Question

SSH failure, putty client log has 2005-10-10 17:19:27 Keyboard-interactive authentication refused

Asked by: manualvin

Hi All,

I'm having problems accessing ssh for the following version , installed on Solaris 8

OpenSSH_4.2p1, OpenSSL 0.9.8 05 Jul 2005

When i ssh in from my LAN, it does not give me any problems. However when i set up a NAT from an external ip to this ip and i perform ssh to this external ip, i get the following error in putty client log

2005-10-10 17:19:27      Keyboard-interactive authentication refused

also, i get "access denied" from the console and any passwords for any user account fails.

In addition, 1 thing funny is that i noticed there is this message when i login via external ip:

                            ****USAGE WARNING****

This is a private computer system. This computer system, including all
related equipment, networks, and network devices (specifically including
Internet access) are provided only for authorized use. This computer system
may be monitored for all lawful purposes, including to ensure that its use
is authorized, for management of the system, to facilitate protection against
unauthorized access, and to verify security procedures, survivability, and
operational security. Monitoring includes active attacks by authorized entities
to test or verify the security of this system. During monitoring, information
may be examined, recorded, copied and used for authorized purposes. All
information, including personal information, placed or sent over this system
may be monitored.

Use of this computer system, authorized or unauthorized, constitutes consent
to monitoring of this system. Unauthorized use may subject you to criminal
prosecution. Evidence of unauthorized use collected during monitoring may be
used for administrative, criminal, or other adverse action. Use of this system
constitutes consent to monitoring for these purposes.
-------------------------------------------------------------
which I did not notice at all when i logged in locally. In addition, it does not perform logging to

/var/log/authlog

-rw-------   1 root     sys            0 Oct 10 17:32 authlog

in /etc/syslog.conf, i have added the following line

auth.info                       /var/log/authlog

but it does not seem to log to here at all, strange. I also added tcp wrappers though, i'm not sure if that's the reason why the whole thing is failing, any ssh experts out there who can shed light on this problem?

Thanks in Advance,
Alvin

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2005-10-10 at 03:04:08ID21589363
Tags

authentication

,

putty

,

solaris

,

refused

,

ssh

Topic

Unix Network Security

Participating Experts
2
Points
50
Comments
8

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. SSH 3.2
    Dear all, I had downloaded the ssh 3.2 and completed the configure, make and make install session in 7.2 linux box. there is no problem during the source code installation. However when I try to setup the auth method with 1) using key exchange in between external email se...
  2. SSH / SFTP on Solaris
    I am trying to run a secure FTP on a Solaris 9 system. It says that you can pass options to SSH from SFTP but I'm not sure how. The parameters I'm using on SSH are: ssh -2 -c blowfish How do you make sftp use -2 and blowfish (for better security) ? Thanks, Mark
  3. Problmem of SSH in Solaris 8
    Recently, we implemented OpenSSH in Solaris 8. However, we ecncountered that sometime one of hosts can not ssh to one host named hkmauat. here is the debug log: <Can access> hkmarmmsdr:/export/home/hkcheung> ssh -v hkmauat OpenSSH_3.6.1p1, SSH protocols 1.5/2.0, ...
  4. ssh hangs on Solaris
    hi there, Some times my SSH hangs after executing a command it does not come back to the command prompt. I am executing a command like this.. $ ssh user@server "command" For most of the commands it works fine. My OS is Solaris, and login shell is kshell. Looki...
  5. how to create SSH connection
    hi guys, i have a server with database and directory i want to give SSH connection to an external company to drop xml files in to that director how can configure it or do it please help

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: ahoffmannPosted on 2005-10-10 at 07:17:24ID: 15052384

in your sshd_conf set following:
  ReverseMappingCheck no

then restart sshd

 

by: gheistPosted on 2005-10-10 at 09:31:45ID: 15053376

Some firewall serves that message

 

by: manualvinPosted on 2005-10-10 at 18:37:11ID: 15057021

Hi ahoffman,

Thanks for your comments but when i issued the following command,


bash-2.03# /etc/init.d/sshd stop
Stopping the secure shell daemon
bash-2.03# /etc/init.d/sshd start
Starting the secure shell daemon

bash-2.03# /usr/local/etc/sshd_config line 67: Deprecated option ReverseMappingCheck

The option was already commented out before i edited the config.

Here's my sshd config below, is there anything that i've done wrong here?

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /usr/local/etc/ssh_host_key
HostKey /usr/local/etc/ssh_host_rsa_key
HostKey /usr/local/etc/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
#RhostsAuthentication no
#
# For this to work you will also need host keys in /usr/local/etc/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
#AllowedAuthentications keyboard-interactive

# Comment to enable s/key passwords or PAM interactive authentication
# NB. Neither of these are compiled in by default. Please read the
# notes in the sshd(8) manpage before enabling this on a PAM system.
ChallengeResponseAuthentication no

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

#CheckMail yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
ReverseMappingCheck no
Subsystem       sftp    /usr/local/libexec/sftp-server

Regards,
Alvin

 

by: gheistPosted on 2005-10-10 at 22:12:47ID: 15057785

UseDNS no
in case with 4.2

 

by: ahoffmannPosted on 2005-10-11 at 00:29:39ID: 15058248

<off-topic>
   PermitRootLogin yes

are you sure you want that?
</off-topic>

 

by: manualvinPosted on 2005-10-12 at 04:14:07ID: 15067665

<off-topic>

Yes, point noted, i will take that option out

Having trouble with my solaris Ultra 10 though, not responding..

my ultra 10 solaris keeps on hanging...any body know the reason why? i've already set the power management option to never for all, including disks but the server always keeps hanging

I suspect it's suspending but does suspend result in network connection also terminating?

</off-topic>

 

by: gheistPosted on 2005-10-12 at 09:24:06ID: 15070372

This one causes putty error. Change to yes and post back
ChallengeResponseAuthentication no

<offtopic>
Remove, vaccum-clean and put back all removeable components you find in computer case.
Probably some connection went loose in all those years.
</offtopic>

 

by: manualvinPosted on 2005-10-12 at 20:43:12ID: 15074439

Hi gheist,

Thanks for your recommendations!

Regards,
Alvin

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...