?
Solved

"ssh localhost" prompts for key but ssh from other servers prompts for password

Posted on 2008-11-02
6
Medium Priority
?
630 Views
Last Modified: 2013-12-04
We have a Solaris 10 server (call it svr10)  :
when other servers within the same subnet "ssh" to it, it prompts
for password instead of ssh keys.

However, when issuing "ssh localhost' from the server itself (back
to itself), it prompts for ssh keys (first time it prompts, subsequent
times, it just login straight without prompting for anything as the
public/private keys have been exported??)

Why is it when other servers (within the same subnet, ie don't go
thru firewall) ssh to it, it does not prompt for keys but password?

The above observation is a side-phenomenon that I noticed.  I'm
actually trying to solve the following problem :
a) this server listens on port 5555 (Data Protector backup tool) &
    when issuing "telnet localhost 5555" from svr10 itself, could
    see connection on Tcp 5555 established
    (netstat -a | grep 5555;
      "netstat -a | grep -i listen" showed it's listening on 5555)
b)however, when issuing "telnet svr10 5555" from any other servers
   (which are on the same subnet), the connection closes within a
   split of second

What's described about ssh & "telnet ...  5555" appeared to imply
there's some sort of "local firewall" within svr10 that prevents any
other servers from getting into it other than itself.

Appreciate any suggestions/insights
 
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 150 total points
ID: 22861099
can you show the output of

netstat -na

0
 
LVL 43

Accepted Solution

by:
ravenpl earned 600 total points
ID: 22862772
You mean something like:

[raven@kruk tmp]$ ssh somewhere.com
The authenticity of host 'somewhere.com (193.0.0.0)' can't be established.
RSA key fingerprint is 18:25:d0:cd:55:01:e9:0b:4f:26:1d:75:c8:1e:40:66.
Are you sure you want to continue connecting (yes/no)?

It's very normal when You trying ssh to some name for the first time. It saves the remote (localhost in Your case) in $HOME/.ssh/known_hosts
Then, next time You connect it verifies remote key against the one saved in known_hosts - ssh warns if it mismatches.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 450 total points
ID: 22863241
I don't see what the relationship between ssh and your problem access the Data Protector backup tool running on port 5555 (unless the Data Protector tool is running a modified ssh version).

Can you please clarify.
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 
LVL 3

Assisted Solution

by:Saranyakkali
Saranyakkali earned 300 total points
ID: 22866821
did you checked /etc/hosts.allow file like bellow..?

ALL:    localhost
sshd:   ALL
0
 

Author Comment

by:sunhux
ID: 22873275
Thought this has to do with /etc/hosts.allow but this is not the case.

Tintin is right that the ssh issue has nothing to do with the DP issue.

Problem has just been resolved after several attempts by HP DP team
so appending the solution below to serve as documentation :

=================== HP's reply =======================

Check if any TCP wrappers are enabled or not.
# svcprop -p defaults inetd
defaults/tcp_wrappers boolean true
true=enabled
 
Disable TCP Wrappers completely and check if Cell Manager  can "telnet jag51 5555".
# inetadm -M tcp_wrappers=false         <== this is the solution; the rest are not the cause
# svcadm refresh inetd

Settings Check
-Check if the file /var/svc/manifest/network/omni-tcp.xml
 is executing the right DP binary ie.
exec='/opt/omni/lbin/inet -log /var/opt/omni//log/inet.log'
Does the log file /var/opt/omni//log/inet.log exist?
 
Binary check :
 # cksum /opt/omni/lbin/inet
# ls -al /opt/omni/lbin
0
 

Author Closing Comment

by:sunhux
ID: 31512967
Thought this has to do with /etc/hosts.allow but this is not the case.

Tintin is right that the ssh issue has nothing to do with the DP issue.

It's got something to do with Solaris Tcp wrapper, so I'll have to use
tcp wrapper from sunfreeware.com (or .org?)

Problem has just been resolved after several attempts by HP DP team
so appending the solution below to serve as documentation :

=================== HP's reply =======================

Check if any TCP wrappers are enabled or not.
# svcprop -p defaults inetd
defaults/tcp_wrappers boolean true
true=enabled
 
Disable TCP Wrappers completely and check if Cell Manager  can "telnet jag51 5555".
# inetadm -M tcp_wrappers=false         <== this is the solution; the rest are not the cause
# svcadm refresh inetd

Settings Check
-Check if the file /var/svc/manifest/network/omni-tcp.xml
 is executing the right DP binary ie.
exec='/opt/omni/lbin/inet -log /var/opt/omni//log/inet.log'
Does the log file /var/opt/omni//log/inet.log exist?
 
Binary check :
 # cksum /opt/omni/lbin/inet
# ls -al /opt/omni/lbin
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses
Course of the Month13 days, 15 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question