Solved

"ssh localhost" prompts for key but ssh from other servers prompts for password

Posted on 2008-11-02
6
622 Views
Last Modified: 2013-12-04
We have a Solaris 10 server (call it svr10)  :
when other servers within the same subnet "ssh" to it, it prompts
for password instead of ssh keys.

However, when issuing "ssh localhost' from the server itself (back
to itself), it prompts for ssh keys (first time it prompts, subsequent
times, it just login straight without prompting for anything as the
public/private keys have been exported??)

Why is it when other servers (within the same subnet, ie don't go
thru firewall) ssh to it, it does not prompt for keys but password?

The above observation is a side-phenomenon that I noticed.  I'm
actually trying to solve the following problem :
a) this server listens on port 5555 (Data Protector backup tool) &
    when issuing "telnet localhost 5555" from svr10 itself, could
    see connection on Tcp 5555 established
    (netstat -a | grep 5555;
      "netstat -a | grep -i listen" showed it's listening on 5555)
b)however, when issuing "telnet svr10 5555" from any other servers
   (which are on the same subnet), the connection closes within a
   split of second

What's described about ssh & "telnet ...  5555" appeared to imply
there's some sort of "local firewall" within svr10 that prevents any
other servers from getting into it other than itself.

Appreciate any suggestions/insights
 
0
Comment
Question by:sunhux
6 Comments
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 50 total points
ID: 22861099
can you show the output of

netstat -na

0
 
LVL 43

Accepted Solution

by:
ravenpl earned 200 total points
ID: 22862772
You mean something like:

[raven@kruk tmp]$ ssh somewhere.com
The authenticity of host 'somewhere.com (193.0.0.0)' can't be established.
RSA key fingerprint is 18:25:d0:cd:55:01:e9:0b:4f:26:1d:75:c8:1e:40:66.
Are you sure you want to continue connecting (yes/no)?

It's very normal when You trying ssh to some name for the first time. It saves the remote (localhost in Your case) in $HOME/.ssh/known_hosts
Then, next time You connect it verifies remote key against the one saved in known_hosts - ssh warns if it mismatches.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 150 total points
ID: 22863241
I don't see what the relationship between ssh and your problem access the Data Protector backup tool running on port 5555 (unless the Data Protector tool is running a modified ssh version).

Can you please clarify.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 3

Assisted Solution

by:Saranyakkali
Saranyakkali earned 100 total points
ID: 22866821
did you checked /etc/hosts.allow file like bellow..?

ALL:    localhost
sshd:   ALL
0
 

Author Comment

by:sunhux
ID: 22873275
Thought this has to do with /etc/hosts.allow but this is not the case.

Tintin is right that the ssh issue has nothing to do with the DP issue.

Problem has just been resolved after several attempts by HP DP team
so appending the solution below to serve as documentation :

=================== HP's reply =======================

Check if any TCP wrappers are enabled or not.
# svcprop -p defaults inetd
defaults/tcp_wrappers boolean true
true=enabled
 
Disable TCP Wrappers completely and check if Cell Manager  can "telnet jag51 5555".
# inetadm -M tcp_wrappers=false         <== this is the solution; the rest are not the cause
# svcadm refresh inetd

Settings Check
-Check if the file /var/svc/manifest/network/omni-tcp.xml
 is executing the right DP binary ie.
exec='/opt/omni/lbin/inet -log /var/opt/omni//log/inet.log'
Does the log file /var/opt/omni//log/inet.log exist?
 
Binary check :
 # cksum /opt/omni/lbin/inet
# ls -al /opt/omni/lbin
0
 

Author Closing Comment

by:sunhux
ID: 31512967
Thought this has to do with /etc/hosts.allow but this is not the case.

Tintin is right that the ssh issue has nothing to do with the DP issue.

It's got something to do with Solaris Tcp wrapper, so I'll have to use
tcp wrapper from sunfreeware.com (or .org?)

Problem has just been resolved after several attempts by HP DP team
so appending the solution below to serve as documentation :

=================== HP's reply =======================

Check if any TCP wrappers are enabled or not.
# svcprop -p defaults inetd
defaults/tcp_wrappers boolean true
true=enabled
 
Disable TCP Wrappers completely and check if Cell Manager  can "telnet jag51 5555".
# inetadm -M tcp_wrappers=false         <== this is the solution; the rest are not the cause
# svcadm refresh inetd

Settings Check
-Check if the file /var/svc/manifest/network/omni-tcp.xml
 is executing the right DP binary ie.
exec='/opt/omni/lbin/inet -log /var/opt/omni//log/inet.log'
Does the log file /var/opt/omni//log/inet.log exist?
 
Binary check :
 # cksum /opt/omni/lbin/inet
# ls -al /opt/omni/lbin
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question