SSH on redhat 6.2

Greetings experts.
This could be an easy question.
Specifics:
RH linux 6.2 server
Attempting to connect via ssh.
installed all the components to make this work.
When I attempt to connect no passwords are authenticated.  SSH appears to try to connect, it accepts the user name but not the password.  I have tried this by using another linux box and using:
ssh server.domainname.com
then it prompts for the root password, and when I enter the root password it will not accept it.  Same results when using a ssh interface from windows such as SecureCRT.
Thanks in advance.
EaglePressAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

majorwooCommented:
by defauly many ssh clients do not permit root login, check your sshd_config file for a line

PermitRoogLogin   no


and change it to yes and restart sshd
0
EaglePressAuthor Commented:
Already tried that.  I cannot login as ANY user.  The config file was changed from the beginning to allow root to login.
0
jjerome00Commented:

Have you tried to ssh to the computer from the same computer?  You should be able to do this from the machine.  It might be able to weed out any other problems (firewall, etc) you think you may be having.

Another simple approach is to try reinstalling the ssh server on the machine, or upgrading the machine altogether.  I'm not sure if this is an option, since you probably would have done that by now.

Hope some of this helps.

0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

shivsaCommented:
could u post the output of the following command.
ssh -v -v -v loginid@server.domainname.com

also check this file /etc/security/access.conf, this tells what users are blocked and what not.
also read this article about security of redhat.
http://www.puschitz.com/Security.shtml

also if u want to launch sshd in debug mode, launch like this and see for log files.
that might give u some clue.
stop sshd then re-launch it as "sshd -d -d -d"
0
Arindam_BiswasCommented:
may be it's due to your firewall configuration .try  stopping ipchains [ "service  ipchains stop" or "/etc/init.d/ipchains stop"]
and  try ssh again
0
paullamhkgCommented:
Also is there any prossible way that you set the users no login in the /etc/passwd

eg
root:x:0:0:root:/root:/bin/nologin
paul:x:500:500::/home/paul:/bin/nologin

if you have made this change root and paul can't login by remote, only login at the linux box console mode/GUI login.

will this be the case?
0
EaglePressAuthor Commented:
I will make several entries to answer all questions:
This is for shivsa:

Here is the output from ssh -v -v -v

[testy@eagle testy]$ ssh -v -v -v testy@eagle.eaglepress.net
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 0 anon 1
debug1: Connecting to eagle.eaglepress.net [127.0.0.1] port 22.
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/testy/.ssh/identity type -1
debug1: identity file /home/testy/.ssh/id_rsa type -1
debug1: identity file /home/testy/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 130/256
debug1: bits set: 1009/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Forcing accepting of host key for loopback/localhost.
debug1: bits set: 1020/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,password,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: password,keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try privkey: /home/testy/.ssh/identity
debug3: no such identity: /home/testy/.ssh/identity
debug1: try privkey: /home/testy/.ssh/id_rsa
debug3: no such identity: /home/testy/.ssh/id_rsa
debug1: try privkey: /home/testy/.ssh/id_dsa
debug3: no such identity: /home/testy/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
testy@eagle.eaglepress.net's password:
0
EaglePressAuthor Commented:
OK.  Answering a few more questions.

Q:also check this file /etc/security/access.conf, this tells what users are blocked and what not.
A:I looked at the /etc/security/access.conf file.  Every thing is set as default.  I have not made any changes to this file.

Q:stop sshd then re-launch it as "sshd -d -d -d"
A:I noticed this when I tried to stop and restart sshd

[root@eagle testy]# /etc/rc.d/init.d/sshd start        
$Starting sshd:execvp: No such file or directory
[FAILED]

Q:Have you tried to ssh to the computer from the same computer?
A:Same results.  I ssh servername.domainname.com then get prompted for the password then get "permission denied".  Tried this as root and as regular user.

Q:may be it's due to your firewall configuration .try  stopping ipchains [ "service  ipchains stop" or "/etc/init.d/ipchains stop"]
and  try ssh again
A:when i stopped the ipchains and tried ssh to connect I received an error: secure connection refused.

I will answer more questions on the next submit.   Trying not to make each one so long.
0
shivsaCommented:
[root@eagle testy]# /etc/rc.d/init.d/sshd start        
$Starting sshd:execvp: No such file or directory
[FAILED]

what heppened here, did u able to run.
if yes then now u must be having debug information.
could u post that too.

also when u complied ssh did u use add --with-md5-password  in your build script.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EaglePressAuthor Commented:
Here are the directions that I followed.  TO THE LETTER!
http://www.helpdesk.umd.edu/os/linux_redhat_6_2/installation/
Then click on the
Installing OpenSSH Server and Client link and the Installing OpenSSL link. Thanks.
0
shivsaCommented:
try running this on one window

/usr/local/sbin/sshd -d -d -d
then try tunning ssh -v -v -v testy@eagle.eaglepress.net

and send us output of sshd -d -d -d window.
0
EaglePressAuthor Commented:
[root@eagle /]# /usr/local/sbin/sshd -d -d -d
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9p2
debug1: private host key: #0 type 0 RSA1
debug3: No RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: No RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Invalid argument
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete



[testy@eagle /]$ ssh -v -v -v testy@eagle.eaglepress.net
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 0 anon 1
debug1: Connecting to eagle.eaglepress.net [127.0.0.1] port 22.
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: connect: Connection refused
debug1: restore_uid
debug1: Trying again...
debug1: Connecting to eagle.eaglepress.net [127.0.0.1] port 22.
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: connect: Connection refused
debug1: restore_uid
debug1: Trying again...
debug1: Connecting to eagle.eaglepress.net [127.0.0.1] port 22.
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: connect: Connection refused
debug1: restore_uid
debug1: Trying again...
debug1: Connecting to eagle.eaglepress.net [127.0.0.1] port 22.
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: connect: Connection refused
debug1: restore_uid
Secure connection to eagle.eaglepress.net refused.
0
shivsaCommented:
It looks like iptables problem.
could u try these.
"/sbin/service iptables stop"
This should flush all the chains and reset to the default accept policy. "iptables -L" will list all the active chains.

i know u have done it but i would like these debug messages with iptables disabled.
server is listening and client is trying again and again....
0
shivsaCommented:
also please check /var/log/messages  to see what eerror messages u get when run ssh.
0
shivsaCommented:
also when u start sshd did u close the existing one.
if not then u have to stop first
service sshd stop
and then do sshd -ddd
0
EaglePressAuthor Commented:
I get:
iptables: unrecognized service
when I run /sbin/service iptables stop
0
EaglePressAuthor Commented:
I did ps -ax | grep sshd and there are no instances of sshd running.  
Then I did /usr/local/sbin/sshd -d -d -d  and got the same results as above.
0
shivsaCommented:
i was wondering about this error in your output.
thats why i said stop the sshd and restart again.

debug1: private host key: #2 type 2 DSA
socket: Invalid argument

also do u see any messages related to sshd in /var/log/messages.

also  my mistake, u are not running iptables but ipchain. i meant to stop ipchains.
0
EaglePressAuthor Commented:
here is the output i received after i stopped ipchains then tried to connect via ssh

[root@eagle /]# /usr/local/sbin/sshd -d -d -d
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9p2
debug1: private host key: #0 type 0 RSA1
debug3: No RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: No RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Invalid argument
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 10.10.2.16 port 2406
debug1: Client protocol version 1.5; client software version 1.0
debug1: no match: 1.0
debug1: Local version string SSH-1.99-OpenSSH_2.9p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for testy.
Failed password for testy from 10.10.2.16 port 2406
Unknown message during authentication: type 4
Failed bad-auth-msg-4 for testy from 10.10.2.16 port 2406
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.