Solved

"ssh localhost" prompts for key but ssh from other servers prompts for password

Posted on 2008-11-02
6
624 Views
Last Modified: 2013-12-04
We have a Solaris 10 server (call it svr10)  :
when other servers within the same subnet "ssh" to it, it prompts
for password instead of ssh keys.

However, when issuing "ssh localhost' from the server itself (back
to itself), it prompts for ssh keys (first time it prompts, subsequent
times, it just login straight without prompting for anything as the
public/private keys have been exported??)

Why is it when other servers (within the same subnet, ie don't go
thru firewall) ssh to it, it does not prompt for keys but password?

The above observation is a side-phenomenon that I noticed.  I'm
actually trying to solve the following problem :
a) this server listens on port 5555 (Data Protector backup tool) &
    when issuing "telnet localhost 5555" from svr10 itself, could
    see connection on Tcp 5555 established
    (netstat -a | grep 5555;
      "netstat -a | grep -i listen" showed it's listening on 5555)
b)however, when issuing "telnet svr10 5555" from any other servers
   (which are on the same subnet), the connection closes within a
   split of second

What's described about ssh & "telnet ...  5555" appeared to imply
there's some sort of "local firewall" within svr10 that prevents any
other servers from getting into it other than itself.

Appreciate any suggestions/insights
 
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 50 total points
ID: 22861099
can you show the output of

netstat -na

0
 
LVL 43

Accepted Solution

by:
ravenpl earned 200 total points
ID: 22862772
You mean something like:

[raven@kruk tmp]$ ssh somewhere.com
The authenticity of host 'somewhere.com (193.0.0.0)' can't be established.
RSA key fingerprint is 18:25:d0:cd:55:01:e9:0b:4f:26:1d:75:c8:1e:40:66.
Are you sure you want to continue connecting (yes/no)?

It's very normal when You trying ssh to some name for the first time. It saves the remote (localhost in Your case) in $HOME/.ssh/known_hosts
Then, next time You connect it verifies remote key against the one saved in known_hosts - ssh warns if it mismatches.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 150 total points
ID: 22863241
I don't see what the relationship between ssh and your problem access the Data Protector backup tool running on port 5555 (unless the Data Protector tool is running a modified ssh version).

Can you please clarify.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Assisted Solution

by:Saranyakkali
Saranyakkali earned 100 total points
ID: 22866821
did you checked /etc/hosts.allow file like bellow..?

ALL:    localhost
sshd:   ALL
0
 

Author Comment

by:sunhux
ID: 22873275
Thought this has to do with /etc/hosts.allow but this is not the case.

Tintin is right that the ssh issue has nothing to do with the DP issue.

Problem has just been resolved after several attempts by HP DP team
so appending the solution below to serve as documentation :

=================== HP's reply =======================

Check if any TCP wrappers are enabled or not.
# svcprop -p defaults inetd
defaults/tcp_wrappers boolean true
true=enabled
 
Disable TCP Wrappers completely and check if Cell Manager  can "telnet jag51 5555".
# inetadm -M tcp_wrappers=false         <== this is the solution; the rest are not the cause
# svcadm refresh inetd

Settings Check
-Check if the file /var/svc/manifest/network/omni-tcp.xml
 is executing the right DP binary ie.
exec='/opt/omni/lbin/inet -log /var/opt/omni//log/inet.log'
Does the log file /var/opt/omni//log/inet.log exist?
 
Binary check :
 # cksum /opt/omni/lbin/inet
# ls -al /opt/omni/lbin
0
 

Author Closing Comment

by:sunhux
ID: 31512967
Thought this has to do with /etc/hosts.allow but this is not the case.

Tintin is right that the ssh issue has nothing to do with the DP issue.

It's got something to do with Solaris Tcp wrapper, so I'll have to use
tcp wrapper from sunfreeware.com (or .org?)

Problem has just been resolved after several attempts by HP DP team
so appending the solution below to serve as documentation :

=================== HP's reply =======================

Check if any TCP wrappers are enabled or not.
# svcprop -p defaults inetd
defaults/tcp_wrappers boolean true
true=enabled
 
Disable TCP Wrappers completely and check if Cell Manager  can "telnet jag51 5555".
# inetadm -M tcp_wrappers=false         <== this is the solution; the rest are not the cause
# svcadm refresh inetd

Settings Check
-Check if the file /var/svc/manifest/network/omni-tcp.xml
 is executing the right DP binary ie.
exec='/opt/omni/lbin/inet -log /var/opt/omni//log/inet.log'
Does the log file /var/opt/omni//log/inet.log exist?
 
Binary check :
 # cksum /opt/omni/lbin/inet
# ls -al /opt/omni/lbin
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question