Link to home
Start Free TrialLog in
Avatar of EaglePress
EaglePress

asked on

SSH on redhat 6.2

Greetings experts.
This could be an easy question.
Specifics:
RH linux 6.2 server
Attempting to connect via ssh.
installed all the components to make this work.
When I attempt to connect no passwords are authenticated.  SSH appears to try to connect, it accepts the user name but not the password.  I have tried this by using another linux box and using:
ssh server.domainname.com
then it prompts for the root password, and when I enter the root password it will not accept it.  Same results when using a ssh interface from windows such as SecureCRT.
Thanks in advance.
Avatar of majorwoo
majorwoo

by defauly many ssh clients do not permit root login, check your sshd_config file for a line

PermitRoogLogin   no


and change it to yes and restart sshd
Avatar of EaglePress

ASKER

Already tried that.  I cannot login as ANY user.  The config file was changed from the beginning to allow root to login.

Have you tried to ssh to the computer from the same computer?  You should be able to do this from the machine.  It might be able to weed out any other problems (firewall, etc) you think you may be having.

Another simple approach is to try reinstalling the ssh server on the machine, or upgrading the machine altogether.  I'm not sure if this is an option, since you probably would have done that by now.

Hope some of this helps.

could u post the output of the following command.
ssh -v -v -v loginid@server.domainname.com

also check this file /etc/security/access.conf, this tells what users are blocked and what not.
also read this article about security of redhat.
http://www.puschitz.com/Security.shtml

also if u want to launch sshd in debug mode, launch like this and see for log files.
that might give u some clue.
stop sshd then re-launch it as "sshd -d -d -d"
may be it's due to your firewall configuration .try  stopping ipchains [ "service  ipchains stop" or "/etc/init.d/ipchains stop"]
and  try ssh again
Also is there any prossible way that you set the users no login in the /etc/passwd

eg
root:x:0:0:root:/root:/bin/nologin
paul:x:500:500::/home/paul:/bin/nologin

if you have made this change root and paul can't login by remote, only login at the linux box console mode/GUI login.

will this be the case?
I will make several entries to answer all questions:
This is for shivsa:

Here is the output from ssh -v -v -v

[testy@eagle testy]$ ssh -v -v -v testy@eagle.eaglepress.net
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 0 anon 1
debug1: Connecting to eagle.eaglepress.net [127.0.0.1] port 22.
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/testy/.ssh/identity type -1
debug1: identity file /home/testy/.ssh/id_rsa type -1
debug1: identity file /home/testy/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 130/256
debug1: bits set: 1009/2049
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Forcing accepting of host key for loopback/localhost.
debug1: bits set: 1020/2049
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,password,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: password,keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try privkey: /home/testy/.ssh/identity
debug3: no such identity: /home/testy/.ssh/identity
debug1: try privkey: /home/testy/.ssh/id_rsa
debug3: no such identity: /home/testy/.ssh/id_rsa
debug1: try privkey: /home/testy/.ssh/id_dsa
debug3: no such identity: /home/testy/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled password
debug1: next auth method to try is password
testy@eagle.eaglepress.net's password:
OK.  Answering a few more questions.

Q:also check this file /etc/security/access.conf, this tells what users are blocked and what not.
A:I looked at the /etc/security/access.conf file.  Every thing is set as default.  I have not made any changes to this file.

Q:stop sshd then re-launch it as "sshd -d -d -d"
A:I noticed this when I tried to stop and restart sshd

[root@eagle testy]# /etc/rc.d/init.d/sshd start        
$Starting sshd:execvp: No such file or directory
[FAILED]

Q:Have you tried to ssh to the computer from the same computer?
A:Same results.  I ssh servername.domainname.com then get prompted for the password then get "permission denied".  Tried this as root and as regular user.

Q:may be it's due to your firewall configuration .try  stopping ipchains [ "service  ipchains stop" or "/etc/init.d/ipchains stop"]
and  try ssh again
A:when i stopped the ipchains and tried ssh to connect I received an error: secure connection refused.

I will answer more questions on the next submit.   Trying not to make each one so long.
ASKER CERTIFIED SOLUTION
Avatar of shivsa
shivsa
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Here are the directions that I followed.  TO THE LETTER!
http://www.helpdesk.umd.edu/os/linux_redhat_6_2/installation/
Then click on the
Installing OpenSSH Server and Client link and the Installing OpenSSL link. Thanks.
try running this on one window

/usr/local/sbin/sshd -d -d -d
then try tunning ssh -v -v -v testy@eagle.eaglepress.net

and send us output of sshd -d -d -d window.
[root@eagle /]# /usr/local/sbin/sshd -d -d -d
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9p2
debug1: private host key: #0 type 0 RSA1
debug3: No RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: No RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Invalid argument
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete



[testy@eagle /]$ ssh -v -v -v testy@eagle.eaglepress.net
OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 501 geteuid 0 anon 1
debug1: Connecting to eagle.eaglepress.net [127.0.0.1] port 22.
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: connect: Connection refused
debug1: restore_uid
debug1: Trying again...
debug1: Connecting to eagle.eaglepress.net [127.0.0.1] port 22.
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: connect: Connection refused
debug1: restore_uid
debug1: Trying again...
debug1: Connecting to eagle.eaglepress.net [127.0.0.1] port 22.
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: connect: Connection refused
debug1: restore_uid
debug1: Trying again...
debug1: Connecting to eagle.eaglepress.net [127.0.0.1] port 22.
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 501/503 (e=0)
debug1: connect: Connection refused
debug1: restore_uid
Secure connection to eagle.eaglepress.net refused.
It looks like iptables problem.
could u try these.
"/sbin/service iptables stop"
This should flush all the chains and reset to the default accept policy. "iptables -L" will list all the active chains.

i know u have done it but i would like these debug messages with iptables disabled.
server is listening and client is trying again and again....
also please check /var/log/messages  to see what eerror messages u get when run ssh.
also when u start sshd did u close the existing one.
if not then u have to stop first
service sshd stop
and then do sshd -ddd
I get:
iptables: unrecognized service
when I run /sbin/service iptables stop
I did ps -ax | grep sshd and there are no instances of sshd running.  
Then I did /usr/local/sbin/sshd -d -d -d  and got the same results as above.
i was wondering about this error in your output.
thats why i said stop the sshd and restart again.

debug1: private host key: #2 type 2 DSA
socket: Invalid argument

also do u see any messages related to sshd in /var/log/messages.

also  my mistake, u are not running iptables but ipchain. i meant to stop ipchains.
here is the output i received after i stopped ipchains then tried to connect via ssh

[root@eagle /]# /usr/local/sbin/sshd -d -d -d
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9p2
debug1: private host key: #0 type 0 RSA1
debug3: No RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: No RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Invalid argument
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 10.10.2.16 port 2406
debug1: Client protocol version 1.5; client software version 1.0
debug1: no match: 1.0
debug1: Local version string SSH-1.99-OpenSSH_2.9p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for testy.
Failed password for testy from 10.10.2.16 port 2406
Unknown message during authentication: type 4
Failed bad-auth-msg-4 for testy from 10.10.2.16 port 2406