Originally posted by: SystemAdmin

Good afternoon,

I have been trying to figure out what is wrong with my openssh install on AIX 5.3.7.2
I have another server that is working with the same configuration!?

I am able to log on with root account to the server but no users are able to do so.
Here is my output from the login attempt using ssh.
ssh foyt -vvv
ssh foyt -vvvv
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug2: ssh_connect: needpriv 0
debug1: Connecting to foyt http://10.20.47.239 port 22.
debug1: Connection established.
debug1: identity file /homes/unts/primeaup/.ssh/identity type -1
debug1: identity file /homes/unts/primeaup/.ssh/id_rsa type -1
debug1: identity file /homes/unts/primeaup/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.6
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 135/256
debug2: bits set: 518/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /homes/unts/primeaup/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 16
debug3: check_host_in_hostfile: filename /homes/unts/primeaup/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 16
debug1: Host 'foyt' is known and matches the RSA host key.
debug1: Found key in /homes/unts/primeaup/.ssh/known_hosts:16
debug2: bits set: 516/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /homes/unts/primeaup/.ssh/identity (0)
debug2: key: /homes/unts/primeaup/.ssh/id_rsa (0)
debug2: key: /homes/unts/primeaup/.ssh/id_dsa (0)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /homes/unts/primeaup/.ssh/identity
debug3: no such identity: /homes/unts/primeaup/.ssh/identity
debug1: Trying private key: /homes/unts/primeaup/.ssh/id_rsa
debug3: no such identity: /homes/unts/primeaup/.ssh/id_rsa
debug1: Trying private key: /homes/unts/primeaup/.ssh/id_dsa
debug3: no such identity: /homes/unts/primeaup/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
primeaup@foyt's password:
debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
primeaup@foyt's password:
debug3: packet_send2: adding 64 (len 55 padlen 9 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
primeaup@foyt's password:
debug3: packet_send2: adding 64 (len 55 padlen 9 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
This it where it fails to login.

Originally posted by: jnordtome

Does this message appear for all accounts or just "primeaup"? If it's just primeaup, verfy that the account is setup properly by using telnet. If it's everyone, it's probably a setting in the sshd_config file.

Originally posted by: SystemAdmin

I have verified my config file and compared it with another server.
even copied the file from that server just to make sure it's not a syntax error.
But I get the same error. I will eventually figure it out. for now I am using root to
get in.

My problem right is with accessing from the nim master to the client.
I finished setting up the nim master and trying to connect to the client.
I get

Command: failed stdout: yes stderr: no

Before command completion, additional instructions may appear below.

0042-001 nim: processing error encountered on "master":
0042-006 m_lppchk: (From_Master) connect Error 0

rshd: 0826-813 Permission is denied.

These system use ssh to communicate and nim uses rsh.
So I had to create .rhosts files on both systems to accept each other and I also
configured the hosts.equiv file. I also started my rshd daemon and unpounded
the inetd.conf file to accept shell and login.

I have tried everything I know but with no luck.
My hosts file are OK.

?????????????

Originally posted by: MarkTaylor

I am not sure what you have done thus far .. but, if you want passwordless login via ssh from a source client to an sshd server then you need to set up the ssh-keys

in your output you get the following errors:

debug2: key: /homes/unts/primeaup/.ssh/identity (0) <<--
debug2: key: /homes/unts/primeaup/.ssh/id_rsa (0) <<--
debug2: key: /homes/unts/primeaup/.ssh/id_dsa (0) <<--

The (0) means the key files being passed from your source client to the sshd server are empty i.e. zero bytes / dont exist / dont have any key data to pass to the sshd server ..

if you are using a customised ssh key file not listed above, then this needs to be specified in the ssh_config on the source client and must also exist in the specific authorized_keys(2) file on the sshd server ..

HTH
Mark Taylor

Originally posted by: MarkTaylor

Just read the rest of your post

"0042-001 nim: processing error encountered on "master":
0042-006 m_lppchk: (From_Master) connect Error 0

rshd: 0826-813 Permission is denied."

??? NIM by default uses rsh right ??? not ssh ??? you can set up the client to use nimsh (ssl), but you have rsh issues according to that error above .. check your ~root/.rhosts on the client allows access for root on the nim server.

Originally posted by: SystemAdmin

Hey Marc thanks for the reply,

It was the permissions on the client side.
I set the permissions to 600 and everything is ok now.
I just need more cafeine in my brain.