Originally posted by: LinuxL0ver

Hi,
We were using AIX 5.3 on Power Servers. Now we installed few machines with AIX 7.1. On which we are facing that most of the ssh client (like RHEL 5 ssh client, secure shell client) are unable to login to AIX 7.1 box via ssh whereas putty client is able to login on same AIX 7.1 hosts.

Below is the debuging log from a RHEL 5 client ssh machine to AIX 7.1 server.

kmumtaz$ ssh -vvv 10.1.X.100
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.1.X.X http://10.1.X.X port 22.
debug1: Connection established.
debug1: identity file /home/kmumtaz/.ssh/identity type -1
debug1: identity file /home/kmumtaz/.ssh/id_rsa type -1
debug1: identity file /home/kmumtaz/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 120/256
debug2: bits set: 528/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Connection closed by 10.1.X.100

Any Idea how to resolve the isse
#AIX-Forum

Originally posted by: LinuxL0ver

Hi,
After enabling auth.debug in AIX 7.1 syslog.conf file getting below error in log file while user try to connect from ssh cleint

Feb 13 13:27:15 node1 auth|security:crit sshd15204500: fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc preauth
#AIX-Forum

Originally posted by: SystemAdmin

I found Tech note regarding this.
Check http://www-01.ibm.com/support/docview.wss?uid=isg3T1019142

james
#AIX-Forum

Originally posted by: quest_glee

The Tech note link doesn't appear to be valid anymore.  Would it be possible to repost?

#AIX-Forum

Originally posted by: SystemAdmin

Hi the information was really helpful for me Specially I’m beginner in web design and always be confuse about the page layout
http://www.louisvuittonwelcome.com
http://www.louisvuittonamy.com
#AIX-Forum

Originally posted by: SystemAdmin

The blog is absolutely fantastic. Lots of great information and inspiration, both of which we all need.Thanks!
Replica louis vuitton
Replica louisvuitton and hermes
#AIX-Forum

Originally posted by: dkumar52

Hi guys,

I too faced the same problem from initiating ssh from my Aix 6.1 Lpar to one of the cisco devices. This article was really helpful. I got suggestions for removing the package security.pkcs11, instead of doing so I have renamed the /dev/pkcs11 to /dev/pkcs11.test and ssh was successfull.

 

Thanks a Lot for your article and support.

#AIX-Forum