From: Saxon, Stuart (Stuart.Saxon@centrica.co.uk)
Date: Sat May 27 2006 - 15:04:18 EDT
Dear community,
Can anybody help me with getting 'passwdless' ssh from a Solaris 9 host
to a Solaris 7 host.
I have configured (ssh-keygen) my Solaris 9 host and can sucessfully ssh
to all other hosts (Solaris 10,9,8) but not 7. Solaris 2.6 I don't care
about at this time.
I have installed OpenSSH on my Solaris 7 host and the pkginstall went
ok.
I have ssh-keygen'd -t rsa and dsa (the keys are installed under /.ssh/
I have copied over the Solaris9:/.ssh/.id_dsa.pub to the
Solaris7:/.ssh/authorized_keys file (using rcp)
I have edited the /etc/ssh/sshd_config file to PermitRootLogin Yes and
stopped and started sshd
That should do it ??? That works on all other ssh installs I have been
doing.
However it does not.
ssh -v -v -v Solaris 7 output below:
root@sun9 : # ssh -v -v -v pust27
SSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: ssh_connect: getuid 0 geteuid 0 anon 0
debug1: Connecting to sun7 [10.16.24.234] port 22.
debug1: Allocated local port 1023.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type 3
debug1: Bad RSA1 key file /root/.ssh/id_rsa.
debug1: identity file /root/.ssh/id_rsa type 3
debug1: Bad RSA1 key file /root/.ssh/id_dsa.
debug1: identity file /root/.ssh/id_dsa type 3
debug1: Remote protocol version 2.0, remote software version
OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.0.1
debug1: sent kexinit: diffie-hellman-group1-sha1
debug1: sent kexinit: ssh-rsa,ssh-dss
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: hmac-sha1,hmac-md5
debug1: sent kexinit: none
debug1: sent kexinit: none
debug1: sent kexinit:
debug1: sent kexinit:
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: got kexinit: ssh-rsa,ssh-dss
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug1: got kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
6,hmac-md5-96
debug1: got kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
6,hmac-md5-96
debug1: got kexinit: none,zlib
debug1: got kexinit: none,zlib
debug1: got kexinit:
debug1: got kexinit:
debug1: first kex follow: 0
debug1: reserved: 0
debug1: done
debug2: mac_init: found hmac-sha1
debug1: kex: server->client unable to decide common locale
debug1: kex: server->client aes128-cbc hmac-sha1 none
debug2: mac_init: found hmac-sha1
debug1: kex: client->server unable to decide common locale
debug1: kex: client->server aes128-cbc hmac-sha1 none
debug1: Sending SSH2_MSG_KEXDH_INIT.
debug1: bits set: 547/1024
debug1: Wait SSH2_MSG_KEXDH_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host 'sun7' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1007
debug1: bits set: 487/1024
debug1: ssh_rsa_verify: signature correct
debug1: Wait SSH2_MSG_NEWKEYS.
debug1: GOT SSH2_MSG_NEWKEYS.
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: done: KEX2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug3: start over, passed a different list
debug3: authmethod_lookup publickey
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: key does not exist: /root/.ssh/identity
debug1: try pubkey: /root/.ssh/id_rsa
debug1: read SSH2 private key done: name rsa w/o comment success 1
debug3: sign_and_send_pubkey
debug2: ssh_rsa_sign: done
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try pubkey: /root/.ssh/id_dsa
debug1: read SSH2 private key done: name dsa w/o comment success 1
debug3: sign_and_send_pubkey
debug1: sig size 20 20
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue:
publickey,password,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: authmethod_lookup password
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
root@sun7's password:
Hmm go figure any help is a great help. I can't see much wrong
............
My reasons for wanting do this is that my company finally have woken up
to getting rid of Solaris 2.6 and 7 and also getting rid of rsh .....
Are there any alteratives that I could try ----- i.e. could I install
Sun SSH on the Solaris 7 server ----- would it work ?
Stuart Saxon
Datacenter Engineering Standards Team
Centrica
Mobile: 07789 571811
_____________________________________________________________________
The information contained in or attached to this email is intended only for
the use of the individual or entity to which it is addressed. If you are not
the intended recipient, or a person responsible for delivering it to the
intended recipient, you are not authorised to and must not disclose, copy,
distribute, or retain this message or any part of it. It may contain
information which is confidential and/or covered by legal professional or
other privilege (or other rules or laws with similar effect in jurisdictions
outside England and Wales).
The views expressed in this email are not necessarily the views of Centrica
plc, and the company, its directors, officers or employees make no
representation or accept any liability for its accuracy or completeness unless
expressly stated to the contrary.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:39:58 EDT