Difficult authorized_keys login problem only for root on Solaris 11
3
Here's a difficult ssh problem I can't figure out on Solaris 11, although I think I'm an experienced UNIX/Linux sysadmin. :)
I've copied the root@server1:/root/.ssh/id_rsa.pub file to:
root@server2:/root/.ssh/authorized_keys
oracle@server2:/home/oracle/.ssh/authorized_keys
No problem logging on or running commands remotely for oracle@server2.
I keep getting the password prompt for root@server2.
If I run "sshd -d" (debug mode) on server2 and run "ssh root@server2 uptime" from server1, I get to see the following info on server2 until I get the password prompt and press Ctrl-C to interrupt it:
server2# /usr/lib/ssh/sshd -d
debug1: sshd version Sun_SSH_2.2
debug1: key_load_private: loading /etc/ssh/ssh_host_rsa_key
debug1: ssh_kmf_check_uri: /etc/ssh/ssh_host_rsa_key
debug1: read PEM private key done: type RSA
debug1: Private host key #0 of type 1 (RSA).
debug1: key_load_private: loading /etc/ssh/ssh_host_dsa_key
debug1: ssh_kmf_check_uri: /etc/ssh/ssh_host_dsa_key
debug1: read PEM private key done: type DSA
debug1: Private host key #1 of type 2 (DSA).
debug1: Creating a global KMF session.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 10.71.4.10 port 21911
debug1: Client protocol version 2.0; client software version Sun_SSH_2.2
debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: Reloading X.509 host keys to avoid PKCS#11 fork issues.
monitor debug1: reading the context from the child
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug1: KEX proposal I received from the peer:
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: en-US
debug1: Peer sent proposed langtags, stoc: en-US
debug1: We proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Negotiated main locale: en_US.UTF-8
debug1: Negotiated messages locale: en_US.UTF-8
debug1: Host key type is 1.
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 252/512
debug1: bits set: 2051/4095
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 2036/4095
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Failed none for root from 10.71.4.10 port 21911 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 initial attempt 0 failures 0 initial failures 0
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: Test whether the public key is acceptable.
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug1: restore_uid: 0/0
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 2 initial attempt 0 failures 0 initial failures 0
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: We received a signature in the user auth packet.
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
Failed publickey for root from 10.71.4.10 port 21911 ssh2
debug1: userauth-request for user root service ssh-connection method keyboard-interactive
debug1: attempt 3 initial attempt 0 failures 2 initial failures 0
debug1: keyboard-interactive devs
Connection closed by 10.71.4.10
debug1: Calling cleanup 0x2df78(0xec5010)
debug1: Calling cleanup 0x262a8(0xece938)
debug1: Calling cleanup 0x53590(0x0)
monitor debug1: child closed the communication pipe before user auth was finished
monitor debug1: Calling cleanup 0x53590(0x0)
monitor debug1: Calling cleanup 0x53590(0x0)
More information on the SSH server configuration:
server2# diff /root/.ssh/authorized_keys /home/oracle/.ssh/authorized_keys
server2#
server2# ls -l /root/.ssh/authorized_keys /home/oracle/.ssh/authorized_keys
-rw------- 1 oracle dba 396 Aug 29 08:53 /home/oracle/.ssh/authorized_keys
-rw------- 1 root root 396 Aug 29 08:53 /root/.ssh/authorized_keys
server2# ls -ld /root /home/oracle
drwxr-xr-x 30 oracle dba 69 Aug 20 06:13 /home/oracle
drwx------ 22 root root 43 Aug 29 08:52 /root
server2# ls -ld /root/.ssh /home/oracle/.ssh
drwx--x--x 2 root root 5 Mar 20 2014 /home/oracle/.ssh
drwx--x--x 2 root root 3 Aug 29 08:53 /root/.ssh
server2# grep Root /etc/ssh/sshd_config
PermitRootLogin yes
Below shows the remote server server2's /var/log/authlog when I attempted ssh root@server2 uptime from server1:
Aug 30 09:46:48 db01 sshd[11916]: [ID 800047 auth.debug] debug1: Forked child 13172.
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.info] Connection from 10.71.4.10 port 28154
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Client protocol version 2.0; client software version Sun_SSH_2.2
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Enabling compatibility mode for protocol 2.0
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Local version string SSH-2.0-Sun_SSH_2.2
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Reloading X.509 host keys to avoid PKCS#11 fork issues.
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: reading the context from the child
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: use_engine is 'yes'
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: pkcs11 engine initialization complete
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: list_hostkey_types: ssh-rsa,ssh-dss
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: My KEX proposal before adding the GSS KEX algorithm:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEXINIT sent
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEXINIT received
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: My KEX proposal I sent to the peer:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: KEX proposal I received from the peer:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: kex: client->server aes128-ctr hmac-sha2-256 none
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: kex: server->client aes128-ctr hmac-sha2-256 none
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Peer sent proposed langtags, ctos: en-US
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Peer sent proposed langtags, stoc: en-US
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Negotiated main locale: en_US.UTF-8
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Negotiated messages locale: en_US.UTF-8
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Host key type is 1.
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: dh_gen_key: priv key bits set: 267/512
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: bits set: 2056/4095
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: bits set: 2053/4095
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: set_newkeys: setting new keys for 'out' mode
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_NEWKEYS sent
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: expecting SSH2_MSG_NEWKEYS
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: set_newkeys: setting new keys for 'in' mode
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_NEWKEYS received
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: KEX done
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method none
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Failed none for root from 10.71.4.10 port 28154 ssh2
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method publickey
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 1 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Test whether the public key is acceptable.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 0/0 (e=0/0)
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: trying public key file /root/.ssh/authorized_keys
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: restore_uid: 0/0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method publickey
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 2 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We received a signature in the user auth packet.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 0/0 (e=0/0)
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: trying public key file /root/.ssh/authorized_keys
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: restore_uid: 0/0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_rsa_verify: signature correct
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.notice] Failed publickey for root from 10.71.4.10 port 28154 ssh2
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method keyboard-interactive
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 3 initial attempt 0 failures 2 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: keyboard-interactive devs
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.info] Connection closed by 10.71.4.10
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x2df78(0x34f960)
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x262a8(0x3592f8)
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x53590(0x0)
Aug 30 09:46:51 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: child closed the communication pipe before user auth was finished
Aug 30 09:46:51 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: Calling cleanup 0x53590(0x0)
Aug 30 09:46:51 db01 last message repeated 1 time
Also, below shows the output on server1 (on the originating server) when I used "ssh -v -v -v root@server2" from server1 to connect to server2:
server1# ssh -v -v -v root@server2
Sun_SSH_2.2, SSH protocols 1.5/2.0, OpenSSL 0x1000110f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to db01 [10.65.4.139] port 22.
debug1: Connection established.
debug1: ssh_kmf_check_uri: /root/.ssh/identity
debug1: Identity file/URI '/root/.ssh/identity' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /root/.ssh/id_rsa
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: Identity file/URI '/root/.ssh/id_rsa' pubkey type ssh-rsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug1: Identity file/URI '/root/.ssh/id_dsa' pubkey type UNKNOWN
debug1: Logging to host: db01
debug1: Local user: root Remote user: root
debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.2
debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Creating a global KMF session.
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug1: SSH2_MSG_KEXINIT sent
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: KEX proposal I received from the peer:
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: kex_parse_kexinit: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha2-256
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug2: mac_setup: found hmac-sha2-256
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Peer sent proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: Negotiated lang: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: en_US.UTF-8
debug1: Remote: Negotiated messages locale: en_US.UTF-8
debug1: dh_gen_key: priv key bits set: 262/512
debug1: bits set: 2025/4095
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: match line 17
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: match line 17
debug1: Host 'db01' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:17
debug1: bits set: 2075/4095
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug2: set_newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug2: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: ssh_kmf_check_uri: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277 lastkey 73cee8 hint 1
debug3: Pubkey type from SSH_MSG_USERAUTH_PK_OK is ssh-rsa.
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug2: input_userauth_pk_ok: fp 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug3: sign_and_send_pubkey
debug1: ssh_kmf_check_uri: /root/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64)
Connection closed by 10.65.4.139
debug1: Calling cleanup 0x418a8(0x0)
ssh password prompt
asked Aug 29 '16 at 16:30
SteveSteve
164
|
show 6 more comments
3
Here's a difficult ssh problem I can't figure out on Solaris 11, although I think I'm an experienced UNIX/Linux sysadmin. :)
I've copied the root@server1:/root/.ssh/id_rsa.pub file to:
root@server2:/root/.ssh/authorized_keys
oracle@server2:/home/oracle/.ssh/authorized_keys
No problem logging on or running commands remotely for oracle@server2.
I keep getting the password prompt for root@server2.
If I run "sshd -d" (debug mode) on server2 and run "ssh root@server2 uptime" from server1, I get to see the following info on server2 until I get the password prompt and press Ctrl-C to interrupt it:
server2# /usr/lib/ssh/sshd -d
debug1: sshd version Sun_SSH_2.2
debug1: key_load_private: loading /etc/ssh/ssh_host_rsa_key
debug1: ssh_kmf_check_uri: /etc/ssh/ssh_host_rsa_key
debug1: read PEM private key done: type RSA
debug1: Private host key #0 of type 1 (RSA).
debug1: key_load_private: loading /etc/ssh/ssh_host_dsa_key
debug1: ssh_kmf_check_uri: /etc/ssh/ssh_host_dsa_key
debug1: read PEM private key done: type DSA
debug1: Private host key #1 of type 2 (DSA).
debug1: Creating a global KMF session.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 10.71.4.10 port 21911
debug1: Client protocol version 2.0; client software version Sun_SSH_2.2
debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: Reloading X.509 host keys to avoid PKCS#11 fork issues.
monitor debug1: reading the context from the child
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug1: KEX proposal I received from the peer:
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: en-US
debug1: Peer sent proposed langtags, stoc: en-US
debug1: We proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Negotiated main locale: en_US.UTF-8
debug1: Negotiated messages locale: en_US.UTF-8
debug1: Host key type is 1.
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 252/512
debug1: bits set: 2051/4095
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 2036/4095
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Failed none for root from 10.71.4.10 port 21911 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 initial attempt 0 failures 0 initial failures 0
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: Test whether the public key is acceptable.
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug1: restore_uid: 0/0
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 2 initial attempt 0 failures 0 initial failures 0
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: We received a signature in the user auth packet.
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
Failed publickey for root from 10.71.4.10 port 21911 ssh2
debug1: userauth-request for user root service ssh-connection method keyboard-interactive
debug1: attempt 3 initial attempt 0 failures 2 initial failures 0
debug1: keyboard-interactive devs
Connection closed by 10.71.4.10
debug1: Calling cleanup 0x2df78(0xec5010)
debug1: Calling cleanup 0x262a8(0xece938)
debug1: Calling cleanup 0x53590(0x0)
monitor debug1: child closed the communication pipe before user auth was finished
monitor debug1: Calling cleanup 0x53590(0x0)
monitor debug1: Calling cleanup 0x53590(0x0)
More information on the SSH server configuration:
server2# diff /root/.ssh/authorized_keys /home/oracle/.ssh/authorized_keys
server2#
server2# ls -l /root/.ssh/authorized_keys /home/oracle/.ssh/authorized_keys
-rw------- 1 oracle dba 396 Aug 29 08:53 /home/oracle/.ssh/authorized_keys
-rw------- 1 root root 396 Aug 29 08:53 /root/.ssh/authorized_keys
server2# ls -ld /root /home/oracle
drwxr-xr-x 30 oracle dba 69 Aug 20 06:13 /home/oracle
drwx------ 22 root root 43 Aug 29 08:52 /root
server2# ls -ld /root/.ssh /home/oracle/.ssh
drwx--x--x 2 root root 5 Mar 20 2014 /home/oracle/.ssh
drwx--x--x 2 root root 3 Aug 29 08:53 /root/.ssh
server2# grep Root /etc/ssh/sshd_config
PermitRootLogin yes
Below shows the remote server server2's /var/log/authlog when I attempted ssh root@server2 uptime from server1:
Aug 30 09:46:48 db01 sshd[11916]: [ID 800047 auth.debug] debug1: Forked child 13172.
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.info] Connection from 10.71.4.10 port 28154
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Client protocol version 2.0; client software version Sun_SSH_2.2
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Enabling compatibility mode for protocol 2.0
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Local version string SSH-2.0-Sun_SSH_2.2
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Reloading X.509 host keys to avoid PKCS#11 fork issues.
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: reading the context from the child
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: use_engine is 'yes'
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: pkcs11 engine initialization complete
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: list_hostkey_types: ssh-rsa,ssh-dss
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: My KEX proposal before adding the GSS KEX algorithm:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEXINIT sent
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEXINIT received
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: My KEX proposal I sent to the peer:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: KEX proposal I received from the peer:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: kex: client->server aes128-ctr hmac-sha2-256 none
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: kex: server->client aes128-ctr hmac-sha2-256 none
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Peer sent proposed langtags, ctos: en-US
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Peer sent proposed langtags, stoc: en-US
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Negotiated main locale: en_US.UTF-8
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Negotiated messages locale: en_US.UTF-8
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Host key type is 1.
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: dh_gen_key: priv key bits set: 267/512
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: bits set: 2056/4095
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: bits set: 2053/4095
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: set_newkeys: setting new keys for 'out' mode
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_NEWKEYS sent
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: expecting SSH2_MSG_NEWKEYS
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: set_newkeys: setting new keys for 'in' mode
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_NEWKEYS received
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: KEX done
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method none
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Failed none for root from 10.71.4.10 port 28154 ssh2
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method publickey
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 1 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Test whether the public key is acceptable.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 0/0 (e=0/0)
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: trying public key file /root/.ssh/authorized_keys
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: restore_uid: 0/0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method publickey
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 2 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We received a signature in the user auth packet.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 0/0 (e=0/0)
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: trying public key file /root/.ssh/authorized_keys
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: restore_uid: 0/0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_rsa_verify: signature correct
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.notice] Failed publickey for root from 10.71.4.10 port 28154 ssh2
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method keyboard-interactive
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 3 initial attempt 0 failures 2 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: keyboard-interactive devs
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.info] Connection closed by 10.71.4.10
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x2df78(0x34f960)
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x262a8(0x3592f8)
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x53590(0x0)
Aug 30 09:46:51 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: child closed the communication pipe before user auth was finished
Aug 30 09:46:51 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: Calling cleanup 0x53590(0x0)
Aug 30 09:46:51 db01 last message repeated 1 time
Also, below shows the output on server1 (on the originating server) when I used "ssh -v -v -v root@server2" from server1 to connect to server2:
server1# ssh -v -v -v root@server2
Sun_SSH_2.2, SSH protocols 1.5/2.0, OpenSSL 0x1000110f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to db01 [10.65.4.139] port 22.
debug1: Connection established.
debug1: ssh_kmf_check_uri: /root/.ssh/identity
debug1: Identity file/URI '/root/.ssh/identity' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /root/.ssh/id_rsa
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: Identity file/URI '/root/.ssh/id_rsa' pubkey type ssh-rsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug1: Identity file/URI '/root/.ssh/id_dsa' pubkey type UNKNOWN
debug1: Logging to host: db01
debug1: Local user: root Remote user: root
debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.2
debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Creating a global KMF session.
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug1: SSH2_MSG_KEXINIT sent
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: KEX proposal I received from the peer:
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: kex_parse_kexinit: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha2-256
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug2: mac_setup: found hmac-sha2-256
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Peer sent proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: Negotiated lang: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: en_US.UTF-8
debug1: Remote: Negotiated messages locale: en_US.UTF-8
debug1: dh_gen_key: priv key bits set: 262/512
debug1: bits set: 2025/4095
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: match line 17
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: match line 17
debug1: Host 'db01' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:17
debug1: bits set: 2075/4095
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug2: set_newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug2: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: ssh_kmf_check_uri: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277 lastkey 73cee8 hint 1
debug3: Pubkey type from SSH_MSG_USERAUTH_PK_OK is ssh-rsa.
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug2: input_userauth_pk_ok: fp 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug3: sign_and_send_pubkey
debug1: ssh_kmf_check_uri: /root/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64)
Connection closed by 10.65.4.139
debug1: Calling cleanup 0x418a8(0x0)
ssh password prompt
asked Aug 29 '16 at 16:30
SteveSteve
164
did you check the directory permissions for /root and /root/.ssh yet ? anything looser than 700 perms, will cause you this problem.
– MelBurslan
Aug 29 '16 at 16:38
SELinux permissions? Use more-dto get more debugging information.
– Jakuje
Aug 29 '16 at 16:50
(Original poster) Yep, I did. I included the directory permissions at the bottom of my posting.
– Steve
Aug 29 '16 at 16:51
(Original poster) To Jakuje - This happens between Solaris 11 servers.
– Steve
Aug 29 '16 at 16:53
What does your ~/.ssh/config file have in it on the originating server? (An empty or non-existent file is okay here.)
– John
Aug 29 '16 at 16:57
|
show 6 more comments
3
3
3
0
Here's a difficult ssh problem I can't figure out on Solaris 11, although I think I'm an experienced UNIX/Linux sysadmin. :)
I've copied the root@server1:/root/.ssh/id_rsa.pub file to:
root@server2:/root/.ssh/authorized_keys
oracle@server2:/home/oracle/.ssh/authorized_keys
No problem logging on or running commands remotely for oracle@server2.
I keep getting the password prompt for root@server2.
If I run "sshd -d" (debug mode) on server2 and run "ssh root@server2 uptime" from server1, I get to see the following info on server2 until I get the password prompt and press Ctrl-C to interrupt it:
server2# /usr/lib/ssh/sshd -d
debug1: sshd version Sun_SSH_2.2
debug1: key_load_private: loading /etc/ssh/ssh_host_rsa_key
debug1: ssh_kmf_check_uri: /etc/ssh/ssh_host_rsa_key
debug1: read PEM private key done: type RSA
debug1: Private host key #0 of type 1 (RSA).
debug1: key_load_private: loading /etc/ssh/ssh_host_dsa_key
debug1: ssh_kmf_check_uri: /etc/ssh/ssh_host_dsa_key
debug1: read PEM private key done: type DSA
debug1: Private host key #1 of type 2 (DSA).
debug1: Creating a global KMF session.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 10.71.4.10 port 21911
debug1: Client protocol version 2.0; client software version Sun_SSH_2.2
debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: Reloading X.509 host keys to avoid PKCS#11 fork issues.
monitor debug1: reading the context from the child
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug1: KEX proposal I received from the peer:
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: en-US
debug1: Peer sent proposed langtags, stoc: en-US
debug1: We proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Negotiated main locale: en_US.UTF-8
debug1: Negotiated messages locale: en_US.UTF-8
debug1: Host key type is 1.
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 252/512
debug1: bits set: 2051/4095
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 2036/4095
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Failed none for root from 10.71.4.10 port 21911 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 initial attempt 0 failures 0 initial failures 0
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: Test whether the public key is acceptable.
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug1: restore_uid: 0/0
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 2 initial attempt 0 failures 0 initial failures 0
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: We received a signature in the user auth packet.
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
Failed publickey for root from 10.71.4.10 port 21911 ssh2
debug1: userauth-request for user root service ssh-connection method keyboard-interactive
debug1: attempt 3 initial attempt 0 failures 2 initial failures 0
debug1: keyboard-interactive devs
Connection closed by 10.71.4.10
debug1: Calling cleanup 0x2df78(0xec5010)
debug1: Calling cleanup 0x262a8(0xece938)
debug1: Calling cleanup 0x53590(0x0)
monitor debug1: child closed the communication pipe before user auth was finished
monitor debug1: Calling cleanup 0x53590(0x0)
monitor debug1: Calling cleanup 0x53590(0x0)
More information on the SSH server configuration:
server2# diff /root/.ssh/authorized_keys /home/oracle/.ssh/authorized_keys
server2#
server2# ls -l /root/.ssh/authorized_keys /home/oracle/.ssh/authorized_keys
-rw------- 1 oracle dba 396 Aug 29 08:53 /home/oracle/.ssh/authorized_keys
-rw------- 1 root root 396 Aug 29 08:53 /root/.ssh/authorized_keys
server2# ls -ld /root /home/oracle
drwxr-xr-x 30 oracle dba 69 Aug 20 06:13 /home/oracle
drwx------ 22 root root 43 Aug 29 08:52 /root
server2# ls -ld /root/.ssh /home/oracle/.ssh
drwx--x--x 2 root root 5 Mar 20 2014 /home/oracle/.ssh
drwx--x--x 2 root root 3 Aug 29 08:53 /root/.ssh
server2# grep Root /etc/ssh/sshd_config
PermitRootLogin yes
Below shows the remote server server2's /var/log/authlog when I attempted ssh root@server2 uptime from server1:
Aug 30 09:46:48 db01 sshd[11916]: [ID 800047 auth.debug] debug1: Forked child 13172.
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.info] Connection from 10.71.4.10 port 28154
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Client protocol version 2.0; client software version Sun_SSH_2.2
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Enabling compatibility mode for protocol 2.0
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Local version string SSH-2.0-Sun_SSH_2.2
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Reloading X.509 host keys to avoid PKCS#11 fork issues.
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: reading the context from the child
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: use_engine is 'yes'
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: pkcs11 engine initialization complete
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: list_hostkey_types: ssh-rsa,ssh-dss
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: My KEX proposal before adding the GSS KEX algorithm:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEXINIT sent
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEXINIT received
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: My KEX proposal I sent to the peer:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: KEX proposal I received from the peer:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: kex: client->server aes128-ctr hmac-sha2-256 none
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: kex: server->client aes128-ctr hmac-sha2-256 none
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Peer sent proposed langtags, ctos: en-US
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Peer sent proposed langtags, stoc: en-US
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Negotiated main locale: en_US.UTF-8
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Negotiated messages locale: en_US.UTF-8
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Host key type is 1.
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: dh_gen_key: priv key bits set: 267/512
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: bits set: 2056/4095
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: bits set: 2053/4095
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: set_newkeys: setting new keys for 'out' mode
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_NEWKEYS sent
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: expecting SSH2_MSG_NEWKEYS
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: set_newkeys: setting new keys for 'in' mode
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_NEWKEYS received
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: KEX done
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method none
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Failed none for root from 10.71.4.10 port 28154 ssh2
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method publickey
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 1 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Test whether the public key is acceptable.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 0/0 (e=0/0)
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: trying public key file /root/.ssh/authorized_keys
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: restore_uid: 0/0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method publickey
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 2 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We received a signature in the user auth packet.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 0/0 (e=0/0)
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: trying public key file /root/.ssh/authorized_keys
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: restore_uid: 0/0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_rsa_verify: signature correct
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.notice] Failed publickey for root from 10.71.4.10 port 28154 ssh2
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method keyboard-interactive
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 3 initial attempt 0 failures 2 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: keyboard-interactive devs
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.info] Connection closed by 10.71.4.10
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x2df78(0x34f960)
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x262a8(0x3592f8)
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x53590(0x0)
Aug 30 09:46:51 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: child closed the communication pipe before user auth was finished
Aug 30 09:46:51 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: Calling cleanup 0x53590(0x0)
Aug 30 09:46:51 db01 last message repeated 1 time
Also, below shows the output on server1 (on the originating server) when I used "ssh -v -v -v root@server2" from server1 to connect to server2:
server1# ssh -v -v -v root@server2
Sun_SSH_2.2, SSH protocols 1.5/2.0, OpenSSL 0x1000110f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to db01 [10.65.4.139] port 22.
debug1: Connection established.
debug1: ssh_kmf_check_uri: /root/.ssh/identity
debug1: Identity file/URI '/root/.ssh/identity' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /root/.ssh/id_rsa
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: Identity file/URI '/root/.ssh/id_rsa' pubkey type ssh-rsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug1: Identity file/URI '/root/.ssh/id_dsa' pubkey type UNKNOWN
debug1: Logging to host: db01
debug1: Local user: root Remote user: root
debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.2
debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Creating a global KMF session.
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug1: SSH2_MSG_KEXINIT sent
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: KEX proposal I received from the peer:
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: kex_parse_kexinit: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha2-256
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug2: mac_setup: found hmac-sha2-256
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Peer sent proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: Negotiated lang: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: en_US.UTF-8
debug1: Remote: Negotiated messages locale: en_US.UTF-8
debug1: dh_gen_key: priv key bits set: 262/512
debug1: bits set: 2025/4095
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: match line 17
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: match line 17
debug1: Host 'db01' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:17
debug1: bits set: 2075/4095
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug2: set_newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug2: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: ssh_kmf_check_uri: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277 lastkey 73cee8 hint 1
debug3: Pubkey type from SSH_MSG_USERAUTH_PK_OK is ssh-rsa.
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug2: input_userauth_pk_ok: fp 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug3: sign_and_send_pubkey
debug1: ssh_kmf_check_uri: /root/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64)
Connection closed by 10.65.4.139
debug1: Calling cleanup 0x418a8(0x0)
ssh password prompt
asked Aug 29 '16 at 16:30
SteveSteve
164
Here's a difficult ssh problem I can't figure out on Solaris 11, although I think I'm an experienced UNIX/Linux sysadmin. :)
I've copied the root@server1:/root/.ssh/id_rsa.pub file to:
root@server2:/root/.ssh/authorized_keys
oracle@server2:/home/oracle/.ssh/authorized_keys
No problem logging on or running commands remotely for oracle@server2.
I keep getting the password prompt for root@server2.
If I run "sshd -d" (debug mode) on server2 and run "ssh root@server2 uptime" from server1, I get to see the following info on server2 until I get the password prompt and press Ctrl-C to interrupt it:
server2# /usr/lib/ssh/sshd -d
debug1: sshd version Sun_SSH_2.2
debug1: key_load_private: loading /etc/ssh/ssh_host_rsa_key
debug1: ssh_kmf_check_uri: /etc/ssh/ssh_host_rsa_key
debug1: read PEM private key done: type RSA
debug1: Private host key #0 of type 1 (RSA).
debug1: key_load_private: loading /etc/ssh/ssh_host_dsa_key
debug1: ssh_kmf_check_uri: /etc/ssh/ssh_host_dsa_key
debug1: read PEM private key done: type DSA
debug1: Private host key #1 of type 2 (DSA).
debug1: Creating a global KMF session.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
Connection from 10.71.4.10 port 21911
debug1: Client protocol version 2.0; client software version Sun_SSH_2.2
debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: Reloading X.509 host keys to avoid PKCS#11 fork issues.
monitor debug1: reading the context from the child
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug1: KEX proposal I received from the peer:
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: en-US
debug1: Peer sent proposed langtags, stoc: en-US
debug1: We proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Negotiated main locale: en_US.UTF-8
debug1: Negotiated messages locale: en_US.UTF-8
debug1: Host key type is 1.
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 252/512
debug1: bits set: 2051/4095
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 2036/4095
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Failed none for root from 10.71.4.10 port 21911 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 initial attempt 0 failures 0 initial failures 0
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: Test whether the public key is acceptable.
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug1: restore_uid: 0/0
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 2 initial attempt 0 failures 0 initial failures 0
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: We received a signature in the user auth packet.
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /root/.ssh/authorized_keys
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug1: restore_uid: 0/0
debug1: ssh_rsa_verify: signature correct
Failed publickey for root from 10.71.4.10 port 21911 ssh2
debug1: userauth-request for user root service ssh-connection method keyboard-interactive
debug1: attempt 3 initial attempt 0 failures 2 initial failures 0
debug1: keyboard-interactive devs
Connection closed by 10.71.4.10
debug1: Calling cleanup 0x2df78(0xec5010)
debug1: Calling cleanup 0x262a8(0xece938)
debug1: Calling cleanup 0x53590(0x0)
monitor debug1: child closed the communication pipe before user auth was finished
monitor debug1: Calling cleanup 0x53590(0x0)
monitor debug1: Calling cleanup 0x53590(0x0)
More information on the SSH server configuration:
server2# diff /root/.ssh/authorized_keys /home/oracle/.ssh/authorized_keys
server2#
server2# ls -l /root/.ssh/authorized_keys /home/oracle/.ssh/authorized_keys
-rw------- 1 oracle dba 396 Aug 29 08:53 /home/oracle/.ssh/authorized_keys
-rw------- 1 root root 396 Aug 29 08:53 /root/.ssh/authorized_keys
server2# ls -ld /root /home/oracle
drwxr-xr-x 30 oracle dba 69 Aug 20 06:13 /home/oracle
drwx------ 22 root root 43 Aug 29 08:52 /root
server2# ls -ld /root/.ssh /home/oracle/.ssh
drwx--x--x 2 root root 5 Mar 20 2014 /home/oracle/.ssh
drwx--x--x 2 root root 3 Aug 29 08:53 /root/.ssh
server2# grep Root /etc/ssh/sshd_config
PermitRootLogin yes
Below shows the remote server server2's /var/log/authlog when I attempted ssh root@server2 uptime from server1:
Aug 30 09:46:48 db01 sshd[11916]: [ID 800047 auth.debug] debug1: Forked child 13172.
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.info] Connection from 10.71.4.10 port 28154
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Client protocol version 2.0; client software version Sun_SSH_2.2
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Enabling compatibility mode for protocol 2.0
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] debug1: Local version string SSH-2.0-Sun_SSH_2.2
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Reloading X.509 host keys to avoid PKCS#11 fork issues.
Aug 30 09:46:48 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: reading the context from the child
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: use_engine is 'yes'
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: pkcs11 engine initialization complete
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: list_hostkey_types: ssh-rsa,ssh-dss
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: My KEX proposal before adding the GSS KEX algorithm:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEXINIT sent
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEXINIT received
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: My KEX proposal I sent to the peer:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: KEX proposal I received from the peer:
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: kex: client->server aes128-ctr hmac-sha2-256 none
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: kex: server->client aes128-ctr hmac-sha2-256 none
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Peer sent proposed langtags, ctos: en-US
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Peer sent proposed langtags, stoc: en-US
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Negotiated main locale: en_US.UTF-8
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Negotiated messages locale: en_US.UTF-8
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Host key type is 1.
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: dh_gen_key: priv key bits set: 267/512
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: bits set: 2056/4095
Aug 30 09:46:48 db01 sshd[13173]: [ID 800047 auth.debug] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: bits set: 2053/4095
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: set_newkeys: setting new keys for 'out' mode
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_NEWKEYS sent
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: expecting SSH2_MSG_NEWKEYS
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: set_newkeys: setting new keys for 'in' mode
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: SSH2_MSG_NEWKEYS received
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: KEX done
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method none
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Failed none for root from 10.71.4.10 port 28154 ssh2
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method publickey
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 1 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Test whether the public key is acceptable.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 0/0 (e=0/0)
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: trying public key file /root/.ssh/authorized_keys
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: restore_uid: 0/0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method publickey
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 2 initial attempt 0 failures 0 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: We received a signature in the user auth packet.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 0/0 (e=0/0)
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: trying public key file /root/.ssh/authorized_keys
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_kmf_key_from_blob: blob length is 277.
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: matching key found: file /root/.ssh/authorized_keys, line 1
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.info] Found matching RSA key: 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: restore_uid: 0/0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: ssh_rsa_verify: signature correct
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.notice] Failed publickey for root from 10.71.4.10 port 28154 ssh2
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: userauth-request for user root service ssh-connection method keyboard-interactive
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: attempt 3 initial attempt 0 failures 2 initial failures 0
Aug 30 09:46:49 db01 sshd[13173]: [ID 800047 auth.debug] debug1: keyboard-interactive devs
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.info] Connection closed by 10.71.4.10
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x2df78(0x34f960)
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x262a8(0x3592f8)
Aug 30 09:46:51 db01 sshd[13173]: [ID 800047 auth.debug] debug1: Calling cleanup 0x53590(0x0)
Aug 30 09:46:51 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: child closed the communication pipe before user auth was finished
Aug 30 09:46:51 db01 sshd[13172]: [ID 800047 auth.debug] monitor debug1: Calling cleanup 0x53590(0x0)
Aug 30 09:46:51 db01 last message repeated 1 time
Also, below shows the output on server1 (on the originating server) when I used "ssh -v -v -v root@server2" from server1 to connect to server2:
server1# ssh -v -v -v root@server2
Sun_SSH_2.2, SSH protocols 1.5/2.0, OpenSSL 0x1000110f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to db01 [10.65.4.139] port 22.
debug1: Connection established.
debug1: ssh_kmf_check_uri: /root/.ssh/identity
debug1: Identity file/URI '/root/.ssh/identity' pubkey type UNKNOWN
debug1: ssh_kmf_check_uri: /root/.ssh/id_rsa
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug1: Identity file/URI '/root/.ssh/id_rsa' pubkey type ssh-rsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug1: Identity file/URI '/root/.ssh/id_dsa' pubkey type UNKNOWN
debug1: Logging to host: db01
debug1: Local user: root Remote user: root
debug1: Remote protocol version 2.0, remote software version Sun_SSH_2.2
debug1: match: Sun_SSH_2.2 pat Sun_SSH_2.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_2.2
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Creating a global KMF session.
debug1: My KEX proposal before adding the GSS KEX algorithm:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug1: SSH2_MSG_KEXINIT sent
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: SSH2_MSG_KEXINIT received
debug1: My KEX proposal I sent to the peer:
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: en-US
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: KEX proposal I received from the peer:
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: kex_parse_kexinit: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha2-256
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug2: mac_setup: found hmac-sha2-256
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
debug1: Peer sent proposed langtags, ctos: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: Peer sent proposed langtags, stoc: de-DE,en-US,es-ES,fr-FR,it-IT,ja-JP,ko-KR,pt-BR,zh-CN,zh-TW,i-default
debug1: We proposed langtags, ctos: en-US
debug1: We proposed langtags, stoc: en-US
debug1: Negotiated lang: en-US
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: en_US.UTF-8
debug1: Remote: Negotiated messages locale: en_US.UTF-8
debug1: dh_gen_key: priv key bits set: 262/512
debug1: bits set: 2025/4095
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: match line 17
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug3: check_host_in_hostfile: match line 17
debug1: Host 'db01' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:17
debug1: bits set: 2075/4095
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug2: set_newkeys: mode 1
debug1: set_newkeys: setting new keys for 'out' mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: set_newkeys: setting new keys for 'in' mode
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug2: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
)
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: ssh_kmf_check_uri: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying public key: /root/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277 lastkey 73cee8 hint 1
debug3: Pubkey type from SSH_MSG_USERAUTH_PK_OK is ssh-rsa.
debug1: ssh_kmf_key_from_blob: blob length is 277.
debug2: input_userauth_pk_ok: fp 8e:7f:c6:54:09:e7:fa:6e:5c:cc:c7:13:e2:13:90:22
debug3: sign_and_send_pubkey
debug1: ssh_kmf_check_uri: /root/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64)
Connection closed by 10.65.4.139
debug1: Calling cleanup 0x418a8(0x0)
ssh password prompt
ssh password prompt
asked Aug 29 '16 at 16:30
SteveSteve
164
asked Aug 29 '16 at 16:30
SteveSteve
164
edited Aug 30 '16 at 17:10
Steve
asked Aug 29 '16 at 16:30
SteveSteve
164
asked Aug 29 '16 at 16:30
SteveSteve
164
asked Aug 29 '16 at 16:30
SteveSteve
164
164
did you check the directory permissions for /root and /root/.ssh yet ? anything looser than 700 perms, will cause you this problem.
– MelBurslan
Aug 29 '16 at 16:38
SELinux permissions? Use more-dto get more debugging information.
– Jakuje
Aug 29 '16 at 16:50
(Original poster) Yep, I did. I included the directory permissions at the bottom of my posting.
– Steve
Aug 29 '16 at 16:51
(Original poster) To Jakuje - This happens between Solaris 11 servers.
– Steve
Aug 29 '16 at 16:53
What does your ~/.ssh/config file have in it on the originating server? (An empty or non-existent file is okay here.)
– John
Aug 29 '16 at 16:57
|
show 6 more comments
did you check the directory permissions for /root and /root/.ssh yet ? anything looser than 700 perms, will cause you this problem.
– MelBurslan
Aug 29 '16 at 16:38
SELinux permissions? Use more-dto get more debugging information.
– Jakuje
Aug 29 '16 at 16:50
(Original poster) Yep, I did. I included the directory permissions at the bottom of my posting.
– Steve
Aug 29 '16 at 16:51
(Original poster) To Jakuje - This happens between Solaris 11 servers.
– Steve
Aug 29 '16 at 16:53
What does your ~/.ssh/config file have in it on the originating server? (An empty or non-existent file is okay here.)
– John
Aug 29 '16 at 16:57
did you check the directory permissions for /root and /root/.ssh yet ? anything looser than 700 perms, will cause you this problem.
– MelBurslan
Aug 29 '16 at 16:38
did you check the directory permissions for /root and /root/.ssh yet ? anything looser than 700 perms, will cause you this problem.
– MelBurslan
Aug 29 '16 at 16:38
SELinux permissions? Use more
-d to get more debugging information.– Jakuje
Aug 29 '16 at 16:50
SELinux permissions? Use more
-d to get more debugging information.– Jakuje
Aug 29 '16 at 16:50
(Original poster) Yep, I did. I included the directory permissions at the bottom of my posting.
– Steve
Aug 29 '16 at 16:51
(Original poster) Yep, I did. I included the directory permissions at the bottom of my posting.
– Steve
Aug 29 '16 at 16:51
(Original poster) To Jakuje - This happens between Solaris 11 servers.
– Steve
Aug 29 '16 at 16:53
(Original poster) To Jakuje - This happens between Solaris 11 servers.
– Steve
Aug 29 '16 at 16:53
What does your ~/.ssh/config file have in it on the originating server? (An empty or non-existent file is okay here.)
– John
Aug 29 '16 at 16:57
What does your ~/.ssh/config file have in it on the originating server? (An empty or non-existent file is okay here.)
– John
Aug 29 '16 at 16:57
|
show 6 more comments
2 Answers
2
active
oldest
votes
0
I've copied the root@server1:/root/.ssh/id_rsa.pub file to:
root@server2:/root/.ssh/authorized_keys
It depends how you copy.
So it is important to copy keys not via Cut & Paste between login-sessions.
Just use "scp" to copy your id_rsa.pub key from server1 to server2:
scp root@server1:/root/.ssh/id_rsa.pub root@server2:/root/.ssh/authorized_keys
Make sure the permissions on the Home-Directory is not too open bit this will be reported by sshd to syslog.
regarding you output you may see (ssh -v -v -v root@server2):
key_read: no key found
It seems your id_rsa key is not valid. Please try to run a ssh-keygen to create a valid key and add the pub-key again.
answered Aug 30 '16 at 17:24
0x0C40x0C4
34516
(Original poster) To Malo - This is not the correct answer. Please read my original posting, as I already added the tightened permissions of related directories and files. No difference with the scp way of copying the file.
– Steve
Aug 30 '16 at 17:41
add a comment |
0
as per log it is using ssh-rsa. you might have used ssh-keygen -t rsa to generate public key
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
in the log it is trying with dsa algorithm.
debug1: Trying private key: /root/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
Please try generating public key with dsa algorithm
ssh-keygen -t dsa
ssh-copy-id -i /root/.ssh/id_dsa.pub server2
answered Jan 14 at 12:41
editiniteditinit
1165
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f306458%2fdifficult-authorized-keys-login-problem-only-for-root-on-solaris-11%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
I've copied the root@server1:/root/.ssh/id_rsa.pub file to:
root@server2:/root/.ssh/authorized_keys
It depends how you copy.
So it is important to copy keys not via Cut & Paste between login-sessions.
Just use "scp" to copy your id_rsa.pub key from server1 to server2:
scp root@server1:/root/.ssh/id_rsa.pub root@server2:/root/.ssh/authorized_keys
Make sure the permissions on the Home-Directory is not too open bit this will be reported by sshd to syslog.
regarding you output you may see (ssh -v -v -v root@server2):
key_read: no key found
It seems your id_rsa key is not valid. Please try to run a ssh-keygen to create a valid key and add the pub-key again.
answered Aug 30 '16 at 17:24
0x0C40x0C4
34516
(Original poster) To Malo - This is not the correct answer. Please read my original posting, as I already added the tightened permissions of related directories and files. No difference with the scp way of copying the file.
– Steve
Aug 30 '16 at 17:41
add a comment |
0
I've copied the root@server1:/root/.ssh/id_rsa.pub file to:
root@server2:/root/.ssh/authorized_keys
It depends how you copy.
So it is important to copy keys not via Cut & Paste between login-sessions.
Just use "scp" to copy your id_rsa.pub key from server1 to server2:
scp root@server1:/root/.ssh/id_rsa.pub root@server2:/root/.ssh/authorized_keys
Make sure the permissions on the Home-Directory is not too open bit this will be reported by sshd to syslog.
regarding you output you may see (ssh -v -v -v root@server2):
key_read: no key found
It seems your id_rsa key is not valid. Please try to run a ssh-keygen to create a valid key and add the pub-key again.
answered Aug 30 '16 at 17:24
0x0C40x0C4
34516
(Original poster) To Malo - This is not the correct answer. Please read my original posting, as I already added the tightened permissions of related directories and files. No difference with the scp way of copying the file.
– Steve
Aug 30 '16 at 17:41
add a comment |
0
0
0
I've copied the root@server1:/root/.ssh/id_rsa.pub file to:
root@server2:/root/.ssh/authorized_keys
It depends how you copy.
So it is important to copy keys not via Cut & Paste between login-sessions.
Just use "scp" to copy your id_rsa.pub key from server1 to server2:
scp root@server1:/root/.ssh/id_rsa.pub root@server2:/root/.ssh/authorized_keys
Make sure the permissions on the Home-Directory is not too open bit this will be reported by sshd to syslog.
regarding you output you may see (ssh -v -v -v root@server2):
key_read: no key found
It seems your id_rsa key is not valid. Please try to run a ssh-keygen to create a valid key and add the pub-key again.
answered Aug 30 '16 at 17:24
0x0C40x0C4
34516
I've copied the root@server1:/root/.ssh/id_rsa.pub file to:
root@server2:/root/.ssh/authorized_keys
It depends how you copy.
So it is important to copy keys not via Cut & Paste between login-sessions.
Just use "scp" to copy your id_rsa.pub key from server1 to server2:
scp root@server1:/root/.ssh/id_rsa.pub root@server2:/root/.ssh/authorized_keys
Make sure the permissions on the Home-Directory is not too open bit this will be reported by sshd to syslog.
regarding you output you may see (ssh -v -v -v root@server2):
key_read: no key found
It seems your id_rsa key is not valid. Please try to run a ssh-keygen to create a valid key and add the pub-key again.
answered Aug 30 '16 at 17:24
0x0C40x0C4
34516
edited Aug 31 '16 at 8:27
answered Aug 30 '16 at 17:24
0x0C40x0C4
34516
answered Aug 30 '16 at 17:24
0x0C40x0C4
34516
answered Aug 30 '16 at 17:24
0x0C40x0C4
34516
34516
(Original poster) To Malo - This is not the correct answer. Please read my original posting, as I already added the tightened permissions of related directories and files. No difference with the scp way of copying the file.
– Steve
Aug 30 '16 at 17:41
add a comment |
(Original poster) To Malo - This is not the correct answer. Please read my original posting, as I already added the tightened permissions of related directories and files. No difference with the scp way of copying the file.
– Steve
Aug 30 '16 at 17:41
(Original poster) To Malo - This is not the correct answer. Please read my original posting, as I already added the tightened permissions of related directories and files. No difference with the scp way of copying the file.
– Steve
Aug 30 '16 at 17:41
(Original poster) To Malo - This is not the correct answer. Please read my original posting, as I already added the tightened permissions of related directories and files. No difference with the scp way of copying the file.
– Steve
Aug 30 '16 at 17:41
add a comment |
0
as per log it is using ssh-rsa. you might have used ssh-keygen -t rsa to generate public key
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
in the log it is trying with dsa algorithm.
debug1: Trying private key: /root/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
Please try generating public key with dsa algorithm
ssh-keygen -t dsa
ssh-copy-id -i /root/.ssh/id_dsa.pub server2
answered Jan 14 at 12:41
editiniteditinit
1165
add a comment |
0
as per log it is using ssh-rsa. you might have used ssh-keygen -t rsa to generate public key
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
in the log it is trying with dsa algorithm.
debug1: Trying private key: /root/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
Please try generating public key with dsa algorithm
ssh-keygen -t dsa
ssh-copy-id -i /root/.ssh/id_dsa.pub server2
answered Jan 14 at 12:41
editiniteditinit
1165
add a comment |
0
0
0
as per log it is using ssh-rsa. you might have used ssh-keygen -t rsa to generate public key
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
in the log it is trying with dsa algorithm.
debug1: Trying private key: /root/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
Please try generating public key with dsa algorithm
ssh-keygen -t dsa
ssh-copy-id -i /root/.ssh/id_dsa.pub server2
answered Jan 14 at 12:41
editiniteditinit
1165
as per log it is using ssh-rsa. you might have used ssh-keygen -t rsa to generate public key
debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
in the log it is trying with dsa algorithm.
debug1: Trying private key: /root/.ssh/id_dsa
debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
Please try generating public key with dsa algorithm
ssh-keygen -t dsa
ssh-copy-id -i /root/.ssh/id_dsa.pub server2
answered Jan 14 at 12:41
editiniteditinit
1165
answered Jan 14 at 12:41
editiniteditinit
1165
answered Jan 14 at 12:41
editiniteditinit
1165
answered Jan 14 at 12:41
editiniteditinit
1165
1165
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f306458%2fdifficult-authorized-keys-login-problem-only-for-root-on-solaris-11%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
did you check the directory permissions for /root and /root/.ssh yet ? anything looser than 700 perms, will cause you this problem.
– MelBurslan
Aug 29 '16 at 16:38
SELinux permissions? Use more
-dto get more debugging information.– Jakuje
Aug 29 '16 at 16:50
(Original poster) Yep, I did. I included the directory permissions at the bottom of my posting.
– Steve
Aug 29 '16 at 16:51
(Original poster) To Jakuje - This happens between Solaris 11 servers.
– Steve
Aug 29 '16 at 16:53
What does your ~/.ssh/config file have in it on the originating server? (An empty or non-existent file is okay here.)
– John
Aug 29 '16 at 16:57