Login or Register to Ask a Question and Join Our Community


Solaris

Unable to login to solaris9 server using SSH mode

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Unable to login to solaris9 server using SSH mode
# 1  
Old 05-11-2012
Unable to login to solaris9 server using SSH mode
Unable to login to solaris9 server using SSH mode for root as well as genreal logins. Please find the configuration file .
Code:
oss@HYDOHS02:ssh> cat sshd_config
#
# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#pragma ident   "@(#)sshd_config        1.4     05/08/24 SMI"
#
# Configuration file for sshd(1m)
# Protocol versions supported
#
# The sshd shipped in this release of Solaris has support for major versions
# 1 and 2.  It is recommended due to security weaknesses in the v1 protocol
# that sites run only v2 if possible. Support for v1 is provided to help sites
# with existing ssh v1 clients/servers to transition.
# Support for v1 may not be available in a future release of Solaris.
#
# To enable support for v1 an RSA1 key must be created with ssh-keygen(1).
# RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they
# do not already exist, RSA1 keys for protocol v1 are not automatically created.
# Uncomment ONLY ONE of the following Protocol statements.
# Only v2 (recommended)
Protocol 2
# Both v1 and v2 (not recommended)
#Protocol 2,1
# Only v1 (not recommended)
#Protocol 1
# Listen port (the IANA registered port number for ssh is 22)
Port 22
# The default listen address is all interfaces, this may need to be changed
# if you wish to restrict the interfaces sshd listens on for a multi homed host.
# Multiple ListenAddress entries are allowed.
# IPv4 only
#ListenAddress 0.0.0.0
# IPv4 & IPv6
ListenAddress ::
# Port forwarding
AllowTcpForwarding no
# If port forwarding is enabled, specify if the server can bind to INADDR_ANY.
# This allows the local port forwarding to work when connections are received
# from any remote host.
GatewayPorts no
# X11 tunneling options
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
# The maximum number of concurrent unauthenticated connections to sshd.
# start:rate:full see sshd(1) for more information.
# The default is 10 unauthenticated clients.
#MaxStartups 10:30:60
# Banner to be printed before authentication starts.
#Banner /etc/issue
# Should sshd print the /etc/motd file and check for mail.
# On Solaris it is assumed that the login shell will do these (eg /etc/profile).
PrintMotd no
# KeepAlive specifies whether keep alive messages are sent to the client.
# See sshd(1) for detailed description of what this means.
# Note that the client may also be sending keep alive messages to the server.
KeepAlive yes
# Syslog facility and level
SyslogFacility auth
LogLevel info
#
# Authentication configuration
#
# Host private key files
# Must be on a local disk and readable only by the root user (root:sys 600).
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Default Encryption algorithms and Message Authentication codes
Ciphers aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
MACS    hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
# Length of the server key
# Default 768, Minimum 512
ServerKeyBits 768
# sshd regenerates the key every KeyRegenerationInterval seconds.
# The key is never stored anywhere except the memory of sshd.
# The default is 1 hour (3600 seconds).
KeyRegenerationInterval 3600
# Ensure secure permissions on users .ssh directory.
StrictModes yes
# Length of time in seconds before a client that hasn't completed
# authentication is disconnected.
# Default is 600 seconds. 0 means no time limit.
LoginGraceTime 600
# Maximum number of retries for authentication
# Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2
MaxAuthTries    6
MaxAuthTriesLog 3
# Are logins to accounts with empty passwords allowed.
# If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK
# to pam_authenticate(3PAM).
PermitEmptyPasswords no
# To disable tunneled clear text passwords, change PasswordAuthentication to no.
PasswordAuthentication yes
# Use PAM via keyboard interactive method for authentication.
# Depending on the setup of pam.conf(4) this may allow tunneled clear text
# passwords even when PasswordAuthentication is set to no. This is dependent
# on what the individual modules request and is out of the control of sshd
# or the protocol.
PAMAuthenticationViaKBDInt yes
# Are root logins permitted using sshd.
# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
# maybe denied access by a PAM module regardless of this setting.
# Valid options are yes, without-password, no.
PermitRootLogin yes
# sftp subsystem
Subsystem       sftp    /usr/lib/ssh/sftp-server

# SSH protocol v1 specific options
#
# The following options only apply to the v1 protocol and provide
# some form of backwards compatibility with the very weak security
# of /usr/bin/rsh.  Their use is not recommended and the functionality
# will be removed when support for v1 protocol is removed.
# Should sshd use .rhosts and .shosts for password less authentication.
IgnoreRhosts yes
RhostsAuthentication no
# Rhosts RSA Authentication
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts.
# If the user on the client side is not root then this won't work on
# Solaris since /usr/bin/ssh is not installed setuid.
RhostsRSAAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.
#IgnoreUserKnownHosts yes
# Is pure RSA authentication allowed.
# Default is yes
RSAAuthentication yes

Moderator's Comments:
Mod Comment Video tutorial on how to use code tags in The UNIX and Linux Forums.
Last edited by radoulov; 05-11-2012 at 06:36 AM..
# 2  
Old 05-11-2012
Are the host files (/etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key) 600 permissions?

Is sshd running?

This has the potential for being an open ended guessing game on our part. What did you change on the box? I assume ssh worked before. Correct? When ssh stopped, what had changed?
# 3  
Old 05-11-2012
The mentioned files having the 600 permissions and the ssh has been worked properly previously.

The sshd is running .

We do not change anything at our end. Kindly suggest what can be done.
# 4  
Old 05-11-2012
What is the ouput when you attempt to ssh to the server with -vvv option? This will provide debugging output.
# 5  
Old 05-11-2012
Type the full command you are using. Also did you did you do any system configuration?
# 6  
Old 05-11-2012
Error -vvv O/P
the ouput when you attempt to ssh to the server with -vvv option


Code:
oss@HYDOHS02:ssh> ssh -vvv 10.209.130.15
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 10.209.130.15 [10.209.130.15] port 22.
debug1: Connection established.
debug1: identity file /export/home/oss/.ssh/identity type -1
debug1: identity file /export/home/oss/.ssh/id_rsa type -1
debug1: identity file /export/home/oss/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
mech_dh: Invalid or unknown error
)
debug1: SSH2_MSG_KEXINIT sent
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-CA,en-US,es,es-MX,fr,fr-CA,i-default
debug2: kex_parse_kexinit: en-CA,en-US,es,es-MX,fr,fr-CA,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: en-CA,en-US,es,es-MX,fr,fr-CA,i-default
debug1: Peer sent proposed langtags, stoc: en-CA,en-US,es,es-MX,fr,fr-CA,i-default
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: Negotiated lang: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: en_US
debug1: Remote: Negotiated messages locale: en_US
debug1: dh_gen_key: priv key bits set: 145/256
debug1: bits set: 1587/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /export/home/oss/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /export/home/oss/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host 10.209.130.15
debug3: check_host_in_hostfile: filename /export/home/oss/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /export/home/oss/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host 10.209.130.15
The authenticity of host '10.209.130.15 (10.209.130.15)' can't be established.
RSA key fingerprint is b6:04:12:cf:f2:dd:dc:93:60:d0:41:23:51:b0:4d:b8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.209.130.15' (RSA) to the list of known hosts.
debug1: bits set: 1653/3191
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug2: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
mech_dh: Invalid or unknown error
)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/oss/.ssh/identity
debug3: no such identity: /export/home/oss/.ssh/identity
debug1: Trying private key: /export/home/oss/.ssh/id_rsa
debug3: no such identity: /export/home/oss/.ssh/id_rsa
debug1: Trying private key: /export/home/oss/.ssh/id_dsa
debug3: no such identity: /export/home/oss/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 22 padlen 10 extra_pad 64)
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1


We are getting Access Denied when we try to login
Last edited by DukeNuke2; 05-12-2012 at 03:59 AM..
# 7  
Old 05-15-2012
Is there any other steps to enable SSH to the server

---------- Post updated 05-15-12 at 10:14 AM ---------- Previous update was 05-14-12 at 10:17 AM ----------

Anyone who is aware of the SSH issues kindly reply to this post. Thanks
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Unable to login via console mode to non-global zone

tldr; We've installed a non-global-zone from a unified archive which once booted, we're unable to gain access to the system either through zlogin or zlogin -C. Errors; svc.startd: instance svc:/system/console-login:default exited with status 127 Investigation; 1) Already opened a SR with... (1 Reply)
Discussion started by: samthewildone
1 Replies

2. AIX

Unable to login in ssh terminal

Hi guys when ever i tried to connect aix server in my institute through ssh terminal the pop is coming like network is unreachable .Am using MacBook air the other guys who are using putty software in windows they can easily login in tho the server through remotely . Is there any one can... (3 Replies)
Discussion started by: aashishb007
3 Replies

3. AIX

FTP Server Unable to Login

FTP Server in P590 machine was unable to login, Torwing error while login. Tried to change password through maintenance mode by running AIX 5.3 OS CD, But CD row was unable to detect for the particular LPAR. Please Suggest ASAP. (3 Replies)
Discussion started by: marunmeera
3 Replies

4. AIX

Unable to ssh or login to AIX server

We are having occasional problems accessing some AIX servers. When this happens we cannot ssh to the server in question or login via HMC console terminal window. We can ssh some commands to the server and get responses but other commands just hang, ssh serverA date returns the date, ssh serverA... (5 Replies)
Discussion started by: Kierong
5 Replies

5. HP-UX

Unable to ssh to server in HP-UX.

Hello Experts, I'm Unable to ssh to server after killing few processes on /opt filesystems. Can you please help me to resolve this. (3 Replies)
Discussion started by: purushottamaher
3 Replies

6. Red Hat

User unable to login to the server, Showing blank screen

Hi All, Facing the login problem. i try to login to the system by the normal user. But when i logged in with the correct username and password, it takes me to the blank (black screen) screen instead of the command line prompt. Only the cursor is blinking ... Please help me out what is... (3 Replies)
Discussion started by: abhay1983
3 Replies

7. Shell Programming and Scripting

Unable to login into GUI mode.

hii all, I am unable to login into GUI mode in solaris 10. It is only prompting me to command mode credentials not going further to GUI mode.. Please help.. Thanks & regards, Bhagi (3 Replies)
Discussion started by: bhargav90
3 Replies

8. Red Hat

RHEL: Users unable to login via SSH

removing the post (6 Replies)
Discussion started by: titanic4u
6 Replies

9. Red Hat

Unable to login via ssh-tectia

HI Experts, I am having dificulty in loggin on the server via ssh-tectia. Sometimes, i can login for like 3 seconds the it shows error "disconnected from network" Other's can login on this server via ssh-tectia without any problem, BUT i can successfully connect to other servers . ... (2 Replies)
Discussion started by: EngnrRG
2 Replies

10. HP-UX

Unable To Perform A "Passwordless" SSH Login To A Server

Greetings! I am trying to perform a passwordless SSH login from a HPUX 11.31 client to a HPUX 11.31 server. Whenever I do a "ssh -l root serverA" from the client, I am prompted for a password. Giving the password, I am able to successfully login. However I am trying to accomplish a... (9 Replies)
Discussion started by: Rob Sandifer
9 Replies
Login or Register to Ask a Question