Login or Register to Ask a Question and Join Our Community


Solaris

Setting up SSH - first time

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Setting up SSH - first time
# 1  
Old 08-19-2008
Setting up SSH - first time
Good day to you all.

I have a server (running on SunOS 5.8) that i always got into via telnet. I have eventually decided to block telnet access to it and instead look toward using SSH. The problem is, whne i establish the SSH connection via PuTTy, i get the "Log in as" prompt, but upon entering the username (root in this example) i get an error message saying "Disconnected:No Supported Authentication methods availalble".

This may be because i need to replicate keys on both PC and Server. so how do i go about doing this?

Appreciate any info you can offer!

Thanks

Dwayne
# 2  
Old 08-20-2008
You will need to ssh as a non-root user to the server first. Then you su - to root. Its safer and better practise to do so.
# 3  
Old 08-20-2008
Can you post the debug mode of
/usr/sbin/sshd -d ?
# 4  
Old 08-20-2008
Alternativly, enable direct root logins by editing the /etc/ssh/sshd_config.
incredible is correct though, it's very bad practice to allow connections directly as root.
# 5  
Old 08-20-2008
You may not be allowed to login as root on the SSH server
though this usually is per default allowed.
But as others wrote, for security reasons one wouldn't login as root but under some normal user account
and then su to root.
If the sshd_config file on your SSH server is world readable, or if you can login there as root
(remember to su ;-)
then you can check whether root logins are allowed by doing something like
Code:
~# grep -i ^permitrootlogin /etc/ssh/sshd_config 
PermitRootLogin yes

# 6  
Old 08-22-2008
that "disconnected" may be due to RSA-based version protocol problem in the config.

have a look at mine and see what you missed out.

Code:
#########################
# Step 1 # ftp files to server and put under /var/tmp/s8ssh
#########################
box1:/var/tmp >cd s8ssh
box1:/var/tmp/s8ssh >ls

openssh-4.7p1-sol8-sparc-local.gz   prngd.start
openssl-0.9.8f-sol8-sparc-local.gz  sshd.start
prngd-0.9.25-sol8-sparc-local.gz    zlib-1.2.3-sol8-sparc-local.gz



#########################
# Step 2 # uncompress all the gzip'd files
#########################
box1:/var/tmp/s8ssh >for i in `ls -1 *.gz`
> do
> gzip -d $i
> done

box1:/var/tmp/s8ssh >ls
openssh-4.7p1-sol8-sparc-local   prngd.start
openssl-0.9.8f-sol8-sparc-local  sshd.start
prngd-0.9.25-sol8-sparc-local    zlib-1.2.3-sol8-sparc-local


#########################
# Step 3 # install the packaes in this sequence
#########################
pkgadd -d openssl-0.9.8f-sol8-sparc-local

The following packages are available:
1 SMCosslc openssl
(sparc) 0.9.8f


box1:/var/tmp/s8ssh >pkgadd -d prngd-0.9.25-sol8-sparc-local

The following packages are available:
  1  SMCprngd     prngd
                  (sparc) 0.9.25



box1:/var/tmp/s8ssh >pkgadd -d zlib-1.2.3-sol8-sparc-local

The following packages are available:
  1  SMCzlib     zlib
                 (sparc) 1.2.3



box1:/var/tmp/s8ssh >pkgadd -d openssh-4.7p1-sol8-sparc-local

The following packages are available:
  1  SMCosh471     openssh
                   (sparc) 4.7p1

#########################
# Step 4: Create startup scripts so it will fire off whenever server reboots
#########################
Startup Scripts:
Create a startup script for the ssh daemon.
/etc/init.d/sshd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#! /bin/sh
#
# start/stop the secure shell daemon

case "$1" in

'start')
     # Start the ssh daemon
     if [ -f /usr/local/sbin/sshd ]; then
          echo "starting SSHD daemon"
          /usr/local/sbin/sshd &
     fi
     ;;

'stop')
     # Stop the ssh deamon
     PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep sshd | /usr/bin/awk '{print $1}'`
     if [ ! -z "$PID" ] ; then
          /usr/bin/kill ${PID} >/dev/null 2>&1
     fi
     ;;

*)
     echo "usage: /etc/init.d/sshd {start|stop}"
     ;;

esac
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make the script executable and create a startup script on run level 2.

box1:/ >chmod +x /etc/init.d/sshd
box1:/ >ln -s /etc/init.d/sshd /etc/rc2.d/S99sshd


#########################
# Step 5: same thing create startup scripts for prngd in /etc/init.d and link to /etc/rc2.d
#########################
Create a startup script for the pseudo random generator daemon.
/etc/init.d/prngd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
#! /bin/sh
#
# start/stop the pseudo random generator daemon

case "$1" in

'start')
     # Start the ssh daemon
     if [ -f /usr/local/sbin/prngd ]; then
          echo "starting PRNG daemon"
          /usr/local/sbin/prngd /var/spool/prngd/pool&
     fi
     ;;

'stop')
     # Stop the ssh deamon
     PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep prngd | /usr/bin/awk '{print $1}'`
     if [ ! -z "$PID" ] ; then
          /usr/bin/kill ${PID} >/dev/null 2>&1
     fi
     ;;

*)
     echo "usage: /etc/init.d/prngd {start|stop}"
     ;;

esac
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

box1:/ >chmod +x /etc/init.d/prngd
box1:/ >ln -s /etc/init.d/prngd /etc/rc2.d/S99prngd


#########################
# Step 6: path it correctly(** remember to add to .profile also)
#########################
export PATH=/usr/bin:/usr/sbin:/opt:/usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/proc/bin:/usr/openwin/bin:
/usr/openwin/sbin:/usr/local/ssl:.
export LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:/usr/local/ssl/lib:.

#########################
# Step 7: startup the processes prngd first
#########################
box1:/etc/init.d >./prngd start
starting PRNG daemon
box1:/etc/init.d >Info: Random pool not (yet) seeded
Could not bind socket to /var/spool/prngd/pool: No such file or directory
Feb  1 14:50:19 box1 prngd[2730]: [ID 388259 daemon.alert] Could not bind soc
ket to /var/spool/prngd/pool: No such file or directory

#########################
# Step 8: create the missing folder then try again
#########################
box1:/etc/init.d >mkdir -p /var/spool/prngd
box1:/etc/init.d >./prngd start
starting PRNG daemon
box1:/etc/init.d >Info: Random pool not (yet) seeded
box1:/ >ps -ef |grep prngd
    root  1246  1208  0 12:36:51 pts/7    0:00 grep prngd
    root  1230     1  0 12:36:30 ?        0:00 /usr/local/sbin/prngd /var/spool/prngd/pool

#########################
# Step 9: start ssh process
#########################
box1:/etc/init.d >sshd start
ld.so.1: sshd: fatal: libgcc_s.so.1: open failed: No such file or directory
Killed
box1:/etc/init.d >


#########################
# Step 10: Install latest libgcc version (from sunfreeware.com)
#########################
box1:/var/tmp/s8ssh >pkgadd -d libgcc*

The following packages are available:
  1  SMClgcc     libgcc
                 (sparc) 3.4.6

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Processing package instance <SMClgcc> from </var/tmp/s8ssh/libgcc-3.4.6-sol8-spa
rc-local>

libgcc
(sparc) 3.4.6
FSF
Using </usr/local> as the package base directory.
## Processing package information.
## Processing system information.
   1 package pathname is already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

Installing libgcc as <SMClgcc>

## Installing part 1 of 1.
/usr/local/lib/libg2c.a
/usr/local/lib/libg2c.la
/usr/local/lib/libg2c.so <symbolic link>
/usr/local/lib/libg2c.so.0 <symbolic link>
/usr/local/lib/libg2c.so.0.0.0
/usr/local/lib/libgcc_s.so <symbolic link>
/usr/local/lib/libgcc_s.so.1
/usr/local/lib/libstdc++.a
/usr/local/lib/libstdc++.la
/usr/local/lib/libstdc++.so <symbolic link>
/usr/local/lib/libstdc++.so.6 <symbolic link>
/usr/local/lib/libstdc++.so.6.0.3
[ verifying class <none> ]

Installation of <SMClgcc> was successful.
box1:/var/tmp/s8ssh >

#########################
# Step 11: Try again
#########################
box1:/etc/init.d >./sshd start
starting SSHD daemon
box1:/etc/init.d >Could not load host key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.


#########################
# Step 12: Create keys for V2
#########################
The errors above are due to the fact that we didn't create any key pairs for our ssh server.
Create a public key pair to support the new, DSA-based version 2 protocol


box1:/ >/usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N ""
Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
ce:af:e5:96:e6:94:78:23:93:07:03:3a:0a:d0:90:1f root@box1
box1:/ >



#########################
# Step 13: Create keys also to cater for V1
#########################
Create a public key pair to support the old, RSA-based version 1 protocol

box1:/ >/usr/local/bin/ssh-keygen -b 1024 -f /usr/local/etc/ssh_host_rsa_key -t rsa -N ""
Generating public/private rsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
e9:7f:8d:2c:a1:64:66:4b:87:4a:14:99:0b:69:8e:dd root@box1
box1:/ >


#########################
# Step 14: startup ssh again
#########################
box1:/usr/local/etc >/etc/init.d/sshd start
starting SSHD daemon
box1:/usr/local/etc >Could not load host key: /usr/local/etc/ssh_host_key
Disabling protocol version 1. Could not load host key
Missing privilege separation directory: /var/empty



#########################
# Step 15: vi sshd_config
#########################
box1:/usr/local/etc >ls
moduli                ssh_host_dsa_key      ssh_host_rsa_key.pub
prngd                 ssh_host_dsa_key.pub  sshd_config
ssh_config            ssh_host_rsa_key
box1:/usr/local/etc >
box1:/usr/local/etc >cat sshd_config | grep -i protocol
#Protocol 2,1

vi to edit ssh_config and uncomment the above line so it will look like this without the '#'
Protocol 2,1


box1:/etc/init.d >mkdir -p /var/empty
box1:/etc/init.d >./sshd start
starting SSHD daemon
box1:/etc/init.d >Could not load host key: /usr/local/etc/ssh_host_key
Disabling protocol version 1. Could not load host key

box1:/etc/init.d >ps -ef |grep ssh
    root  2937  2816  0 15:31:19 pts/5    0:00 grep ssh
    root  2934     1  0 15:31:07 ?        0:00 /usr/local/sbin/sshd

box1:/usr/local/etc >ps -ef| grep prngd
    root  2944  2816  0 15:32:37 pts/5    0:00 grep prngd
    root  2734     1  0 14:51:10 ?        0:00 /usr/local/sbin/prngd /var/spool/prngd/pool



Problems
---------
Using keyboard-interactive authentication.
Password:
Access denied

'#' back Protocol 2,1 in /usr/local/etc/sshd_config

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. IP Networking

Setting to SSH home-PC from Work

Hello, My question is very basic for the settings to SSH my home PC from work. Home network two PC: Internet comes into my house through ISP modem and then the two PCs are connected with the router (Trendnet). The IPs for my PCs are How to set other stuffs for me to access my home PC from... (5 Replies)
Discussion started by: yifangt
5 Replies

2. Solaris

Time setting on Solaris 10

Hi all, Any idea please how to: -Change Time format from 24h format to 12h format (AM and PM) -Turn off DST: Daylight Save Time on a Solaris10 server Thanks in advance (1 Reply)
Discussion started by: rafikrafik09
1 Replies

3. Shell Programming and Scripting

setting a variable, using SSH and awk?

hi there I am trying to get a value from a remote machine into a local variable. To get this value i want to use awk but im having trouble getting it to run, am i escaping in the right places here and using the right quotes (i must have tried a million combinations :() # VAR=`ssh server1... (5 Replies)
Discussion started by: hcclnoodles
5 Replies

4. AIX

ssh setting

I would like to implement the secure shell environment in order for me to close all telnet and ftp ports. 1) Anyone can assist to give me a steps of what to do so that I can implement the ssh on my AIX5.3 server. 2) Currently I have installed putty in my PC to replace telnet directly into the... (11 Replies)
Discussion started by: kwliew999
11 Replies

5. Linux

Setting up SSH on Fedora Linux

Hello, I have Fedora Linux core 3.0 installed on my computer and I want to let it allow SSH or Telnet connections so that I can access my files when I'm not home. Who can help me with doing that? Thank you, (3 Replies)
Discussion started by: HSN
3 Replies

6. UNIX for Dummies Questions & Answers

need help setting time!

I am trying to change the time on a Sun Solaris System, but I am having some difficulties. I thought by accessing the clock icon in the CDE would allow me to change the time. Also when I clicked the help icon I still could not fine any information. (1 Reply)
Discussion started by: wmosley2
1 Replies

7. UNIX for Dummies Questions & Answers

Setting Directory Time

How would I modify the time of a directory? The touch command appears to only work on files and I searched through the threads looking for an example on dealing with directories. I have a directory that has a recent date, but none of the files within the directory are recent. I'd like to set... (2 Replies)
Discussion started by: jgordon
2 Replies

8. UNIX for Dummies Questions & Answers

Setting SSH port

How can I switch the port which SSH listens on? (1 Reply)
Discussion started by: Spetnik
1 Replies

9. UNIX for Dummies Questions & Answers

setting session time

Please lemme know how & where to set the session time for ftp connection in Wu-ftp . Regards Gambhi. (5 Replies)
Discussion started by: gambhi_s
5 Replies

10. UNIX for Dummies Questions & Answers

setting date and time

how do i set the system date and time? i know i have to be root to do it but i'm new to unix--really new--and some of this stuff seems really cryptic. thanks for any help.:confused: (2 Replies)
Discussion started by: singlefin
2 Replies
Login or Register to Ask a Question