius environment problem

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris SSH in geterogenius environment problem
# 1  
Old 09-09-2009
SSH in geterogenius environment problem
Hi!

I have two Solaris servers - one on x86 and another on SPARC and I can't set up connection between them with ssh. As I know, there can be up to two RSA public keys on each machine: one in /etc/ssh/ssh_host_rsa_key.pub and another in $HOME/.ssh/id_rsa.pub. I have both and I don't completely understand how ssh chose which key to send to server... I've added all server keys (from /etc/ssh/ssh_host_rsa_key.pub and $HOME/.ssh/id_rsa.pub) to $HOME/.ssh/authorized keys and $HOME/.ssh/known_hosts in client machine but when I try to connect, ssh exits with the following logs:
Code:
/export/home/user $ ssh -l user -vv server 
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /export/home/user//.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.2.135] port 22.
debug1: Connection established.
debug1: identity file /export/home/user//.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /export/home/user//.ssh/id_rsa type 1
debug1: identity file /export/home/user//.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: i-default
debug2: kex_parse_kexinit: i-default
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: i-default
debug2: kex_parse_kexinit: i-default
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: bg-BG,et-EE,hr-HR,lt-LT,lv-LV,mk-MK,ro-RO,ru,ru-RU,sh-BA,sl-SI,sq-AL,sr-CS,et,lt,lv,nr,sr-SP,sr-YU,tr,tr-TR,i-default
debug2: kex_parse_kexinit: bg-BG,et-EE,hr-HR,lt-LT,lv-LV,mk-MK,ro-RO,ru,ru-RU,sh-BA,sl-SI,sq-AL,sr-CS,et,lt,lv,nr,sr-SP,sr-YU,tr,tr-TR,i-default
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: bg-BG,et-EE,hr-HR,lt-LT,lv-LV,mk-MK,ro-RO,ru,ru-RU,sh-BA,sl-SI,sq-AL,sr-CS,et,lt,lv,nr,sr-SP,sr-YU,tr,tr-TR,i-default
debug1: Peer sent proposed langtags, stoc: bg-BG,et-EE,hr-HR,lt-LT,lv-LV,mk-MK,ro-RO,ru,ru-RU,sh-BA,sl-SI,sq-AL,sr-CS,et,lt,lv,nr,sr-SP,sr-YU,tr,tr-TR,i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated lang: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: C
debug1: Remote: Negotiated messages locale: C
debug1: dh_gen_key: priv key bits set: 125/256
debug1: bits set: 1578/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in /export/home/user//.ssh/known_hosts:1
debug1: bits set: 1569/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug2: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug2: we did not send a packet, disable method
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/user//.ssh/identity
debug1: Trying public key: /export/home/user//.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 149 lastkey 80a7700 hint 1
debug2: input_userauth_pk_ok: fp ac:9e:1c:d6:2f:71:c2:59:8c:8b:41:bc:0f:be:e2:98
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: Trying private key: /export/home/user//.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive).
debug1: Calling cleanup 0x8070bdc(0x0)

Maybe I should regenerate user ssh key?..
# 2  
Old 09-09-2009
In a nutshell:
The server keys are used to identify hosts when connecting and get listed in known_hosts.
The user keys are used to identify users when connecting, and are listed in authorized_keys.

Try this:
Remove everything from ~username/.ssh/known_hosts and ~username/.ssh/authorized_keys on both servers.
On serverA, Copy ~username/.shh/id_rsa.pub into serverB:~username/.ssh/authorized_keys
See if that works by ssh'ing from serverA to serverB.
If it works, repeat from serverB to serverA.
If it doesn't, post the error.
# 3  
Old 09-10-2009
System Shock
I've done what you said, but it doesn't working... Here is the output without $HOME/.ssh/known_hosts file
Code:
/export/home/user/.ssh $ ssh -v serverB
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /export/home/user//.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to serverB [192.168.2.12] port 22.
debug1: Connection established.
debug1: identity file /export/home/user//.ssh/identity type -1
debug1: identity file /export/home/user//.ssh/id_rsa type 1
debug1: identity file /export/home/user//.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: i-default
debug1: Peer sent proposed langtags, stoc: i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated lang: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: C
debug1: Remote: Negotiated messages locale: C
debug1: dh_gen_key: priv key bits set: 137/256
debug1: bits set: 1580/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Host key verification failed.
debug1: Calling cleanup 0x8070bdc(0x0)

and here is with it
Code:
/export/home/user/.ssh $ ssh -v serverB
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /export/home/user//.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to serverB [192.168.2.12] port 22.
debug1: Connection established.
debug1: identity file /export/home/user//.ssh/identity type -1
debug1: identity file /export/home/user//.ssh/id_rsa type 1
debug1: identity file /export/home/user//.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: i-default
debug1: Peer sent proposed langtags, stoc: i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated lang: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: C
debug1: Remote: Negotiated messages locale: C
debug1: dh_gen_key: priv key bits set: 120/256
debug1: bits set: 1608/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'serverB' is known and matches the RSA host key.
debug1: Found key in /export/home/user//.ssh/known_hosts:1
debug1: bits set: 1666/3191
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/user//.ssh/identity
debug1: Trying public key: /export/home/user//.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149 lastkey 80a7700 hint 1
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: Trying private key: /export/home/user//.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive).
debug1: Calling cleanup 0x8070bdc(0x0)

It seems to be better with $HOME/.ssh/known_hosts file... The following message says that the problem is in reading client private key:
Code:
debug1: PEM_read_PrivateKey failed

I suppose regeneration ssh keys can help making it out...
# 4  
Old 09-10-2009
Code:
debug1: Trying private key: /export/home/user//.ssh/identity
debug1: Trying public key: /export/home/user//.ssh/id_rsa

Are you using OpenSSH in one server and DataFellows SSH on the other?

If so, you need to convert the keys, as the keys for each are in different formats.
# 5  
Old 09-11-2009
System Shock
My answer for your question is no)
Check this:
on serverA:
Code:
/export/home/user/ $ ssh -V
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

on serverB:
Code:
/export/home/user/.ssh $ ssh -V
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

They are the same... I'm a little bit confused... I've configured SSH according to the manual and have checked it many times, but it doesn't work...

Any suggestions?..
# 6  
Old 09-11-2009
Please post the output of the following commands run on both hosts:
Code:
cd ~/.ssh
ls -la
tail -1 known_hosts

# 7  
Old 09-11-2009
Quote:
Originally Posted by jlliagre
Please post the output of the following commands run on both hosts:
Code:
cd ~/.ssh
ls -la
tail -1 known_hosts

Ok, but
  1. There is no reason to think that serverB's host key is the last in serverA's $HOME/.ssh/known_hosts file so I post only the keys, correspond to servers access to which is denied
  2. I don't understand what you suppose to see
On serverA:
Code:
/export/home/user/.ssh $ ls -la
total 26
drwx------   6 user    staff        512 Sep 10 16:51 .
drwxr-xr-x  24 user    staff       1536 Sep 10 18:16 ..
drwxr-xr-x   2 user    staff        512 Sep 10 11:40 .def
drwxr-xr-x   5 user    staff        512 Sep 10 11:50 .keys
drwxr-xr-x   2 user    staff        512 Sep 10 16:50 .new
drwxr-xr-x   2 user    staff        512 Sep 11 11:27 .old
-rw-r--r--   1 user    staff       1061 Sep 10 16:51 authorized_keys
-rw-r--r--   1 user    staff         47 Sep  9 16:54 config
-rw-------   1 user    staff        951 Jun 10 17:42 id_rsa
-rw-r--r--   1 user    staff        220 Jun 10 17:42 id_rsa.pub
-rw-r--r--   1 user    staff        223 Sep 11 11:26 known_hosts

/export/home/user/.ssh $ tail -1 known_hosts
serverB,192.168.2.12 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA3kYolBVw9qHlIibUti/w+JjkMWQiMIr7mlp6sU4gCwUWUQztM07XF81YT7ZDQwi14kNKoyNU2uxjBEB6psXyI1ZaKW7GAyTcNJwLWK1npjoj+y5XSgnXAM5gkWN8cf6RgQzP/s+qiEKVOk8c1aD5NC8lskis33e5y8cpIuINsmk= root@serverB

On serverB:
Code:
/export/home/user/.ssh $ ls -la
total 22
drwx------   5 user    staff        512 Sep 11 11:28 .
drwxr-xr-x  16 user    staff       1536 Aug  5 17:24 ..
drwxr-xr-x   2 user    staff     512 Sep 10 11:44 .def
drwxr-xr-x   5 user    staff     512 Sep 10 11:53 .keys
drwxr-xr-x   2 user    staff     512 Sep 10 11:44 .old
-rw-r--r--   1 user    staff     840 Sep 11 09:55 authorized_keys
-rw-r--r--   1 user    staff      50 Sep 10 11:34 config
-rw-------   1 user    staff     951 Jul 13 16:28 id_rsa
-rw-r--r--   1 user    staff     224 Jul 13 16:28 id_rsa.pub
-rw-r--r--   1 user    staff     219 Sep 11 11:28 known_hosts

/export/home/user/.ssh $ tail -1 known_hosts
serverA,192.168.2.121 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAqHs+auIDFYLMn8usyElDP4QG7sM0AtAxPKFNPb0BtDBUwXgeMeglTo5w1jZDdmX4x79QiE6HJXGcN9vCgi0Xnpxy1J6JfcSYgSAlX3+yCmTDzFApROu2N6rX0Q9qsWUA4PLyUxoEAIf4c4ZZtidt0Q2s/glqqPzUeoaB6Qrefg8= root@serverA

Also, you maybe interested in $HOME/.ssh/config files. They are the same:
Code:
/export/home/user/.ssh $ cat config
BatchMode        yes
PasswordAuthentication    yes

Last edited by Sapfeer; 09-11-2009 at 04:49 AM..
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Setting environment variable problem in Ubuntu?

I am trying to install timbl- memory based learner tools in ubuntu. it after unpacking the tar file it brings the following msg No package 'ticcutils' found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you... (1 Reply)
Discussion started by: gbdaw
1 Replies

2. Shell Programming and Scripting

Grep problem from The Unix Programming Environment

Hi Here is the problem ( Exercise 3-3, Using The Shell of The Unix Programming Environment, Kerninghan, Pike, 3rd edition ): Predict what each of the following grep commands will do, and then verify your understanding. grep \$ grep \\$ grep \\\$ grep '\$' grep '\'$' grep \\ grep \\\\... (3 Replies)
Discussion started by: dum_dum20
3 Replies

3. Shell Programming and Scripting

problem with setting environment variable

shell script: #!/bin/csh set VAR=12345 echo $VAR will peacefully give the output 12345 at shell. I need to use C++ to do the same in some part of the code: string str = "12345"; retValue="set var1= "+str; system(retValue1.c_str()); system("echo $var1"); This doesn't create a system... (1 Reply)
Discussion started by: harshvardhan360
1 Replies

4. Emergency UNIX and Linux Support

Problem setting environment variables from script

Hi all! I know that environment variables can be set on the .bashrc file, but I need to set them from a sh script. I saw a lot of websites that teach this but it doesn't work for me. #!/bin/sh DEKTOP=$DESKTOP=:/home/rrodrigues/Desktop export DESKTOP if I do echo $DESKTOP returns me... (10 Replies)
Discussion started by: ruben.rodrigues
10 Replies

5. Ubuntu

Debian install maintainer environment variable problem

Hi, I am using Ubuntu 8.04 (Hardy heron) and I am trying to package my application using 'dpkg'. I am following 'rules' based debian packaging. I am using install script to copy certain shared object libraries into my package installation path. for eg:... (0 Replies)
Discussion started by: royalibrahim
0 Replies

6. Shell Programming and Scripting

Problem setting environment...

Hi All I'm attempting to automate the process of setting the DISPLAY environment variable when logging on (sourcing the .cshrc). I have a mixture of linux and solaris servers and this comnand: who -m | awk '{ print $6}' | tr -d '()' seems to work on all the servers. I want... (2 Replies)
Discussion started by: huskie69
2 Replies

7. Linux

Access environment variables on remote host using ssh

How can i access environment variables on remote host using ssh example: # Remote server $ echo $MAIL /var/spool/mail/gacf $ # Local server $ ssh gacf@server1 'echo $MAIL' /var/mail/gacf $ Expected to find: $ ssh gacf@server1 'echo $MAIL' /var/spool/mail/gacf $ (3 Replies)
Discussion started by: brendan76
3 Replies

8. Shell Programming and Scripting

ssh keygen script in NFS environment

I have 2 separate systems having same userid with home directory nfs mounted which is shared by both the boxes. I want to make ssh connection from server1 to server2 which should not ask for password. I have ssh installed on both the systems. Can anyone guide me in generating ssh-key using dsa... (2 Replies)
Discussion started by: deo_kaustubh
2 Replies

9. Solaris

problem with environment variables

hi , i have a problem in setting value of $TERM variable in solaris while installing the SUN SPARCT1 simulation environment on ma pc so some one plkease guide me i have attached a snapshot of my error below thankew (1 Reply)
Discussion started by: Naughtydj
1 Replies

10. UNIX for Advanced & Expert Users

HISTSIZE environment variable problem

Hi All, I am connecting to a sun solaris 5.9 unix (korn shell) server using the x terminal. There is some problem with the HISTORY File where the HISTSIZE env variable is not working. Although the HISTSIZE is set to 20 already but the HISTORY file keep increasing and exceeded the size. There... (5 Replies)
Discussion started by: Kenneth2006
5 Replies
Login or Register to Ask a Question