Solved

ssh rsa key issue in rhel5 and 6

Posted on 2013-05-22
9
749 Views
Last Modified: 2013-06-22
Hi

My machine rsa key is not working ....showing some kerberos issue while connecting via secure crt tool please help
0
Comment
Question by:apunkabollywood
  • 3
  • 2
9 Comments
 
LVL 20

Accepted Solution

by:
Daniel McAllister earned 400 total points
ID: 39189120
SecureCRT is an SSH tool. If it is reporting an RSA key failure, it is most likely because the RSA key being used at one end or the other has either been changed or has expired.

Suggest you look through the discussion at
http://forums.vandyke.com/archive/index.php/t-2185.html

The idea of an RSA key is that the two ends each have an encryption key that they use to talk to each other. If either key gets changed (or corrupted), or expires, then the connection is marked as invalid.

I hope the link is able to help...

Dan
IT4SOHO
0
 

Author Comment

by:apunkabollywood
ID: 39190143
This is the reason and log of trace option

[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,gssapi-with-mic,password]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-dss) - unsigned,fingerprint: 1a:ca:c8:c5:3e:f0:43:ad:f9:c8:41:3d:9d:28:e9:55]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,gssapi-with-mic,password]
[LOCAL] : SENT : USERAUTH_REQUEST [publickey (ssh-dss) - unsigned,agent,fingerprint: 1a:ca:c8:c5:3e:f0:43:ad:f9:c8:41:3d:9d:28:e9:55]
[LOCAL] : RECV : USERAUTH_FAILURE, continuations [publickey,gssapi-with-mic,password]
[LOCAL] : GSS SPN : host@server
[LOCAL] : [SSPI/1.2.840.113554.1.2.2] : Authentication could not be started.
[LOCAL] : [SSPI/1.2.840.113554.1.2.2] : The specified target is unknown or unreachable  
[LOCAL] : GSS : All available mechanisms failed.
[LOCAL] : SEND: Disconnect packet: Unable to authenticate using any of the configured authentication methods.  
[LOCAL] : Changing state from STATE_CONNECTION to STATE_SEND_DISCONNECT
[LOCAL] : RECV: TCP/IP close
[LOCAL] : Changing state from STATE_SEND_DISCONNECT to STATE_CLOSED
[LOCAL] : Connected for 15 seconds, 2603 bytes sent, 2436 bytes received
[LOCAL] : Stream has closed [CLOSE_TYPE_NONSPECIFIC] : The client has disconnected from the server.  Reason: Unable to authenticate using any of the configured authentication methods.  

The client has disconnected from the server.  Reason:
Unable to authenticate using any of the configured authentication methods.
0
 
LVL 20

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 400 total points
ID: 39190864
Is it possible you changed your password on one of the machines?
(some of the auth methods tried are sending the auth data on the local system to the remote one).

I'm also assuming you modified the part of the log file where it says you're trying to connect to "host@server" -- which isn't resolving on your source (ssh client) system.

Dan
IT4SOHO
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 5

Assisted Solution

by:1ly4me
1ly4me earned 100 total points
ID: 39193602
You might need some changes on sshd config file to allow remote ssh logins
0
 

Author Comment

by:apunkabollywood
ID: 39198680
i have tried changing password but no it doesnt work ...

@ 1ly4me could you pls list what changes i need to do in sshd config file to allow - i have tried most but still need to confirm
0
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 39268069
I am glad you found the problem... one thing to add for posterity (that I failed to think of earlier)... if you look through your log (/var/log/messages) you MAY find that your selinux is preventing the sshd daemon from accessing the /etc/passwd file, and thus all authentication may fail.

Dan
IT4SOHO
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now