rdashokraj
asked on
SSH problem in Solaris 10
Hello,
I need your help urgently!
We have to connect to a FTP server belongs to one of our customer. For establishing a Secured connection, we have generated the Public and Private key pair in our server and sent our Public key to our customer so that they can add in their FTP server. Once it was done, when we establish a SFTP connection it works fine (like shown below).
dev2_app@/users/dev2_app/. ssh> sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
sftp> bye
Everything was good before, now I got a requirement to establish the SFTP connection from a Different server using the same Public and Private key pair. But it doesn't work. It gives the below given error.
Could you please give a solution to fix this?
bigmomma:prod_app:/users/p rod_appl > sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
Received disconnect from 171.161.160.130: 7: Unsupported request (env).
Connection closed
bigmomma:prod_app:/users/p rod_appl >
Thanks,
Ashok
I need your help urgently!
We have to connect to a FTP server belongs to one of our customer. For establishing a Secured connection, we have generated the Public and Private key pair in our server and sent our Public key to our customer so that they can add in their FTP server. Once it was done, when we establish a SFTP connection it works fine (like shown below).
dev2_app@/users/dev2_app/.
Connecting to elink-sshftp.bankofamerica.com...
sftp> bye
Everything was good before, now I got a requirement to establish the SFTP connection from a Different server using the same Public and Private key pair. But it doesn't work. It gives the below given error.
Could you please give a solution to fix this?
bigmomma:prod_app:/users/p
Connecting to elink-sshftp.bankofamerica.com...
Received disconnect from 171.161.160.130: 7: Unsupported request (env).
Connection closed
bigmomma:prod_app:/users/p
Thanks,
Ashok
Firstly, let's clear up some confusion. You are *not* connecting to a FTP server, you are connecting to a ssh server (using the sftp subsystem).
On bigmomma, if you temporarily remove your ssh key and try to connect, do you still get the same disconnect message?
On bigmomma, if you temporarily remove your ssh key and try to connect, do you still get the same disconnect message?
ASKER
Tintin, I created a new user and tried by connecting it. But it gives "Permission denied" error. I didn't copy the Public Key in .ssh folder.
rdraj@bigmomma.travelclick .net$ sftp TRAVLB1O@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
The authenticity of host 'elink-sshftp.bankofamerica.com (171.161.160.130)' can't be established.
RSA key fingerprint is 7b:5a:f0:04:8e:48:a4:bc:bd :46:e8:3d: 1f:c2:44:5 5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'elink-sshftp.bankofamerica.com,171.161.160.130' (RSA) to the list of known hosts.
Permission denied (publickey,keyboard-intera ctive).
Connection closed
rdraj@bigmomma.travelclick .net$ ls -la
total 16
drwxr-xr-x 4 rdraj other 512 Nov 12 14:43 .
drwxr-xr-x 41 root root 1024 Nov 12 14:42 ..
-rw-r--r-- 1 rdraj other 144 Nov 12 14:42 .profile
drwx------ 2 rdraj other 512 Nov 12 14:43 .ssh
drwx------ 3 rdraj other 512 Nov 12 14:43 .sunw
-rw-r--r-- 1 rdraj other 136 Nov 12 14:42 local.cshrc
-rw-r--r-- 1 rdraj other 157 Nov 12 14:42 local.login
-rw-r--r-- 1 rdraj other 174 Nov 12 14:42 local.profile
rdraj@bigmomma.travelclick .net$ cd .ssh
rdraj@bigmomma.travelclick .net$ ls
known_hosts
rdraj@bigmomma.travelclick .net$
rdraj@bigmomma.travelclick
Connecting to elink-sshftp.bankofamerica.com...
The authenticity of host 'elink-sshftp.bankofamerica.com (171.161.160.130)' can't be established.
RSA key fingerprint is 7b:5a:f0:04:8e:48:a4:bc:bd
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'elink-sshftp.bankofamerica.com,171.161.160.130' (RSA) to the list of known hosts.
Permission denied (publickey,keyboard-intera
Connection closed
rdraj@bigmomma.travelclick
total 16
drwxr-xr-x 4 rdraj other 512 Nov 12 14:43 .
drwxr-xr-x 41 root root 1024 Nov 12 14:42 ..
-rw-r--r-- 1 rdraj other 144 Nov 12 14:42 .profile
drwx------ 2 rdraj other 512 Nov 12 14:43 .ssh
drwx------ 3 rdraj other 512 Nov 12 14:43 .sunw
-rw-r--r-- 1 rdraj other 136 Nov 12 14:42 local.cshrc
-rw-r--r-- 1 rdraj other 157 Nov 12 14:42 local.login
-rw-r--r-- 1 rdraj other 174 Nov 12 14:42 local.profile
rdraj@bigmomma.travelclick
rdraj@bigmomma.travelclick
known_hosts
rdraj@bigmomma.travelclick
If you didn't get a password prompt, it sounds like the other end is configured to only allow certain hosts/keys etc (as it should).
ASKER
Tintin, Now I tried with the same user which i trying before. After clearing the id_rsa key, i tried to connect and it asks to Enter the passphrase as shown below:
arcashuser@bigmomma.travel click.net$ sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
Enter passphrase for key '/users/arcashuser/.ssh/id _rsa':
Permission denied (publickey,keyboard-intera ctive).
Connection closed
arcashuser@bigmomma.travel click.net$
arcashuser@bigmomma.travel
Connecting to elink-sshftp.bankofamerica.com...
Enter passphrase for key '/users/arcashuser/.ssh/id
Permission denied (publickey,keyboard-intera
Connection closed
arcashuser@bigmomma.travel
ASKER
Yes Tintin, as you said we have already generated the public-private pair and given the Public key to our customer. They have added that Public key in their application, by which it restrict connection to happen only between the Public & Private pair we generated before.
Using the same private key, we are able to establish a SFTP session from couple of servers but Not from the server bigmomma (production server). It throws the error "Unsupported request (env)" as shown below:
arcashuser@bigmomma.travel click.net$ sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
Received disconnect from 171.161.160.130: 7: Unsupported request (env).
Connection closed
arcashuser@bigmomma.travel click.net$
Using the same private key, we are able to establish a SFTP session from couple of servers but Not from the server bigmomma (production server). It throws the error "Unsupported request (env)" as shown below:
arcashuser@bigmomma.travel
Connecting to elink-sshftp.bankofamerica.com...
Received disconnect from 171.161.160.130: 7: Unsupported request (env).
Connection closed
arcashuser@bigmomma.travel
ASKER
Just a thought: Do we need to upgrade the SSH package in Bigmomma server ? Because it says something related to ENV settings.
What's the result of
ssh -v
on both of your servers.
ssh -v
on both of your servers.
ASKER
One it is working:
dev2_app@/users/dev2_app/. ssh> ssh -v
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
dev2_app@/users/dev2_app/. ssh> sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
sftp>
Not working:
arcashuser@bigmomma.travel click.net$ ssh -v
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
Both looks similar :(
dev2_app@/users/dev2_app/.
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
dev2_app@/users/dev2_app/.
Connecting to elink-sshftp.bankofamerica.com...
sftp>
Not working:
arcashuser@bigmomma.travel
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
Both looks similar :(
ASKER
Tintin, Thanks for your help! But now can I presume there is no solution for this problem?
The only other thing I can suggest is to contact the admin of the remote server and ask them if they have any IP based restrictions on their side.
I don't think you should give up yet.
Do this. First, put the keys back the way they are supposed to be, so that you have the same keys on both the working and failing systems. Then run the sftp commands again, but this time add two "-v" flags to the command line. Compare the output of both. If you still don't see the solution, post the results here.
I don't think you are getting hosts based restrictions per se, but it may be possible that only certain hosts will allowed with certain keys. However, I am not convinced that this is happening in your case.
Do this. First, put the keys back the way they are supposed to be, so that you have the same keys on both the working and failing systems. Then run the sftp commands again, but this time add two "-v" flags to the command line. Compare the output of both. If you still don't see the solution, post the results here.
I don't think you are getting hosts based restrictions per se, but it may be possible that only certain hosts will allowed with certain keys. However, I am not convinced that this is happening in your case.
what is remote server model ? did they allowing sftp incoming.. this is must check at server configurarion.
else
if one account is working and one account is not working in same server. go to .ssh directory and file name "known_hosts" remove the entries for connecting host related and try.
if still facing issues.. exchange new keys and remove known_hosts entries.. and try
that's all
else
if one account is working and one account is not working in same server. go to .ssh directory and file name "known_hosts" remove the entries for connecting host related and try.
if still facing issues.. exchange new keys and remove known_hosts entries.. and try
that's all
You are clearly connecting and engaging in the SSH protocol, so there is no firewall or tcp wrapper that is preventing the connection based on your IP address alone. There is a method in ssh that allows a server to accept a particular key only from a particular set of hosts, but that method does not end in an "Unsupported request" error, it ends in the "Permission denied" error you got from the user when you tried the wrong keys.
So, the problem seems to be some kind of real error that is resulting in the "unsupported request: (env)". This error is passed by ssh verbatim from what it received from the server. It is not a possible error from the Sun supplied ssh, so I am having trouble tracking down exactly what it means. It seems to dislike something about the environment variables, so you could look at the .ssh/environment file, if any, on the two systems. Also, try running the sftp command as I said above, with two '-v' flags, but also run the command under the "env -" command, which clears the environment variable from the user.
So, the problem seems to be some kind of real error that is resulting in the "unsupported request: (env)". This error is passed by ssh verbatim from what it received from the server. It is not a possible error from the Sun supplied ssh, so I am having trouble tracking down exactly what it means. It seems to dislike something about the environment variables, so you could look at the .ssh/environment file, if any, on the two systems. Also, try running the sftp command as I said above, with two '-v' flags, but also run the command under the "env -" command, which clears the environment variable from the user.
ASKER
Blu, Here by am attaching the SFTP results of both. Thanks for your help.
Output---Working.doc
Output---Not-Working.doc
Output---Working.doc
Output---Not-Working.doc
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Blu / Tintin, I don't know how to thankyou for helping me to fix this problem. Yes, it works great :)
Blu, You are clearly to the point and identified the root cause. As you said, I unset all those ENV variable and tried and it connected. Believe me, this issue is pending for more than 2 weeks time.
Here the results:
arcashuser@bigmomma.travel click.net$
arcashuser@bigmomma.travel click.net$ echo $LC_CTYPE
en_US.ISO8859-1
arcashuser@bigmomma.travel click.net$ unset LC_CTYPE
arcashuser@bigmomma.travel click.net$ echo $LC_COLLATE
en_US.ISO8859-15
arcashuser@bigmomma.travel click.net$ unset LC_COLLATE
arcashuser@bigmomma.travel click.net$ echo $LC_NUMERIC
en_US.ISO8859-15
arcashuser@bigmomma.travel click.net$ unset LC_NUMERIC
arcashuser@bigmomma.travel click.net$ echo $LC_MONETARY
en_US.ISO8859-15
arcashuser@bigmomma.travel click.net$ unset LC_MONETARY
arcashuser@bigmomma.travel click.net$ echo $LC_MESSAGES
C
arcashuser@bigmomma.travel click.net$ unset LC_MESSAGES
arcashuser@bigmomma.travel click.net$ sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
sftp>
Thanks again.......You guys are great !
Blu, You are clearly to the point and identified the root cause. As you said, I unset all those ENV variable and tried and it connected. Believe me, this issue is pending for more than 2 weeks time.
Here the results:
arcashuser@bigmomma.travel
arcashuser@bigmomma.travel
en_US.ISO8859-1
arcashuser@bigmomma.travel
arcashuser@bigmomma.travel
en_US.ISO8859-15
arcashuser@bigmomma.travel
arcashuser@bigmomma.travel
en_US.ISO8859-15
arcashuser@bigmomma.travel
arcashuser@bigmomma.travel
en_US.ISO8859-15
arcashuser@bigmomma.travel
arcashuser@bigmomma.travel
C
arcashuser@bigmomma.travel
arcashuser@bigmomma.travel
Connecting to elink-sshftp.bankofamerica.com...
sftp>
Thanks again.......You guys are great !
ASKER
One of the best solution I got through EE :)
I have to hand it to blu on this one. He really nailed a tricky problem. Well done.
Thanks Tintin. I really appreciate it when a question author thanks me for the work I have done on their behalf. So, how much more meaningful it is to get the appreciation of my fellow experts as well. (smile)
ASKER