Matthew Roessner
asked on
SSH - Access Denied via Putty
When I attempt to log in to my iSeries server via Putty (Port 22) - I am connected to the server, but when I attempt to log in, I get "Access Denied"
I compared my SSHD_CONFIG to other systems and everything appears to be the same.
I verified that other users get the same thing - so this is not related to any specific user...
Any assistance would be much appreciated.
I compared my SSHD_CONFIG to other systems and everything appears to be the same.
I verified that other users get the same thing - so this is not related to any specific user...
Any assistance would be much appreciated.
ASKER
I set up logging as you indicated - but even after resetarting SSH - the logs are clear. I set the logging level as DEBUG in the /QOpenSys/QIBM/UserData/SC 1/OpenSSH/ etc/sshd_c onfig file
Please post your sshd_config file - after masking anything confidential..
ASKER
Uploaded SSHD_CONFIG.txt
sshd_config.txt
sshd_config.txt
You should configure Putty to log. That would get better info about the reason.
From the PuTTY Configuration, in the left pane, click on Logging under Session.
On the right, ensure Log all session output or Log SSH packet data is selected.
Note the path to the log file which needs to be sent along with sshd logs.
If you used ssh from linux or Mac just add -vvv (3 v) and you'll see verbose output.
From the PuTTY Configuration, in the left pane, click on Logging under Session.
On the right, ensure Log all session output or Log SSH packet data is selected.
Note the path to the log file which needs to be sent along with sshd logs.
If you used ssh from linux or Mac just add -vvv (3 v) and you'll see verbose output.
ASKER
I attached the putty.log output but there isn't much in it...
Still don't see anything in my log file...
putty.log
Still don't see anything in my log file...
putty.log
Did you ensure that you are logging all session output?
Enable syslog logging in your sshd_conf. Uncomment this:
#SyslogFacility AUTH
Then restart sshd.
#SyslogFacility AUTH
Then restart sshd.
Tip: Debugging ssh tends to be tough, as simple things cause problems.
Ensure your key file permission is set to user access only, so all other access off. Linux equivalent is...
If you still have problems here's a quick way to find the root cause quickly.
1) In one window connected to your server...
2) In another window connect to your new sshd instance...
3) Compare the output of both windows + likely you'll immediately see the problem.
Ensure your key file permission is set to user access only, so all other access off. Linux equivalent is...
chmod 600 .../your-key-directory/your-key.rsa
If you still have problems here's a quick way to find the root cause quickly.
1) In one window connected to your server...
/usr/sbin/sshd -p 55555 -D -ddd -e
2) In another window connect to your new sshd instance...
ssh -vvv -2 -4 -p 55555 -i .../your-key-directory/your-key.rsa $user@host
3) Compare the output of both windows + likely you'll immediately see the problem.
ASKER
I removed the comment from the SyslogFacility AUTH and then restarted SSHD
After attempting to connect in Putty again, I still do not see anything in my sshlog.ext file that I set up in the logging config. And I ensured that my Putty logging was set to log all session activity and it shows just what I see on screen (which is basically just an Access Denied message)
After attempting to connect in Putty again, I still do not see anything in my sshlog.ext file that I set up in the logging config. And I ensured that my Putty logging was set to log all session activity and it shows just what I see on screen (which is basically just an Access Denied message)
Might be a good test to attempt connecting to your server using an actual ssh client (Linux or OSX machine).
This will tell you if you have a server side or client side problem.
You can always cut + paste output from both windows (per above) + post the output as attachments. Be sure to do this as text, not an image file.
This will tell you if you have a server side or client side problem.
You can always cut + paste output from both windows (per above) + post the output as attachments. Be sure to do this as text, not an image file.
ASKER
Unfortunately, I don't have access to either a Linux or OSX machine to test with
Then back to the 2x window test I described above, which will likely provide sufficient enough detail to debug the problem.
Hum... Also post the actual host or IP where you're trying to login. No way to test a full login + at least a port scan can be run to ensure sshd is listening correctly.
The window test above is best.
Hum... Also post the actual host or IP where you're trying to login. No way to test a full login + at least a port scan can be run to ensure sshd is listening correctly.
The window test above is best.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
https://www-01.ibm.com/support/docview.wss?uid=nas8N1014301
Post the log messages for a failed connection. You may want to temporarily increase the logging level configured in sshd config to produce a more detailed log.