Dear community, Thanks to Brian Kannheiser [mtkann@gmail.com] Koef [koef@notsupported.org] Darren Dunham [ddunham@taos.com] They all came up with the same solution .......... 1) Run sshd -s (debug mode) 2) Check permissions on / and /.ssh The problem was that the sun7 server had 775 on / and not 755. Once again thanks > _____________________________________________ > From: Saxon, Stuart > Sent: 27 May 2006 20:04 > To: sunmanagers@sunmanagers.org > Subject: Solaris 9 Sun SSH_1.0.1 to Solaris 7 OpenSSH_3.8.1p1 > woes > > Dear community, > > Can anybody help me with getting 'passwdless' ssh from a Solaris 9 > host to a Solaris 7 host. > > I have configured (ssh-keygen) my Solaris 9 host and can sucessfully > ssh to all other hosts (Solaris 10,9,8) but not 7. Solaris 2.6 I don't > care about at this time. > > I have installed OpenSSH on my Solaris 7 host and the pkginstall went > ok. > > I have ssh-keygen'd -t rsa and dsa (the keys are installed under > /.ssh/ > > I have copied over the Solaris9:/.ssh/.id_dsa.pub to the > Solaris7:/.ssh/authorized_keys file (using rcp) > > I have edited the /etc/ssh/sshd_config file to PermitRootLogin Yes and > stopped and started sshd > > That should do it ??? That works on all other ssh installs I have been > doing. > > However it does not. > > ssh -v -v -v Solaris 7 output below: > > root@sun9 : # ssh -v -v -v pust27 > SSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0. > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: ssh_connect: getuid 0 geteuid 0 anon 0 > debug1: Connecting to sun7 [10.16.24.234] port 22. > debug1: Allocated local port 1023. > debug1: Connection established. > debug1: identity file /root/.ssh/identity type 3 > debug1: Bad RSA1 key file /root/.ssh/id_rsa. > debug1: identity file /root/.ssh/id_rsa type 3 > debug1: Bad RSA1 key file /root/.ssh/id_dsa. > debug1: identity file /root/.ssh/id_dsa type 3 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_3.8.1p1 > debug1: match: OpenSSH_3.8.1p1 pat ^OpenSSH > Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-Sun_SSH_1.0.1 > debug1: sent kexinit: diffie-hellman-group1-sha1 > debug1: sent kexinit: ssh-rsa,ssh-dss > debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc > debug1: sent kexinit: aes128-cbc,blowfish-cbc,3des-cbc,rijndael128-cbc > debug1: sent kexinit: hmac-sha1,hmac-md5 > debug1: sent kexinit: hmac-sha1,hmac-md5 > debug1: sent kexinit: none > debug1: sent kexinit: none > debug1: sent kexinit: > debug1: sent kexinit: > debug1: send KEXINIT > debug1: done > debug1: wait KEXINIT > debug1: got kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > debug1: got kexinit: ssh-rsa,ssh-dss > debug1: got kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256 > -cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug1: got kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256 > -cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug1: got kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1 > -96,hmac-md5-96 > debug1: got kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1 > -96,hmac-md5-96 > debug1: got kexinit: none,zlib > debug1: got kexinit: none,zlib > debug1: got kexinit: > debug1: got kexinit: > debug1: first kex follow: 0 > debug1: reserved: 0 > debug1: done > debug2: mac_init: found hmac-sha1 > debug1: kex: server->client unable to decide common locale > debug1: kex: server->client aes128-cbc hmac-sha1 none > debug2: mac_init: found hmac-sha1 > debug1: kex: client->server unable to decide common locale > debug1: kex: client->server aes128-cbc hmac-sha1 none > debug1: Sending SSH2_MSG_KEXDH_INIT. > debug1: bits set: 547/1024 > debug1: Wait SSH2_MSG_KEXDH_REPLY. > debug1: Got SSH2_MSG_KEXDH_REPLY. > debug1: Host 'sun7' is known and matches the RSA host key. > debug1: Found key in /root/.ssh/known_hosts:1007 > debug1: bits set: 487/1024 > debug1: ssh_rsa_verify: signature correct > debug1: Wait SSH2_MSG_NEWKEYS. > debug1: GOT SSH2_MSG_NEWKEYS. > debug1: send SSH2_MSG_NEWKEYS. > debug1: done: send SSH2_MSG_NEWKEYS. > debug1: done: KEX2. > debug1: send SSH2_MSG_SERVICE_REQUEST > debug1: service_accept: ssh-userauth > debug1: got SSH2_MSG_SERVICE_ACCEPT > debug1: authentications that can continue: > publickey,password,keyboard-interactive > debug3: start over, passed a different list > debug3: authmethod_lookup publickey > debug3: authmethod_is_enabled publickey > debug1: next auth method to try is publickey > debug1: key does not exist: /root/.ssh/identity > debug1: try pubkey: /root/.ssh/id_rsa > debug1: read SSH2 private key done: name rsa w/o comment success 1 > debug3: sign_and_send_pubkey > debug2: ssh_rsa_sign: done > debug2: we sent a publickey packet, wait for reply > debug1: authentications that can continue: > publickey,password,keyboard-interactive > debug3: authmethod_lookup publickey > debug3: authmethod_is_enabled publickey > debug1: next auth method to try is publickey > debug1: try pubkey: /root/.ssh/id_dsa > debug1: read SSH2 private key done: name dsa w/o comment success 1 > debug3: sign_and_send_pubkey > debug1: sig size 20 20 > debug2: we sent a publickey packet, wait for reply > debug1: authentications that can continue: > publickey,password,keyboard-interactive > debug3: authmethod_lookup publickey > debug3: authmethod_is_enabled publickey > debug1: next auth method to try is publickey > debug2: we did not send a packet, disable method > debug3: authmethod_lookup publickey > debug3: authmethod_lookup password > debug3: authmethod_is_enabled password > debug1: next auth method to try is password > root@sun7's password: > > Hmm go figure any help is a great help. I can't see much wrong > ............ > > > My reasons for wanting do this is that my company finally have woken > up to getting rid of Solaris 2.6 and 7 and also getting rid of rsh > ..... > > Are there any alteratives that I could try ----- i.e. could I install > Sun SSH on the Solaris 7 server ----- would it work ? > > Stuart Saxon > Datacenter Engineering Standards Team > Centrica > Mobile: 07789 571811 > _____________________________________________________________________ The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside England and Wales). The views expressed in this email are not necessarily the views of Centrica plc, and the company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary. _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Sun May 28 03:02:32 2006
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:58 EST