Permission denied (publickey,keyboard-interactive).

  • Permalink
  • submit to reddit
  • Email
  • Follow


authenticating an user with ssh on AIX 5.3 64 bit machine.
configured with openssl-0.98e,openssh-4.5P1.(ALL from source file not
rpm package).

for eg) say
ssh -l hi 192.16.146.78
gives me this error
Permission denied (publickey,keyboard-interactive).

can any one provide a solution to this problem.

0
Reply kumaaraswamy (25) 5/10/2007 6:57:30 PM

See related articles to this posting


Hi,

It is always a good idea to start a second sshd on the server
of course in Debugmode on an other port, not as daemon, like

sshd -D -p22000 -d (-d -d as much as you like)

then do a ssh -v -p22000 on the client

now there should be enough Information to splve the problem.

regards

Volker



<kumaaraswamy@gmail.com> schrieb im Newsbeitrag 
news:1178823450.564954.35830@y80g2000hsf.googlegroups.com...
> authenticating an user with ssh on AIX 5.3 64 bit machine.
> configured with openssl-0.98e,openssh-4.5P1.(ALL from source file not
> rpm package).
>
> for eg) say
> ssh -l hi 192.16.146.78
> gives me this error
> Permission denied (publickey,keyboard-interactive).
>
> can any one provide a solution to this problem.
> 


0
Reply volkerg1 (4) 5/10/2007 7:19:23 PM

Volker,
Thanks for your help.

I have attached here with the logs (degug mode).
I am not able to fix the problem.
Kindly help to solve this problem.

bash-3.00# /usr/sbin/sshd -D -p19879 -ddd
debug2: load_server_config: filename /usr/etc/sshd_config
debug2: load_server_config: done config len = 281
debug2: parse_server_config: config /usr/etc/sshd_config len 281
debug3: /usr/etc/sshd_config:22 setting HostKey /usr/etc/
ssh_host_rsa_key
debug3: /usr/etc/sshd_config:23 setting HostKey /usr/etc/
ssh_host_dsa_key
debug3: /usr/etc/sshd_config:57 setting PasswordAuthentication no
debug3: /usr/etc/sshd_config:83 setting UsePAM yes
debug3: /usr/etc/sshd_config:95 setting UsePrivilegeSeparation no
debug3: /usr/etc/sshd_config:109 setting Subsystem sftp /usr/libexec/
sftp-server
debug1: sshd version OpenSSH_4.5p1
debug3: Not a RSA1 key file /usr/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /usr/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
Disabling protocol version 1. Could not load host key
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-p19879'
debug1: rexec_argv[3]='-ddd'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 19879 on 0.0.0.0.
Server listening on 0.0.0.0 port 19879.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 19879 on ::.
Bind to port 19879 on :: failed: Address already in use.
debug1: fd 4 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 281
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 172.16.146.210 port 32847
debug1: Client protocol version 2.0; client software version
OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug2: fd 3 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
hellman-g
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-
sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
hellman-g
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-
sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 130/256
debug2: bits set: 509/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 497/1024
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user ji service ssh-connection method
none
debug1: attempt 0 failures 0
debug3: Trying to reverse map address 172.16.146.210.
debug2: parse_server_config: config reprocess config len 281
debug3: AIX/loginrestrictions returned 0 msg (none)
debug2: input_userauth_request: setting up authctxt for ji
debug1: PAM: initializing for "ji"
debug1: PAM: setting PAM_RHOST to "csm100.pam.com"
debug2: input_userauth_request: try method none
Failed none for ji from 172.16.146.210 port 32847 ssh2
debug1: userauth-request for user ji service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 204/0 (e=0/0)
debug1: trying public key file /home/ji/.ssh/authorized_keys
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 204/0 (e=0/0)
debug1: trying public key file /home/ji/.ssh/authorized_keys2
debug1: restore_uid: 0/0
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Failed publickey for ji from 172.16.146.210 port 32847 ssh2
debug1: userauth-request for user ji service ssh-connection method
keyboard-inte
ractive
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=ji devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: PAM: sshpam_init_ctx entering
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
debug3: PAM: sshpam_thread_conv entering, 1 messages
debug3: ssh_msg_send: type 1
debug3: ssh_msg_recv entering
Postponed keyboard-interactive for ji from 172.16.146.210 port 32847
ssh2
debug2: PAM: sshpam_respond entering, 1 responses
debug3: ssh_msg_send: type 6
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
debug1: do_pam_account: called
debug3: PAM: do_pam_account pam_acct_mgmt = 17 (User account has
expired)
debug3: ssh_msg_send: type 17
debug3: PAM: User account has expired
PAM: User account has expired for ji from csm100.pam.com
debug2: auth2_challenge_start: devices <empty>
debug3: PAM: sshpam_free_ctx entering
debug3: PAM: sshpam_thread_cleanup entering
Failed keyboard-interactive/pam for ji from 172.16.146.210 port 32847
ssh2
debug3: AIX/setauthdb set registry 'files'
debug3: aix_restoreauthdb: restoring old registry ''
debug1: userauth-request for user ji service ssh-connection method
keyboard-inte
ractive
debug1: attempt 3 failures 3
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=ji devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: PAM: sshpam_init_ctx entering
Failed keyboard-interactive for ji from 172.16.146.210 port 32847 ssh2
debug3: AIX/setauthdb set registry 'files'
debug3: aix_restoreauthdb: restoring old registry ''
debug1: userauth-request for user ji service ssh-connection method
keyboard-inte
ractive
debug1: attempt 4 failures 4
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=ji devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: PAM: sshpam_init_ctx entering
Failed keyboard-interactive for ji from 172.16.146.210 port 32847 ssh2
debug3: AIX/setauthdb set registry 'files'
debug3: aix_restoreauthdb: restoring old registry ''
Connection closed by 172.16.146.210
debug1: do_cleanup
bash-3.00#


0
Reply kumaaraswamy (25) 5/11/2007 5:40:05 PM

Hi,

> usr/etc/sshd_config:57 setting PasswordAuthentication no

looks a little strange.
How do you want to login?
With a public key?
If you want to login with password set it to "yes"
Try this at first

If you use PAM, what kind of Authentication do you want to use?

> debug3: PAM: do_pam_account pam_acct_mgmt = 17 (User account has
> expired)
> debug3: ssh_msg_send: type 17
> debug3: PAM: User account has expired
> PAM: User account has expired for ji from csm100.pam.com

seems like your Account has expired??

hth

regards

volker

<kumaaraswamy@gmail.com> schrieb im Newsbeitrag 
news:1178905205.885549.55360@o5g2000hsb.googlegroups.com...
> Volker,
> Thanks for your help.
>
> I have attached here with the logs (degug mode).
> I am not able to fix the problem.
> Kindly help to solve this problem.
>
> bash-3.00# /usr/sbin/sshd -D -p19879 -ddd
> debug2: load_server_config: filename /usr/etc/sshd_config
> debug2: load_server_config: done config len = 281
> debug2: parse_server_config: config /usr/etc/sshd_config len 281
> debug3: /usr/etc/sshd_config:22 setting HostKey /usr/etc/
> ssh_host_rsa_key
> debug3: /usr/etc/sshd_config:23 setting HostKey /usr/etc/
> ssh_host_dsa_key
> debug3: /usr/etc/sshd_config:57 setting PasswordAuthentication no
> debug3: /usr/etc/sshd_config:83 setting UsePAM yes
> debug3: /usr/etc/sshd_config:95 setting UsePrivilegeSeparation no
> debug3: /usr/etc/sshd_config:109 setting Subsystem sftp /usr/libexec/
> sftp-server
> debug1: sshd version OpenSSH_4.5p1
> debug3: Not a RSA1 key file /usr/etc/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> debug3: Not a RSA1 key file /usr/etc/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> Disabling protocol version 1. Could not load host key
> debug1: rexec_argv[0]='/usr/sbin/sshd'
> debug1: rexec_argv[1]='-D'
> debug1: rexec_argv[2]='-p19879'
> debug1: rexec_argv[3]='-ddd'
> debug2: fd 3 setting O_NONBLOCK
> debug1: Bind to port 19879 on 0.0.0.0.
> Server listening on 0.0.0.0 port 19879.
> debug2: fd 4 setting O_NONBLOCK
> debug1: Bind to port 19879 on ::.
> Bind to port 19879 on :: failed: Address already in use.
> debug1: fd 4 clearing O_NONBLOCK
> debug1: Server will not fork when running in debugging mode.
> debug3: send_rexec_state: entering fd = 7 config len 281
> debug3: ssh_msg_send: type 0
> debug3: send_rexec_state: done
> debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
> debug1: inetd sockets after dupping: 3, 3
> Connection from 172.16.146.210 port 32847
> debug1: Client protocol version 2.0; client software version
> OpenSSH_4.5
> debug1: match: OpenSSH_4.5 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.5
> debug2: fd 3 setting O_NONBLOCK
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
> hellman-g
> roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-
> sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour1
> 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc@lysator.liu.se,aes128-c
> tr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour1
> 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc@lysator.liu.se,aes128-c
> tr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
> ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
> ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib@openssh.com
> debug2: kex_parse_kexinit: none,zlib@openssh.com
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
> hellman-g
> roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-
> sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour1
> 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc@lysator.liu.se,aes128-c
> tr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour1
> 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc@lysator.liu.se,aes128-c
> tr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
> ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
> ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug2: dh_gen_key: priv key bits set: 130/256
> debug2: bits set: 509/1024
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug2: bits set: 497/1024
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user ji service ssh-connection method
> none
> debug1: attempt 0 failures 0
> debug3: Trying to reverse map address 172.16.146.210.
> debug2: parse_server_config: config reprocess config len 281
> debug3: AIX/loginrestrictions returned 0 msg (none)
> debug2: input_userauth_request: setting up authctxt for ji
> debug1: PAM: initializing for "ji"
> debug1: PAM: setting PAM_RHOST to "csm100.pam.com"
> debug2: input_userauth_request: try method none
> Failed none for ji from 172.16.146.210 port 32847 ssh2
> debug1: userauth-request for user ji service ssh-connection method
> publickey
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method publickey
> debug1: test whether pkalg/pkblob are acceptable
> debug1: temporarily_use_uid: 204/0 (e=0/0)
> debug1: trying public key file /home/ji/.ssh/authorized_keys
> debug1: restore_uid: 0/0
> debug1: temporarily_use_uid: 204/0 (e=0/0)
> debug1: trying public key file /home/ji/.ssh/authorized_keys2
> debug1: restore_uid: 0/0
> debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
> Failed publickey for ji from 172.16.146.210 port 32847 ssh2
> debug1: userauth-request for user ji service ssh-connection method
> keyboard-inte
> ractive
> debug1: attempt 2 failures 2
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=ji devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> debug3: PAM: sshpam_init_ctx entering
> debug3: PAM: sshpam_query entering
> debug3: ssh_msg_recv entering
> debug3: PAM: sshpam_thread_conv entering, 1 messages
> debug3: ssh_msg_send: type 1
> debug3: ssh_msg_recv entering
> Postponed keyboard-interactive for ji from 172.16.146.210 port 32847
> ssh2
> debug2: PAM: sshpam_respond entering, 1 responses
> debug3: ssh_msg_send: type 6
> debug3: PAM: sshpam_query entering
> debug3: ssh_msg_recv entering
> debug1: do_pam_account: called
> debug3: PAM: do_pam_account pam_acct_mgmt = 17 (User account has
> expired)
> debug3: ssh_msg_send: type 17
> debug3: PAM: User account has expired
> PAM: User account has expired for ji from csm100.pam.com
> debug2: auth2_challenge_start: devices <empty>
> debug3: PAM: sshpam_free_ctx entering
> debug3: PAM: sshpam_thread_cleanup entering
> Failed keyboard-interactive/pam for ji from 172.16.146.210 port 32847
> ssh2
> debug3: AIX/setauthdb set registry 'files'
> debug3: aix_restoreauthdb: restoring old registry ''
> debug1: userauth-request for user ji service ssh-connection method
> keyboard-inte
> ractive
> debug1: attempt 3 failures 3
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=ji devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> debug3: PAM: sshpam_init_ctx entering
> Failed keyboard-interactive for ji from 172.16.146.210 port 32847 ssh2
> debug3: AIX/setauthdb set registry 'files'
> debug3: aix_restoreauthdb: restoring old registry ''
> debug1: userauth-request for user ji service ssh-connection method
> keyboard-inte
> ractive
> debug1: attempt 4 failures 4
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=ji devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> debug3: PAM: sshpam_init_ctx entering
> Failed keyboard-interactive for ji from 172.16.146.210 port 32847 ssh2
> debug3: AIX/setauthdb set registry 'files'
> debug3: aix_restoreauthdb: restoring old registry ''
> Connection closed by 172.16.146.210
> debug1: do_cleanup
> bash-3.00#
>
> 


0
Reply volkerg1 (4) 5/11/2007 6:03:29 PM

Hi,

I want to login with a public key.
I have a PAM Agent software installed so I have to set
PaaswordAuthentication to "yes"
Authentication should be directed to the PAM Agent software.

I want to use SSH,SFTP and SCP authentication with my configuration.

I need some guidance to configure PAM with Openssh (from source not as
RPM Packages).
I have configured gcc, then zlib 1.2.3,open ssl 0.98e and then open
ssh 4.5p1 with my setup.
please provide me the steps in detail how to configure openssh from
source (how to configure with what option inorder to work with PAM) in
a much detail way.

Thanks,
Kumar

0
Reply kumaaraswamy (25) 5/11/2007 6:57:26 PM

Hi,

maybe you should try

comp.security.ssh

there should be better help with ssh and PAM.

regards

volker


<kumaaraswamy@gmail.com> schrieb im Newsbeitrag 
news:1178909846.669482.132760@h2g2000hsg.googlegroups.com...
> Hi,
>
> I want to login with a public key.
> I have a PAM Agent software installed so I have to set
> PaaswordAuthentication to "yes"
> Authentication should be directed to the PAM Agent software.
>
> I want to use SSH,SFTP and SCP authentication with my configuration.
>
> I need some guidance to configure PAM with Openssh (from source not as
> RPM Packages).
> I have configured gcc, then zlib 1.2.3,open ssl 0.98e and then open
> ssh 4.5p1 with my setup.
> please provide me the steps in detail how to configure openssh from
> source (how to configure with what option inorder to work with PAM) in
> a much detail way.
>
> Thanks,
> Kumar
> 


0
Reply volkerg1 (4) 5/11/2007 8:05:56 PM

On 2007-05-11, kumaaraswamy@gmail.com <kumaaraswamy@gmail.com> wrote:
> I want to login with a public key.
> I have a PAM Agent software installed so I have to set
> PaaswordAuthentication to "yes"
> Authentication should be directed to the PAM Agent software.

I'm a bit rusty on SSH and PAM, but where do you set Password-
Authentication? If it's in sshd_config, why set it to 'yes',
if you want keyed authentification?
I'd do a step by step debug process to isolate the problem:
 - get your account setup correctly, i.e. make sure it's not
   locked and you can actually login. Check you can login from
   remote, e.g. via telnet.
 - get SSH with passwords working without PAM.
 - get SSH with keys working without PAM.
 - get PAM involved.

> I want to use SSH,SFTP and SCP authentication with my configuration.
>
> I need some guidance to configure PAM with Openssh (from source not as
> RPM Packages).
> I have configured gcc, then zlib 1.2.3,open ssl 0.98e and then open
> ssh 4.5p1 with my setup.
> please provide me the steps in detail how to configure openssh from
> source (how to configure with what option inorder to work with PAM) in
> a much detail way.

Honestly, you're providing very little information to get
any real help here. I'd suggest you start on reading how
to setup SSH here: http://www.openssh.org

Regards,

	Frank
0
Reply fra.nospam.nk (321) 5/11/2007 10:16:15 PM

Thanks for your help.

I will refer Openssh.org

0
Reply kumaaraswamy (25) 5/14/2007 10:23:44 AM
comp.unix.aix 10892 articles. 6 followers. Post

7 Replies
293 Views

Similar Articles

[PageSpeed] 3


  • Permalink
  • submit to reddit
  • Email
  • Follow


Reply:

Similar Artilces:

Permission denied (publickey,keyboard-interactive)
I installed rwsync server inluding openssh server on windows vista. On 192.168.0.198, I installed centos 5. At centos, I made key with "ssh-keygen -t rsa", and copied tester_backup.pub to vista's opensshd. VIsta's folders :: /cygdrive/f/dmserver_backup/cwRsyncServer/bin /cygdrive/f/dmserver_backup/cwRsyncServer/var/SvcwRsync/.ssh And, vista's sshd_config is as follows; # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options ...

Permission denied (publickey,keyboard-interactive). #2
Hi, I try to use ssh but I receive the message quote in the title. After reading the mailing list, I ckecked theses points : in sshd_config, I have PermitRootLogin yes my /dev/tty doesn't have a problem because I can say yes when ssh ask me : "Are you sure you want to continue connecting (yes/no)?" When I make a test with 'ssh -vvv root@127.0.0.1' I have : OpenSSH_3.9p1, OpenSSL 0.9.7g 11 Apr 2005 debug2: ssh_connect: needpriv 0 debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity fi...

Permission denied (publickey,password,keyboard-interactive)
I've installed OpenSSH_3.7p1, SSH protocols 1.5/2.0, OpenSSL 0.9.6c 21 dec 2001 on two Slackware systems (one kernel 2.4.5, the other 2.4.18) and continue to get "Permission denied (publickey, password, keyboard-interactive)" on both machines when trying to connect to one another -- I should note that both machines can connect to SSH on machines in the "outside world" with no problems. OpenSSH was configured with the default; i.e., ./configure, no arguments, and I've left my ssh_config and sshd_config files as they were for previous installations that worked...

ORA-12546: TNS:permission denied / telnet: socket: Permission denied
I just want to share my tricky problem we had today. We noticed users not able to login to SQL plus or telnet from them box. Everything else was working fine. You can ftp / login / rlogin etc. Nothing was changed and no new software was installed. We rebooted the server that did not help. Finally we found that it is a permission problem on device file crw-rw-rw- 1 root sys 42, 0 Jan 10 16:15 tcp@0:tcp make sure you have read permission. Thakns Siva ...

Permission denied (publickey) using sftp
Hi all, I'm receiving the above error message when attempting to sftp to an external (outside my local network) host. My system is hpux 11.0 running a precompiled binary version of openssh. The external host is running windows 2000 and the commercial version of SSH 3.2.0 (I think). I have internal hosts that use password authentication that I can sftp to just fine. I get the following output from "sftp -v <host>": $ sftp -v ftp.nowcom.com Connecting to ftp.nowcom.com... OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090609f 2756: debug1: Reading configuration data /...

ORA-12546: TNS:permission denied / telnet: socket: Permission denied #2
I just want to share my tricky problem we had today. We noticed users not able to login to SQL plus or telnet from them box. Everything else was working fine. You can ftp / login / rlogin etc. Nothing was changed and no new software was installed. We rebooted the server that did not help. Finally we found that it is a permission problem on device file /dev/tcp /devices/pseudo crw-rw-rw- 1 root sys 42, 0 Jan 10 16:15 tcp@0:tcp make sure you have read permission. Thakns Siva ...

rsync: failed to set permissions, Permission denied (13)
ftpd.exe & monitor.exe both exist at the source & dest, though they are the same date/timestamp, so they would not normally be copied. From the luckybackup log last night: <a name="error3"></a><font color=red>rsync: failed to set permissions on "U:/ftpserver/ftpd.exe": Permission denied (13) rsync: failed to set permissions on "U:/ftpserver/monitor.exe": Permission denied (13) Just these two files. Now, the source files were in use, but the dest files are not, and I don't understand this message. -- Regards, Al...

permission denied?
Hi, I'm trying to use the xmlHttpReq object to contact a URL on my server. But I'm getting a JS "Permission denied" error at the indicated line. What does it mean and how can I get around it? function signUp(signUpElt) { if (!ValidEmail(signUpElt.value)) { alert("Please enter a valid email address."); return; } // if var xmlHttpReq = false; var self = this; // Mozilla/Safari if (window.XMLHttpRequest) { self.xmlHttpReq = new XMLHttpRequest(); } // IE else if (window.ActiveXObject) { self.xmlHttpReq = new ActiveXObject("Micros...

Permission Denied
Hello everyone, I use deploytool to create a dll Now I?m using this dll in my code c#, i?m building a web site. The problem is: my project in Matlab use .mat files. so somewhere in code i need to call my dll. The problem is: i get constant this error: System.ApplicationException: MWMCR::EvaluateFunction error: Error using ==> save Unable to write file I35ziYNg.mat: permission denied. And in matlab i only do this: file1=load('file1.mat'); The problem i guess is that i need to enable permission to write/save this file on my disk. But i dont know where. Any help? Thanks On Nov ...

Permission denied
:( I accidently moved all of the programs from my user file (you know the icon with the little house) to a new file. Now im trying to move everything back. Everything transfered except my iTunes library ( over 4500 songs!!!) When I try to move it a window pops up telling me I dont have permission to move it. Please Help!!!! * posted via http://mymac.ws On 10/10/04 1:31 pm, in article 41692b93$1_2@alt.athenanews.com, "Damon_borg" <damon_borg@yahoo-dot-com.no-spam.invalid> wrote: > :( I accidently moved all of the programs from my user file (you > know the icon with t...

permission denied
When I execute the following script, I got "permission denied" twice, nothing happen and no other messages. Can somebody see what's wrong in this little modified example script from the author of the Authen-PAM? Jun #!/usr/local/bin/perl -w use Authen::PAM; $service = "/usr/local/samba/bin/smbpasswd -a"; %accts = ("junz","cixi1234","testuser","test1234"); foreach $username (keys %accts) { ref($pamh = new Authen::PAM($service, $username, \&my_conv_func)) || die "Error code $pamh during PAM init!"...

Permission denied
I try to ssh to linux box but I get Permission denied maybe this can help> [reso@lnxsrv04 ~]$ ssh -v root@172.18.131.60 OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 172.18.131.60 [172.18.131.60] port 22. debug1: Connection established. debug1: identity file /users/rdss/reso/.ssh/identity type -1 debug1: identity file /users/rdss/reso/.ssh/id_rsa type -1 debug1: identity file /users/rdss/reso/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_4.4 d...

Permission Denied
Since the latest round of hot fixes several of my pages that use frames have started throwing permission denied. They seem to occur when I try to manipulate the content of one frame from another, or from a popup window. Both frames are running on the same server however they use different BASE HREF tags. Any ideas? Workarounds? It only happens with Internet Explorer, Mozilla/Firefox work wonderfully. This is probably IE's cross-frame browser security kicking in, perhaps the security of the browser you're using to view the site has been increased. There are a couple settings for cross-...

Permission denied
Well this is the situation: I followed the following instructions: #Be root. Then move the dekagen executable and the manual page to their #respective installation directories (e.g. /usr/local/bin, #/usr/local/man/man1). Be sure you set the execution rights accordingly and the #files are owned by root or whoever owns binaries on your system. E.g.: # install -m 755 dekagen /usr/local/bin # install -m 644 dekagen.1.gz /usr/local/man/man1 Now I get a few "Permission denied" errors during boot-up. most likely the above command changed the permission for the whole /usr/local/bin ...

Permission denied?
I am trying to make a new file using fopen, but I got a exception: failed to open stream: Permission denied in tmp/ .. I am using linux and I've already chmod the php file to 777. I tried adding exec("touch afile") in my php program and the result is there is no exception but no file come out. I am confused? how to control the permission in PHP? Thanks a lot fAnS. fAnSKyer wrote: > I am trying to make a new file using fopen, but I got a exception: > failed to open stream: Permission denied in tmp/ .. > > I am using linux and I've already chmod the php file ...

Permission Denied
I am having an issue with a Microsoft Access 2003 database that has forms designed to import data. When trying to do the import I get a message microsoft office access permission denied. This is being done on a Windows 2003 Server R2 SP1 Terminal Server. The interesting thing is if I add the user to the domain admins group it work fine. I believe their is a permission issue (duh), maybe on a file or folder, but cannot pin point it. I have verified that the user has access to the database and folder that the database is in and SQL permissions are correct. Also, the same user can do the import ...

Permission Denied
Hopefully this is a simple question. I've started to program in Python after an absence of about a year, so I'm very rusty. I wrote a short program and tried to run it using Python2.4 in Linux. I keep getting "permission denied" messages after entering the path to the program. I switched to the root directory and tried again, but got the same result.I ran a very similar program earlier and it ran fine. What am I doing wrong? The program is: #!/usr/bin/python2.4 i=1 while i<10000: print 'step 1',i i+=1 raw_input() print 'step 2' Thank you. ...

Permission denied?
I'm trying to ssh into a linux box, but I get a permission denied. I can ssh in with root however. This is the output of ssh -vvv Any help would be appreciated. OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090609f 6373: debug1: Reading configuration data /etc/ssh/ssh_config 6373: debug1: Applying options for * 6373: debug1: Rhosts Authentication disabled, originating port will not be trusted. 6373: debug1: ssh_connect: needpriv 0 6373: debug1: Connecting to somehost.com [1.1.1.1] port 22. 6373: debug1: Connection established. 6373: debug1: identity file /home/hkim/.ssh/identity type -...

Permission Denied
I am putting a shell script into /Desctop directory . I am this script that cp files from /var/spool/XRXnps/inQ to /usr/xgfc/formlib . But I got permission denied when I click them on /Desktop. My solaris is 10.11 On Friday 06 December 2013 11:40, ehabaziz2001@gmail.com conveyed the following to comp.unix.shell... > I am putting a shell script into /Desctop directory . I am this script > that cp files from /var/spool/XRXnps/inQ to /usr/xgfc/formlib . But I > got permission denied when I click them on /Desktop. My solaris is > 10.11 The /usr hierarchy is commonly read-o...

Permission Denied
I am putting a shell script into /Desctop directory . I am this script that cp files from /var/spool/XRXnps/inQ to /usr/xgfc/formlib . But I got permission denied when I click them on /Desktop. My solaris is 10.11 In article <9ec76a13-f913-4d09-9dd0-64c6f2197e48@googlegroups.com>, ehabaziz2001@gmail.com writes: > I am putting a shell script into /Desctop directory . I am this script that cp files from /var/spool/XRXnps/inQ to /usr/xgfc/formlib . But I got permission denied when I click them on /Desktop. My solaris is 10.11 and what permissions have you got on the shell script?...

permission denied WHY?
Hi! I wrote this script and executed on my server, with php 4.1.2 <?php $fp = fopen('test.txt', 'w'); fwrite($fp, "Bla bla"); fclose($fp); ?> it returns this message: Warning: fopen("test.txt", "w") - Permission denied in file.php4 on line 3 I've tried to change file permissions, change to fopen('test.txt', 'w+b') and other modes. But it doesn�t work. Please help!! I've seen I can't unlink or rename some files. "JaazzMan" <dontemailme@never.com> wrote in message news:Xns93FBA142794B4...

Permission Denied
Am having vexing problem with FORTRAN compiled executable. Here is the message i get when i try to run the code: ">:/randnum$ ./rndtest_single bash: ./rndtest_single: Permission denied" This command syntax used to run fine under OpenBSD 2.6, and it also runs under Vector Linux 5.9 (after compiling of course). The env shows the path as follows: PATH=.:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/home/contrex/bin:/usr/libexec:/usr/local/libexec:/usr/games:/usr/local/emul/redhat/lib/: Is there a problem with the path? If not, what d...

permission denied
Hi, I have FreeBSD 5.3 trying to test mounting shares manually. Okay I have my NFS server and four clients. My problem is I am trying to mount my server nfs shares. one# mount Beowulf:/usr/home /mnt [udp] Beowulf:/usr/home: Permission denied Here is the deal Beowulf is the master. the rc.conf # -- sysinstall generated deltas -- # Tue Mar 8 17:21:26 2005 # Created: Tue Mar 8 17:21:26 2005 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. g...