Can't Log into Solaris 10 u10 due to Pam and DH errors


Login or Register to Reply

 
Thread Tools Search this Thread
# 1  
Old 06-28-2014
Can't Log into Solaris 10 u10 due to Pam and DH errors

Dears,,
i hope everything is going fine with you,,

Yesterday i was trying to log into My Solaris 10 u10 x86 Via SSH , But it showing me many error message and refusing to login even with with the root account and below you can find the error message:

Code:
[root@home:~] # ssh -v root@192.168.10.1
Sun_SSH_1.1.4, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 192.168.10.1 [192.168.10.1] port 22.
debug1: Connection established.
debug1: identity file /export/home/root/.ssh/identity type -1
debug1: identity file /export/home/root/.ssh/id_rsa type -1
debug1: identity file /export/home/root/.ssh/id_dsa type -1
debug1: Logging to host: 192.168.10.1
debug1: Local user: root Remote user: root
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.5
debug1: match: Sun_SSH_1.1.5 pat Sun_SSH_1.1.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.4
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
no common kex alg: client 'diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1', server 'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g=='
debug1: Calling cleanup 0x807177a(0x0)

After google if found that i have to delete the /etc/ssh/ssh_host_*
So i logged into the system Via Fail safe > mounted the / to /a and deleted the ssh_hos_*

After reboot the machine i found there is another logs (also the diffie-hellman error still exist :

Code:
/usr/lib/security/pam_authtok_get.so.1 writable by group
/usr/lib/security/pam_dhkeys.so.1 writable by group

That's make me very confused, after more searching i found topic advising to check for the permission for the pam files, so loged into the system Via fail-safe and found out that all files taking full permission and i believe it's not good, below you can find the permission:

Code:
-rwxrwxrwx+

So i will be appreciated if you help me in this case is really it make me confused.

BR
Ahmed
# 2  
Old 06-29-2014
The package contents file shows the correct attributes
Code:
grep /usr/lib/security/
pam_authtok_get.so.1 /var/sadm/install/contents

Also compare the checksum
Code:
sum /usr/lib/security/
pam_authtok_get.so.1

And check the integrity of your core solaris
Code:
pkgchk SUNWcsu


Last edited by MadeInGermany; 06-29-2014 at 03:47 AM..
# 3  
Old 06-29-2014
Can you login as root (or any other account) if you don't use ssh? (or is the system configured not to allow that?)

Can you get to the console and do an ordinary root login from there?
# 4  
Old 06-29-2014
Hi MadeInGermany,,

Thanks for you reply and below you can find the output:

[IMG]Image[/IMG]
Thanks
Ahmed

---------- Post updated at 10:07 AM ---------- Previous update was at 10:04 AM ----------

Quote:
Originally Posted by hicksd8
Can you login as root (or any other account) if you don't use ssh? (or is the system configured not to allow that?)

Can you get to the console and do an ordinary root login from there?
Unfortunately i can't login with any user from ssh or console every time i try to login it show the DH error and the other also.

The only way to login is Via Fail safe.

Thanks you for your interest
Ahmed

Last edited by ieee99; 06-30-2014 at 09:43 AM..
# 5  
Old 06-29-2014
Hi Ahmed,

So you can't login as root even directly on the console (without SSH)!!!!

Have you, or someone else, edited /etc/passwd and/or /etc/shadow directly recently?

If so, display them to your screen and check very carefully the formatting.

For example, the root account information must be on the very first line. Just inserting a blank line at the beginning of /etc/passwd will screw up all logins.

Before we suggest anything else, do these files look alright?
All the fields in them correctly delimited, etc.

---------- Post updated at 06:04 PM ---------- Previous update was at 05:23 PM ----------

Please post the content of:

Code:
 
 /etc/pam.conf
  
 /etc/security/policy.conf

# 6  
Old 06-30-2014
The checksum of pam_authtok_get.so.1 is okay.
Reset all file permissions with

Code:
nawk '$NF=="SUNWcsl"' /var/sadm/install/contents | while read file ftype class perm owner group junk; do if [ "$ftype" != "s" ] && find "$file" -prune \! \( -user "$owner" -group "$group" -perm "$perm" \) | grep . >/dev/null; then echo chmod "$perm" "$file"; echo chown "$owner":"$group" "$file"; fi; done

To really execute, you can run the echoed commands in a shell. (Or pipe the whole loop to sh.)
Login or Register to Reply

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
How to recover x86 Solaris 10 u10 boot record/grub menu overwritten by Debian 9? vectrum Solaris 0 01-07-2019 02:38 PM
Error due to unset variable - Solaris vs GNU Linux - Help needed NickKnight UNIX for Advanced & Expert Users 1 02-04-2014 05:07 AM
What is solution for this error "tar: Exiting with failure status due to previous errors"? Akshay Hegde Ubuntu 8 09-20-2013 10:38 PM
Solaris U10 - Crash OS Aswex Solaris 3 08-08-2013 03:52 AM
PAM password change failed, pam error 20 scabarrus SuSE 3 07-16-2013 04:26 PM
Solaris and PAM Password policy pandu345 Solaris 3 11-03-2012 04:46 AM
Error opening PAM libraries : solaris 10 on vmware workstation snchaudhari2 Solaris 2 09-14-2011 05:09 PM
SSH and PAM authentication issues on Solaris 10 bluescreen Solaris 1 03-08-2011 04:52 PM
Using PAM to log password changes? declannalced UNIX for Dummies Questions & Answers 0 04-21-2010 09:38 PM
Solaris 8 PAM question incredible Solaris 5 10-16-2009 02:18 PM
problem with tar command in solaris9 on sun U10 Harmut Solaris 3 08-26-2009 03:37 AM
PAM, Solaris, Openssh and Forcing a password change woodson2 Solaris 7 03-18-2009 09:43 AM
Not able to compile Pro*c file due - give errors and points to /usr/include/.. file shafi2all Programming 0 05-09-2008 03:27 AM
ACL problem due to mv command used in solaris Tlogine Filesystems, Disks and Memory 0 09-18-2007 08:40 AM