RE: Going MAD trying to get scp working on Solaris8 (SSH-2.0-OpenSSH_ 3.4p1) - Pleeeese Help.

• Previous message: Tim Best: "Tunnel via command line"
• Next in thread: Mak, Andrew: "RE: Going MAD trying to get scp working on Solaris8 (SSH-2.0-OpenSSH_ 3.4p1) - Pleeeese Help."
• Maybe reply: Mak, Andrew: "RE: Going MAD trying to get scp working on Solaris8 (SSH-2.0-OpenSSH_ 3.4p1) - Pleeeese Help."
• Maybe reply: wjnorth: "RE: Going MAD trying to get scp working on Solaris8 (SSH-2.0-OpenSSH_ 3.4p1) - Pleeeese Help."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 18 Jun 2003 08:51:33 -0600
To: "Wright, Gary" <Gary.Wright@uk.experian.com>, <secureshell@securityfocus.com>

Hi Gary,

We have a lot of Solaris machines from 2.6 to 2.8 all using SSH. We built
everything with packages from SunFreeware when possible and other than
requiring a link from /dev/urandom/pool to /var/spool/prngd/pool the packages
worked fine on 8.
My understanding is if the option is commented out in sshd_config then this
is the value for that option, here is the auth section of our sshd_config
files.

# Authentication:

#LoginGraceTime 600
PermitRootLogin no
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in
/usr/local/etc/ssh_known_host
s
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
I just made a new password free connection a few minutes ago to make sure our
site works as expected and all is well. Not sure if that helps but we are
running the same version as you on both Intel and Sparc. Perhaps you could
borrow the auth section just to test things out and then work back from
there. I checked our files and they don't include the AllowedAuthentications
option.

Good luck,

Doug Leece
Calgary Alberta
 

-----Original Message-----
From: Wright, Gary [mailto:Gary.Wright@uk.experian.com]
Sent: Tuesday, June 17, 2003 11:39 AM
To: 'secureshell@securityfocus.com'
Subject: Going MAD trying to get scp working on Solaris8
(SSH-2.0-OpenSSH_ 3.4p1) - Pleeeese Help.

I have now been struggling for ages to get scp working so that I can copy
files between Solaris8 servers.
As soon as I can get it working, I need to place the scp copy commands
within a script for overnight batch jobs etc etc...

I am using DSA ssh2 keys and CAN copy files by entering a password - no
good for scripts :-(
However, no matter what I do, it appears that SSH only wants to use password
or keyboard-interactive as authentication means.

Please refer to a typical scp -v command shown below :-

debug3: check_host_in_hostfile: filename /users/oraprod/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /users/oraprod/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'devbox' is known and matches the RSA host key.
debug1: Found key in /users/oraprod/.ssh/known_hosts:1
debug1: bits set: 1557/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: password,keyboard-interactive
debug3: start over, passed a different list password,keyboard-interactive
debug3: preferred publickey
debug1: no more auth methods to try
Permission denied (password,keyboard-interactive).
debug1: Calling cleanup 0x3f4d0(0x0)
lost connection

Notice that SSH is stating that authentications it can use are password or
keyboard-interactive only - This must be set in the master sshd_config or
config file
but I can't see it. I've added the following line to sshd_config but it
makes no difference.

AllowedAuthentications publickey,password,hostbased
 
Can anyone please suggest how I can configure SSH to try using publickey
encryption - Think I'm going mad......!!!!!!!

Best Regards,

Gary.

=======================================================================
Information in this email and any attachments are confidential, and may
not be copied or used by anyone other than the addressee, nor disclosed
to any third party without our permission. There is no intention to
create any legally binding contract or other commitment through the use
of this email.
Experian Limited (registration number 653331).
Registered office: Talbot House, Talbot Street, Nottingham NG1 5HF

• Previous message: Tim Best: "Tunnel via command line"
• Next in thread: Mak, Andrew: "RE: Going MAD trying to get scp working on Solaris8 (SSH-2.0-OpenSSH_ 3.4p1) - Pleeeese Help."
• Maybe reply: Mak, Andrew: "RE: Going MAD trying to get scp working on Solaris8 (SSH-2.0-OpenSSH_ 3.4p1) - Pleeeese Help."
• Maybe reply: wjnorth: "RE: Going MAD trying to get scp working on Solaris8 (SSH-2.0-OpenSSH_ 3.4p1) - Pleeeese Help."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]