SSH problem in Solaris 10

Just want to add a point, that am able to connect from an one other server using the Same private key but not from the server we want (it is Bigmomma).

Firstly, let's clear up some confusion.  You are *not* connecting to a FTP server, you are connecting to a ssh server (using the sftp subsystem).

On bigmomma, if you temporarily remove your ssh key and try to connect, do you still get the same disconnect message?

Tintin, I created a new user and tried by connecting it. But it gives "Permission denied" error.  I didn't copy the Public Key in .ssh folder.

rdraj@bigmomma.travelclick.net$ sftp TRAVLB1O@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
The authenticity of host 'elink-sshftp.bankofamerica.com (171.161.160.130)' can't be established.
RSA key fingerprint is 7b:5a:f0:04:8e:48:a4:bc:bd:46:e8:3d:1f:c2:44:55.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'elink-sshftp.bankofamerica.com,171.161.160.130' (RSA) to the list of known hosts.
Permission denied (publickey,keyboard-interactive).
Connection closed
rdraj@bigmomma.travelclick.net$ ls -la
total 16
drwxr-xr-x   4 rdraj    other        512 Nov 12 14:43 .
drwxr-xr-x  41 root     root        1024 Nov 12 14:42 ..
-rw-r--r--   1 rdraj    other        144 Nov 12 14:42 .profile
drwx------   2 rdraj    other        512 Nov 12 14:43 .ssh
drwx------   3 rdraj    other        512 Nov 12 14:43 .sunw
-rw-r--r--   1 rdraj    other        136 Nov 12 14:42 local.cshrc
-rw-r--r--   1 rdraj    other        157 Nov 12 14:42 local.login
-rw-r--r--   1 rdraj    other        174 Nov 12 14:42 local.profile
rdraj@bigmomma.travelclick.net$ cd .ssh
rdraj@bigmomma.travelclick.net$ ls
known_hosts
rdraj@bigmomma.travelclick.net$

If you didn't get a password prompt, it sounds like the other end is configured to only allow certain hosts/keys etc (as it should).

Tintin,  Now I tried with the same user which i trying before. After clearing the id_rsa key, i tried to connect and it asks to Enter the passphrase as shown below:

arcashuser@bigmomma.travelclick.net$ sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
Enter passphrase for key '/users/arcashuser/.ssh/id_rsa':
Permission denied (publickey,keyboard-interactive).
Connection closed
arcashuser@bigmomma.travelclick.net$

Yes Tintin, as you said we have already generated the public-private pair and given the Public key to our customer. They have added that Public key in their application, by which it restrict connection to happen only between the Public & Private pair we generated before.

Using the same private key, we are able to establish a SFTP session from couple of servers but Not from the server bigmomma (production server). It throws the error "Unsupported request (env)" as shown below:

arcashuser@bigmomma.travelclick.net$ sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
Received disconnect from 171.161.160.130: 7: Unsupported request (env).
Connection closed
arcashuser@bigmomma.travelclick.net$

Just a thought:  Do we need to upgrade the SSH package in Bigmomma server ?  Because it says something related to ENV settings.

What's the result of

ssh -v

on both of your servers.

One it is working:
dev2_app@/users/dev2_app/.ssh> ssh -v
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

dev2_app@/users/dev2_app/.ssh> sftp TRAVLARI@elink-sshftp.bankofamerica.com
Connecting to elink-sshftp.bankofamerica.com...
sftp>


Not working:
arcashuser@bigmomma.travelclick.net$ ssh -v
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

Both looks similar :(

Tintin, Thanks for your help!  But now can I presume there is no solution for this problem?

The only other thing I can suggest is to contact the admin of the remote server and ask them if they have any IP based restrictions on their side.

I don't think you should give up yet.

Do this. First, put the keys back the way they are supposed to be, so that you have the same keys on both the working and failing systems. Then run the sftp commands again, but this time add two "-v" flags to the command line. Compare the output of both. If you still don't see the solution, post the results here.

I don't think you are getting hosts based restrictions per se, but it may be possible that only certain hosts will allowed with certain keys. However, I am not convinced that this is happening in your case.

what is remote server model ? did they allowing sftp incoming.. this is must check at server configurarion.

else

if one account is working and one account is not working in same server. go to .ssh directory and file name "known_hosts" remove the entries for connecting host related and try.

if still facing issues.. exchange new keys and remove known_hosts entries.. and try



that's all

You are clearly connecting and engaging in the SSH protocol, so there is no firewall or tcp wrapper that is preventing the connection based on your IP address alone. There is a method in ssh that allows a server to accept a particular key only from a particular set of hosts, but that method does not end in an "Unsupported request" error, it ends in the "Permission denied" error you got from the user when you tried the wrong keys.

So, the problem seems to be some kind of real error that is resulting in the "unsupported request: (env)". This error is passed by ssh verbatim from what it received from the server. It is not a possible error from the Sun supplied ssh, so I am having trouble tracking down exactly what it means. It seems to dislike something about the environment variables, so you could look at the .ssh/environment file, if any, on the two systems. Also, try running the sftp command as I said above, with two '-v' flags, but also run the command under the "env -" command, which clears the environment variable from the user.

Blu, Here by am attaching the SFTP results of both. Thanks for your help.
Output---Working.doc
Output---Not-Working.doc

Hi Blu / Tintin,  I don't know how to thankyou for helping me to fix this problem.  Yes, it works great :)

Blu, You are clearly to the point and identified the root cause. As you said, I unset all those ENV variable and tried and it connected. Believe me, this issue is pending for more than 2 weeks time.

Here the results:

arcashuser@bigmomma.travelclick.net$

arcashuser@bigmomma.travelclick.net$ echo $LC_CTYPE

en_US.ISO8859-1

arcashuser@bigmomma.travelclick.net$ unset LC_CTYPE

arcashuser@bigmomma.travelclick.net$ echo $LC_COLLATE

en_US.ISO8859-15

arcashuser@bigmomma.travelclick.net$ unset LC_COLLATE

arcashuser@bigmomma.travelclick.net$ echo $LC_NUMERIC

en_US.ISO8859-15

arcashuser@bigmomma.travelclick.net$ unset LC_NUMERIC

arcashuser@bigmomma.travelclick.net$ echo $LC_MONETARY

en_US.ISO8859-15

arcashuser@bigmomma.travelclick.net$ unset LC_MONETARY

arcashuser@bigmomma.travelclick.net$ echo $LC_MESSAGES

C

arcashuser@bigmomma.travelclick.net$ unset LC_MESSAGES

arcashuser@bigmomma.travelclick.net$ sftp TRAVLARI@elink-sshftp.bankofamerica.com

Connecting to elink-sshftp.bankofamerica.com...

sftp>


Thanks again.......You guys are great !

One of the best solution I got through EE :)

I have to hand it to blu on this one.  He really nailed a tricky  problem.  Well done.

Thanks Tintin. I really appreciate it when a question author thanks me for the work I have done on their behalf. So, how much more meaningful it is to get the appreciation of my fellow experts as well. (smile)