Host key rejected

When attempting to add a new virtual box provider I can not get past step 2.2 (Verify Certificate). The error the Web UI shows is
"Verification of xVM VirtualBox Host Failed"
"An internal error has occurred."
Also I see the following in /var/adm/messages
Received disconnect from <IP address>: 3: com.jcraft.jsch.JSchException: reject HostKey: <hostname>
The /var/opt/SUNWvda/logs/vdaadmin.log shows:
Jun 8, 2009 8:48:54 AM com.sun.vda.admin.providers.NewVBoxProviderWizardBean$NewVBoxProviderWizardEventListener handleEvent
INFO: Verification of Virtual Box host failed
Jun 8, 2009 8:48:54 AM NewVBoxProviderWizardBean handleEvent
FINER: THROW
java.lang.reflect.UndeclaredThrowableException
at $Proxy8.checkHost(Unknown Source)
at com.sun.vda.admin.model.VirtualBox.checkStatus(Unknown Source)
at com.sun.vda.admin.providers.NewVBoxProviderWizardBean$NewVBoxProviderWizardEventListener.handleEvent(Unknown Source)
at com.sun.webui.jsf.component.Wizard.broadcast(Wizard.java:1955)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:447)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:752)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:97)
at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
at com.sun.faces.extensions.avatar.lifecycle.PartialTraversalLifecycle.execute(PartialTraversalLifecycle.java:94)
<snip>
I've tried regenerating the host keys on the virtual box server but no luck.
Does anyone have any ideas?

I think the issue was related to my attempt to configure Vbox to run a root. I saw this in the release notes:
Desktops cannot use 'Host Networking' unless xVM VirtualBox has been configured to run as root. (Bug ID 6839450)
Virtual machines cannot be started with host networking unless the xVM VirtualBox web service runs as root.
Once I configured VBox to run as a non root user I no longer got the "Host key rejected" error. BTW host networking works as well. (?!?)

Similar Messages

  • How to activate Windows 8.1 on a Windows 2008 R2 KMS server when I don't have Windows 2012 R2 kms host key

    I only have windows 8.1 kms host key but I can't add a client OS kms key to Windows 2008 R2 kms server. And I don't have Windows 2012 R2 license either. Is there any way I can activate Windows 8.1 using my existing kms server? Thanks.

    I would like a yes no clarification answer. So does this mean that EVEN WITH THE PATCH. My Server 2012 Standard edition that currently hosts KMS VA for clients running Win7, Win 8, Office15, Server 2008, Server 2012. Will not be able to host windows 8.1?
    I will have to install 8.1 and use as a host? 
    if you have a KMShost product key for WS2012R2, you can patch a down=level Server and be fine.
    (the OP didn't renew SA or otherwise has no KMShost pkey for WS2012R2)
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)
    I'm having similar issues and have a similar question that doesn't seem to be answered:
    My KMS server is Windows 2008 R2 (Also is my domain controller). I want to activate Windows 2012 R2 and Windows 8.1 machines off this KMS server. I can install the 2012 R2 key just fine but receive error 0xC004F015 (The Software Licensing Service reported
    that the license is not installed) when I try to install my 8.1 KMS key.
    What I'm gathering from this thread is that I have to set up a Windows 8.1 host and set it up to be a KMS server exclusively for activating Windows 8.1. Is this correct? If so, Microsoft needs to fix that. I have a SERVER for activations for a reason: it
    is a server, not a client. If I am mis-understanding, how do I get my Windows 2008 R2 server to accept the Windows 8.1 KMS key for activating 8.1 clients?
    Thanks!
    You don't need Windows 8.1 KMS key. Your 2012 R2 KMS key will be able to activate your Windows 8.1 machines. So your current set up is fine, no need to set up another Windows 8.1 KMS host.
    My problem is I don't have 2012 R2 KMS key as I didn't buy any Windows 2012 R2 license. So I can't use 2012 R2 KMS key to activate my Windows 8.1.
    Oh that's interesting. I guess I need to play around more because my 8.1 test machine isn't activating. I'll start a new thread for that if needed. Sorry for the confusion.

  • How do I enable "Host-key" for my sftp server on ISE?

    Hello,
    I am having trouble copying my ISE 1.2 upgrade files to my local repositories.
    Here is a cut and paste from my CLI on one of my ISE nodes after attemtping to copy from my workstation (running an SFTP server) to one of my ISE nodes.
    XXX-ise-01/admin# Copy sftp://<My_SFTP_Server_IP_Address>/ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz. disk:/
    Username: Admin
    Password:
    % ERROR : Backup failed due to one of the following reasons
    1. host-key option is not configured
    2. host key is removed because of re-image
    3. host key is removed from some other repository having same ip/hostname
    % Please reconfigure the host-key option
    % Error: Transfer failed
    I have not configured anything with the "Host-Key" option.
    I have googled and searched but can only find limited references to the "Host-key" command within Cisco. I have tried various forms of this on the ISE node with no luck.
    I tried an FTP transfer but that did not work.
    Any ideas?

    I was wondering why the last character is capitalized. Also are you able to copy files from the disk file over to the same repository. I havent had any problems and I see in a seperate thread that the user gave other directions on how to transfer the file.
    If you can open two ssh connection and try to run the following command to tail the logs:
    "show logging system ade/ADE.log tail"
    You should get some messaging behind the error you are receiving, for example I went to look for a file that did not exist (even though I am using ftp you should get the same error).
    Here is when the transfer fails:
    2014-01-02T13:41:22.506519-06:00 ise01 ADE-SERVICE[4786]: [30325]:[info] transfe
    r: cars_xfer.c[264] [tadmani]: ftp copy in of ftp://172.16.249.1/test requested
    2014-01-02T13:41:22.522470-06:00 ise01 ADE-SERVICE[4786]: [30325]:[error] transf
    er: cars_xfer_util.c[349] [tadmani]: curl error: FTP: couldn't retrieve (RETR fa
    iled) the specified file
    2014-01-02T13:41:22.523040-06:00 ise01 ADE-SERVICE[4786]: [30325]:[error] copy:
    cm_copy.c[1144] [tadmani]: local file disk:/ transfer from url ftp://172.16.249.
    1/test failed retcode=-302
    2014-01-02T13:41:22.527148-06:00 ise01 ADEOSShell[30325]: ADEAUDIT 3017, type=CO
    PY, name=COPY IN FILE FAILED, username=tadmani, cause=Error while copying file f
    rom remote system, adminipaddress=172.16.247.12, interface=CLI, detail=Disk file
    disk:/ transfer from url ftp://172.16.249.1/test failed
    Here is when login fails:
    curl error: FTP: login denied
    Here is some logging around a successful transfer -
    2014-01-02T13:44:46.897499-06:00 ise01 ADE-SERVICE[4786]: [30766]:[info] transfe
    r: cars_xfer.c[264] [tadmani]: ftp copy in of ftp://172.16.249.1/running-config
    requested
    2014-01-02T13:44:46.934972-06:00 ise01 ADEOSShell[30766]: ADEAUDIT 2042, type=CO
    PY, name=COPY FILE, username=tadmani, cause=Copied a file, adminipaddress=172.16
    .247.12, interface=CLI, detail=Copied disk file disk:/ from url ftp://172.16.249
    .1/running-config successfully
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • Ssh host keys on WLC

    How do you properly configure SSH keys on a WLC?  On IOS I normally set the domain name of our organization on the system and then use the "crypto key generate rsa" command.  I have found the WLC "network ssh host-key generate" generate command but can't find a way to set the domain name.  I also don't see any way to specify the cypher or key size and can't find any documentation on what the default cypher and key size are.  Do I need to install a certificate and use "ssh host-key use-device-certificate-key" instead if i want control over those items?

    Steve:
    I agree with you they do not work the same. But my concern when I saw the question is that there is no way to decide the cypher or the key size!!
    Also the command:
    ssh host-key use-device-certificate-key
    What does it mean by the device certificate? SSL cert for management and web-auth? or something else? This is not clear at all and it needs to be documented. My search revealed nothing.
    Rating useful replies is more useful than saying "Thank you"

  • Key Rejected with Windows 7 RC1

    Trialling our CS4 DP software on W7RC1.
    No problem installing (I may have needed to Run as Admin on a 2nd attempt).
    Software seems to be running OK.
    BUT the site licence for WIndows CS4 is declared not valid. X
    Is W7 treated as the wrong OS for the key and so causing the key to be rejected
    ...or is this only because it's not internally flagged as a released OS=Windows ?
    Please advise me how to get the key to work or if there's some contact I should make to
    get a W7-compatible key for our site - as a 2nd Trial period is a bit aggravating to establish :-}
    Thanks.

    Windows 7 hasn't even been released yet. FWIW I had no problem installing CS3 or CS4 in trial mode but never tried to activate them.
    Like the rest of us testing Win7 you're on your own for support but please keep us posted of anything your find. It might be useful to Adobe or Microsoft.
    Bob

  • Multiple KMS host keys

    I have installed Windows Server 2012 R2 with Volume Activation Services service role.
    I would like to install several KMS keys on this server (keys for windows 8.1, windows 8, windows 7, server 2012 R2, server 2012, server 2008, Office 2013, Office 2010,...).
    Will that work correctly ?
    thanks..

    I have installed Windows Server 2012 R2 with Volume Activation Services service role.
    I would like to install several KMS keys on this server (keys for windows 8.1,8,7, server 2012 R2, 2012,2008, Office 2013, Office 2010,...).
    Will that work correctly ?
    thanks..
    You cannot install more than a single Windows product key on a system. You must choose the "highest" product/version KMShost pkey.
    You must install any needed patches/updates that are pre-requisite, then install that Windows pkey.
    Windows KMShost pkeys will activate all KMSclients at the same product/version *and* below.
    For Office KMShost, you must install the relevant patch/update for each Office KMS pack, and also install each Office KMShost pkey.
    This wiki article I wrote may be helpful:
    http://social.technet.microsoft.com/wiki/contents/articles/22510.volume-activation-kms-mak-adba-avma.aspx
    If your KMShost machine is WS2012R2, and you want to issue activations for WS2012R2 and all possible KMSclients (Windows KMSclients
    and Office KMSclients):
    Install the WS2012R2 KMShost pkey (no patches/updates are needed, because WS2012R2 is the latest release).
    Install the Office2010 KMShost patch/update/pack, and, the Office2010 KMShost pkey.
    Install the Office2013 KMShost patch/update/pack, and, the Office20103 KMShost pkey.
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • Office 2013 license pack does not allow me to activate key within configuration wizard

    Hello,
     I have a KMS host running Office 2010 activations for our client computers which is running fine. I installed the Office 2013 license pack on the same host. However, in the configuration wizard it doesn't allow me to activate the product key. Is there
    a way around this?
    My client laptop isn't activating against the KMS host, and I have Office 2013 installed on my laptop. This is what I get when I run
    cscript ospp.vbs /act on my client laptop
    Microsoft Windows [Version 6.3.9600]
    (c) 2013 Microsoft Corporation. All rights reserved.
    C:\Windows\system32>cd c:\
    c:\>cd program files
    c:\Program Files>cd microsoft office
    c:\Program Files\Microsoft Office>cd office 15
    The system cannot find the path specified.
    c:\Program Files\Microsoft Office>cd office15
    c:\Program Files\Microsoft Office\Office15>ospp.vbs /act
    c:\Program Files\Microsoft Office\Office15>cscript ospp.vbs /act
    Microsoft (R) Windows Script Host Version 5.8
    Copyright (C) Microsoft Corporation. All rights reserved.
    ---Processing--------------------------
    Installed product key detected - attempting to activate the following product:
    SKU ID: b13afb38-cd79-4ae5-9f7f-eed058d750ca
    LICENSE NAME: Office 15, OfficeStandardVL_KMS_Client edition
    LICENSE DESCRIPTION: Office 15, VOLUME_KMSCLIENT channel
    Last 5 characters of installed product key: 92CD4
    ERROR CODE: 0xC004F038
    ERROR DESCRIPTION: The Software Licensing Service reported that the product coul
    d not be activated. The count reported by your Key Management Service (KMS) is i
    nsufficient. Please contact your system administrator.
    ---Exiting-----------------------------
    c:\Program Files\Microsoft Office\Office15>

    Hi,
    Please check if your KMS host key for Office 2013 is valid and you can try to activate the KMS host by telephone.
    To get the key for the Microsoft Office 2013 KMS, sign in to Microsoft Volume Licensing Service Center.
    On this page, don’t choose the Key Management Service Host Key. Choose the Office version you are licensed for instead, and look for the KMS key for that version.
    http://technet.microsoft.com/en-us/library/dn385356.aspx
    To activate an Office KMS host by telephone
    http://technet.microsoft.com/en-us/library/dn385356.aspx#BMK_ToactivateanOfficeKMSbytelephone
    KMS activation of Office 2013
    http://technet.microsoft.com/en-us/library/ee624357.aspx
    If issue persists, it is recommended to post the question in Office forums for further troubleshooting.
    http://social.technet.microsoft.com/Forums/office/en-US/home?category=officeitpro&filter=alltypes&sort=lastpostdesc
    Hope this helps.
    Jeremy Wu
    TechNet Community Support

  • Can't use ssh publickey, but only for a single host

    I've been using publickeys for a long time to connect my laptop to my server, but lately I can't connect when I'm in this place only.
    It is the same key and it works perfectly, except when I'm in this specific network. And it doesn't seem to be a firewall issue, because the remote server actually logs the attempt.
    I'm all out of ideas. Nothing I try has any effect.
    ssh -vvv
    OpenSSH_6.1p1, OpenSSL 1.0.1e 11 Feb 2013
    debug1: Reading configuration data /home/<user>/.ssh/config
    debug1: /home/<user>/.ssh/config line 14: Applying options for <host>
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to <host> port 443.
    debug1: Connection established.
    debug3: Incorrect RSA1 identifier
    debug3: Could not load "/home/<user/.ssh/id_rsa" as a RSA1 public key
    debug1: identity file /home/<user>/.ssh/id_rsa type 1
    debug1: identity file /home/<user>/.ssh/id_rsa-cert type -1
    debug1: identity file /home/<user>/.ssh/id_dsa type -1
    debug1: identity file /home/<user>/.ssh/id_dsa-cert type -1
    debug1: identity file /home/<user>/.ssh/id_ecdsa type -1
    debug1: identity file /home/<user>/.ssh/id_ecdsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.1
    debug1: match: OpenSSH_6.1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.1
    debug2: fd 3 setting O_NONBLOCK
    debug3: put_host_port: <host>:443
    debug3: load_hostkeys: loading entries for host "<host>:443" from file "/home/<user>/.ssh/known_hosts"
    debug3: load_hostkeys: found key type RSA in file /home/<user>/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys
    debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: [email protected],[email protected],ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: [email protected],zlib,none
    debug2: kex_parse_kexinit: [email protected],zlib,none
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,[email protected]
    debug2: kex_parse_kexinit: none,[email protected]
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_setup: found hmac-md5
    debug1: kex: server->client aes128-ctr hmac-md5 [email protected]
    debug2: mac_setup: found hmac-md5
    debug1: kex: client->server aes128-ctr hmac-md5 [email protected]
    debug1: sending SSH2_MSG_KEX_ECDH_INIT
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: <host key>
    debug3: put_host_port: <host>:443
    debug3: put_host_port: <host>:443
    debug3: load_hostkeys: loading entries for host "<host>:443" from file "/home/<user>/.ssh/known_hosts"
    debug3: load_hostkeys: found key type RSA in file /home/<user>/.ssh/known_hosts:1
    debug3: load_hostkeys: loaded 1 keys
    debug3: load_hostkeys: loading entries for host "<host>:443" from file "/home/<user>/.ssh/known_hosts"
    debug3: load_hostkeys: found key type RSA in file /home/<user>/.ssh/known_hosts:11
    debug3: load_hostkeys: loaded 1 keys
    debug1: Host '<host>:443' is known and matches the RSA host key.
    debug1: Found key in /home/<user>/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/<user>/.ssh/id_rsa (0x1d61230)
    debug2: key: /home/<user>/.ssh/id_dsa ((nil))
    debug2: key: /home/<user>/.ssh/id_ecdsa ((nil))
    debug1: Authentications that can continue: publickey
    debug3: start over, passed a different list publickey
    debug3: preferred publickey,keyboard-interactive,password
    debug3: authmethod_lookup publickey
    debug3: remaining preferred: keyboard-interactive,password
    debug3: authmethod_is_enabled publickey
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /home/<user>/.ssh/id_rsa
    debug3: send_pubkey_test
    debug2: we sent a publickey packet, wait for reply
    and this is the log from journalctl
    Mar 27 09:38:29 xen sudo[29258]: pam_unix(sudo:session): session closed for user root
    Mar 27 09:38:32 xen sshd[29196]: debug1: Forked child 590.
    Mar 27 09:38:32 xen sshd[590]: Set /proc/self/oom_score_adj to 0
    Mar 27 09:38:32 xen sshd[590]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
    Mar 27 09:38:32 xen sshd[590]: debug1: inetd sockets after dupping: 3, 3
    Mar 27 09:38:32 xen sshd[590]: Connection from <host> port 54330
    Mar 27 09:38:32 xen sshd[590]: debug1: Client protocol version 2.0; client software version OpenSSH_6.1
    Mar 27 09:38:32 xen sshd[590]: debug1: match: OpenSSH_6.1 pat OpenSSH*
    Mar 27 09:38:32 xen sshd[590]: debug1: Enabling compatibility mode for protocol 2.0
    Mar 27 09:38:32 xen sshd[590]: debug1: Local version string SSH-2.0-OpenSSH_6.1
    Mar 27 09:38:32 xen sshd[590]: debug1: permanently_set_uid: 99/99 [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: SSH2_MSG_KEXINIT sent [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: SSH2_MSG_KEXINIT received [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: kex: client->server aes128-ctr hmac-md5 [email protected] [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: kex: server->client aes128-ctr hmac-md5 [email protected] [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: SSH2_MSG_NEWKEYS received [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: KEX done [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: userauth-request for user <user> service ssh-connection method none [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: attempt 0 failures 0 [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: PAM: initializing for "<user>"
    Mar 27 09:38:32 xen sshd[590]: debug1: PAM: setting PAM_RHOST to "<host>"
    Mar 27 09:38:32 xen sshd[590]: debug1: PAM: setting PAM_TTY to "ssh"
    Mar 27 09:38:32 xen sshd[590]: debug1: userauth-request for user <user> service ssh-connection method publickey [prea
    Mar 27 09:38:32 xen sshd[590]: debug1: attempt 1 failures 0 [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: test whether pkalg/pkblob are acceptable [preauth]
    Mar 27 09:38:32 xen sshd[590]: debug1: temporarily_use_uid: 1000/100 (e=0/0)
    Mar 27 09:38:32 xen sshd[590]: debug1: trying public key file /home/<user>/.ssh/authorized_keys
    Mar 27 09:38:32 xen sshd[590]: debug1: fd 4 clearing O_NONBLOCK
    Mar 27 09:38:32 xen sshd[590]: debug1: matching key found: file /home/<user>/.ssh/authorized_keys, line 1
    Mar 27 09:38:32 xen sshd[590]: Found matching RSA key: <key>
    Mar 27 09:38:32 xen sshd[590]: debug1: restore_uid: 0/0
    Mar 27 09:38:32 xen sshd[590]: Postponed publickey for <user> from <host> port 54330 ssh2 [preauth]
    And it just hangs there forever.
    If I try to use the same key to log in to other servers (one debian and an openWRT router) it works just fine from this location. This key also works to log in to the archlinux server if I'm on other networks, such as my college's or my other workplace.
    Any help is very appreciated. As it stands, I have to log in to my debian server and from there I have to log in to my archlinux server. I wish I could just log in directly as I've done many times in the past.

    Hi,
    I don't know whether you've solved the issue in the meantime (your issue was three months ago), but I thought I'd post this reply just to let other people who run into this problem know what happened to me and how I solved it.
    I had exactly the same problem as you had. The logging in stopped at exactly the same point in the debugging trace. I too was experiencing the problem from a single network (multiple hosts on the network could not log onto a remote server). Logging into the remote server from other locations (even with the same laptop) worked fine.
    The problem turned out to be an MTU problem in my case. I was running an OpenVPN connection to the remote server, and I was logging into it over the VPN. No problems, usually, except for the fact that the network that I was logging in from is a glass fiber network using PPPoE. The MTU on that link is 1460 bytes, not the 1500 bytes that is more common. I had to reconfigure the OpenVPN interfaces (using the OpenVPN configuration options "mssfix 1360", "fragment 1360" and "tun-mtu 1400" on both sides of the connection) to use a smaller MTU on the OpenVPN tunX interface, and everything started working normally again.
    Obviously, the MTU was wrong for every connection going over the VPN, but the OpenVPN tunnel was somewhat resistant to this mistake because I turned on LZO compression, which made most packets that were transmitted over the OpenVPN interface (tunX) that were using an MTU of 1500 bytes smaller than the maximum allowed on the actual link. Anyway, the lesson is: set up your MTUs on your links correctly. And turn on "mssfix" so that if you're routing remote hosts' traffic over the OpenVPN tunnel, their TCP stacks will be made aware of the actual MTU of the link.
    Hope this helps somebody,
    Sven

  • KMS Host server 2012 R2

    I recently migrated our KMS server to a 2012 R2 box and I cannot get the count to budge now.According to this article our KMS key should now activate 2008 r2, 7 Ent, 2012 R2.7. Enter your KMS Host Key (CSVLK). Note: You can only install a Windows Server 2012 CSVLK at this point. A Windows Server 2012 CSVLK can activate Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 KMS clients.http://blogs.technet.com/b/askcore/archive/2013/03/14/installing-volume-activation-services-role-in-...Am I mistaken because my count is only at 4 which are Server 2012 R2 servers. None of the others are even making the count go up. A little help here.
    This topic first appeared in the Spiceworks Community

    as long as you have more than 25 Machines both client and server os:es will be activated.
    It's all explained here:
    http://technet.microsoft.com/en-us/library/ff793434.aspx

  • [MFC] Error Importing logs using SCP - "Error while downloading file. The remote host has terminated the connection"

    Background: 
    In order to transfer logs to MFC, we had to use an intermediate logging server in our OOB network.  When this logging server crashed we had to rebuild the server with new hardware and SCP no longer worked.
    Issue: 
    The host key changed on the new server and had to be manually updated.  We suspected it was related to the hosts key but had difficulty finding where the known hosts info was stored.
    Solution: 
    Go to your install location of MFC and remove the known_hosts file.  In our case the file was located at:  "D:\Program Files\IronPort Systems\Mail Flow Central\mailFC\tmp\known_hosts".  Instead of removing the file, we renamed it to known_hosts.old and restarted the MFC service.  Afterwards we could see all the old logs importing.
    The issue itself was not difficult to resolve, it just took more time than expected for something that would seem straightforward.  To complicate things, we even raised a query to customercare who came back saying that they do not support the server on which MFC is running.  But clearly the source of the issue was related to the application rather than the server itself.

    Thanks for your comment qetzacoatl, however I don't this this will work for me, I am on a team, and we need to be able to check-in/out files and make sure we don't override eachothers work. I also don't want to have to use 2 programs to accomplish the task one should be able to do. Its now 3 weeks going and I can't get any work done, it seems like its getting worse. Nobody from Adobe seems to want to comment on my thread at all....So maybe I should just find a completely new solution and get rid of DW all together, Aptana is looking VERY nice right about now.

  • SSH Key login not working when added to gpg-agent

    Hello,
    As I use gnupg, I run the gpg-agent. I run it with systemd --user and it works flawlessly. As I already run gpg-agent, I figured I might as well just add my ssh keys to it as well. Therefore I start gpg-agent with --enable-ssh-support. I use my SSH keys a lot and never had any problems with connecting to anything with a simple ssh .... or pushing things to git etc.
    As the SOCKS_AUTH_SSH envvar needs to be set for ssh-add to work, I added this line to my .bashrc
    export SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh
    Now, adding my SSH Keys with a simple ssh-add seems to work fine (no errors etc).
    However, when I try to connect to a server now, the following happens:
    ssh -vT [email protected]
    OpenSSH_6.8p1, OpenSSL 1.0.2a 19 Mar 2015
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Connecting to XXXXXXXXX port XXXXX.
    debug1: Connection established.
    debug1: identity file /home/XXXXX/.ssh/id_rsa type 1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/XXXXX/.ssh/id_rsa-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.8
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8
    debug1: match: OpenSSH_6.8 pat OpenSSH* compat 0x04000000
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr [email protected] none
    debug1: kex: client->server aes128-ctr [email protected] none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Mw5MTDp91yExgStdoMPMwi2yZdoG9MruOm+6XiC5Vks
    debug1: Host '[XXXXXXX]:XXX' is known and matches the ECDSA host key.
    debug1: Found key in /home/XXXX/.ssh/known_hosts:1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /home/XXXXX/.ssh/id_rsa
    debug1: Server accepts key: pkalg ssh-rsa blen 279
    debug1: No more authentication methods to try.
    Permission denied (publickey).
    Which is very strange as id_rsa is my (ecrypted) private key. I am also prompted to enter the corresponding password when issuing ssh-add.
    What could the problem be in this case? Thanks a lot!!
    Last edited by replax (2015-05-18 19:06:58)

    replax wrote:Well, there is something listed in .gnupg/sshcontrol , I am not sure if it is connected to my own key though. I tried ssh-add -l and it will list my one key, although it is different from the one in sshcontrol. I suspect that that is an issue of presentation though, as ssh-add spews out the SHA256 of my key..
    How could I go about verifying that they key is indeed correct? Shouldn't it be added automatically by ssh-add?
    Thanks a lot!!
    Yes it should be added automatically. I suppose you could try it in a new user just to start fresh and see if it works, at least then you'll have either verified that your steps were correct or incorrect.

  • When I type .ssh root@10.0.02 it says host not recognized I'm unable to get in to known host file can not fix the problem.

    When I open terminal and do sash [email protected] it says warning rsa key not recognized to go to known-hosts file which ican not grt into I have download pico but am not sure how to launch it or what I ave to do.

    sibeen, please stop starting new posts when you are really just continuing the first post.  "Reply" to one of your existing posts when you are really just continuing the same question.  If I have not lost count, you have posted 3 times about this same ssh rsa host key issue, and Linc Davis and I have been trying to keep track of all the details, but with it spread out across multiple new posts, it is difficult.
    I'm guessing as you again forgot to post the actual error (I'm starting to wonder if you are testing how well Linc and I can guess at your problem ).  Anyway, I'm guessing that you managed to delete the $HOME/.ssh/known_hosts file, and now when you try to ssh to 10.0.0.2 it wants to add the remote system's host rsa key into a newly created known_hosts file.
    The authenticity of host '[10.0.0.2]:22([10.0.0.2]:22)' can't be established.
    RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
    Are you sure you want to continue connecting (yes/no)?
    Generally the command ask if you want to do this, yes or no.  You type "yes" and your Mac memorizes the remote system's host rsa key.
    If this is not the warning message you are seeing, then as Linc has requested, please post the exact error (feel free to mask put the actual key or usernames or IP addresses, but keep the words.
    If you are still getting the original error from 3 posts ago, then I would not try editing $HOME/.ssh/known_hosts, and instead just delete the file, and when you get a message like I have posted above, answer it with "yes".
    WIth respect to pico, Mac OS X already has pico installed, so there was  no need to download it from anywhere.  However, most people just use 'nano' which has essentially replaced 'pico' as an easy to use Terminal based text editor.  But like I said, I think you will be happier if you just delete the known_hosts file and get on with your ssh operations.
    Finally, I think in your 2nd post you indicated you tried deleting a file that had a dash in the name (known-hosts) instead of an underscore (known_hosts).  If that was just a typo when you entered your post, and you were really getting you cannot delete a directory, then something is seriously wrong, or you accidentally allowed a space to be inserted between .ssh and known_hosts.  Personally, I'm going with you actually entered a space and the 'rm' command thought you wanted to delete the .ssh directory instead of $HOME/.ssh/known_hosts.  I could be wrong, but using copy and paste to post actual Terminal screen output as well as the command you entered would be very helpful to anyone trying to provide useful information.  In other words, help us help you.

  • SFTP/FTP Proxy Problems - Works for DMZ but not for Internet Hosts?!

    Hi together,
    we have a strange problem with our TMG Proxy, some infrastructure informations first
    So we have the Client LAN with the IP range 192.168.11.x which is routeable to Server LAN 192.168.3.x but not to DMZ LAN 192.168.200.x.. The TMG is a 2 Node Array, 192.168.200.5 is the DMZ VIP. TMG DMZ IP Adress (192.168.200.5) and physical Adresses have
    an NAT relation to one Public IP. HTTPS Inspection is active. We dont use (and dont want to) the TMG Client component.
    When i use WinSCP, Putty or Filezilla and connect to a DMZ LAN Host (192.168.200.x) with "HTTP Proxy" (192.168.3.108:8080) everything is fine, it works like expected...
    When i connect to an Internet Host it fails regardless which protocol i use - ftp, sftp or ssh. The error i get is
    "The token supplied to the function is invalid."
    An example for a failed SFTP Connection
    Filezilla
    Status: Connecting to system.internet.de...
    Trace: Going to execute "C:\Program Files (x86)\FileZilla FTP Client\fzsftp.exe"
    Response: fzSftp started
    Trace: CSftpControlSocket::ConnectParseResponse(fzSftp started)
    Trace: CSftpControlSocket::SendNextCommand()
    Trace: CSftpControlSocket::ConnectSend()
    Command: proxy 1 "tmg.local" 8080 "domain\user" "***********"
    Trace: CSftpControlSocket::ConnectParseResponse()
    Trace: CSftpControlSocket::SendNextCommand()
    Trace: CSftpControlSocket::ConnectSend()
    Command: open "[email protected]" 22
    Trace: Looking up host "system.internet.de"
    Trace: Connecting to 192.168.3.108 port 8080
    Trace: Proxy error: 502 Proxy Error ( Das Token, das der Funktion übergeben wurde, ist ungültig.  )
    Error: Proxy error: 502 Proxy Error ( Das Token, das der Funktion übergeben wurde, ist ungültig.  )
    Trace: CControlSocket::DoClose(64)
    Trace: CSftpControlSocket::ResetOperation(66)
    Trace: CControlSocket::ResetOperation(66)
    Error: Could not connect to server
    Trace: CFileZillaEnginePrivate::ResetOperation(66)
    TMG protocol throws this
    Protokolltyp: Webproxy (Forward)
    Status: 0x80090308 
    Regel: Webzugriff FTP Test
    Quelle: Intern (192.168.11.31:44673)
    Ziel: Extern (78.46.182.171:22)
    Anforderung: system.internet.de:22
    Filterinformationen: Req ID: 106f1cb7; Compression: client=No, server=No, compress rate=0% decompress rate=0%
    Protokoll: https-inspect
    Benutzer: domain\user
    Hope you can explain me what we doin wrong or how to find out whats the problem. I didn`t find many informations about "0x80090308" or "The token supplied to the function is invalid.". Disabling HTTPS Inspection for the Source 192.168.11.31
    doesnt change anything...
    Connection to an DMZ Host looks like this:
    Filezilla
    Status: Connecting to system.dmz...
    Trace: Going to execute "C:\Program Files (x86)\FileZilla FTP Client\fzsftp.exe"
    Response: fzSftp started
    Trace: CSftpControlSocket::ConnectParseResponse(fzSftp started)
    Trace: CSftpControlSocket::SendNextCommand()
    Trace: CSftpControlSocket::ConnectSend()
    Command: proxy 1 "tmg.local" 8080 "domain\user" "***********"
    Trace: CSftpControlSocket::ConnectParseResponse()
    Trace: CSftpControlSocket::SendNextCommand()
    Trace: CSftpControlSocket::ConnectSend()
    Command: open "[email protected]" 22
    Trace: Looking up host "system.dmz"
    Trace: Connecting to 192.168.3.108 port 8080
    Trace: Server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
    Trace: Using SSH protocol version 2
    Trace: We claim version: SSH-2.0-PuTTY_Local:_Mar_28_2014_10:34:48
    Trace: Doing Diffie-Hellman group exchange
    Trace: Doing Diffie-Hellman key exchange with hash SHA-256
    Trace: Host key fingerprint is:
    TMG Protocol
    Protokolltyp: Webproxy (Forward)
    Status: 0 Der Vorgang wurde erfolgreich beendet. 
    Regel: Webzugriff FTP Test
    Quelle: Intern (192.168.11.31:48818)
    Ziel: Umkreis 2 (192.168.200.205:22)
    Anforderung: system.dmz:22
    Filterinformationen: Req ID: 10727dce; Compression: client=No, server=No, compress rate=0% decompress rate=0%
    Protokoll: SSL-tunnel
    Benutzer: domain\user
    Thanks in advance.
    Regards
    Matthias

    Hi Keith,
    ok i found out the problem is https inspection is enabled....
    - when i disable https inspection for source, same problem
    - when i disable https inspection for destination, problem solved
    the root cause why this worked is we had https inspection disabled for dmz destinations.
    there is no direct route relation between the lan and dmz.
    why is source exception not working in this?

  • Strange issue with key authentication

    I just installed Arch again after being away for a few years. Almost everything is running smoothly, but I ran into a weird problem with openssh. Namely, I can successfully log in with a  key only if in /etc/ssh/sshd_config instead of the default
    AuthorizedKeysFile .ssh/authorized_keys
    I put
    AuthorizedKeysFile /home/testuser/.ssh/authorized_keys
    Of course I'd like to be able to use key authentication for more than just one user. Any ideas what I should change to make this possible?
    The rest of the config file is:
    # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
    # This is the sshd server system-wide configuration file. See
    # sshd_config(5) for more information.
    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented. Uncommented options change a
    # default value.
    #Port 22
    #AddressFamily any
    ListenAddress 0.0.0.0
    #ListenAddress ::
    # The default requires explicit activation of protocol 1
    #Protocol 2
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 1024
    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    #LogLevel INFO
    # Authentication:
    #LoginGraceTime 2m
    #PermitRootLogin yes
    #StrictModes yes
    MaxAuthTries 6
    #MaxSessions 10
    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile /home/ardo/.ssh/authorized_keys
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    # To disable tunneled clear text passwords, change to no here!
    PasswordAuthentication yes
    #PermitEmptyPasswords no
    # Change to no to disable s/key passwords
    ChallengeResponseAuthentication no
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication. Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    UsePAM yes
    #AllowAgentForwarding yes
    #AllowTcpForwarding yes
    #GatewayPorts no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no
    #ChrootDirectory none
    # no default banner path
    #Banner none
    # override default of no subsystems
    Subsystem sftp /usr/lib/ssh/sftp-server
    # Example of overriding settings on a per-user basis
    Match User anoncvs
    #X11Forwarding no
    #AllowTcpForwarding no
    #ForceCommand cvs server

    The default values in sshd_config aren't correct for the location of the authorized key file. See This Bug Post
    Therefore, to resolve this, do one of these
    1) Comment the line "#AuthorizedKeysFile    .ssh/authorized_keys"
    2) Change the line to "AuthorizedKeysFile %h/.ssh/authorized_keys"
    My Original Post:
    I cannot offer any helpful advice for resolution, but I can contribute that I am also having this issue. The default value for the authorized_keys location, as well as "~/.ssh/authorized_keys" does not work, however "/home/<username>/ssh/authorized_keys" does...
    Actually, After a bit of tinkering, I rectified my sshd_config with a .pacnew and it seems to be working, at least with my macbook. Here is my sshd_config:
    # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
    # This is the sshd server system-wide configuration file. See
    # sshd_config(5) for more information.
    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented. Uncommented options change a
    # default value.
    Port 40000
    Port 22
    #AddressFamily any
    ListenAddress 192.168.1.103
    #ListenAddress ::
    # The default requires explicit activation of protocol 1
    #Protocol 2
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 1024
    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    #LogLevel INFO
    # Authentication:
    LoginGraceTime 2m
    PermitRootLogin no
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10
    #RSAAuthentication yes
    #PubkeyAuthentication yes
    #AuthorizedKeysFile .ssh/authorized_keys
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no
    # Change to no to disable s/key passwords
    ChallengeResponseAuthentication no
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication. Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    UsePAM yes
    AllowAgentForwarding yes
    AllowTcpForwarding yes
    #GatewayPorts no
    X11Forwarding yes
    X11DisplayOffset 10
    X11UseLocalhost yes
    PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no
    #ChrootDirectory none
    # no default banner path
    #Banner none
    # override default of no subsystems
    Subsystem sftp /usr/lib/ssh/sftp-server
    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    # X11Forwarding no
    # AllowTcpForwarding no
    # ForceCommand cvs server
    Last edited by losl (2010-04-12 15:31:46)

  • Kms keys

    Hello,
    We have a customer that has installed a kms host key on 6 servers, so now they have 6 KMS hosts running.  They have contacted us because they realize they have done something wrong.  I am new to kms and have been reading on technet for serveral hours now, but still some thing are unclear to me
    If I understand correctly deployment of kms should be simple and straightforward
    The easiest way (read to support the most kms clients) is to install a 2008 R2 server with a 2008 R2 host key.   This will support vista, 7, 2003, 2008 and 2008R2 kms systems and enable them to activate.  Is this correct ?
    I install a windows vista machine or windows 7 machine using a volume license product key.  After installation the activation will occur automatically against the kms host and no extra manual steps are needed.  I do not need to install/add a kms client key on the vista or windows 7 machine.  Is this correct ?
    Can i deactivate systems that were actived directly (before deployment of the kms host) with Microsoft and reactivate them with the kms host ?
    s it possible to uninstall a kms host and thus making it a regular kms client (to reduce the number of kms hosts from 6 to 2) ?
    Thanks in advance
    Kind Regards
    Stijn Delen

    Regarding this question:
    Question 1: "I install a windows vista machine or windows 7 machine using a volume license product key.  After installation the activation will occur automatically against the kms host and no extra manual steps are needed.  I do not need to
    install/add a kms client key on the vista or windows 7 machine.  Is this correct ?"
    Answer: Yes, if your KMS host is set up properly, no extra steps are needed, they will activate automatically.
    Question 2: "Can i deactivate systems that were activated directly (before deployment of the kms host) with Microsoft and reactivate them with the kms host ?"
    Answer: You should not need to deactivate any systems. If they were activated with a MAK key, they're good forever...whether the KMS overrides the MAK, I don't know, but they can exist together peacefully. We have a mix in our environment of pcs we've
    deployed using MAK keys (when we were first getting started) and pcs contacting our KMS server (pcs we've deployed more recently).

Maybe you are looking for

  • How to change at run-time the type of a step?

    Hi, How topic title, i need to know how change at run-time the type of a step. I have, i my sub-sequence, a step whose type must change at run-time based upon the occurrence of a condition. How can do it? Thanks.

  • CRM Survey additonal mandantory conditions

    Hello, the survey builder in CRM 5.0 allows to specify simple input fields or text-fields as mandantory, in order to ensure that the fields are going to be filled. But how you can you ensure, that radio buttons oder list boxes are mandantory as well?

  • Good apps and games for the disabled?

    My brother in law was born premature and as a result has a number of neurological and muscular problems. He has been wheelchair bound since he was very young, and mentally he will likely not develop past about a third grade intellect. He is currently

  • Conditionally Mandatory or non-Mandatory field in Isupplier banking Detail Form.

    Hi OA Experts I need to make a field mandatory or Non-Mandatory based on Lov item in page "/oracle/apps/pos/sbd/webui/SuppRegActPG", Can I do this by using VO extension , if yes, Kindly guide me as I am new to OAF.

  • Importing photos in order

    I have a disc of photos to import that I want to keep in order. The photos come from several sources with assorted titles. How do I keep the burn order of the disc in an event folder?