SSH in Termianl

is there a way without installing any software on the mac or pc to access files from my mac from a pc. For example if i am at school, can i ssh into my mac. At home i have a PC laptop that i confiured to have a folder named 'iMac' and when i click it it will ask for authentication. Can i do that through command prompt, or could i have like a shortcut on my flashdrive to somehow get into my Mac securly with authentication to my machine to access my files (just files no screen sharing or anything)

I know nothing about what comes with Windows, so if Windows has ssh, with its scp and/or sftp file transfer commands, then yes. Otherwise, you might need PuTTY or Cygwin (or some other package with ssh support).
On the Mac, you need to enable System Preferences -> Sharing -> Remote Login
You need to configure your router so it port forwards port 22 from the internet to your Mac. PortForward.com has documents providing step-by-step guides on how to setup port forwarding for a huge list of routers
<http://portforward.com/>
The HARD part is that you now need to find out the IP address assigned to your router by your ISP. At home you can most likely query your router, or access a web site such as <http://whatismyip.com>, then take that IP address with you.
If you are willing to install a dynamic DNS updating utility on your home Mac, you can get a free dynamic DNS name from No-IP.com or DynDNS.org. This will make finding your home system much easier, but it does break your rule that no software may be installed.
If you have enabled Windows (SMB/CIFS) file sharing on the Mac, then you could also create an ssh tunnel for SMB/CIFS traffic.
ssh -L 22445:localhost:445 -L 22139:localhost:139 [email protected]
Now you would need to figure out how to tell your PC that it should connect to the file server 'localhost:22445' (or localhost:22139). Of course I'm making the major assumption that Windows knows about the 'localhost' concept.
I'm making some major assumptions, as I do not really do much with Windows, and very little at this level of detail. Of course if by PC you really meant you are running Linux on a generic PC laptop, then this is very doable.
Of course if you are going to allow installing software, then I would suggest using TeamViewer.com on the Mac and PC, which will give you both screen sharing and file transfer over a secure connection.
By the way, Terminal, Unix, and command line command questions are best asked in the Mac OS X Technologies > Unix Forum
<http://discussions.apple.com/forum.jspa?forumID=735>

Similar Messages

Not able to connecct SSH

Hi
I configured Cisco ASA5510 firewall, but i am facing the problem with ssh login, i gave ssh for inside and outside access, but i am getting "server ... error" i enabled LOCAL for the authentication for ssh and HTTP. and i am able to acees the device through HTTP using ASDM, but not able to access from outside.
please find the configuration
thanks in advance
regards
Javahar
ASA Version 8.2(1)
hostname ASA5510
domain-name default.domain.invalid
enable password Nbxmt7LFbcxtLo.o encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.251.38.0 SAP_remote
interface Ethernet0/0
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Ethernet0/1
nameif outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.255.252
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 SAP_remote 255.255.255.128
access-list outside_cryptomap extended permit ip 192.168.1.0 255.255.255.0 SAP_remote 255.255.255.128
access-list outside_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 SAP_remote 255.255.255.128
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 115.115.169.241 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_cryptomap_1
crypto map outside_map 1 set peer XXX.XXX.XXX.20
crypto map outside_map 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 2 match address outside_cryptomap
crypto map outside_map 2 set pfs group5
crypto map outside_map 2 set peer XXX.XXX.XXX.20
crypto map outside_map 2 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map interface outside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 28800
http server enable
http 0.0.0.0 0.0.0.0 inside
http 0.0.0.0 0.0.0.0 outsde
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outsde
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username test1234 password /FzQ9W6s1KjC0YQ7 encrypted
username cisco1234 password 5sSb..e9ZNWMmk2e encrypted privilege 15
tunnel-group Remote-p2p-vpn type ipsec-l2l
tunnel-group Remote-p2p-vpn ipsec-attributes
pre-shared-key *
tunnel-group XXX.XXX.XXXX.20 type ipsec-l2l
tunnel-group XXX.XXX.XXXX.20 ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
message-length maximum client auto
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
Cryptochecksum:83eab0b7ae2d2d9e74f8ea0b005076ea
: end

Hi,
Did you issue the command
ASA(config)# crypto key generate rsa modulus 2048
So that you can use SSH.
EDIT: I would suggest narrowing down the source address from where you can connect to the ASA from "outside" if possible.
- Jouni

How to use one NIC for everything and the other to allow ssh from

Hello,
I have two internet connexion at home:
- a cable connection (CABLEBOX) that i use for all of my devices as it's the fastest. All my computers are connected to it using ethernet or wifi.
- an adsl connection (ADSLBOX) that is connect to the second network card of one of my computers (MEDIABOX) only and that i want to use only to ssh that same device from the outside
I want that specific computer to use its:
- NIC1 to connect to the LAN and to the internet. Routing is enabled on CABLEBOX.
- NIC2 to connect to that device from the outside using ssh. ssh-D should also work through NIC2 as i need to be able to use that computer as a proxy on some occasions. Routing is enabled on ADSLBOX and it's set to port forward the port 22 to MEDIABOX.
Once this will be working i'd like to also route ftp connections to specific ips by NIC2.
No firewall is set on MEDIABOX yet, i'll do it later on.
I know basics on how to set routing rules, how to assign a specific LAN to a network card but i have a hard time on deciding which rules i should set...
Can someone guide me?
Thanks in advance
Last edited by parpagnas (2013-12-03 18:31:31)

A possible solution might be this.
On ADSLBOX and CABLEBOX configure different subnets for the LAN, e.g.
ADSLBOX: 192.168.1.0/24
CABLEBOX: 192.168.2.0/24
The MEDIABOX gets these static IPs:
ADSL-LAN: 192.168.1.2
CABLE-LAN: 192.168.2.2
On the MEDIABOX, configure the two network interfaces using two routing tables.
The ADSL-LAN routing table
ip route add 192.168.1.0/24 dev eth0 src 192.168.1.2 table 1
ip route add default via 192.168.1.1 table 1
The CABLE-LAN routing table
ip route add 192.168.2.0/24 dev eth1 src 192.168.2.2 table 2
ip route add default via 192.168.2.1 table 2
The main routing table
ip route add 192.168.1.0/24 dev eth0 src 192.168.1.2
ip route add 192.168.2.0/24 dev eth1 src 192.168.2.2
# use the CABLE-LAN gateway as default, so general internet traffic from MEDIABOX runs over CABLEBOX
ip route add default via 192.168.2.1
define the lookup rules
ip rule add from 192.168.1.2 table 1
ip rule add from 192.168.2.2 table 2
To test the setup:
ip route show
ip route show table 1
ip route show table 2
I don't know how to persist something like this in ArchLinux using netctl. Might require to write a special systemd unit for it. Above is a working example from a RedHat box at my company.
Last edited by teekay (2013-12-04 07:42:22)

Once and for all: How to set up and use SSH

Yes, I know ssh has been discussed on and off, but never in its entirety; and yes, there are step by step instructions on the www, but at one point or another they skip a crucial instruction that would be necessary for unix-dummies (e.g. how to save and close the nano-editor in Terminal). So, please pardon my question:
There are several points I'd like to ask for ssh-connecting two macs on a local network:
1) In terminal-file-"connect to server" you can ask for an ssh connection to be set up. For this to work, do I need to create private and public keys first? If so, how? Please point me to a reliable and step-by-step instruction site.
There are some free ssh-utilities out there, but their documentation is just not helpful enough for a UNIX-dummy.
2) Apparently I managed to connect via ssh once (from the terminal, see point 1) to a local server (allowing remote connection set to ON at the server). But then, when I connected to that server from the client's finder and tried to get into my user account on that server it told me that no secure connection could be established. What's wrong here? Do I have to continue working from within the terminal to use this connection? That would be difficult for an average MacUser.
3) What is the security advantage of an SSH connection on a local wireless network (Airport Base Station) over WPA2, if at all?
4) And how to set up an ssh-connection over the internet cloud to safely build a remote control/desktop sharing connection, e.g., a friend's Mac when she has a problem?
Thanks for your consideration.

First I'm not sure what your goals are.
1) In terminal-file-"connect to server" you can ask for an ssh connection to be set up. For this to work, do I need to create private and public keys first?
If you have ssh keys, you can do this without passwords. If you have not exchanged keys with the remote system, you will be asked for the password of the user you are attempting to login as.
If so, how? Please point me to a reliable and step-by-step instruction site. There are some free ssh-utilities out there, but their documentation is just not helpful enough for a UNIX-dummy.
Log into the remote system. This could be via ssh.
On the remote system, run the following command to generate an ssh key for that remote system:
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/username/.ssh/id_rsa): <<take default>>
Created directory '/Users/username/.ssh'.
Enter passphrase (empty for no passphrase): <<enter nothing>>
Enter same passphrase again: <<enter nothing again>>
Your identification has been saved in /Users/username/.ssh/id_rsa.
Your public key has been saved in /Users/username/.ssh/id_rsa.pub.
The key fingerprint is:
aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn:oo:pp [email protected]
This will generate an ssh key for the remote system. This could be any system that support ssh, such as a Unix system, or another Mac.
Copy the id_rsa.pub file from the remote system to your Mac. When I say "your Mac" I mean the one that you want to make the ssh connection from. The id_rsa.pub is found in the remote system's ~username/.ssh/ directory.
Append the copied id_rsa.pub to your Mac's ~himbear/.ssh/authorized_keys2 file
cat id_rsa.pub >>~himbear/.ssh/authorized_keys2
Now when you ssh to that specific remote system, it will NOT ask for a password. The first time you ssh to any system, ssh will ask if the system is really the system you thing it is. But once you say "yes", it will not ask that question again.
Repeat for every remote system you wish to log into using an ssh key.
2) Apparently I managed to connect via ssh once (from the terminal, see point 1) to a local server (allowing remote connection set to ON at the server). But then, when I connected to that server from the client's finder and tried to get into my user account on that server it told me that no secure connection could be established. What's wrong here? Do I have to continue working from within the terminal to use this connection? That would be difficult for an average MacUser.
MacUser. A flash from the past, as in the MacUser magazine.
ssh is not used by default when you make connections. If you want an ssh connection, you have to establish it intentionally.
ssh can be used to pre-establish a tunnel (or tunnels) that other services can use. Once an ssh tunnel is establish, connections to local host's tunnel port will be connected to the specified remote port. For example:
ssh -L 5901:localhost:5900 [email protected]
will establish a tunnel that VNC can use. The VNC client would connect to localhost display 1 or port 5901.
ssh allows multiple -L tunnels to be specified on the ssh command line.
3) What is the security advantage of an SSH connection on a local wireless network (Airport Base Station) over WPA2, if at all?
Inside you home. Not much. Unless of course you do not trust the other members of your family. That is to say, others having your WPA2 password, and are thus on the inside, and can sniff you packets.
4) And how to set up an ssh-connection over the internet cloud to safely build a remote control/desktop sharing connection, e.g., a friend's Mac when she has a problem?
If you are using the Mac OS X Leopard built-in *Screen Sharing* and you are connecting to another Mac's built-in Leopard System Preferences -> Sharing -> Remote Management (Tiger's Apple Remote Desktop), then in the *Screen Sharing* preferences, is an "Encrypt all network data" option.
If you wish to set this option in advance, you can launch *Screen Sharing* by double clicking on System -> Library -> CoreServices -> Screen Sharing.app
You can *Screen Sharing* connections over the net using iChat. This is one of the easiest ways to take control of their system. Of course they need to cooperate. I use a Free AOL Instant Messager (AIM) account for my iChat connections. And as a side benefit you can text, audio chat and/or video chat with the person at the other end.
If you are NOT using the build-in Mac OS X *Screen Sharing* and/or you are NOT using the build-in remote Mac OS X remote management server, then this is a situation where an ssh tunnel would be a very good idea.
However, setting up an ssh tunnel between 2 systems across the internet gets complex.
In this case you might want to consider using something like LogMeIn.com which will deal with all those nasty home routers without needing to to do nasty router configurations, and it will be a secure connection. LogMeIn.com will not be as fast as a *Screen Sharing* connection or a VNC connection, but it will be secure and easy to establish. Again, this is only if you can not to Mac to Mac *Screen Sharing* using built-in Mac OS X remote desktop.
Now if you want to roll your own ssh tunnels for VNC, then I'm just going to outline the things you need to do.
If the remote system is behind a home router, you need to configure that remote home router to "Port Forward" port 22 on the Internet side to port 22 on the target Mac. Bonus points if the internet side using a high number port to discourge net bots from knocking on your door. Use the ssh -p 12345 option to connect to the high numbered port that is forwarded to port 22 of the destination Mac.
On the remote Mac you need to run a VNC server. If this is a Mac, then Leopard System Preferences -> Sharing -> Remote Management (Tiger's Apple Remote Desktop). If it is not a Mac, then for Windows, TightVNC, UltraVNC, RealVNC are possible options. Linux has a built-in vncserver, or you can install x11vnc which has the advantage of displaying the desktop screen.
Once you can access the remote system, you use an ssh command like the following:
ssh -p 12345 -L 5901:localhost:5900 remote.system.address
You can get the remote system's address by having the remote system surf over to http://whatismyip.com. Then they can tell you the IP address.
If you are going to be doing this a lot, you can get a free no-ip.com or dyndns.org dynamic DNS name for the remote system, and the remote system can run a dynamic DNS client (available from no-ip.com or dyndns.org) which will keep the dynamic DNS name updated as the remote person's ISP change's their IP address.
Finally, now that you have an ssh tunnel for VNC traffic, you have your VNC client connect to
Address: localhost
Port: 5901
Depending on your VNC client you may need to specify Display 1 instead of Port 5901. Or if you do not get a Display or Port option you specify localhost:5901

PuTTY / SSH in Solaris 10

When someone tries to login to a SOLARIS 10 server via SSH in PuTTY the details are limited to the following:
login as: testacct
Using keyboard-interactive authentication.
Password:
Using keyboard-interactive authentication.
New Password:
Using keyboard-interactive authentication.
Re-enter new Password:
Access denied
Using keyboard-interactive authentication.
Password:
Using keyboard-interactive authentication.
New Password:
Using keyboard-interactive authentication.
Re-enter new Password:
I don't know if this is a feature of PuTTY or Solaris 10 that is disabled but what I would expect to see above are messages such as:
Warning: Your password has expired, please change it now.
or
The first 8 characters of the password must contain at least 1 numeric or special character(s).
(depending on your /etc/default/passwd)
Where is this information being suppressed? I am looking to enable that extra information so when, for example, "Access Denied" appears, the user has some clue as to why and can take corrective action to properly login.
Thanks.
PS- I ran ssh -vvv user@host and saw that the "extra info" above was being generated, but it's not making it over to the PuTTY client side.
Edited by: dubitancy on Dec 12, 2008 9:37 AM

janp2 wrote:
I hit this issue right now so I'm pasting a part of my reply to another list.
It might help other people:
==
The "Warning: Your password has expired, please change it now." comes in a
separate SSH_MSG_USERAUTH_INFO_REQUEST packet. This packet in general has an
"instructions" field, and some "prompt" fields. SunSSH server sends the warning
in a separate info-request packet, with 0 prompts, and with the warning message
in the instruction field. That's fine according to the spec (rfc 4256):
The num-prompts field may be `0', in which case there will be no
prompt/echo fields in the message, but the client SHOULD still
display the name and instruction fields (as described below).
however, when the number of prompts is 0, putty ignores the instruction field.
SunSSH client does the right thing, OpenSSH client as well. In theory, we could
put the warning message in the next info-request packet together with the "New
Password" prompt but that decision was intentional, we would be really "fixing"
stuff to workaround problems somewhere else.
so, my conclusion is that they should file a bug againt those SSH clients they
use. It's not a problem in the SunSSH server at all.
==
BTW, the putty's file is ssh.c, the instruction field is set on line 7474:
s->cur_prompt->instruction = ...
but add_prompt() function that prints the stuff out is called inside of the
following loop:
for (i = 0; i < s->num_prompts; i++)
so, as we can see, if the number of prompts is 0, we get no instruction
field printed.
Jan.Thank you very much, Jan. That was very helpful - at least now I have confirmation.
Update: I contacted the dev team for PuTTY and they let me know that this bug has been fixed in the latest Development version of PuTTY but there isn't a firm release date planned. Anyway, it'll be fixed in the next release of PuTTY
Edited by: dubitancy on Jan 7, 2010 6:33 AM

Can't SSH to inside interface on ASA

Hi there
I have generated the key and can ssh to outside interface. I have allowed access on inside interface. I can telnet but not ssh. I captured packets and can see incoming only. Any ideas?
TIA
Sent from Cisco Technical Support iPhone App

Hi there,
Here it is -
asa01(config)# sh cap capin
4 packets captured
   1: 21:59:03.583343 802.1Q vlan#240 P0 192.168.1.2.56686 > 192.168.1.1.22: S 2251599477:2251599477(0) win 4128
   2: 21:59:05.586990 802.1Q vlan#240 P0 192.168.1.2.56686 > 192.168.1.1.22: S 2251599477:2251599477(0) win 4128
   3: 21:59:09.588577 802.1Q vlan#240 P0 192.168.1.2.56686 > 192.168.1.1.22: S 2251599477:2251599477(0) win 4128
   4: 21:59:17.591659 802.1Q vlan#240 P0 192.168.1.2.56686 > 192.168.1.1.22: S 2251599477:2251599477(0) win 4128
4 packets shown
asa01(config)#
asa01(config)# sh cap asp
0 packet captured
0 packet shown
asa01(config)#
Can you ping the Switch interface from the ASA?          - Yes
Can you ping the ASA from the switch? - Yes

SSH on Outside interface on ASA 5510

Hi All,
I need the ssh access on my ASA outside interface and have added
ssh ipremoved 255.255.255.255 outside
access-list acl_outside extended permit tcp host ipremoved any eq 22
but this is the log i get from ASA
Oct 06 2012 16:10:04: %ASA-3-710003: TCP access denied by ACL from ipremoved/39884 to outside:ipremoved/22
Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)
can someone please help me
many thanks
cheers..

many thanks for the quick reply
my connection is something like below
Site A Site B
PC--10.6.40.148 ---- ASA public IP -------------cloud --------------------public IP ASA
Site to Site IPsec VPN
Am able to ssh to the ASA on the private ip management interface, now i need to ssh to the site B public IP to manage
I have allowed the acl on site A ASA for the PC to go i can see the hit count on it
The reason being i need to manage the Site B ASA on public because on Site A am changing the internet provider and so if i have the acces to site B ASA i can change the peer IP to new IP and reestablish the VPN
many thanks for the help
cheers

SSH/PAM login issue with fresh install: edit wiki or raise bug?

I recently encountered an issue while setting up Arch on a headless server, and was wondering if I did something stupid, the documentation should be improved or I found a bug.
The problem was that after adding a new non-root user, I couldn't SSH into that user account. I could still login to root via SSH fine. After some research and playing around I found I was able to login by setting UsePAM to no in /etc/ssh/sshd_config. I later realised that this was because I set the login shell for this account to /usr/bin/bash, and not /bin/bash. The problem is that currently /usr/bin/bash is not in /etc/shells, and the default /etc/ssh/sshd_config sets UsePAM to yes.
As this is a new default install, and I followed the wiki during the install, I feel that this should have been documented somewhere. I don't mind changing the wiki or reporting this as a bug, just I'm not sure which is the correct course of action:
1. Should I have known to use /bin/bash and not /usr/bin/bash, i.e. the login shell needs to be in /etc/shells? => edit the wiki [1]
2. Should /usr/bin/bash be in /etc/shells? => raise a bug against filesystem [2]
Related:
[1] https://wiki.archlinux.org/index.php/Gr … management
[2] https://projects.archlinux.org/svntogit … unk/shells
[3] https://bugs.archlinux.org/task/35724
[4] https://bbs.archlinux.org/viewtopic.php?id=166464
Last edited by quigybo (2013-11-02 17:34:42)

The wiki should be changed. /bin/bash is the correct entry in the list of shells.
I cannot, however, remember off hand in which context this came up. I just remember this was the developers' response. So I can't point you to evidence to confirm even though I do know that is the correct answer.
EDIT: https://bugs.archlinux.org/task/33677
https://bugs.archlinux.org/task/33694
Last edited by cfr (2013-11-03 03:56:49)

How to configure firefox 3.6 proxy through ssh terminal on ubuntu 8.04

I am trying to configure Firefox proxy through an ssh terminal (putty) on Ubuntu 8.04. There in no GUI for the terminal, so am using xvfb to simulate the display. However Firefox cannot open any website because the proxy is not set correctly
Here's what I tried.Edited a loadcustom.js file in
/usr/lib/firefox-3.6x/defaults/prefs
and added the lines
// tell firefox to load customized config file
pref("general.config.obscure_value", 0);
pref("general.config.filename", "firefox.cfg");
Then created a firefox.cfg file in
/usr/lib/firefox3.6x and added the lines
// Lock specific preferences in Firefox so that users cannot edit them
lockPref("app.update.enabled", false);
lockPref("network.proxy.http", "my-proxy.in-my-domain.com");
lockPref("network.proxy.http_port", 8080);
lockPref("network.proxy.type", 1);
lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1, 192.168.1.0/24");
lockPref("network.proxy.share_proxy_settings", true);
lockPref("browser.startup.homepage", "http://www.google.com/");
This did not work for me. Any suggestions?

Never mind. I got it working now, I was editing at the wrong place I guess.
I had to add the settings in /usr/lib/firefox-3.6.17/defaults/pref/firefox.js and then restart Firefox. Here's what I added
pref("network.proxy.type", 4); to have Firefox auto-detect proxy settings.

11gR2 Grid Installation "SSH Passwordless Problem" on AIX 7.1

Hello,
The installer was able to setup passwordless SSH connection between the nodes but when I tried to test it then I got the below error:
[INS-06006] Passwordless SSH connectivity not set up between the following node(s): [node1, node2].
I tried to connect .ssh passwordless from node1 to node2. This worked.
But when i tried to connect .ssh passwordless from node2 to node1. This did not work. SSH requested for a password.
On node1 there were amongst others id_rsa, id_rsa.pub and identity and identity.pub. But on node2 there were only identity and identity.pub.
any help will be greatly appreciated.
Thanks

When you configure RAC it is a mandatory task to configure the Secure Shell (SSH) passwordless connectivity between the nodes. SSH connectivity configuration is essential between the nodes of a cluster as the OUI uses the ssh and scp commands internally during the installation phase to perform remote operations in which it copies the software from the local to other nodes.
I would suggest that you try one more time the configuration. Below i am giving the steps:
1) Log in as Oracle user on the first node of the cluster (in our example, it will be on the raclinux1), and execute the following sequence of commands:
[orac1e@raclinux1 -]$ mkdir ~/.ssh
[orac1e@raclinux1 -]$ chmod 700 ~/.ssh
[orac1e@raclinux1 -]$ /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is: f0:89:ac:ba:83:31:c4:43:97:3e:9a:a5:60:c1:8e:e6 [email protected]
2) When prompted for the key location, accept the default settings by hitting the Enter key. Once this setup is done on the first node, repeat the same steps on the rest of the nodes (in our example, repeat the same step on the raclinux2 node).
3) Now, switch back to the first node (raclinux1) and execute the following command to add authorization keys. After adding the authorization keys, copy the authorized_keys file to the other nodes using the scp command, and enter Yes when prompted.
[orac1e@raclinux1 -]$ cd ~/.ssh
[orac1e@raclinux1 -]$ cat id rsa.pub >> authorized_keys
[orac1e@raclinux1 -]$ scp authorized_keys raclinux2:/home/oracle/.ssh
The authenticity of host 'raclinux2 (192.168.2.202) can't be established.
RSA key fingerprint is 52:13:31:e8:ce:ec:47:b8:06:09:4b:c9:aa:c5:35:81.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'raclinux2,192.168.2.202' (RSA) to the list of known hosts.
Oracle@raclinux2's password:
authorized keys 100% 406 0.4K8/s 00:00
4) Now, switch back to the second node, (raclinux2) and run the following command:
[orac1e@raclinux2 -]$ cd ~/.ssh
[orac1e@raclinux2 -]$ cat id rsa.pub >> authorized_keys
[orac1e@raclinux2 -]$ scp authorized_keys raclinux1:/home/oracle/.ssh
The authenticity of host 'raclinux2 (192.168.2.201) can't be established.
RSA key fingerprint is 52:13:31:e8:ce:ec:47:b8:06:09:4b:c9:aa:c5:35:81.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'raclinux2,192.168.2.201' (RSA) to the list of known hosts.
Oracle@raclinux1's password:
authorized keys 100% 406 0.4K8/s 00:00
5) After adding the authorization keys on the second node, copy the file to the other nodes using the scp command, as demonstrated in the preceding example, and enter Yes when prompted.
6) After configuring the SSH setup successfully across all nodes, let's run the following test on each node, starting from the first node, to establish a passwordless connection between all the nodes to meet the Oracle recommendations:
ssh raclinux1 date
ssh raclinux2 date
ssh raclinux1-priv date
ssh raclinux2-priv date
ssh raclinux1-sjh.com date
ssh raclinux2-sjh.com date
- taken from Oracle 11g R1/R2 Real Application Clusters Essentials - Ben Prusinski, Syed Jaffer Hussain

LMS 4.01 :credentials vérification SSH enable don't work

I have a 3750 with tacacs authentication on Cisco Acs.
in SSH on the active element no worries.
I filled the credentials of the device in lms add/import managed device
But in inventory audits and credentials to create a job with verification to enable ssh mode user name and password,
the job failed.
Is this a known problem?
Have an idea?
Regards
Philippe

Hi,
Thanks for the update and glad it fix the issue. Kindly close this thread so that it will be helpful for other too.
Summary :- If you have customized prompts configured on the device that means when you try to login to device the Username --> look like "username" (notedown the lower case of "u") and Password --> password (notedown the lower case of "p"), in this case you need to put these credentials on tacacsprompts.ini file that is located at
CSCOpx\objects\cmf\data
So that file look like :-
[TELNET]
USERNAME_PROMPT=username:
PASSWORD_PROMPT=password:
After making the above change. LMS will try to login to device with lower case username and password and thus most of the issues like device credentials report and Sync Archive for the devices will be fixed.
Many Thanks,
Gaganjeet

Solaris 9 remote login (ssh) drops connection

Hello All,
I wonder if you can help me...
Let me give you some set-up details before I ask you the question.
I have Ultra-60 at home with Solaris 9 and recommended patch cluster installed. The machine is connected to a Linksys WAG54G ADSL router/modem through RJ45 ethernet cable. The router also has windows XP machine connected through RJ45 ethernet cable. I also have another windows XP machine that connects to the router over wireless connection.
I have opened up required ports on the router/port forwarding so that I can access the services remotely. I was first using default ports for http and ssh, but have now changed them to different ports - to be a bit more secure.
I have created a domain name through dyndns.org.
I have ssh running on the solaris 9 machine and has all the remote commands (rlogin, rsh, telnet) commented out in the /etc/inetd.conf and hence are not running on the machine.
I have a UK ADSL servise provider called Pipex.
Now lets get to the problem:
The whole purpose of the above set-up is that I want to access sun machine from work. The whole set-up works perfectly well - for a little while and then something strange happens. At work, when I connect to the sun machine, everything works fine and when I leave the session idle for 15-20 minutes (could be less time), the connection drops and then I can not connect to the machine for good couple of hours. When I say connection drops, I do not mean that system displays a logout message or something - There is no response from the server - pressing of return key does not do anything and eventually I get a message on windows pop up that connection is disconnected. If I try to retry, the client tries for a while and then says that connection timed out. Same thing happens if I use the IP address � I use the right IP address as someone at home checks the router to confirms the correct IP address. This eliminates problem with domain name.
I have tried everything and can not work out what is causing this problem - the machine has all the 9_recommended patches. To narrow the problem down, I set up apache server on the sun machine. Today, when the connection dropped, I tried to connecting to the apache server and it failed - 'page can not be displayed' message on the internet explorer. However, after couple of minutes, I managed to get to the website but still can not get login prompt through ssh client.
What does that mean? Does it mean that server is playing up, or is it the sshd or is there any time out option in solaris 9... the strange thing is that I can access the web page - though it was not accessible at start when connection to ssh dropped out.
Could it be the router? The linksys do not come with a rule based firewall... so there is nothing that states that disconnects after some inactivity. The port forwarding is working as I do get to login to the server and to the web server. It can not be changing the default port numbers as the problem was there when there were standard ports being used.
It is not the link at my office as my friend, in a different company gets the same problem on my machine � connects to it and after some in-activity, the connection drops and then he can not login for a long time.
It can not be the ADSL link as people at home can use the internet without any problem and they can access the sun machine locally.
It can not be the windows machines connected to the router as problem is there when windows machines are switched off � don�t know if windows would cause this, but just wanted to eliminate anything that I could think of.
One strange think that I did see yesterday was that, when I managed to login the last command showed that I was logged in throughout the time � the time when I could not logged in . The error message in the /var/adm/messages stated something like socket error and connection reset by peer or something � can not give you exact message right now as I can not login to the machine. The time on the message was couple of couple of minutes before I managed to login again and that time was the same as the time showed in last command is my logout time.
Does anyone know what is causing all this problem? Any pointers or help will be appreciated. If there is any place else that you think I can get the answer, please kindly let me know.

Thanks...
A few new developments....
- I opened 2 sessions to the server, left one with no activity and in the other session, I ran iostat 1... The session with no activity got dropped and iostat one carried on... When the session dropped, I managed to login straight away... so no delay of couple of hours. May be because iostat was still running?
- I now have an ftp server running on windows and I can access it even when connection drops out... right now I have no access to sun... but ftp server is running fine.
- I enable remote router access and I can access that as well...
- I enabled telnet and I can not access the sun with telnet either.
So, its either solaris 9 or the router.
Tomorrow, I will connect an another sun machine and then see if connection to both is dropped or just one. If it is to both then it must be router as the way ssh, telnet work is different to the way ftp work - as someone told me this today... so if other sun machine is not accessable then its not sol9 but router. The other machine has Sol 2.5.1 running.
Some one said that it could be that router is running out of translation table entries - but with so few connections? Or it could be that when there is no activity, router thinks that connection should be dropped - there is no open in the router setup which states that... Or Solaris has some timeout feature?
More later.
Kind Regards
Ahmerin

Problems with SSH: Connection Refused

Greetings fellow Arch users,
I have hit a bit of a snag that I could really use some extra help getting around. I've tried everything I can think of (and everything that Google thought might work) and I have my back rather against a wall, so I thought I'd come here to see if anyone can offer some advice.
To make a long story short, I am a college student and am attempting to set up an ssh server on a desktop at my house so I can access it remotely from the college. I have the computer set up and the server running, however I am having difficulty making connections to it from my laptop. I know that the server is running, because I can log into it both from the server itself (sshing into local host) and from my laptop when I use the internal IP address.
The server is on a static IP address within the network(192.168.0.75), and my router is configured to forward TCP port 1500 to it (I'm using 1500 as the port for my ssh server). However, when I attempt to log into the ssh server using my network's external IP address, the connection is refused. I used nmap to scan my network and found that, even though the proper ports are forwarded to the proper place as far as my Router's configuration interface is concerned, port 1500 is not listed as one of the open TCP ports. I also, to test it, temporarily disabled the firewalls on both the server and the client. That didn't help. The command that I am running is:
ssh -p 1500 douglas@[external ip address
As I am really not sure what is causing this problem, I don't know what information to provide. So here is everything that my inexperienced mind sees as likely being important. If you need anything more, let me know and I will do my best to provide it.
Here is the sshd_config file from my server.
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Port 1500
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Ciphers and keying
#RekeyLimit default none
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
The ouptut of ip addr when run on the server:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:21:9b:3a:be:94 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.75/24 brd 192.168.255.0 scope global enp8s0
valid_lft forever preferred_lft forever
inet6 fe80::221:9bff:fe3a:be94/64 scope link
valid_lft forever preferred_lft forever
Here is the output from running nmap on the network:
Starting Nmap 6.40 ( http://nmap.org ) at 2013-09-28 21:05 EDT
Initiating Ping Scan at 21:05
Scanning address [2 ports]
Completed Ping Scan at 21:05, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:05
Completed Parallel DNS resolution of 1 host. at 21:05, 0.05s elapsed
Initiating Connect Scan at 21:05
Scanning pa-addresss.dhcp.embarqhsd.net (address) [1000 ports]
Discovered open port 80/tcp on address
Discovered open port 443/tcp on address
Discovered open port 23/tcp on address
Discovered open port 21/tcp on address
Completed Connect Scan at 21:05, 4.08s elapsed (1000 total ports)
Nmap scan report for pa-address.dhcp.embarqhsd.net (address)
Host is up (0.036s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
80/tcp open http
443/tcp open https
8080/tcp filtered http-proxy
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.19 seconds
Here is the ssh_config client-side:
# $OpenBSD: ssh_config,v 1.27 2013/05/16 02:00:34 dtucker Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
Protocol 2
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
Output of ssh -v during connection attempt:
OpenSSH_6.3, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /home/douglas/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to address [address] port 1500.
debug1: connect to address address port 1500: Connection refused
ssh: connect to host address port 1500: Connection refused
Thank you guys ahead of time. Getting this server operational is hardly critical, it is just a side project of mine, but I would really like to see it working.
Douglas Bahr Rumbaugh
Last edited by douglasr (2013-09-29 02:58:56)

Okay, so I finally have the opportunity to try and log in from a remote network. And. . . it doesn't work. Which is just my luck because I now need to wait an entire week, at least, before I can touch the server again. Anyway, running ssh with the maximum verbosity I get this output:
douglas ~ $ ssh -vvv -p 2000 address
OpenSSH_6.3, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /home/douglas/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to address [address] port 2000.
debug1: connect to address address port 2000: Connection timed out
ssh: connect to host address port 2000: Connection timed out
It takes a minute or two for the command to finish with the connection timeout, as one would expect. And yes, I am reasonably sure that the address that I am using is my home network's external IP. It is dynamic, but I checked it before I left which was just over an hour ago. I guess that it may have changed. I'll know that for sure in the morning, when my server sends me an automatic email with the network's current address. In the meantime I am operating under the assumption that the address I am using is correct. What else could be the problem?

Issue Password-less SSH: Sun OpenDS 2.0 as Naming Service

We are in the final phase of a proof of concept for Sun OpenDS as the Naming service for an important customer and facing problem with password-less ssh. We narrowed the problem down to password policy specifying a value for password maximum age. SSH succeeds with ?0? (zero) but requires password if the value is different from 0.
Any help in getting a resolution is greatly appreciated, as this is a road block now.
The following information is gathered.
The test is performed from a host thud which is setup as an ldapclient.
thud 275 ssh thud -i .ssh/thud
Password:
Last login: Tue Oct 13 06:57:01 2009 from xxx
Apparent reason (trimmed):
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying public key: .ssh/thud
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-dss blen 434 lastkey 1166d0 hint 0
debug2: input_userauth_pk_ok: fp 07:15:b3:07:8d:da:b3:c8:34:d0:34:91:60:77:e0:39
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type DSA
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
Corresponding debug info from server (thud):
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: userauth-request for user doejohn service ssh-connection method publickey
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: test whether pkalg/pkblob are acceptable
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 6147/150 (e=0/1)
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: trying public key file /home/doejohn/.ssh/authorized_keys
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: matching key found: file /home/doejohn/.ssh/authorized_keys,
line 2Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.info] Found matching DSA key: 07:15:b3:07:8d:da:b3:c8:34:d0:34:91:60:77:e0:39
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: restore_uid: 0/1
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: userauth-request for user doejohn service ssh-connection method publickey
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: attempt 2 initial attempt 0 failures 1 initial failures 0
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: temporarily_use_uid: 6147/150 (e=0/1)
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: trying public key file /home/doejohn/.ssh/authorized_keys
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: matching key found: file /home/doejohn/.ssh/authorized_keys, line 2
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.info] Found matching DSA key: 07:15:b3:07:8d:da:b3:c8:34:d0:34:91:60:77:e0:39
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: restore_uid: 0/1
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: ssh_dss_verify: signature correct
Oct 13 07:29:36 thud sshd[21187]: [ID 966290 auth.debug] PAM[21187]: pam_start(sshd-pubkey,doejohn,0:179560) - debug = 1
Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:service)
Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:user)
Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:conv)
Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:rhost)
Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:tty)
Oct 13 07:29:36 thud sshd[21187]: [ID 665327 auth.debug] PAM[21187]: pam_acct_mgmt(179560, 0)
Oct 13 07:29:36 thud sshd[21187]: [ID 118111 auth.debug] PAM[21187]: load_modules(179560, pam_sm_acct_mgmt)=/usr/lib/security/pam_roles.so.1
Oct 13 07:29:36 thud sshd[21187]: [ID 143372 auth.debug] PAM[21187]: load_function: successful load of pam_sm_acct_mgmt
Oct 13 07:29:36 thud sshd[21187]: [ID 118111 auth.debug] PAM[21187]: load_modules(179560, pam_sm_acct_mgmt)=/usr/lib/security/pam_projects.so.1
Oct 13 07:29:36 thud sshd[21187]: [ID 143372 auth.debug] PAM[21187]: load_function: successful load of pam_sm_acct_mgmt
Oct 13 07:29:36 thud sshd[21187]: [ID 118111 auth.debug] PAM[21187]: load_modules(179560, pam_sm_acct_mgmt)=/usr/lib/security/pam_unix_account.so.1
Oct 13 07:29:36 thud sshd[21187]: [ID 143372 auth.debug] PAM[21187]: load_function: successful load of pam_sm_acct_mgmt
Oct 13 07:29:36 thud sshd[21187]: [ID 118111 auth.debug] PAM[21187]: load_modules(179560, pam_sm_acct_mgmt)=/usr/lib/security/pam_ldap.so.1
Oct 13 07:29:36 thud sshd[21187]: [ID 143372 auth.debug] PAM[21187]: load_function: successful load of pam_sm_acct_mgmt
Oct 13 07:29:36 thud sshd[21187]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
Oct 13 07:29:36 thud sshd[21187]: [ID 267958 auth.debug] pam_unix_account: doejohn: Ignore module
Oct 13 07:29:36 thud sshd[21187]: [ID 545954 auth.debug] libsldap: more_info is empty, using default values
Oct 13 07:29:36 thud sshd[21187]: [ID 340006 auth.debug] PAM[21187]: pam_acct_mgmt(179560, 0): error Authentication failed
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.notice] Failed publickey for doejohn from 172.16.1.207 port 44363 ssh2
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: userauth-request for user doejohn service ssh-connection method keyboard-interactive
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: attempt 3 initial attempt 0 failures 3 initial failures 0
Oct 13 07:29:36 thud sshd[21187]: [ID 800047 auth.debug] debug1: keyboard-interactive devs
Oct 13 07:29:36 thud sshd[21187]: [ID 390116 auth.debug] PAM[21187]: pam_set_item(179560:conv)
Oct 13 07:29:36 thud sshd[21187]: [ID 873394 auth.debug] PAM[21187]: pam_end(179560): status = Authentication failed
Sending the Account Usability control on the server returns:
?The account is not usable?
solaris-z1 487 # ldapsearch -D 'cn=directory manager' -w xxx -b 'dc=texas,dc=net' -J "accountUsability:true" uid=doejohn
# Account Usability Response Control
# The account is not usable
dn: uid=doejohn,ou=eng,ou=People,dc=texas,dc=net
uid: doejohn
shadowLastChange: 14480
loginShell: /bin/ksh
userPassword: {CRYPT}GOUlmnz01bJbwcY69Btp2sIRJrLf+5RtAj4oug==
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: shadowAccount
objectClass: IEEPerson
objectClass: posixAccount
objectClass: top
givenName: John
cn: John Doe
sn: Doe
telephoneNumber: ...
gecos: ...
homeDirectory: /home/doejohn
mail: [email protected]
uidNumber: 6147
gidNumber: 150
manager: ...
For someone with a different password policy (max age is 0) the account is usable.
Ldapclient is running on a SPARC, Solaris 9 system; the Sun OpenDS 2.0 is running on Solaris 10 Sparc.
Password-less ssh works as expected when using a system not using LDAP.

See https://opends.dev.java.net/servlets/ProjectForumMessageView?messageID=31827&forumID=3292.
Regards,
Ludovic.

Cannot login via ssh/sftp from certain clients

Hi Guys,
Strange issue here. I have a machine running 10.7.4 that I want to be able to access via sftp/ssh.
I can login into the machine in terminal using either ssh or sftp.
I cannot however login to the machine from finder via sftp. I am just told the username/password is wrong.
Equally I cannot login to the machine from certain clients on my android phone (the main reason I need sftp)
I can however login from cyberduck on the other machines I have, and from some clients on my android phone.
When a mac is denied access it gives authentication failed as the reason, when a android client is denied access it gives network communtaction issues as its reason for failing, not authentication.
From memory these issues started when smb broke for me in 10.7.3.
Can any one shed any light on this?
Cheers

bump

SSH in Termianl

Similar Messages

Maybe you are looking for