Smart questions
Smart answers
Smart people
Join Tek-Tips Forums
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

coopermarsh (MIS) (OP)
10 Jun 10 9:31
Hi

Having problems sshing to a solaris box

PermitRootLogin=yes

I getr the error

CODE

sh-3.00$ ssh root@isln616
Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).
coopermarsh (MIS) (OP)
10 Jun 10 9:33
sorry meant to add

its a solaris 10 box

svcadm starts ssh

svcs reports online

log reports exited with status 0
coopermarsh (MIS) (OP)
10 Jun 10 9:37
Added output from ssh -v

CODE

ssh root@isln616[1@-[1@v[1@
Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Rhosts Authentication disabled, originating port will not be trusted.

debug1: ssh_connect: needpriv 0

debug1: Connecting to isln616 [10.56.16.166] port 22.

debug1: Connection established.

debug1: identity file /homedir/users/coojus/.ssh/identity type -1

debug1: identity file /homedir/users/coojus/.ssh/id_rsa type -1

debug1: identity file /homedir/users/coojus/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1

debug1: match: Sun_SSH_1.1 pat Sun_SSH_1.1*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-Sun_SSH_1.1.1

debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-ctr hmac-md5 none

debug1: kex: client->server aes128-ctr hmac-md5 none

debug1: Peer sent proposed langtags, ctos: i-default

debug1: Peer sent proposed langtags, stoc: i-default

debug1: We proposed langtags, ctos: i-default

debug1: We proposed langtags, stoc: i-default

debug1: Negotiated lang: i-default

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: Remote: Negotiated main locale: C

debug1: Remote: Negotiated messages locale: C

debug1: dh_gen_key: priv key bits set: 130/256

debug1: bits set: 1611/3191

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'isln616' is known and matches the RSA host key.

debug1: Found key in /homedir/users/coojus/.ssh/known_hosts:3

debug1: bits set: 1589/3191

debug1: ssh_rsa_verify: signature correct

debug1: newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: done: ssh_kex2.

debug1: send SSH2_MSG_SERVICE_REQUEST

debug1: got SSH2_MSG_SERVICE_ACCEPT

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive

debug1: Next authentication method: gssapi-keyex

debug1: Next authentication method: gssapi-with-mic

debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)

debug1: Next authentication method: publickey

debug1: Trying private key: /homedir/users/coojus/.ssh/identity

debug1: Trying private key: /homedir/users/coojus/.ssh/id_rsa

debug1: Trying private key: /homedir/users/coojus/.ssh/id_dsa

debug1: Next authentication method: keyboard-interactive

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive

debug1: Next authentication method: keyboard-interactive

debug1: No more authentication methods to try.

Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).

debug1: Calling cleanup 0x341a0(0x0)
Annihilannic (MIS)
10 Jun 10 19:56
You don't generally get very useful debugging information from the ssh client (for security reasons).

This FAQ describes how to get debugging info from the server side, see if that gives you any better clues:

http://www.tek-tips.com/faqs.cfm?fid=6934

Annihilannic.

coopermarsh (MIS) (OP)
11 Jun 10 3:10
Thanks I will take a look.
coopermarsh (MIS) (OP)
11 Jun 10 3:16
HI output from debug mode

CODE

debug1: sshd version Sun_SSH_1.1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 1234 on ::.
Server listening on :: port 1234.
debug1: Server will not fork when running in debugging mode.
Connection from 127.0.0.1 port 37497
debug1: Client protocol version 2.0; client software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible

)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: i-default
debug1: Peer sent proposed langtags, stoc: i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated main locale: C
debug1: Negotiated messages locale: C
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 133/256
debug1: bits set: 1575/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1584/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 initial attempt 0 failures 0 initial failures 0
Failed none for root from 127.0.0.1 port 37497 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 0/1 (e=0/1)
debug1: trying public key file //.ssh/authorized_keys
debug1: restore_uid: 0/1
debug1: temporarily_use_uid: 0/1 (e=0/1)
debug1: trying public key file //.ssh/authorized_keys2
debug1: restore_uid: 0/1
Failed publickey for root from 127.0.0.1 port 37497 ssh2
debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 2 initial attempt 0 failures 2 initial failures 0
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 0/1 (e=0/1)
debug1: trying public key file //.ssh/authorized_keys
debug1: restore_uid: 0/1
debug1: temporarily_use_uid: 0/1 (e=0/1)
debug1: trying public key file //.ssh/authorized_keys2
debug1: restore_uid: 0/1
Failed publickey for root from 127.0.0.1 port 37497 ssh2
debug1: userauth-request for user root service ssh-connection method keyboard-interactive
debug1: attempt 3 initial attempt 0 failures 3 initial failures 0
debug1: keyboard-interactive devs
ld.so.1: sshd: fatal: relocation error: file /usr/lib/passwdutil.so.1: symbol __nsl_fgetspent_r: referenced symbol not found
Killed
Annihilannic (MIS)
11 Jun 10 3:24
Hmm... that's a bit dodgy.  Any changes/patches/software installations on that system recently that might have updated that library?

Annihilannic.

coopermarsh (MIS) (OP)
11 Jun 10 3:34
i can see from the history that one of the admins has run a pkgadd on SUNWcsl

A bollocking is in order if that is the case
AvayaTier3 (TechnicalUser)
11 Jun 10 9:01
can you use ssh and a different login for authentication?

A great teacher, does not provide answers, but methods to teach others "How and where to find the answers"

bsh

36 years Bell, AT&T, Lucent, Avaya
Tier 3 for 26 years and counting
http://bshtele.com

coopermarsh (MIS) (OP)
11 Jun 10 9:46
no, all the logins are denied.

luck i have a couple of windows open i can still work with.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close