AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only

  • 1.  How to stop SSH - ECDSA

    Posted Mon September 22, 2014 02:58 AM

    Originally posted by: bigdatassl


    Dear all,

    I am totally new in AIX environment.  Originally, I would like to try install NSA (Network Authentication Service).  

    So, I have tried to set up the SSH without certificate.  However, it is being requested to use only SSH with password.

    I am not sure how to resume to the SSH with password.

    Currently, the package of /usr/krb5 was being removed accidentially.  Once for SSH, I have faced the following errors.

    **********************  ERROR MESSAGE *******************************************

    OpenSSH_6.0p1, OpenSSL 1.0.1e 11 Feb 2013
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so):   0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
            0509-026 System error: A file or directory in the path name does not exist.
     
    debug1: Error loading Kerberos, disabling Kerberos auth.

      *********************************************************

    There are 3 different files for my settings / error message.

    I do hope that I can find some clues from here.  Or should I re-install the NSA or SSH? 

    Thanks.

     

    Regards,
    SSL



  • 2.  Re: How to stop SSH - ECDSA

    Posted Mon September 22, 2014 06:28 PM

    Originally posted by: GarlandJoseph


    I see a number of issues here.  How did the kereberos package get removed accidently?  Did you delete something manually, or uninstall something.   What happens when you do anlppchk -v  (verifying that all filesets have required requisites and are completely installed)?   What exactly are your security requirments?   Are you trying to authenticate (SSH) at the server level or user level?  Server level would be the case where the servers keys have been exchanced; similarly, user level would be the case where users generated and exchange keys.  The latter two methods allow ssh operations without the need for a password.



  • 3.  Re: How to stop SSH - ECDSA

    Posted Wed September 24, 2014 04:04 AM

    Originally posted by: bigdatassl


    Thanks very much with your best concerns and answer.

    1. Security Requirement - SSH with password only (*** STOP any other method like certificate)

    2. Kerberos were being removed manually

    NOTE: I have remove and then install again of the SSH by smitty remove and smitty installp.

    However, the issues are still shown.

    I know that there are command like "ssh -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no host.abc.com"   

    But the issues are still persisted.

     

    I am thinking about getting back to install the kerberos.

    Thanks.
    SSL