gets "failed password" when scripts are ssh'ing into server, but when I manually ssh in it works fine???



Hi guys,

I'm stuck on this. I can ssh my target prod server (call it server
A), and from there ssh into my repo server (say server B) fine. When
I run some scripts that are accessing server B from server A via ssh
however they get a a "failed password". Any ideas? What is the
difference from server B's perspective how the ssh connection is being
established? Here's a tail of the secure.log from Server B for both
cases.

---------- server B log when "manually ssh'ing in " -------------------
Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: checkpw()
succeeded, creating credential for user greg
Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: checkpw()
succeeded, creating shared credential for user greg
Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: Succeeded
authorizing right system.login.tty by client /usr/sbin/sshd for
authorization created by /usr/sbin/sshd.
Feb 6 15:23:18 Macintosh-2 sshd[2372]: Accepted
keyboard-interactive/pam for greg from 10.1.1.1 port 49636 ssh2

--------- server B log when scripts are trying to access ------------
Feb 6 15:23:53 Macintosh-2 sshd[2414]: error: PAM: Authentication
failure for greg from home.gregsdomainname.org
Feb 6 15:23:53: --- last message repeated 2 times ---
Feb 6 15:23:53 Macintosh-2 sshd[2414]: Failed password for greg from
10.1.1.1 port 50366 ssh2

Not sure if it's significant, however I acutally trigger the scripts
running on Server A from Server B itself. Hence end-to-end it is:

Server A (run capistrano init) ==ssh==> Sever B (run scripts)
====ssh===>Server A

Server B ssh config (/etc/ssh_config)
=========================
Macintosh-2:etc greg$ cat /etc/ssh_config
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication yes
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange yes
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no




Thanks



Relevant Pages

  • Re: Trouble with X11 over SSH on Mandriva 2010.0
    ... If next clean install/update causes ssh to break, ... installed the sshd daemon/service package (OpenSSH Server) on the server. ... correct values for client and server. ...
    (comp.os.linux.networking)
  • Re: Apache Software Foundation Server compromised, resecured. (fwd)
    ... this was one "result" of the comromised ssh binary at sourceforge. ... a public server of the Apache Software Foundation ... > (ASF) was illegally accessed by unknown crackers. ... > exhaustive audit of all Apache source code and binary distributions ...
    (FreeBSD-Security)
  • Re: FreeBSD Crash without Errors, Warnings, or Panics
    ... I suppose I could run on stable until the driver is fixed in a release branch, but I need this box up and online, and I've always read that the stable branch is not the place for production servers. ... I'm running 6.0-RELEASE-p5 on a Toshiba built server: dual Xeon Intel motherboard with a LSILogic MegaRAID controller. ... Also, some network ports still respond, like a telnet to port 22 to test SSH will yield an SSH banner, but trying to connect with SSH just hangs. ... The box runs a web-based app and connects to a local Postgres DB which seemed to be unable to start new connections being requested by the PHP scripts. ...
    (freebsd-hackers)
  • Re: restrict ssh access
    ... > We have one ssh server which receives about 6000 failed attempts to ... > unsuccessful login attempts per client IP address? ... the remote server is also running OpenSSH. ...
    (comp.security.ssh)
  • Re: SSH as root
    ... Subject: SSH as root ... but it doesn't require having a key on the server that could be ... If they compromise a server, and the passphrase, etc. is there, they only ... private key to anyone. ...
    (SSH)