Netra 240 - SSH not working
We are having a problem with a Sun Netra 240 � (Solaris 10) and are unable to SSH to the server. When entering the login and password � after about 15 seconds it closes out. We had NO trouble last week logging in using secure shell.
We can go to the console port with no problem.
Any ideas as to what might be the problem or fix?
Thanks,
You'll have to upgrade your IOS & license-
"ENTERPRISE PLUS IPSEC 3DES-Supports all the ENTERPRISE PLUS features, plus adds support for Triple Digital Encryption Standard (3DES) encryption to enable features that require this security, such as Secure Shell (SSH) Protocol and IP Security (IPSec) tunnels"
Hope it helps
Similar Messages
-
Port forwarding for SSH not working on WRT54G2
Hi,
I have forwarded a few ports, but can't get port 22 for SSH to work. I can SSH from within LAN, so that works. And I can access FTP from outside the LAN, when I forwarded that port. But to the same computer where I can access FTP I can't access SSH...
Would be grateful for assistance. Btw, I'm using dynamic IP (through DynDNS, but not using the DynDNS tool in the Linksys interface). I've tried with both the dynDNS domain and the IP address. And I have set a fixed IP address on the server I try to access.
Thanks,
DanielMake sure that if you are forwarding the port nos for SSH on WRT54G2 you need to forward it for the assinged static ip address & it should work great..just try it once.
-
Ssh not working after recent security updates
ssh worked fine just 2 weeks ago.
in these last 2 weeks i did several updates, i am not sure which caused the problem.
Symptoms:
when i ssh to another machine and i get a "Segmentation Fault" error; when i scp the error message is "lost connection"
This issue was talked about as re-occurring regularly as
discussed on http://discussions.apple.com/message.jspa?messageID=4532389#4532389
But the remedies or fixes suggested there did not change those errors.
On some other site, it was suggested to use 'ssh -1 '
which actually worked but i could not open X11 xterm window,
which usually worked with 'ssh -X' or recently 'ssh -Y' worked instead.
Question:
Hopefully, the security fixes should give back the basic
UNIX X11 functionality. The question is when ?
(I am curious how many people are experiencing the same problems, as this seems quite a serious problem...)
Victor
MacBook Pro Mac OS X (10.4.9) 2.33 GHz Intel Core 2 DuoI Just tired my mom's WHITE iphone four bought at the same time as mine (mines black) it is fully updated to IOS7 and it worked! I dont know what it is, but it must be a defect with the black one. I wish apple had an aswer for this one... Mine still doesnt work.
-
[Solved] Remote X over ssh not working
Hello, I'm trying to forward X11 over ssh but it's not working.
I type
ssh -X 192.168.1.101
followed by my password, and I log in just fine.
I try to launch an X11 application and I get
$kate
kate: cannot connect to X server
SSH is supposed to be forwarding a dummy $DISPLAY to allow remote X. So I type
$echo $DISPLAY
and and get back a empty newline.
Well how about
$xinit
Fatal server error:
Server is already active for display 0
If this server is no longer running, remove /tmp/.X0-lock
and start again.
Please consult the The X.Org Foundation support
at http://wiki.x.org
for help.
Okay, I'll shut down xserver.
I do it, and type
$xinit
again. KDE launches on my remote box. It makes sense, but contradicts many guides I have read which say it should launch on my local machine.
What am I doing wrong here? This should be ridiculously simple.
Last edited by xenobrain (2010-07-06 20:45:16)Did you enable X forwarding in your sshd config?
Did you xhost + (or ssh -Y)?
Did you crop your DISPLAY variable in a bashrc or similar script run at login?
Last edited by benob (2010-07-06 19:10:54) -
SSH not working for my user id on Mac
Hi everyone
I am running Terminal
I am trying to ssh into a server.
It works on my linux machine
It works on my make if log in to another user account on my mac
Ssh does not work on my account to the server. Filezilla works to the server on my account. The game client works on my account too.
I have emptied by known_hosts file in ~/.ssh
I have commented out line 20 in ssh_config
What else am I missing.
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.x.xxx [xxx.xxx.x.xxx] port 22.
debug1: connect to address xx port 22: Operation timed out
ssh: connect to host xx port 22: Operation timed out
Help :-) Please :-)kokoko, I had this problem last week. I solved it by removing "thinkpad ultranav driver" and "thinkpad ultranav utility," rebooting and reinstalling them. It hasn't happened again.
-
Captivate Six version 6.0.1.240 Updates not working.
Currently using a client's machine to complete a project. They are not a subscription customer but still surely released patches should work for all clients. Below are the issues encountered:
Most of the Stability items on patch for 240 that we’re already on don’t work properly
Stability
•Occasionally Adobe Captivate crashes when multiple projects are open and the library is clicked just after switching between projects. – Occasionally?? More like almost every time
•The Adobe Captivate menu becomes unresponsive at times. When you click a menu option, the option is not called. But, when Adobe Captivate is closed, the menu operation you called is carried out. This happens a lot
•Adobe Captivate workspace gets corrupted occasionally. As a result, Property Inspector and other panels do not get displayed in the workspace.
•Occasionally Adobe Captivate hangs while saving a project. This behavior is observed in all operations that involve progress bars. The progress bar gets stuck at zero percent and the operation is not completed. This happens a lot
•In some scenarios, Adobe Captivate crashes when you select multiple smart shapes and then try to resize them.
•Adobe Captivate crashes at the end of 'Additional Recording' if the project theme does not contain the Blank master slide
Please advise;
Thanks in advance.
Regards to all.This topic explains about setting up your PC to run Captivate with fewer issues (including how to set the Run As Administrator launch option):
http://www.infosemantics.com.au/adobe-captivate-troubleshooting/setting-up-your-computer-t o-work-with-captivate
This topic tells you all about setting up your Preferences:
http://www.infosemantics.com.au/adobe-captivate-troubleshooting/how-to-set-up-preferences -
[Solved] SSH not working (ISP blocks my port 22)
OK full story:
I want to be able to connect to my home arch linux box from school. The setup there are winxp machines whit putty on my usb or the pc itself. I know that my school is not blocking any ports as my friend can connect to his linux box at home. (also ssh)
These are things i did and can think of i need to to do get ssh working:
Before everything else i started to configure my Linsys router.
My ISP gives me an Dynamic IP so i need to use the dyndns.org service. I made an account and configured my linsys router DDNS tab to work with the account. I got into the port forward tab an putted in ssh port forwarding (on port 22 TCP for my ip 192.168.1.102 => did ifconfig to be sure). Port forwarding for port 9091 is also on for my transmission webgui i'm saying this here because this works when i'm at school.
1. Installed openssh
# pacman -S openssh
All installed fine.
2. I've put the sshd into the daemon part of my rc.conf file.
DAEMONS=(syslog-ng network netfs crond @alsa @g15daemon @samba @sshd dbus hal)
3. Hosts.allow file =
# /etc/hosts.allow
SSHD: ALL
# End of file
4. Hosts.deny =
# /etc/hosts.deny
ALL: ALL: DENY
# End of file
5. sshd_config file =
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none
# no default banner path
Banner /etc/issue
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
6. ssh_config file=
# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
HashKnownHosts yes
StrictHostKeyChecking ask
7. Im sure SSH is running i even did => /etc/rc.d/sshd restart
8. I have never installed any firewall on my arch box (that i know off). I can connect to it using my other linux laptop
ssh -p 22 192.168.1.102 => works
ssh -p 22 xxxxxx.dyndns.org => works (xxx replaced by my dyndns.org domain)
ssh -p 22 9x.xxx.xxx.xx5 => works (xxx is my normal WAN ip offcourse)
Keep in mind that transsmission port forwarding is working fine. I can connect from everywhere to my webgui wich is on port 9091. Anyone can help me get whats wrong?
Last edited by Redostrike (2010-02-25 17:06:14)Wild guess but:
# /etc/hosts.allow
SSHD: ALL
# End of file
I don't know if this is case-sensitive, but if it is: it should be "sshd".
If it doesn't work, doesnt hurt to try. -
X forwarding via ssh not working
hi!
since i've updated to leopard, i have no longer been able to forward X sessions via ssh (ssh -Y $username@$remotehost)
i can login into the remote host, but X forwarding simply doesn't work, i.e. the app never opens. i've tried with vlc mainly.
also i've noticed that if i try starting an app like xclock locally, it doesn't show up.
here's the content of DISPLAY locally
Macintosh:~ asymmetric$ echo $DISPLAY
/tmp/launch-35MU2b/:0
while on the remote machine it's something along the lines of
localhost:12.0
i haven't updated to the "unofficial" xquartz releases, so the openssh version here is OpenSSH_4.7p1, OpenSSL 0.9.7l 28 Sep 2006
any ideas?
thanks
asyi forgot to mention it, but i'm trying to connect to a GNU/Linux box. Don't know if it's the same for you.
I do have a Linux system at the other end of my ssh -Y connection (RHEL4).
From the RedHat system I see the following information:
% printenv | grep -i ssh
SSH_CLIENT=::ffff:xxx.xxx.xxx.xxx 60264 22
SSH_TTY=/dev/pts/13
SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
SSH_CONNECTION=::ffff:xxx.xxx.xxx.xxx 60264 ::ffff:yyy.yyy.yyy.yyy 2
% grep X11Forwarding /etc/ssh/sshd_config
X11Forwarding yes
% echo $DISPLAY
localhost:15.0
The following is the Mac OS X info:
% echo $DISPLAY
/tmp/launch-MoVGGO/:0
% grep X11Forwarding /etc/ssh/sshd_config
X11Forwarding yes
% ssh -Y remote.system.address
Make sure you are not setting your own $DISPLAY environment variable.
Do you have a $HOME/.xinitrc ?? If so, how much does it differ from
/usr/X11/lib/X11/xinit/xinitrc -
X11 Forwarding with SSH not working [SOLVED]
I'm trying to follow the X11 forwarding guide on the wiki but to no avail.
I'm using Putty and Xming from a Windows machine to SSH into the ArchLinux machine over my home network.
When I log in through SSH with X11 forwarding enabled, my display variable is set to "localhost:10.0". Running xclock gives me the following error: "Error: Can't open display: localhost:10.0".
I'm pretty sure Xming isn't the problem, since if I manually change the DISPLAY variable to "[my windows machine IP]:0.0", I can run xclock and see it appear.
From what I can see, it should be working.
Complete sshd_config below:
# $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /run/sshd.pid
#MaxStartups 10
PermitTunnel yes
#ChrootDirectory none
#VersionAddendum none
# no default banner path
Banner /etc/issue
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
Last edited by gixr (2013-01-11 22:37:35)It's easy.
Start Xming.
Configure SSH (here's my confg):
# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
Putty setting: http://i.ztjuh.tk/20130111075624803.png
Click on Open and run your program
Last edited by Ztjuh (2013-01-11 08:01:00) -
Enterprise Manager Grid Control - SSH not working on Windows
Hi,
We tried the below steps to install EM Grid control on our Windows servers.
• Oracle Application Grid Control with Oracle Management Agent has been installed successfully on Server1.
• As part of prerequisites for Agent installation using Agent Deployment Wizard, we have installed Cygwin in both the boxes – SOA box (Server2) and Grid control box (Server1) for SSH communication. However, the agent installation failed and the service in SOA box failed to start. We tried re-installation of Cygwin but unable to bring up Cygwin service.
• We have installed SOA suite in another box (Server3) and then installed Cygwin. Cygwin installation was successful and all previous issues were resolved.
However, SSH communication is getting failed because of the error "User Authentication failed on remote nodes:Server3. Either the provided username and password is incorrect or Password Authentication is disabled for the sshd daemon on the remote nodes. To enable Password Authentication set the property PasswordAuthentication to "yes" in the SSHD Configuration File (sshd_config) on the remote nodes".
We are able to achieve SSH communication when we manually try it through Cygwin Bash Shell.
Any pointers in resolving this would be highly appreciated.
regards,
Satyajith
Edited by: 817555 on Dec 12, 2010 10:11 PMI couldn't get to work either so I left the ssh configuration out and went on with 'silent' installation which worked like a charm and oem discovered it right away. Be sure change the parameters according to your environment in 'additional_agent.rsp' file and use that to run the silent installation. You may have to add one additional parameter manually about agent home location, look in the documentation for the exact parameter name. Hope this helps, Viral.
-
SSH not working anymore...
I recently ran into the following problem when trying to ssh into my Ubuntu 11.04 server:
>> ssh [email protected]
PTY allocation request failed on channel 0
This occurred after I upgraded to Lion. I can SSH from any other machine without a problem.
I've seen a few other posts saying they're having issues with SSH and Lion as well. Here's the -v output:
GLPro:~ greg$ ssh -v [email protected]
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to xxxx [xxx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file /xxx/xxx/.ssh/id_rsa type 1
debug1: identity file /xxx/xxx/.ssh/id_rsa-cert type -1
debug1: identity file /xxx/xxx/.ssh/id_dsa type -1
debug1: identity file /xxx/xxx/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3
debug1: match: OpenSSH_5.8p1 Debian-1ubuntu3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'neek.us' is known and matches the RSA host key.
debug1: Found key in /xxxx/xxxx/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /xxxx/xxxx/.ssh/id_rsa
debug1: Server accepts key: pkalg xxx-xxx xxxx xxxx
debug1: Authentication succeeded (publickey).
Authenticated to xxxx ([xxx.xx.xx.xx]x).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
PTY allocation request failed on channel 0To Apple Discussions!
If you have AppleCare and/or your comp is less than 90 days old, suggest that you give them a call. They may be able to advise you how fix your computer w/o the System Install DVDs.
Never post your email address in a public forum. Spam bots roam public forums looking for "spam victims".
If you insist on using your email address in a public forum & you want to "trick" the spam bots, then suggest that instead of using "@ "in the email address, use instead the actual word AT.
Regarding responding to your emal addy, we ask that you post all questions to the appropriate discussion forum. This allows other users and other helpers to have a chance to view and respond to your post. That way, everyone benefits from the exchange.
Thank you -
Reverse SSH not working for Cisco 3750.Plz help.
Hi,
I have configured the reverse ssh mentioned on the cisco document:http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gt_rssh.html#wp1051457.
But now I am running into the issue that When I issue command ssh -l alex:rotary1 192.38.6.8 from the cli of the router I’m presented with a password prompt.
I enter my password and get connected. However at this point when I type, for example, the atdt command I don’t see any output displayed.
So I tried typing command atdt <tel no.> and at the same time ran a debug modem on a separate session. It was from the separate session I could see the call been made to the remote device and connected successfully. However almost immediately the modem debug displays message 0236596: Dec 7 2010 12:18:18.236 GMT: TTY69: cleanup pending. Delaying DTR. At no point do I see output displayed on the session where I connected to the modem.
When using telnet to connect, i.e using the same modem and the same remote device, we have had no problems it is just with SSH.
Any suggestion on this will be highly appriciated.
Thanks
Alex.Philip,
I first thank you for coming forward to help me on this.
I use the 30DM(Digital Modem) Card on the router. I have configured on of this modem on the PRI card(1/18) to make outbound calls. We use this dailup to cyclades the devices located on our remote office. Hence we loose the main internet connectivity we use this option as a backup.
Show ver:Cisco IOS Software, 3700 Software (C3725-ADVSECURITYK9-M), Version 12.3(11)T5
ine con 0
transport output none
line 72 92
modem InOut
modem autoconfigure type mica
transport input all
transport output all
autoselect during-login
autoselect ppp
line 93
absolute-timeout 60
modem InOut
modem autoconfigure type mica
rotary 1
no exec
transport input ssh
transport output none
line aux 0
no exec
transport output none
line vty 0 4
logging synchronous
transport input ssh
transport output ssh
Please let me know is this a bug or anything else. AS the same setup works fine when I use TElnet rather than ssh.
Thanks in advance.
REgards
Alex. -
Ldap authentication not working for Solaris 8 host - Help!
Greetings folks,
I just recently migrated a host to use LDAP authentication. The only difference between this host and the rest of the hosts in the environment that I've converted to use LDAP is that this one is running Solaris 8.
Here's the steps I took to migrate it (though, I used the same steps for another Sol8 host in another environment and it works fine):
ldapclient -P stg -d mydomain.com -D cn=proxyagent,ou=profile,dc=mydomain,dc=com -w secret 192.168.1.69
My /etc/nsswitch.conf looks like this:
passwd: files ldap
group: files ldap
My /etc/pam.conf looks like this:
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth sufficient pam_unix_auth.so.1
login auth required pam_ldap.so.1
sshd auth requisite pam_authtok_get.so.1
sshd auth sufficient pam_unix_auth.so.1
sshd auth required pam_ldap.so.1
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth sufficient pam_unix_auth.so.1
other auth required pam_ldap.so.1
passwd auth sufficient pam_passwd_auth.so.1
passwd auth required pam_ldap.so.1
I've also cleared out the local user accounts for my human users, so there aren't any more passwd or shadow entries (yes, I ran pwconv). I also cleaned out the /etc/group entries for the same users. The machine appears to be configured properly, because I can run various DS commands that indicate this:
hostname# getent passwd user1
user1::1001:1001:User 1:/opt/home/user1:/bin/bash
hostname# ldaplist -l passwd user1
dn: uid=user1,ou=people,dc=mydomain,dc=com
shadowFlag: 0
userPassword: {crypt}(removed)
uid: user1
objectClass: posixAccount
objectClass: shadowAccount
objectClass: account
objectClass: top
cn: user1
uidNumber: 1001
gidNumber: 1001
gecos: User 1
homeDirectory: /opt/home/user1
loginShell: /bin/bash
However, in the end, actual logins to this host fail via ssh. Snooping the traffic reveals that all the right info is being handed back to the client, including the crypt'ed password hash, uid, etc. just like I see with other hosts that work.
Any ideas?
Thanks!
PatrickI assume you have applied lastest kernel patch and 108993 to this Solaris8 machine, and its nss_ldap.so.1 and pam_ldap.so.1 are the same as the other Solaris8 LDAP clients that are working for ssh via LDAP auth.
1) Please replace "objectClass: account" with "objectClass: person", I know SUN ONE DS5.2 likes "person".
2) Did you test and verify telnet/ftp/su working? but SSH not working?
3) If telnet/ftp/su all worked, and SSH (SUN-SSH or OpenSSH), make sure you have "UsePAM yes" in sshd_config and restart sshd.
4) It is not a must I think but normally I will add "shadow: files ldap" to /etc/nsswitch.conf, restart nscd after that.
5) Whenever ldapclient command is run and ldap_cachemgr is restarted, I usually also restart nscd and sshd after that, if not testing result may not be accurate as nscd is still remembering OLD stuffs cached which could be very misleading.
6) You may use "ssh -v userid@localhost" to watch the SSH communications, on top of your usual "snoop"ing of network packets.
7) Use the sample pam.conf that is meant for pam_ldap from Solaris 10 system admin guide with all the pam_unix_cred.so.1 lines commented out. This works for me, there is no sshd defintions as it will follow "other".
http://docs.sun.com/app/docs/doc/816-4556/6maort2te?a=view
Gary -
ASA 5510 - Version 8.2(1) - SSH, ICMP and NAT not working
I have an ASA 5510 using version 8.2(1) and I have enabled ssh, icmp and they work from the inside network but not from the outside network.
Further to this, I exposed one site from the inside interface on the ASA (192.168.1.100) to outside (1.1.1.7) using NAT and it is not pingable nor accessible from the outside. I also allowed SSH from the outside network to the external IP addresses of the ASA and it is not working either. Any ideas what I could be missing in my configuration? I bolded the configurations involved in the ASA running configuration I copied below (please note I have replaced the real IP addresses with 1.1.1.x and 2.2.2.x):
ASA Version 8.2(1)
hostname fw
domain-name net.com
enable password eYKAfQL1.ZSbcTXZ encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
dns-guard
interface Ethernet0/0
description Primary Outside (Internet)
speed 10
duplex full
nameif outside
security-level 0
ip address 1.1.1.5 255.255.255.240
ospf cost 10
interface Ethernet0/1
description inside
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.1.254 255.255.255.0
ospf cost 10
interface Ethernet0/2
description WLAN
nameif WLAN
security-level 100
ip address 192.168.108.240 255.255.255.0
ospf cost 10
interface Ethernet0/3
description Secondary Outside (Internet)
speed 100
duplex full
nameif WAN2
security-level 0
ip address 2.2.2.133 255.255.255.192
interface Management0/0
description LAN/STATE Failover Interface
time-range after_hours
periodic weekdays 7:00 to 23:00
boot system disk0:/asa821-k8.bin
no ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup WLAN
dns server-group DefaultDNS
retries 3
timeout 5
name-server 8.8.8.8
name-server 206.191.0.210
name-server 4.2.2.1
name-server 4.2.2.2
domain-name net.com
access-list WAN2_access_in extended permit icmp any any echo-reply
access-list WAN2_access_in extended permit icmp any any time-exceeded
access-list WAN2_access_in extended permit icmp any any source-quench
access-list WAN2_access_in extended permit icmp any any unreachable
access-list WLAN_access_in extended permit icmp any any echo-reply
access-list WLAN_access_in extended permit icmp any any time-exceeded
access-list WLAN_access_in extended permit icmp any any source-quench
access-list WLAN_access_in extended permit icmp any any unreachable
access-list WLAN_access_in extended permit tcp host 192.168.1.100 eq ssh any
access-list WLAN_access_in extended permit tcp 192.168.1.0 255.255.255.0 host 192.168.1.100 eq ssh
access-list WLAN_access_in extended permit ip any any
access-list time_based extended permit ip any any time-range after_hours
access-list split_tunnel standard permit host 206.191.0.210
access-list split_tunnel standard permit host 206.191.0.140
access-list split_tunnel standard permit host 207.181.101.4
access-list split_tunnel standard permit host 207.181.101.5
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any time-exceeded
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 1.1.1.7 eq ssh
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any host 192.168.1.100 eq ssh
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit icmp 192.168.1.0 255.255.255.0 any
access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 any
access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0 host 192.168.1.100 eq ssh
pager lines 20
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu WLAN 1500
mtu WAN2 1500
ip local pool DHCP 192.168.1.245-192.168.1.252 mask 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface WAN2
failover
failover lan unit secondary
failover lan interface FO Management0/0
failover key *****
failover link FO Management0/0
failover interface ip FO 192.168.255.171 255.255.255.0 standby 192.168.255.172
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
icmp permit any WLAN
icmp permit any WAN2
asdm image disk0:/asdm-621.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
global (WAN2) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
nat (WLAN) 1 192.168.108.0 255.255.255.0
static (inside,outside) 1.1.1.7 192.168.1.100 netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
access-group WLAN_access_in in interface WLAN
access-group WAN2_access_in in interface WAN2
route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
route WAN2 0.0.0.0 0.0.0.0 2.2.2.129 254
route inside 192.168.1.100 255.255.255.255 192.168.1.0 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.108.0 255.255.255.0 WLAN
http 192.168.1.0 255.255.255.0 inside
http 192.168.1.101 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 123
type echo protocol ipIcmpEcho 4.2.2.2 interface outside
num-packets 3
timeout 1000
frequency 3
service resetoutside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
track 1 rtr 123 reachability
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet timeout 5
ssh scopy enable
ssh 2.2.2.132 255.255.255.255 outside
ssh 69.17.141.134 255.255.255.255 outside
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.1.100 255.255.255.255 inside
ssh 192.168.108.0 255.255.255.0 WLAN
ssh timeout 60
console timeout 0
management-access inside
dhcpd address 192.168.108.11-192.168.108.239 WLAN
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp authenticate
ntp server 128.100.100.128
ntp server 132.246.168.148
ntp server 128.100.56.135
tftp-server inside 192.168.1.100 /
webvpn
group-policy Wifi internal
group-policy Wifi attributes
wins-server none
dns-server value 206.191.0.210 206.191.0.140
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel
tunnel-group Wifi type remote-access
tunnel-group Wifi general-attributes
address-pool DHCP
default-group-policy Wifi
tunnel-group Wifi ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect icmp error
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
service-policy global_policy global
prompt hostname context
Cryptochecksum:ac25ef0642e0ecb8f0ef63219833f3ae
: end
asdm image disk0:/asdm-621.bin
asdm location 192.168.1.245 255.255.255.255 inside
asdm location 192.168.1.252 255.255.255.255 inside
asdm history enableHi,
I can't see any problems right away in the configuration.
I guess we could start by using the "packet-tracer" to simulate the SSH and ICMP through the firewall
packet-tracer input outside tcp 1.1.1.1 12345 22
packet-tracer input outside icmp 1.1.1.1 8 0
Don'd mind the source address of 1.1.1.1. Its just an address that is located behind "outside" interface according to the ASA routing table. (As the configurations 1.1.1.0/28 is not actually configured on the ASA)
Share the exact "packet-tracer" command used (wihtout the public IP, notice that the output contains the public IP also) and the output of the command with us here.
Also, have you made sure that there is no old translations active on the ASA?
You can use this command to view those
show xlate local 192.168.1.100
You can clear the xlates with
clear xlate local 192.168.1.100
- Jouni -
Ssh tunnel mode on Leopard does not work
Hi folks,
I have set up ssh tunnel mode (tunnels opened with "ssh -w 0:0 ..." makes SSH create the necessary tunX interfaces on its own) from my linux boxes to certain servers, and it works well.
But using "ssh -w 0:0" on Leopard client leads to
debug1: systunopen: /dev/tun0 open failed: No such file or directory<<</div>
So it seems - although the ssh man page describes it thus - that creating tun interfaces on Leopard does not work.
By the way, omitting the interface numbers for the tun interfaces on both sides ("ssh -w" instead of "ssh -w 0:0") leads to "Bad tun device" although that as well is documented in the ssh man page as working (and on linux it does).
Has anybody ever tried this on MacOS X in general and Leopard in particular?Dirk,
I have run into the same issue, however I had ssh tunnels running between several macs before Dec 7 2008. But for some reason it broke on that day. Have been running remote rsync backups of the User data. Can give you the syntax if you want. But my point is it looks like this is a break in the OSX Unix system vs them just not being there as this was working prior to the 7th for several months.
Am working with Apple to get this resolved but in the mean time where did you find the tun/tap drivers? I have some for Open VPN that I have been playing with on another machine but dunno if they will work or not.
Maybe you are looking for
-
User mapping when installing JAVA addin for ABAP
Hi, I have installd SAP ABAP on a domain. As the ABAP went fine and successfully gets installed. When I am installing JAVA addon for ABAP it is throwing an error lke the users are not mapped. So can any one guide me where actually I should map the SA
-
How to refer to an object from within a handler
So I have a mouse listener that is attached to multiple objects as so: for (int i = 0; i < Grids.size(); i++) { Grids.get(i).addMouseListener(new GameMouseListener()); }Now the problem I have is I need to know which of the Objects activated the han
-
Redirect the output of SQL*Plus to the file
Hi all, I have the following command to run: sqlplus username/password @myfile.sql I don't know how to redirect the output to the file. Also in the script myfile.sql I have the defined variable, &VP and How can I substitute this variable(&VP) at the
-
Reset failure count after?
In DS 5.2 there are three parameters for account (password) lockout: lockout account after n login failures reset failure count after n minutes lockout duration n minutes I do not fully understand the "reset failure count" parameter and how it affect
-
Hi everyone! Good day! I'm Jason. I badly need your help. I need to finish a program customizing standard transaction SPRO. I need to know how the node links work. For example the Parent-Child relationship, etc. That is, how the nodes in the SPR