I have been asked to look at a problem with implementing SSH on an HP-UX server which a colleague has set up. Users connect through PuTTY. When I try to establish a connection I see the following message:
Code:
Usage: -ssh [options] host [command]
Options:
-l user Log in using this user name.
-n Redirect input from /dev/null.
-F config Config file (default: ~/.ssh/config).
-A Enable authentication agent forwarding.
-a Disable authentication agent forwarding (default).
-X Enable X11 connection forwarding.
-x Disable X11 connection forwarding (default).
-i file Identity for public key authentication (default: ~/.ssh/identity)
-t Tty; allocate a tty even if command is given.
-T Do not allocate a tty.
-h Display basic help message .
-k Disables forwarding (delegation) of GSSAPI credentials.
-v Verbose; display verbose debugging messages.
Multiple -v increases verbosity.
-V Display version number only.
-q Quiet; don't display any warning messages.
-f Fork into background after authentication.
-e char Set escape character; ``none'' = disable (default: ~).
-c cipher Select encryption algorithm
-m macs Specify MAC algorithms for protocol version 2.
-p port Connect to this port. Server must be on the same port.
-L listen-port:host:port Forward local port to remote address
-R listen-port:host:port Forward remote port to local address
These cause -ssh to listen for connections on a port, and
forward them to the other side by connecting to host:port.
-D port Enable dynamic application-level port forwarding.
-C Enable compression.
-Y Enables trusted X11 forwarding.
-M Place ssh into master mode for connection Sharing.
-N Do not execute a shell or command.
-g Allow remote hosts to connect to forwarded ports.
-1 Force protocol version 1.
-2 Force protocol version 2.
-4 Use IPv4 only.
-6 Use IPv6 only.
-o 'option' Process the option as if it was read from a configuration file.
-s Invoke command (mandatory) as SSH2 subsystem.
-S ctl Specifies control socket for connection sharing.
-b addr Local IP address.
I have tried setting up traces on the server and running PuTTY interactively from a command line but no trace information is being generated. I think the client is passing authentication but whatever command is being issued on the server to start the shell is incorrectly formed.
Can anyone please advise where I can find this command or how I can go about amending it? This is an area about which I know almost nothing.
Thank you.
Last edited by jim mcnamara; 10-01-2013 at 09:58 AM..
Can you try another ssh protocol-using command - sftp or scp?
That will verify the remote sshd_config is set up at least somewhat correctly. If that works, then we will have to have somebody here with more HPUX experience than me help you.
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 10.210.1.42 [10.210.1.42] port 2222.
debug1: Connection established.
debug1: identity file /home/cyborg/.ssh/identity type -1
debug1: identity file /home/cyborg/.ssh/id_rsa type -1
debug1: identity file /home/cyborg/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9
debug1: match: OpenSSH_3.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
Ok. I understand ssh to some degree - it looks like there is something, on the remote side, that has an issue. I do not get the cipher error at all.
Do not test with the root account, use a non-superuser, maybe create one:
1. put up a vanilla sshd_config file on the HPUX box - the one that comes with the distribution. It may not fit your security model, but this is just testing.
2. check protections on the new remote account
.ssh directory 700
all files in .ssh 600 or 700
login directory 755
3. See if you can ssh from HPUX back to the sun box (not as root):
Code:
ssh j_walleans@sunbox
If that goes, try from sun to hpux. --as the new user
Thanks for that - it may take time to dig out the vanilla file (I'm in UK, box is in US, don't know where the media might be) but I will give that a go.
I have tried the above using every sshd_config file I could find on the machine, including some dated as far back as 2004. None have made any difference.
Are there other functioning, ssh-wise, HPUX boxes in the network? In the OSes I know well, /etc/ssh... has several important files: keys, an ssh config file, and the sshd_config file. Ignoring keys, I would look to see diffs in ssh_config and sshd_config among servers. If they are all the same, including the problem child, something else is wrong, possibly the ssh service startup. Restart the service correctly. Check to be sure the account you use does not have a "personal" ssh config file, unless that is standard company-wide.
When you are doing the diffs be sure to compare systems with equivalent patch levels.
Note patch discrepancies.
What I am doing is trying to rule out issues: config files, patch levels, service startup.
I cannot imagine that there is an issue with the TCP stack - ndd settings, but that would be the next thing to try.
I am assuming you tried to
Code:
ssh myusername@localhost
on the rogue host (not as root) to eliminate some transport issues/hardware. This bypasses the NIC and uses the TCP stack in the kernel. At least it does everywhere I've worked with it.
Hello,
I have another problem with my script. Please accept my apologies, but I am really nooby in sh scripts. I am writing it for first time.
My script:
returned=`tail -50 SapLogs.log | grep -i "Error"`
echo $returned
if ; then
echo "There is no errors in the logs"
fi
And after... (10 Replies)
I am attempting to ssh to a server and grab the line from /etc/group if it contains a specific GID.
Example line from /etc/group:
mysql:!:64600:mysql
Run locally on <host>:
# awk -F: '$3 == 64600 {print $1}' /etc/group
mysql
Attempt to ssh to <host> and execute:
# ssh <host>... (3 Replies)
Hi,
I need help on following linux bash script. When I linux commands for loop or while loop on individual file it runs great. but now I want the script to run on N number of files so it gives me ambiguous redirect error on line 12 and syntax error on line 22 : (pls help );
#!/bin/bash
#... (16 Replies)
Hi All
I am quite new to Unix. Following is a shell script that i have written and getting the subject mentioned error.
#!/bin/ksh
#-------------------------------------------------------------------------
# File: ang_stdnld.ksh
#
# Desc: UNIX shell script to extract Store information.... (3 Replies)
Help please! :confused:
I have the following error with the following file and the emails are not arriving to the email, any idea please?
ERROR: ./launch_full_backup.sh: Syntax error at line 28 : `else' is not expected.
FECHA=`date +%d%m%y%H%M`... (2 Replies)
Hello, the following is generating a error at the line "tmprintf(&tmBundle, _TMC("{0}"),Prompt);"... a bit lost as I am diving into this debug...
Thank you in advance...
int H_YesNo(TMCHAR *Prompt, int DefVal)
{
TMCHAR YesNo = '\0';
tmprintf(&tmBundle, _TMC("{0}"),Prompt);
while... (3 Replies)
My script is throwing the error 'Syntax error: redirection unexpected'
My line of code..
cat nsstatustest.html | sed s/<tr><td align="left">/<tr><td align="left" bgcolor="#000000"><font color="white">/ > ztmp.Ps23zp2s.2-Fpps3-wmmm0dss3
HTML tags are getting in the way but they're needed to... (3 Replies)
--------------------------------------------------------------------------------
Hello, help me please.
I am trying to create a mksysb bakup using nim. I am geting this error, how to correct it ? :
Command : failed stdout: yes stderr: no... (9 Replies)
hi there
i write one awk script file in shell programing
the code is related to dd/mm/yy to month, day year format
but i get an error
please can anybody help me out in this problem ??????
i give my code here including error
awk `
# date-month -- convert mm/dd/yy to month day,... (2 Replies)
