SSH Into Zone???

From: Baillargeon, Sonny (Sonny.Baillargeon@bmonb.com)
Date: Thu Jun 16 2005 - 16:28:28 EDT

• Next message: Craig Russell: "knockd on Solaris 2.9"
• Previous message: Christopher L. Barnard: "SUMMARY: forcing memory allocation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I am trying to unify, access everything from everywhere, SSH2 from
ssh.com and Sun's version of OpenSSH. So I have a S10 box running the
out-of-the-box SSH and a S8 box running SSH2 3.2.9.1.

I can do SSH2 <=> OpenSSH no problems. Got all the keys converted back
and forth. When I ssh from the global zone on S10 to a sub-zone it
doesn't work. The thing that is getting me, I think anyway, is that the
sub-zone is mounting my home directory from an NFS server, the same as
the S8 box. I have kept the OpenSSH in the .ssh directory and the SSH2
in its .ssh2 directory. The global zone is a local home directory.

This is what the verbose output from the client in the global zone to
the sub-zone.

Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to sub-zone [10.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /export/home/sbaillar/.ssh/identity type -1
debug1: identity file /export/home/sbaillar/.ssh/id_rsa type -1
debug1: identity file /export/home/sbaillar/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: Failed to acquire GSS-API credentials for any mechanisms (No
credentials were supplied, or the credentials were unavailable or
inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: i-default
debug1: Peer sent proposed langtags, stoc: i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated lang: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: C
debug1: Remote: Negotiated messages locale: C
debug1: dh_gen_key: priv key bits set: 135/256
debug1: bits set: 1581/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sub-zone' is known and matches the RSA host key.
debug1: Found key in /export/home/sbaillar/.ssh/known_hosts:3
debug1: bits set: 1576/3191
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No
credentials were supplied, or the credentials were unavailable or
inaccessible
Unknown code 0
)
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/sbaillar/.ssh/identity
debug1: Trying private key: /export/home/sbaillar/.ssh/id_rsa
debug1: Trying public key: /export/home/sbaillar/.ssh/id_dsa
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:

Am I missing something?

Any suggestions will be appreciated.

Thanks,
Sonny

<FONT SIZE =
1>***************************************************************************
*
This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the sender
immediately by return e-mail, delete this e-mail and destroy any copies. Any
dissemination or use of this information by a person other than the intended
recipient is unauthorized and may be illegal. Unless otherwise stated,
opinions expressed in this e-mail are those of the author and are not endorsed
by the author's employer.</FONT>
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Craig Russell: "knockd on Solaris 2.9"
• Previous message: Christopher L. Barnard: "SUMMARY: forcing memory allocation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:55 EDT