From: Loris Serena (loris.serena@bt.com)
Date: Wed Aug 17 2005 - 11:07:28 EDT
SunManagers,
I have this Solaris 10 x86 box that worked fine (i.e. I could connect to it
via ssh just ok)
I've downloaded and installed SST 4.2 (Solaris Security Toolkit - aka Jass)
and installed it with the -d secure.driver.
After rebooting, I'm experiencing some difficulties logging in via ssh.
1. no changes were made to sshd_config by SST (except Banner /etc/issue)
[minivip]$ ssh -V
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
[minivip]$
Also, I'm not (yet) using SSH keys, just standard unix username/password
authentication
2. I can no longer ssh from a Wintel box using PuTTY (0.58);
a. PuTTY returns "Server unexpectedly closed network connection"
b. putty.log logs nothing;
c. in /var/adm/messages on the Solaris 10 box I get:
Aug 17 15:39:05 minivip sshd[637]: [ID 947420 auth.warning] refused
connect from 10.40.5.182
3. I can no longer ssh from (the same) Wintel box using
Win32OpenSSH(3.8.1)/cygwin;
a.
$ ssh -v -v -v 10.40.5.23
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.40.5.23 [10.40.5.23] port 22.
debug1: Connection established.
debug1: identity file /home/lserena/.ssh/identity type -1
debug1: identity file /home/lserena/.ssh/id_rsa type -1
debug1: identity file /home/lserena/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
$
b. in /var/adm/messages on the Solaris 10 box I get:
Aug 17 15:42:21 minivip sshd[647]: [ID 947420 auth.warning] refused
connect from 10.40.5.182
4. A cmd/DOS "telnet 10.40.5.23 22" seems to go through OK
5. I still can ssh from a Solaris 8 x86 using OpenSSH 4.1
[nemo]$ ssh -V
OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005
[nemo]$
6. I still can ssh from a Solaris 9 SPARC
[birba]$ ssh -V
SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0.
[birba]$
I even had a look at Sunsolve (Sun Alert ID: 101834)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101834-1&searchclau
se=101834
<http://sunsolve.sun.com/search/document.do?assetkey=1-26-101834-1&searchcla
use=101834>
but I've actually patch 119076-05 installed already.
Here is the sshd_config on the Solaris 10 x86 box.
[minivip]/etc/ssh$ cat sshd_config | grep -v "^#" | grep -v "^$"
Protocol 2
Port 22
ListenAddress ::
AllowTcpForwarding no
GatewayPorts no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
Banner /etc/issue
PrintMotd no
KeepAlive yes
SyslogFacility auth
LogLevel info
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
KeyRegenerationInterval 3600
StrictModes yes
LoginGraceTime 600
MaxAuthTries 6
MaxAuthTriesLog 3
PermitEmptyPasswords no
PasswordAuthentication yes
PAMAuthenticationViaKBDInt yes
PermitRootLogin no
Subsystem sftp /usr/lib/ssh/sftp-server
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
[minivip]/etc/ssh$
Does anybody know how to get this sorted or could you please point me to the
right direction?
Thanks in advance
Loris
BT Communications Ireland Limited
is a wholly owned subsidiary of BT Group plc
Registered in Ireland, Registration No. 141524
Grand Canal Plaza, Upper Grand Canal Street, Dublin, Ireland
This electronic message contains information (and may contain files) from BT
Communications Ireland Limited which may be privileged or confidential. The
information is intended to be for the sole use of the individual(s) or
entity named above. If you are not the intended recipient be aware that any
disclosure, copying, distribution or use of the contents of this information
and or files is prohibited. If you have received this electronic message in
error, please notify us by telephone or email (to the numbers or address
above) immediately. http://www.btireland.ie
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:31:20 EDT