SSH Issue

[coopermarsh]

Hi

Having problems sshing to a solaris box

PermitRootLogin=yes

I getr the error

sh-3.00$ ssh root@isln616
Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).

 

[coopermarsh]

sorry meant to add

its a solaris 10 box

svcadm starts ssh

svcs reports online

log reports exited with status 0

 

[coopermarsh]

Added output from ssh -v

ssh root@isln616[1@-[1@v[1@ 
Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Rhosts Authentication disabled, originating port will not be trusted.

debug1: ssh_connect: needpriv 0

debug1: Connecting to isln616 [10.56.16.166] port 22.

debug1: Connection established.

debug1: identity file /homedir/users/coojus/.ssh/identity type -1

debug1: identity file /homedir/users/coojus/.ssh/id_rsa type -1

debug1: identity file /homedir/users/coojus/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1

debug1: match: Sun_SSH_1.1 pat Sun_SSH_1.1*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-Sun_SSH_1.1.1

debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-ctr hmac-md5 none

debug1: kex: client->server aes128-ctr hmac-md5 none

debug1: Peer sent proposed langtags, ctos: i-default

debug1: Peer sent proposed langtags, stoc: i-default

debug1: We proposed langtags, ctos: i-default

debug1: We proposed langtags, stoc: i-default

debug1: Negotiated lang: i-default

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: Remote: Negotiated main locale: C

debug1: Remote: Negotiated messages locale: C

debug1: dh_gen_key: priv key bits set: 130/256

debug1: bits set: 1611/3191

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'isln616' is known and matches the RSA host key.

debug1: Found key in /homedir/users/coojus/.ssh/known_hosts:3

debug1: bits set: 1589/3191

debug1: ssh_rsa_verify: signature correct

debug1: newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: done: ssh_kex2.

debug1: send SSH2_MSG_SERVICE_REQUEST

debug1: got SSH2_MSG_SERVICE_ACCEPT

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive

debug1: Next authentication method: gssapi-keyex

debug1: Next authentication method: gssapi-with-mic

debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)

debug1: Next authentication method: publickey

debug1: Trying private key: /homedir/users/coojus/.ssh/identity

debug1: Trying private key: /homedir/users/coojus/.ssh/id_rsa

debug1: Trying private key: /homedir/users/coojus/.ssh/id_dsa

debug1: Next authentication method: keyboard-interactive

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug1: No more authentication methods to try.

Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).

debug1: Calling cleanup 0x341a0(0x0)

 

[Annihilannic]

You don't generally get very useful debugging information from the ssh client (for security reasons).

This FAQ describes how to get debugging info from the server side, see if that gives you any better clues:

http://www.tek-tips.com/faqs.cfm?fid=6934

Annihilannic.

 

[coopermarsh]

Thanks I will take a look.

 

[coopermarsh]

HI output from debug mode

debug1: sshd version Sun_SSH_1.1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 1234 on ::.
Server listening on :: port 1234.
debug1: Server will not fork when running in debugging mode.
Connection from 127.0.0.1 port 37497
debug1: Client protocol version 2.0; client software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible

)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: i-default
debug1: Peer sent proposed langtags, stoc: i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated main locale: C
debug1: Negotiated messages locale: C
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 133/256
debug1: bits set: 1575/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1584/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Failed none for root from 127.0.0.1 port 37497 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 0/1 (e=0/1)
debug1: trying public key file //.ssh/authorized_keys
debug1: restore_uid: 0/1
debug1: temporarily_use_uid: 0/1 (e=0/1)
debug1: trying public key file //.ssh/authorized_keys2
debug1: restore_uid: 0/1
Failed publickey for root from 127.0.0.1 port 37497 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 2 initial attempt 0 failures 2 initial failures 0
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 0/1 (e=0/1)
debug1: trying public key file //.ssh/authorized_keys
debug1: restore_uid: 0/1
debug1: temporarily_use_uid: 0/1 (e=0/1)
debug1: trying public key file //.ssh/authorized_keys2
debug1: restore_uid: 0/1
Failed publickey for root from 127.0.0.1 port 37497 ssh2
debug1: userauth-request for user root service ssh-connection method keyboard-interactive
debug1: attempt 3 initial attempt 0 failures 3 initial failures 0
debug1: keyboard-interactive devs 
ld.so.1: sshd: fatal: relocation error: file /usr/lib/passwdutil.so.1: symbol __nsl_fgetspent_r: referenced symbol not found
Killed

 

[Annihilannic]

Hmm... that's a bit dodgy. Any changes/patches/software installations on that system recently that might have updated that library?

Annihilannic.

 

[coopermarsh]

i can see from the history that one of the admins has run a pkgadd on SUNWcsl

A bollocking is in order if that is the case

 

[AvayaTier3]

can you use ssh and a different login for authentication?

A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"

bsh

36 years Bell, AT&T, Lucent, Avaya
Tier 3 for 26 years and counting

http://bshtele.com

 

[coopermarsh]

no, all the logins are denied.

luck i have a couple of windows open i can still work with.