Permission denied (publickey,keyboard-interactive).

  • Permalink
  • submit to reddit
  • Email
  • Follow


authenticating an user with ssh on AIX 5.3 64 bit machine.
configured with openssl-0.98e,openssh-4.5P1.(ALL from source file not
rpm package).

for eg) say
ssh -l hi 192.16.146.78
gives me this error
Permission denied (publickey,keyboard-interactive).

can any one provide a solution to this problem.

0
Reply kumaaraswamy (25) 5/10/2007 6:57:30 PM

See related articles to this posting

Hi,

It is always a good idea to start a second sshd on the server
of course in Debugmode on an other port, not as daemon, like

sshd -D -p22000 -d (-d -d as much as you like)

then do a ssh -v -p22000 on the client

now there should be enough Information to splve the problem.

regards

Volker



<kumaaraswamy@gmail.com> schrieb im Newsbeitrag 
news:1178823450.564954.35830@y80g2000hsf.googlegroups.com...
> authenticating an user with ssh on AIX 5.3 64 bit machine.
> configured with openssl-0.98e,openssh-4.5P1.(ALL from source file not
> rpm package).
>
> for eg) say
> ssh -l hi 192.16.146.78
> gives me this error
> Permission denied (publickey,keyboard-interactive).
>
> can any one provide a solution to this problem.
> 


0
Reply volkerg1 (4) 5/10/2007 7:19:23 PM

Volker,
Thanks for your help.

I have attached here with the logs (degug mode).
I am not able to fix the problem.
Kindly help to solve this problem.

bash-3.00# /usr/sbin/sshd -D -p19879 -ddd
debug2: load_server_config: filename /usr/etc/sshd_config
debug2: load_server_config: done config len = 281
debug2: parse_server_config: config /usr/etc/sshd_config len 281
debug3: /usr/etc/sshd_config:22 setting HostKey /usr/etc/
ssh_host_rsa_key
debug3: /usr/etc/sshd_config:23 setting HostKey /usr/etc/
ssh_host_dsa_key
debug3: /usr/etc/sshd_config:57 setting PasswordAuthentication no
debug3: /usr/etc/sshd_config:83 setting UsePAM yes
debug3: /usr/etc/sshd_config:95 setting UsePrivilegeSeparation no
debug3: /usr/etc/sshd_config:109 setting Subsystem sftp /usr/libexec/
sftp-server
debug1: sshd version OpenSSH_4.5p1
debug3: Not a RSA1 key file /usr/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /usr/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
Disabling protocol version 1. Could not load host key
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-p19879'
debug1: rexec_argv[3]='-ddd'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 19879 on 0.0.0.0.
Server listening on 0.0.0.0 port 19879.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 19879 on ::.
Bind to port 19879 on :: failed: Address already in use.
debug1: fd 4 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 281
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 172.16.146.210 port 32847
debug1: Client protocol version 2.0; client software version
OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug2: fd 3 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
hellman-g
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-
sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
hellman-g
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-
sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 130/256
debug2: bits set: 509/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 497/1024
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user ji service ssh-connection method
none
debug1: attempt 0 failures 0
debug3: Trying to reverse map address 172.16.146.210.
debug2: parse_server_config: config reprocess config len 281
debug3: AIX/loginrestrictions returned 0 msg (none)
debug2: input_userauth_request: setting up authctxt for ji
debug1: PAM: initializing for "ji"
debug1: PAM: setting PAM_RHOST to "csm100.pam.com"
debug2: input_userauth_request: try method none
Failed none for ji from 172.16.146.210 port 32847 ssh2
debug1: userauth-request for user ji service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 204/0 (e=0/0)
debug1: trying public key file /home/ji/.ssh/authorized_keys
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 204/0 (e=0/0)
debug1: trying public key file /home/ji/.ssh/authorized_keys2
debug1: restore_uid: 0/0
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Failed publickey for ji from 172.16.146.210 port 32847 ssh2
debug1: userauth-request for user ji service ssh-connection method
keyboard-inte
ractive
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=ji devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: PAM: sshpam_init_ctx entering
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
debug3: PAM: sshpam_thread_conv entering, 1 messages
debug3: ssh_msg_send: type 1
debug3: ssh_msg_recv entering
Postponed keyboard-interactive for ji from 172.16.146.210 port 32847
ssh2
debug2: PAM: sshpam_respond entering, 1 responses
debug3: ssh_msg_send: type 6
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
debug1: do_pam_account: called
debug3: PAM: do_pam_account pam_acct_mgmt = 17 (User account has
expired)
debug3: ssh_msg_send: type 17
debug3: PAM: User account has expired
PAM: User account has expired for ji from csm100.pam.com
debug2: auth2_challenge_start: devices <empty>
debug3: PAM: sshpam_free_ctx entering
debug3: PAM: sshpam_thread_cleanup entering
Failed keyboard-interactive/pam for ji from 172.16.146.210 port 32847
ssh2
debug3: AIX/setauthdb set registry 'files'
debug3: aix_restoreauthdb: restoring old registry ''
debug1: userauth-request for user ji service ssh-connection method
keyboard-inte
ractive
debug1: attempt 3 failures 3
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=ji devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: PAM: sshpam_init_ctx entering
Failed keyboard-interactive for ji from 172.16.146.210 port 32847 ssh2
debug3: AIX/setauthdb set registry 'files'
debug3: aix_restoreauthdb: restoring old registry ''
debug1: userauth-request for user ji service ssh-connection method
keyboard-inte
ractive
debug1: attempt 4 failures 4
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=ji devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: PAM: sshpam_init_ctx entering
Failed keyboard-interactive for ji from 172.16.146.210 port 32847 ssh2
debug3: AIX/setauthdb set registry 'files'
debug3: aix_restoreauthdb: restoring old registry ''
Connection closed by 172.16.146.210
debug1: do_cleanup
bash-3.00#


0
Reply kumaaraswamy (25) 5/11/2007 5:40:05 PM

Hi,

> usr/etc/sshd_config:57 setting PasswordAuthentication no

looks a little strange.
How do you want to login?
With a public key?
If you want to login with password set it to "yes"
Try this at first

If you use PAM, what kind of Authentication do you want to use?

> debug3: PAM: do_pam_account pam_acct_mgmt = 17 (User account has
> expired)
> debug3: ssh_msg_send: type 17
> debug3: PAM: User account has expired
> PAM: User account has expired for ji from csm100.pam.com

seems like your Account has expired??

hth

regards

volker

<kumaaraswamy@gmail.com> schrieb im Newsbeitrag 
news:1178905205.885549.55360@o5g2000hsb.googlegroups.com...
> Volker,
> Thanks for your help.
>
> I have attached here with the logs (degug mode).
> I am not able to fix the problem.
> Kindly help to solve this problem.
>
> bash-3.00# /usr/sbin/sshd -D -p19879 -ddd
> debug2: load_server_config: filename /usr/etc/sshd_config
> debug2: load_server_config: done config len = 281
> debug2: parse_server_config: config /usr/etc/sshd_config len 281
> debug3: /usr/etc/sshd_config:22 setting HostKey /usr/etc/
> ssh_host_rsa_key
> debug3: /usr/etc/sshd_config:23 setting HostKey /usr/etc/
> ssh_host_dsa_key
> debug3: /usr/etc/sshd_config:57 setting PasswordAuthentication no
> debug3: /usr/etc/sshd_config:83 setting UsePAM yes
> debug3: /usr/etc/sshd_config:95 setting UsePrivilegeSeparation no
> debug3: /usr/etc/sshd_config:109 setting Subsystem sftp /usr/libexec/
> sftp-server
> debug1: sshd version OpenSSH_4.5p1
> debug3: Not a RSA1 key file /usr/etc/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> debug3: Not a RSA1 key file /usr/etc/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> Disabling protocol version 1. Could not load host key
> debug1: rexec_argv[0]='/usr/sbin/sshd'
> debug1: rexec_argv[1]='-D'
> debug1: rexec_argv[2]='-p19879'
> debug1: rexec_argv[3]='-ddd'
> debug2: fd 3 setting O_NONBLOCK
> debug1: Bind to port 19879 on 0.0.0.0.
> Server listening on 0.0.0.0 port 19879.
> debug2: fd 4 setting O_NONBLOCK
> debug1: Bind to port 19879 on ::.
> Bind to port 19879 on :: failed: Address already in use.
> debug1: fd 4 clearing O_NONBLOCK
> debug1: Server will not fork when running in debugging mode.
> debug3: send_rexec_state: entering fd = 7 config len 281
> debug3: ssh_msg_send: type 0
> debug3: send_rexec_state: done
> debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
> debug1: inetd sockets after dupping: 3, 3
> Connection from 172.16.146.210 port 32847
> debug1: Client protocol version 2.0; client software version
> OpenSSH_4.5
> debug1: match: OpenSSH_4.5 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.5
> debug2: fd 3 setting O_NONBLOCK
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
> hellman-g
> roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-
> sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour1
> 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc@lysator.liu.se,aes128-c
> tr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour1
> 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc@lysator.liu.se,aes128-c
> tr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
> ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
> ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib@openssh.com
> debug2: kex_parse_kexinit: none,zlib@openssh.com
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
> hellman-g
> roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-
> sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour1
> 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc@lysator.liu.se,aes128-c
> tr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour1
> 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc@lysator.liu.se,aes128-c
> tr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
> ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
> ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug2: dh_gen_key: priv key bits set: 130/256
> debug2: bits set: 509/1024
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug2: bits set: 497/1024
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user ji service ssh-connection method
> none
> debug1: attempt 0 failures 0
> debug3: Trying to reverse map address 172.16.146.210.
> debug2: parse_server_config: config reprocess config len 281
> debug3: AIX/loginrestrictions returned 0 msg (none)
> debug2: input_userauth_request: setting up authctxt for ji
> debug1: PAM: initializing for "ji"
> debug1: PAM: setting PAM_RHOST to "csm100.pam.com"
> debug2: input_userauth_request: try method none
> Failed none for ji from 172.16.146.210 port 32847 ssh2
> debug1: userauth-request for user ji service ssh-connection method
> publickey
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method publickey
> debug1: test whether pkalg/pkblob are acceptable
> debug1: temporarily_use_uid: 204/0 (e=0/0)
> debug1: trying public key file /home/ji/.ssh/authorized_keys
> debug1: restore_uid: 0/0
> debug1: temporarily_use_uid: 204/0 (e=0/0)
> debug1: trying public key file /home/ji/.ssh/authorized_keys2
> debug1: restore_uid: 0/0
> debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
> Failed publickey for ji from 172.16.146.210 port 32847 ssh2
> debug1: userauth-request for user ji service ssh-connection method
> keyboard-inte
> ractive
> debug1: attempt 2 failures 2
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=ji devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> debug3: PAM: sshpam_init_ctx entering
> debug3: PAM: sshpam_query entering
> debug3: ssh_msg_recv entering
> debug3: PAM: sshpam_thread_conv entering, 1 messages
> debug3: ssh_msg_send: type 1
> debug3: ssh_msg_recv entering
> Postponed keyboard-interactive for ji from 172.16.146.210 port 32847
> ssh2
> debug2: PAM: sshpam_respond entering, 1 responses
> debug3: ssh_msg_send: type 6
> debug3: PAM: sshpam_query entering
> debug3: ssh_msg_recv entering
> debug1: do_pam_account: called
> debug3: PAM: do_pam_account pam_acct_mgmt = 17 (User account has
> expired)
> debug3: ssh_msg_send: type 17
> debug3: PAM: User account has expired
> PAM: User account has expired for ji from csm100.pam.com
> debug2: auth2_challenge_start: devices <empty>
> debug3: PAM: sshpam_free_ctx entering
> debug3: PAM: sshpam_thread_cleanup entering
> Failed keyboard-interactive/pam for ji from 172.16.146.210 port 32847
> ssh2
> debug3: AIX/setauthdb set registry 'files'
> debug3: aix_restoreauthdb: restoring old registry ''
> debug1: userauth-request for user ji service ssh-connection method
> keyboard-inte
> ractive
> debug1: attempt 3 failures 3
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=ji devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> debug3: PAM: sshpam_init_ctx entering
> Failed keyboard-interactive for ji from 172.16.146.210 port 32847 ssh2
> debug3: AIX/setauthdb set registry 'files'
> debug3: aix_restoreauthdb: restoring old registry ''
> debug1: userauth-request for user ji service ssh-connection method
> keyboard-inte
> ractive
> debug1: attempt 4 failures 4
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=ji devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> debug3: PAM: sshpam_init_ctx entering
> Failed keyboard-interactive for ji from 172.16.146.210 port 32847 ssh2
> debug3: AIX/setauthdb set registry 'files'
> debug3: aix_restoreauthdb: restoring old registry ''
> Connection closed by 172.16.146.210
> debug1: do_cleanup
> bash-3.00#
>
> 


0
Reply volkerg1 (4) 5/11/2007 6:03:29 PM

Hi,

I want to login with a public key.
I have a PAM Agent software installed so I have to set
PaaswordAuthentication to "yes"
Authentication should be directed to the PAM Agent software.

I want to use SSH,SFTP and SCP authentication with my configuration.

I need some guidance to configure PAM with Openssh (from source not as
RPM Packages).
I have configured gcc, then zlib 1.2.3,open ssl 0.98e and then open
ssh 4.5p1 with my setup.
please provide me the steps in detail how to configure openssh from
source (how to configure with what option inorder to work with PAM) in
a much detail way.

Thanks,
Kumar

0
Reply kumaaraswamy (25) 5/11/2007 6:57:26 PM

Hi,

maybe you should try

comp.security.ssh

there should be better help with ssh and PAM.

regards

volker


<kumaaraswamy@gmail.com> schrieb im Newsbeitrag 
news:1178909846.669482.132760@h2g2000hsg.googlegroups.com...
> Hi,
>
> I want to login with a public key.
> I have a PAM Agent software installed so I have to set
> PaaswordAuthentication to "yes"
> Authentication should be directed to the PAM Agent software.
>
> I want to use SSH,SFTP and SCP authentication with my configuration.
>
> I need some guidance to configure PAM with Openssh (from source not as
> RPM Packages).
> I have configured gcc, then zlib 1.2.3,open ssl 0.98e and then open
> ssh 4.5p1 with my setup.
> please provide me the steps in detail how to configure openssh from
> source (how to configure with what option inorder to work with PAM) in
> a much detail way.
>
> Thanks,
> Kumar
> 


0
Reply volkerg1 (4) 5/11/2007 8:05:56 PM

On 2007-05-11, kumaaraswamy@gmail.com <kumaaraswamy@gmail.com> wrote:
> I want to login with a public key.
> I have a PAM Agent software installed so I have to set
> PaaswordAuthentication to "yes"
> Authentication should be directed to the PAM Agent software.

I'm a bit rusty on SSH and PAM, but where do you set Password-
Authentication? If it's in sshd_config, why set it to 'yes',
if you want keyed authentification?
I'd do a step by step debug process to isolate the problem:
 - get your account setup correctly, i.e. make sure it's not
   locked and you can actually login. Check you can login from
   remote, e.g. via telnet.
 - get SSH with passwords working without PAM.
 - get SSH with keys working without PAM.
 - get PAM involved.

> I want to use SSH,SFTP and SCP authentication with my configuration.
>
> I need some guidance to configure PAM with Openssh (from source not as
> RPM Packages).
> I have configured gcc, then zlib 1.2.3,open ssl 0.98e and then open
> ssh 4.5p1 with my setup.
> please provide me the steps in detail how to configure openssh from
> source (how to configure with what option inorder to work with PAM) in
> a much detail way.

Honestly, you're providing very little information to get
any real help here. I'd suggest you start on reading how
to setup SSH here: http://www.openssh.org

Regards,

	Frank
0
Reply fra.nospam.nk (321) 5/11/2007 10:16:15 PM

Thanks for your help.

I will refer Openssh.org

0
Reply kumaaraswamy (25) 5/14/2007 10:23:44 AM
comp.unix.aix 10874 articles. 5 followers. Post

7 Replies
124 Views

Similar Articles

[PageSpeed] 26

  • Permalink
  • submit to reddit
  • Email
  • Follow


Reply:

Similar Artilces:

Permission denied (publickey,keyboard-interactive)
I installed rwsync server inluding openssh server on windows vista. On 192.168.0.198, I installed centos 5. At centos, I made key with "ssh-keygen -t rsa", and copied tester_backup.pub to vista's opensshd. VIsta's folders :: /cygdrive/f/dmserver_backup/cwRsyncServer/bin /cygdrive/f/dmserver_backup/cwRsyncServer/var/SvcwRsync/.ssh And, vista's sshd_config is as follows; # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options ...

Permission denied (publickey,keyboard-interactive). #2
Hi, I try to use ssh but I receive the message quote in the title. After reading the mailing list, I ckecked theses points : in sshd_config, I have PermitRootLogin yes my /dev/tty doesn't have a problem because I can say yes when ssh ask me : "Are you sure you want to continue connecting (yes/no)?" When I make a test with 'ssh -vvv root@127.0.0.1' I have : OpenSSH_3.9p1, OpenSSL 0.9.7g 11 Apr 2005 debug2: ssh_connect: needpriv 0 debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity fi...

Permission denied (publickey,password,keyboard-interactive)
I've installed OpenSSH_3.7p1, SSH protocols 1.5/2.0, OpenSSL 0.9.6c 21 dec 2001 on two Slackware systems (one kernel 2.4.5, the other 2.4.18) and continue to get "Permission denied (publickey, password, keyboard-interactive)" on both machines when trying to connect to one another -- I should note that both machines can connect to SSH on machines in the "outside world" with no problems. OpenSSH was configured with the default; i.e., ./configure, no arguments, and I've left my ssh_config and sshd_config files as they were for previous installations that worked...

Permission denied (publickey) using sftp
Hi all, I'm receiving the above error message when attempting to sftp to an external (outside my local network) host. My system is hpux 11.0 running a precompiled binary version of openssh. The external host is running windows 2000 and the commercial version of SSH 3.2.0 (I think). I have internal hosts that use password authentication that I can sftp to just fine. I get the following output from "sftp -v <host>": $ sftp -v ftp.nowcom.com Connecting to ftp.nowcom.com... OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090609f 2756: debug1: Reading configuration data /...

ORA-12546: TNS:permission denied / telnet: socket: Permission denied
I just want to share my tricky problem we had today. We noticed users not able to login to SQL plus or telnet from them box. Everything else was working fine. You can ftp / login / rlogin etc. Nothing was changed and no new software was installed. We rebooted the server that did not help. Finally we found that it is a permission problem on device file crw-rw-rw- 1 root sys 42, 0 Jan 10 16:15 tcp@0:tcp make sure you have read permission. Thakns Siva ...

ORA-12546: TNS:permission denied / telnet: socket: Permission denied #2
I just want to share my tricky problem we had today. We noticed users not able to login to SQL plus or telnet from them box. Everything else was working fine. You can ftp / login / rlogin etc. Nothing was changed and no new software was installed. We rebooted the server that did not help. Finally we found that it is a permission problem on device file /dev/tcp /devices/pseudo crw-rw-rw- 1 root sys 42, 0 Jan 10 16:15 tcp@0:tcp make sure you have read permission. Thakns Siva ...

rsync: failed to set permissions, Permission denied (13)
ftpd.exe & monitor.exe both exist at the source & dest, though they are the same date/timestamp, so they would not normally be copied. From the luckybackup log last night: <a name="error3"></a><font color=red>rsync: failed to set permissions on "U:/ftpserver/ftpd.exe": Permission denied (13) rsync: failed to set permissions on "U:/ftpserver/monitor.exe": Permission denied (13) Just these two files. Now, the source files were in use, but the dest files are not, and I don't understand this message. -- Regards, Al...

Permission Denied
Since the latest round of hot fixes several of my pages that use frames have started throwing permission denied. They seem to occur when I try to manipulate the content of one frame from another, or from a popup window. Both frames are running on the same server however they use different BASE HREF tags. Any ideas? Workarounds? It only happens with Internet Explorer, Mozilla/Firefox work wonderfully. This is probably IE's cross-frame browser security kicking in, perhaps the security of the browser you're using to view the site has been increased. There are a couple settings for cross-...