• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1081
  • Last Modified:

SSH problem in Solaris 10

Hello,

I need your help urgently!

We have to connect to a FTP server belongs to one of our customer. For establishing a Secured connection, we have generated the Public and Private key pair in our server and sent our Public key to our customer so that they can add in their FTP server.  Once it was done, when we establish a SFTP connection it works fine (like shown below).

dev2_app@/users/dev2_app/.ssh> sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
sftp> bye

Everything was good before, now I got a requirement to establish the SFTP connection from a Different server using the same Public and Private key pair. But it doesn't work. It gives the below given error.
Could you please give a solution to fix this?

bigmomma:prod_app:/users/prod_appl > sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
Received disconnect from 171.161.160.130: 7: Unsupported request (env).
Connection closed
bigmomma:prod_app:/users/prod_appl >



Thanks,
Ashok





0
rdashokraj
Asked:
rdashokraj
  • 10
  • 5
  • 4
  • +1
1 Solution
 
rdashokrajAuthor Commented:
Just want to add a point, that am able to connect from an one other server using the Same private key but not from the server we want (it is Bigmomma).
0
 
TintinCommented:
Firstly, let's clear up some confusion.  You are *not* connecting to a FTP server, you are connecting to a ssh server (using the sftp subsystem).

On bigmomma, if you temporarily remove your ssh key and try to connect, do you still get the same disconnect message?
0
 
rdashokrajAuthor Commented:
Tintin, I created a new user and tried by connecting it. But it gives "Permission denied" error.  I didn't copy the Public Key in .ssh folder.

rdraj@bigmomma.travelclick.net$ sftp TRAVLB1O@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
The authenticity of host 'elink-sshftp.bankofamerica.com (171.161.160.130)' can't be established.
RSA key fingerprint is 7b:5a:f0:04:8e:48:a4:bc:bd:46:e8:3d:1f:c2:44:55.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'elink-sshftp.bankofamerica.com,171.161.160.130' (RSA) to the list of known hosts.
Permission denied (publickey,keyboard-interactive).
Connection closed
rdraj@bigmomma.travelclick.net$ ls -la
total 16
drwxr-xr-x   4 rdraj    other        512 Nov 12 14:43 .
drwxr-xr-x  41 root     root        1024 Nov 12 14:42 ..
-rw-r--r--   1 rdraj    other        144 Nov 12 14:42 .profile
drwx------   2 rdraj    other        512 Nov 12 14:43 .ssh
drwx------   3 rdraj    other        512 Nov 12 14:43 .sunw
-rw-r--r--   1 rdraj    other        136 Nov 12 14:42 local.cshrc
-rw-r--r--   1 rdraj    other        157 Nov 12 14:42 local.login
-rw-r--r--   1 rdraj    other        174 Nov 12 14:42 local.profile
rdraj@bigmomma.travelclick.net$ cd .ssh
rdraj@bigmomma.travelclick.net$ ls
known_hosts
rdraj@bigmomma.travelclick.net$
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
TintinCommented:
If you didn't get a password prompt, it sounds like the other end is configured to only allow certain hosts/keys etc (as it should).
0
 
rdashokrajAuthor Commented:
Tintin,  Now I tried with the same user which i trying before. After clearing the id_rsa key, i tried to connect and it asks to Enter the passphrase as shown below:

arcashuser@bigmomma.travelclick.net$ sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
Enter passphrase for key '/users/arcashuser/.ssh/id_rsa':
Permission denied (publickey,keyboard-interactive).
Connection closed
arcashuser@bigmomma.travelclick.net$
0
 
rdashokrajAuthor Commented:
Yes Tintin, as you said we have already generated the public-private pair and given the Public key to our customer. They have added that Public key in their application, by which it restrict connection to happen only between the Public & Private pair we generated before.

Using the same private key, we are able to establish a SFTP session from couple of servers but Not from the server bigmomma (production server). It throws the error "Unsupported request (env)" as shown below:

arcashuser@bigmomma.travelclick.net$ sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
Received disconnect from 171.161.160.130: 7: Unsupported request (env).
Connection closed
arcashuser@bigmomma.travelclick.net$
0
 
rdashokrajAuthor Commented:
Just a thought:  Do we need to upgrade the SSH package in Bigmomma server ?  Because it says something related to ENV settings.
0
 
TintinCommented:
What's the result of

ssh -v

on both of your servers.
0
 
rdashokrajAuthor Commented:
One it is working:
dev2_app@/users/dev2_app/.ssh> ssh -v
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

dev2_app@/users/dev2_app/.ssh> sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
sftp>


Not working:
arcashuser@bigmomma.travelclick.net$ ssh -v
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

Both looks similar :(
0
 
rdashokrajAuthor Commented:
Tintin, Thanks for your help!  But now can I presume there is no solution for this problem?
0
 
TintinCommented:
The only other thing I can suggest is to contact the admin of the remote server and ask them if they have any IP based restrictions on their side.
0
 
Brian UtterbackPrinciple Software EngineerCommented:
I don't think you should give up yet.

Do this. First, put the keys back the way they are supposed to be, so that you have the same keys on both the working and failing systems. Then run the sftp commands again, but this time add two "-v" flags to the command line. Compare the output of both. If you still don't see the solution, post the results here.

I don't think you are getting hosts based restrictions per se, but it may be possible that only certain hosts will allowed with certain keys. However, I am not convinced that this is happening in your case.
0
 
SaranyakkaliCommented:
what is remote server model ? did they allowing sftp incoming.. this is must check at server configurarion.

else

if one account is working and one account is not working in same server. go to .ssh directory and file name "known_hosts" remove the entries for connecting host related and try.

if still facing issues.. exchange new keys and remove known_hosts entries.. and try



that's all
0
 
Brian UtterbackPrinciple Software EngineerCommented:
You are clearly connecting and engaging in the SSH protocol, so there is no firewall or tcp wrapper that is preventing the connection based on your IP address alone. There is a method in ssh that allows a server to accept a particular key only from a particular set of hosts, but that method does not end in an "Unsupported request" error, it ends in the "Permission denied" error you got from the user when you tried the wrong keys.

So, the problem seems to be some kind of real error that is resulting in the "unsupported request: (env)". This error is passed by ssh verbatim from what it received from the server. It is not a possible error from the Sun supplied ssh, so I am having trouble tracking down exactly what it means. It seems to dislike something about the environment variables, so you could look at the .ssh/environment file, if any, on the two systems. Also, try running the sftp command as I said above, with two '-v' flags, but also run the command under the "env -" command, which clears the environment variable from the user.
0
 
rdashokrajAuthor Commented:
Blu, Here by am attaching the SFTP results of both. Thanks for your help.
Output---Working.doc
Output---Not-Working.doc
0
 
Brian UtterbackPrinciple Software EngineerCommented:
Okay, the difference between then is that the non-working system is sending environment variable setting the locale. Apparently you are using the ISO8859-1 locale on the non-working system, but you are using the C locale on the working system. Either that, or the two systems have different default locales. In any cae, just unset the following variables before you
invoke sftp:

LC_CTYPE, LC_COLLATE, LC_NUMERIC, LC_MONETARY, LC_MESSAGES
0
 
rdashokrajAuthor Commented:
Hi Blu / Tintin,  I don't know how to thankyou for helping me to fix this problem.  Yes, it works great :)

Blu, You are clearly to the point and identified the root cause. As you said, I unset all those ENV variable and tried and it connected. Believe me, this issue is pending for more than 2 weeks time.

Here the results:

arcashuser@bigmomma.travelclick.net$

arcashuser@bigmomma.travelclick.net$ echo $LC_CTYPE

en_US.ISO8859-1

arcashuser@bigmomma.travelclick.net$ unset LC_CTYPE

arcashuser@bigmomma.travelclick.net$ echo $LC_COLLATE

en_US.ISO8859-15

arcashuser@bigmomma.travelclick.net$ unset LC_COLLATE

arcashuser@bigmomma.travelclick.net$ echo $LC_NUMERIC

en_US.ISO8859-15

arcashuser@bigmomma.travelclick.net$ unset LC_NUMERIC

arcashuser@bigmomma.travelclick.net$ echo $LC_MONETARY

en_US.ISO8859-15

arcashuser@bigmomma.travelclick.net$ unset LC_MONETARY

arcashuser@bigmomma.travelclick.net$ echo $LC_MESSAGES

C

arcashuser@bigmomma.travelclick.net$ unset LC_MESSAGES

arcashuser@bigmomma.travelclick.net$ sftp TRAVLARI@elink-sshftp.bankofamerica.com

Connecting to elink-sshftp.bankofamerica.com...

sftp>


Thanks again.......You guys are great !
0
 
rdashokrajAuthor Commented:
One of the best solution I got through EE :)
0
 
TintinCommented:
I have to hand it to blu on this one.  He really nailed a tricky  problem.  Well done.
0
 
Brian UtterbackPrinciple Software EngineerCommented:
Thanks Tintin. I really appreciate it when a question author thanks me for the work I have done on their behalf. So, how much more meaningful it is to get the appreciation of my fellow experts as well. (smile)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 10
  • 5
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now