Cannot SSH to same machine without PAM password prompt
hi
i'm trying to set up sol 10 server for oracle RAC. it has to be able to ssh into itself and other servers silently.
i've renamed /etc/issue to suppress banner output confusion in oracle's exit code.
i can ssh to another server, sol 8 running openssh silently
ssh is linked to ssh2, using rsa keys
co-worker suggests it might have something to do w cfg for LDAP. i don't have an LDAP server running. i don't find anything LDAP-looking in /etc/ssh2/sshd2_config.
help :( this is holding up my oracle RAC install and getting me attention i could do without :)
thanks
justin
sid_sanders
you guys are drawing me into the heart of darkness--i'm a dba,usu linux :)
i'll do my best to answer your questions relevantly:
+and as oracle we can use ssh between and on each node. what you can do after you have your keys in order, is run sshd in debug and see why public key auth may be failing.
/full/path/to/sshd -ddd -p <open port>+
no sshd2 in /usr/local/bin /usr/sbin /usr/bin
no sshd in /usr/local/bin /usr/sbin /usr/bin
sshd will terminate after the ssh session attempt closes (succeed or fail). of note that you have, /etc/ssh2, is this a built from source instance of openssh?
this is a proprietary baseline my company uses;
webville# ssh -v webville
warning: Development-time debugging not compiled in.
warning: To enable, configure with --enable-debug and recompile.
debug: Ssh2/ssh2.c:1812: Crypto library version: SSH Cryptographic Library, version 1.2.6
debug: Ssh2/ssh2.c:1976: User config file not found, using defaults. (Looked for '//.ssh2/ssh2_config')
debug: Ssh2/ssh2.c:2673: Running in FIPS mode: No
debug: Connecting to webville, port 22... (SOCKS not used)
warning: Connecting to webville failed: Connection Refused
the built in stuff from sun is /etc/ssh/*. just trying to understand all the parts...
my /etc/ssh is:
-rw-r--r-- 1 root sys 88301 Jan 21 2005 moduli
-rw-r--r-- 1 root sys 861 Nov 14 18:07 ssh_config
-rw-r--r-- 1 root sys 861 Nov 14 18:07 ssh_config-preCIS-20071114-15:17:00
-rw-r--r-- 1 root sys 5266 Apr 30 14:25 sshd_config
-rw-r--r-- 1 root sys 5202 Nov 14 15:27 sshd_config-preCIS-20071114-15:17:00
-rw-r--r-- 1 root sys 5238 Apr 21 20:52 sshd_config.bak
-rw------- 1 root sys 668 Nov 14 15:34 ssh_host_dsa_key
-rw-r--r-- 1 root sys 605 Nov 14 15:34 ssh_host_dsa_key.pub
-rw------- 1 root sys 883 Apr 22 22:09 ssh_host_rsa_key
-rw-r--r-- 1 root sys 223 Apr 22 22:09 ssh_host_rsa_key.pub
-rw-r--r-- 1 root sys 223 Apr 22 22:09 ssh_host_rsa_key.pub_webville
-rw-rw-r-- 1 root sys 111616 Apr 22 17:03 ssh_keys.tar
webville# ssh -v webville
warning: Development-time debugging not compiled in.
warning: To enable, configure with --enable-debug and recompile.
debug: Ssh2/ssh2.c:1812: Crypto library version: SSH Cryptographic Library, version 1.2.6
debug: Ssh2/ssh2.c:1976: User config file not found, using defaults. (Looked for '//.ssh2/ssh2_config')
debug: Ssh2/ssh2.c:2673: Running in FIPS mode: No
debug: Connecting to webville, port 22... (SOCKS not used)
warning: Connecting to webville failed: Connection Refused
+# ./ssh -ddd+
++warning: Development-time debugging not compiled in.++
++warning: To enable, configure with --enable-debug and recompile.++
++warning: You didn't specify a host name.++
++Type ssh -h for help.++
and since i'm dealing w SMF, i got:
# svcs -x ssh2
svc:/network/ssh2:default (SSH2 server)
State: maintenance since Fri 02 May 2008 01:45:53 PM GMT
Reason: Start method failed repeatedly, last exited with status 255.
See: http://sun.com/msg/SMF-8000-KS
See: sshd2(1M)
See: /var/svc/log/network-ssh2:default.log
Impact: This service is not running.
+# cat /var/svc/log/network-ssh2:default.log+
+[ Nov 14 15:16:41 Disabled. ]+
+[ Nov 14 15:16:41 Rereading configuration. ]+
+[ Nov 14 15:16:41 Enabled. ]+
+[ Nov 14 15:16:41 Executing start method ("/lib/svc/method/sshd2 start") ]+
Starting sshd2: sshd2: SSH Tectia Server 4.4.0 on sparc-sun-solaris2.8
Build: 116
OK
sshd2[21335]: FATAL: Creating listener failed (iface: *** SSH_IPADDR_ANY ***): port 22 probably already in use!
and yet, i see no usage of port 22:
# netstat -an | grep 22
+127.0.0.1.38945 127.0.0.1.7200 49221 0 49152 0 TIME_WAIT+
+127.0.0.1.38946 127.0.0.1.7200 49221 0 49152 0 TIME_WAIT+
+127.0.0.1.38947 127.0.0.1.7200 49221 0 49152 0 TIME_WAIT+
*.22273 *.* 0 0 49152 0 BOUND
*.22273 *.* 0 0 49152 0 LISTEN
*.22273 *.* 0 0 49152 0 LISTEN
Similar Messages
-
Restricting user access through single machine without entering password
Dear All,
We would like to provide access to temporary user and he should be able to access our Production R/3 using SAP GUI from the machine which is allocated to him and not from any other machines in the same network.He should be able to login when he click on the login pad without entering password.
Please let me know is there a way to achieve this by changing the SAP gui settings in that machine alone/suggest me if you have an alternate solution?
Appreciate your response.
Thanks,
VadiHello Vadivambal,
Actually the second thing might be possible with logon pad. In the logon pad there is an option for short cuts. You can create a short cut for a system in launch pad which gives you the option for specifying user id and password also. However this is relevant for SAP GUI 640 or higher only. The GUI launch pad has two tabs: Shortcuts and systems. Check the short cut part.
Regards.
Ruchit, -
SSH into remote solaris machine without entering password
Hi all,
I am trying to configure an SSH login-sequence without having to type the
password, but it doesn't work :
configuration: remote server Solaris8, openSSH 3.8p1
source server: linux, openSSH 3.7
On serverA (source host runs Linux), I did invoke the commands (Server B is running Solaris 8)
ssh-keygen -t rsa
(with empty passphrase)
and stored the generated $HOME/.ssh/id_rsa.pub file on the target host
'serverB' in $HOME/.ssh/authorized_keys2
Then from serverA, I try "ssh serverB" but it still asks me for a password.
The output from "ssh -v serverB" is below.
I have managed to apply this procedure from a linux server to another remote linux server and it works fine.
Any help is mostly appreciated.
===========================================================
stats@vas-stats:~> ssh -v [email protected]
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.120.0.103 [10.120.0.103] port 22.
debug1: Connection established.
debug1: identity file /home/stats/.ssh/identity type -1
debug1: identity file /home/stats/.ssh/id_rsa type 1
debug1: identity file /home/stats/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2
debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.120.0.103' is known and matches the RSA host key.
debug1: Found key in /home/stats/.ssh/known_hosts:8
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/stats/.ssh/identity
debug1: Offering public key: /home/stats/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /home/stats/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
[email protected]'s password:When you raise the loglevel to DEBUG2 on the server where SSHD is running you must see the reason why this is going wrong. Most likely its a permission problemen when a homedir is group writable or when the .ssh directory has no the right permissions like 0700.
Please don't forget to set the loglevel back when you're finished. -
When one network user is logged in another network user cannot on the same machine
I am working on a home network for 5 family members and we are use to fast user switching. Since getting the server up we can no longer fast user switch. If one network user is logged in and we go to switch to a new user the server returns an error and that user can not log into that machine until the first user logs out. I would expect this to work but I have not had any success.
Any suggestions
David urbanHi,
What is the current setting of Enable user policy polling on clients?
However, if this setting is False or No, the following will not work when users use the Application Catalog:
In System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only, users cannot install the applications that they see in the Application Catalog.
Users will not see notifications about their application approval requests. Instead, they must refresh the Application Catalog and check the approval status.
Users will not receive revisions and updates for applications that are published to the Application Catalog. However, they will see changes to application information in the Application Catalog.
If you remove an application deployment after the client has installed the application from the Application Catalog, clients continue to check that the application is installed for up to 2 days.
http://technet.microsoft.com/en-in/library/gg682067.aspx#BKMK_ClientPolicyDeviceSettings
In addition, the following to thread may give us some clue:
http://social.technet.microsoft.com/Forums/en-US/6a51488c-ff68-4c83-9b3d-6d03fd74a373/application-catalog-could-not-communicate-with-the-client-control-properly?forum=configmanagerapps
http://social.technet.microsoft.com/Forums/en-US/235f7ef7-e646-401e-9524-008831a32cde/application-catalog-silverlight-error-could-not-communicate-with-the-client-control-properly?forum=configmanagerapps -
We have Creative Cloud for Teams, most users using Photoshop. One user left the company and has been replaced by another user. I removed the first user's membership and assigend it to the new user. When she runs Photoshop, she gets a 00 Days left message. Photoshop still seems to be useable right now but I'm wondering if I need to uninstall Photoshop and re-install it using her credentials? Seems like a lto of unnecessary work to me.
Hi Batterry,
There is no need for removal of the product . You can simply launch the product , click on Help>Sign out . Close the product and sign in with the new user's Adobe ID & Password. This should activate the product .
Cheers,
Kartikay Sharma -
I purchased mountain lion and upgraded my OS. The system seems to still be having some issues and I'd like to do a clean install with the new OS. How do I redownload mountain lion so that I can make a bootable disk and do my clean install?
You should be able to just go to the App Store and select Download again. If that doesn't work, try holding down the option key while selecting "Buy".
Good luck,
Clinton -
Siebel analytics 782 and obiee 10g on same machine
Can siebel analytics 7.8.2 and obiee 10.1.3.4.1 be installed on the same machine? Can I have 2 separate folders Siebel Analytics and Siebel analyticsdata for 7.8.2 installation and OracleBI and OracleBIdaata folders for the 10.3.4.1. installation?
no they cannot be on same machine under same user account
-
Is it possible to run VLM and lmtools on the same machine
hi together ... is it possible to run VLM and lmtools on the same machine without any problems?
the running system will be Windows Server 2008 R2 x64! maybe we will install the license server on the virtual server.Hi SvenNittmann,
in general, it should be possible to run both tools (VLM and lmtools for FlexNet) on the same machine. But I wouldn't recommend you this way, because NI VLM is also build on top of FlexNet and sometimes you will receive ugly problems with the installation of both tools on the same PC. It is possible to use VLM in a virtual machine without any problems or restrictions. NI provides information about the usage of VLM in a virtual machine, like you can see here:
Volume License Manager on a Virtual Machine - National Instruments
http://digital.ni.com/public.nsf/allkb/5730FDDC97F9157E8625755F00749CFF?OpenDocument
I also use VLM in a virtual machine and I could recommend you the same solution.
Regards, Stephan -
Oracle XE 10g and XE 11g installed on same machine
Dear All,
I would like to know if it is possible to have two version of Oracle XE installed on the same machine without running simultaneously,
I currently have 10g XE installed on my Ubuntu laptop and I would need to install 11g while keeping 10g. These installations are just debian packages that do not allow for much customization. So I am just worried that if I install XE 11g it may mess up my current XE 10g install.
Thanks a lot in advance
Respectfully
dmloboNever mind 11g XE has not been released yet.
Apologies for the spam.
Respectfully
dmlobo -
I dont know the icloud account passwords becouse i bought iphone from e friend.... Is there anyway to remove those Accounts so i can set up my account becose i cant install new apps without his password...
You cannot remove the iCloud account without the password if the iPhone is running iOS 7 (check under Settings > General > About > Version). You can sign out of the App Store under Settings > iTunes & App Stores. This part does not require their password.
-
How to share programs between users on same machine?
I'm sure there is an easy answer to this and as a proud five year Apple user, I'm kinda embarrassed to ask. But now that I am sharing a computer with new fiance, I need to know!
How can we share software between users on the same machine without downloading it under each user?The difficult question isn't sharing programs (which almost always are shared by default) but how to share data. In particular, music in iTunes, photos in iPhoto, videos in iMovie, they all resist sharing because those apps were not designed for it. In general, to share data you can use the "Shared" folder. Go to your home folder, and go up a level to Users, then select Shared. You might want to drag it to the places list on the left in the finder so you can get to it easily. You can put your iTunes and iPhoto libraries in Shared. To select the shared versions, hold down the Option key while launching iTunes or iPhoto. Video files can also be stored in Shared, however iMovie seems to be hard connected to an individuals Movie folder.
-
WEB DMS Office Document Access- Password Prompt
Dear All,
Business Users are Using MS Office 2007 and MS Office 2003
We have Configured WEB DMS for Development System
In SE80 when CVAW_ENTIRE is Executed and when DIR is Accessed there using Display/Change, All file formats are accesed fine without any password prompt,But While Opening Microsoft Office Documents(.doc,.docx,.xls,.xlsx,.ppt..pptx) from WEB DMS DIR it gives UserName Password Prompt (Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection))....
When i don't enter username and password and press cancel file opens in Read Only Mode...So, i need is by default file shoud open in read only mode without asking unnecessary Password Prompt...Above is applicable when MS Office 2007 is installed in local PC
For Office 2003 the problem is there for .xls,.xlsx,.ppt,.pptx files , however .doc files opens fine and does not ask for any password prompt and opens in read only mode directly.
The above both scenarios for Office 2007 & Office 2003 works fine with Mozilla Firefox Browser and does not prompt for any passwords.
Help is Required urgently
Regards,
Akshit PatelDude
I'm also trying to enable WebDMS. I have already configured in SPRO.
In SE80, pointing on "CVAW_ENTIRE->Pages with Flow Logic->index.htm", when I click on "Test/Execute", a webpage opens but throws an error:
Business Server Page (BSP) error
What happened?
Calling the BSP page was terminated due to an error.
SAP Note
+ * The following error text was processed in the system:+
+ Die URL enthält keine vollständige Domainangabe (sap-dev statt sap-dev.).+
Exception Class CX_FQDN
+Error Name +
Program CX_FQDN=======================CP
Include CX_FQDN=======================CM002
ABAP Class CX_FQDN
Method CHECK
Line 10
Long text -
Error type: Exception
Your SAP Business Server Pages Team
The URL of the webpage looks like this:
http://sap-dev:8080/sap/bc/bsp/sap/cvaw_entire/index.htm?sap-client=747&sap-sessioncmd=open
Please help.
Thanks & Regards
Amaresh Makal -
CAPI password prompt from CryptSignMessage is not in focus
Microsoft CryptSignMessage produces dialog box to collect private key password and allow to use it. This dialog always "fall behind" of the application and just blink on taskbar. Our application is add-on for Microsoft Outlook and when we call CryptSignMessage
password prompt is behind of the Outlook explorer.
We tried to use CryptSetProvParam(NULL, PP_CLIENT_HWND, (const BYTE*)&hwnd, 0); before any calls to acquire crypto context, as described in MSDN, but this was not successful. Whenever we call it, right before CryptSignMessage
call or way before we acquire signing cert it always return TRUE (success) and GetLastError() is 0. Same for hwnd. We tried to pass Outlook new compose message window, outlook explorer window, just NULL with the same successful result, but password prompt
dialog still behind.
What are we do wrong or is there other ways to set parent window for any UI which may comes up from CAPI calls?
Always appreciated your response.
Slava IvanovFirst off, no modern Mac is running Mac OS 9.2.x
Go to Apple menu -> About this Mac to find out what you really are running. -
CMDKEY script no password prompt
Here is a script I'm using to store the credentials for server shares:
@echo off
cd C:\Windows\System32
cmdkey /add:PrintServer /user:demo\%username% /password:%pw%
Now, if I'm running the command from a prompt live, then it works just great without prompting for the password that I'm using. But I want to take it a step further. I want this command in a batch file to run at log on for the end users and NOT prompt them
for the password, but store the credentials successfully in the credentials manager without any user intervention.
Users are running in Win7, on a SUSE environment with ZenWorks, pushing out logons with KBOX. Regardless, it can be replicated by using workgroup mode in Windows. The batch file won't be kept on the end user's computer, but back on the server.
So how can I use cmdkey with a batch file at logon without a password prompt? I know this isn't recommended, regardless I still need an answer or an alternative process. Time is crucial, thanks ahead of time.Hi,
I create a batch file with cmdkey, then set it as logon script, it works as expected in my test. without any prompts when I want to connect to that server I set.
I suggest you check the credential manager, and see whether the credential has been added into the manager, I doubt that the logon script doesn't run correctly.
Yolanda Zhu
TechNet Community Support
Yolanda,
I've done this multiple times and I'm still prompted to enter a password if running the batch. I'm not being prompted if I run the command live in a prompt.
The credentials don't exist in credentials manager prior to running the command. I'd love to get this working. I just can't go around to 200 workstations and type this command, wold love to find how to do this as a batch log on script. -
Outlook password prompt after CU7 installation
Hi
I have Exchange 2013 in a resource forest. We use linked mailboxes.
The clients are connecting using Outlook Anywhere.
As Authentication we use NTLM.
This Weekend I installed CU7. This morning all users received a passwort prompt when starting outlook. After entering the password, Outlook can be closed and restarted again without a password prompt. But after a reboot of the client, the password prompt
comes again.
Any Suggestion?
Regards
PeterHi Peter,
I have never seen CU7 removed WindowsIntegrated authentication from AutoDiscover VD before, maybe some other reasons cause this. Great information. Thanks for your generous sharing : )
Thanks
Mavis Huang
TechNet Community Support
Maybe you are looking for
-
How to open *.CR2 files from new 60D ??
My Elements 7 will not open or recognize CR2 files from my new 60D. Nor will it allow me to open CR2 files in another format. I get error messages saying they are "the wrong type of file" or that a codec is missing. It opens CR2 files from my two
-
Can't get videos to play from offline
Hey, Every time I try to play Camtasia videos that I've downloaded to my files, I get a message saying I need to enable JavaScript (it is) and download the latest version of FlashPlayer (I have, roughly a thousand times). I'm on XP, my browser is Fir
-
IMac preferences are not being saved, also in Mail.
I had to restore some files from my time capsule that I mistakenly delete. The files were restored but after the restore My desktop changed. Many of my dock icons were gone, and several applications were not working. It looked like some of the applic
-
"False" in quiz is always graded as "True"
I'm new to Captivate.....using version 6. I've created 3 short quizzes with a variety of questions. The problem is, there are several true/false questions, and each time the students answer True to a question that is actually False, it grades them a
-
Oracle hyperion epma server not starting in hyperion 11.1.2.4
I have installed Hyperion 11.1.2.4 on windows 2008. All the services are running fine except Oracle hyperion epma server. I have tried reinstalling/reconfiguring but nothing is working.When I start the service, I get the message - The Oracle EPMA Ser