Solved

"ssh localhost" prompts for key but ssh from other servers prompts for password

Posted on 2008-11-02
6
628 Views
Last Modified: 2013-12-04
We have a Solaris 10 server (call it svr10)  :
when other servers within the same subnet "ssh" to it, it prompts
for password instead of ssh keys.

However, when issuing "ssh localhost' from the server itself (back
to itself), it prompts for ssh keys (first time it prompts, subsequent
times, it just login straight without prompting for anything as the
public/private keys have been exported??)

Why is it when other servers (within the same subnet, ie don't go
thru firewall) ssh to it, it does not prompt for keys but password?

The above observation is a side-phenomenon that I noticed.  I'm
actually trying to solve the following problem :
a) this server listens on port 5555 (Data Protector backup tool) &
    when issuing "telnet localhost 5555" from svr10 itself, could
    see connection on Tcp 5555 established
    (netstat -a | grep 5555;
      "netstat -a | grep -i listen" showed it's listening on 5555)
b)however, when issuing "telnet svr10 5555" from any other servers
   (which are on the same subnet), the connection closes within a
   split of second

What's described about ssh & "telnet ...  5555" appeared to imply
there's some sort of "local firewall" within svr10 that prevents any
other servers from getting into it other than itself.

Appreciate any suggestions/insights
 
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 50 total points
ID: 22861099
can you show the output of

netstat -na

0
 
LVL 43

Accepted Solution

by:
ravenpl earned 200 total points
ID: 22862772
You mean something like:

[raven@kruk tmp]$ ssh somewhere.com
The authenticity of host 'somewhere.com (193.0.0.0)' can't be established.
RSA key fingerprint is 18:25:d0:cd:55:01:e9:0b:4f:26:1d:75:c8:1e:40:66.
Are you sure you want to continue connecting (yes/no)?

It's very normal when You trying ssh to some name for the first time. It saves the remote (localhost in Your case) in $HOME/.ssh/known_hosts
Then, next time You connect it verifies remote key against the one saved in known_hosts - ssh warns if it mismatches.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 150 total points
ID: 22863241
I don't see what the relationship between ssh and your problem access the Data Protector backup tool running on port 5555 (unless the Data Protector tool is running a modified ssh version).

Can you please clarify.
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 
LVL 3

Assisted Solution

by:Saranyakkali
Saranyakkali earned 100 total points
ID: 22866821
did you checked /etc/hosts.allow file like bellow..?

ALL:    localhost
sshd:   ALL
0
 

Author Comment

by:sunhux
ID: 22873275
Thought this has to do with /etc/hosts.allow but this is not the case.

Tintin is right that the ssh issue has nothing to do with the DP issue.

Problem has just been resolved after several attempts by HP DP team
so appending the solution below to serve as documentation :

=================== HP's reply =======================

Check if any TCP wrappers are enabled or not.
# svcprop -p defaults inetd
defaults/tcp_wrappers boolean true
true=enabled
 
Disable TCP Wrappers completely and check if Cell Manager  can "telnet jag51 5555".
# inetadm -M tcp_wrappers=false         <== this is the solution; the rest are not the cause
# svcadm refresh inetd

Settings Check
-Check if the file /var/svc/manifest/network/omni-tcp.xml
 is executing the right DP binary ie.
exec='/opt/omni/lbin/inet -log /var/opt/omni//log/inet.log'
Does the log file /var/opt/omni//log/inet.log exist?
 
Binary check :
 # cksum /opt/omni/lbin/inet
# ls -al /opt/omni/lbin
0
 

Author Closing Comment

by:sunhux
ID: 31512967
Thought this has to do with /etc/hosts.allow but this is not the case.

Tintin is right that the ssh issue has nothing to do with the DP issue.

It's got something to do with Solaris Tcp wrapper, so I'll have to use
tcp wrapper from sunfreeware.com (or .org?)

Problem has just been resolved after several attempts by HP DP team
so appending the solution below to serve as documentation :

=================== HP's reply =======================

Check if any TCP wrappers are enabled or not.
# svcprop -p defaults inetd
defaults/tcp_wrappers boolean true
true=enabled
 
Disable TCP Wrappers completely and check if Cell Manager  can "telnet jag51 5555".
# inetadm -M tcp_wrappers=false         <== this is the solution; the rest are not the cause
# svcadm refresh inetd

Settings Check
-Check if the file /var/svc/manifest/network/omni-tcp.xml
 is executing the right DP binary ie.
exec='/opt/omni/lbin/inet -log /var/opt/omni//log/inet.log'
Does the log file /var/opt/omni//log/inet.log exist?
 
Binary check :
 # cksum /opt/omni/lbin/inet
# ls -al /opt/omni/lbin
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question