TECTIA SSH Server & Solaris 10

Hi,
Wondering if anyone has come across this before. I have Tectia ssh server installed on an intel-based SunFire x2100 server running Solaris 10. I have properly configured Tectia server to utilize Radius for authentication. My Radius server is a Windows 2003 server running IAS. Every time I try to log using ssh in I get the following message on /var/adm/sshdlog:
[ID 702911 auth.warning] 720 Keyboard_interactive_radius_auth_error, Username: myuser , Algorithm: radius, "Auth failure. Radius Server returned: 0", Session-Id: 2
The strange thing is that when I look at the Radius logs, my authentication attempts are granted access. Packet traces also show that the Radius server is sending an "accept" packet back to the client.
Any help would be greatly appreciated!!!
-L

and the key thing you're looking for in sshd_config is -
PermitRootLogin yes
if it's set to anything other than yes (like no or without-password), direct interactive root login via ssh won't happen - jeff

Similar Messages

Fails to connect to SSH Server

Hi
I have a IDM-7.1 installation which should connect to a solaris 8 resource running an old ssh server (1.2.31) and when I run a Test Configuration on this resource I get this error message:
Test connection failed for resource(s):
Solaris: Could not connect to my.hostname:22: Can't connect to a server with version SSH-1.5-1.2.31
I guess it is because IDM's ssh client will only talk to SSH2 servers, is there any way of getting it to connect or must I upgrade the SSH server first?
Regards
Thomas

Thomas,
Upgrading to SSH2 will allow you to integrate fully. Pre-SSH2 versions is not supported by the Solaris adapter.
The com.waveset.adapter.SolarisResourceAdapter (in other terms the solaris adapter) extends the SVIDResourceAdapter which implements ScriptedConnection. ScriptedConnection leverages Appgates ssh2 package. More information about the ssh2 package can be found : http://www.appgate.com/products/80_MindTerm/80_API_Documentation/com/mindbright/ssh2/package-summary.html
Now, the good news is that there is an ssh1 package available so by writing your own addition to the standard code you should be able to leverage the ssh1 package part of the com.mindbright packages.
So if you are forced to integrate using SSH1.5 - write some additional code to do it, else upgrade the SSH daemon to an SSH2 compatible daemon. The latter is to my opinion good decision anyway.
Anyway, thats my 2 cents..
/Anders

SSH from solaris 10 to RHEL 5

Hi,
I want to do passwordless ssh from solaris VM to linux server.
Kindly tell me the complete steps.

On the machine attached to the screen in front of you:
<pre>
mkdir -p ~/.ssh
chmod 700 ~/.ssh
rm -f ~/.ssh/id_dsa
ssh-keygen -t dsa -N "" -f ~/.ssh/id_dsa
ssh username@remote_host "mkdir -p .ssh; chmod 700 .ssh"
ssh username@remote_host "echo "$KEY" >> .ssh/authorized_keys; chmod 644 .ssh/authorized_keys"
ssh username@remote_host
(should log you right in without prompting for password)
</pre>

Ssh in solaris 10

Hi all
I have installed a new Solaris 10 1/06 on sunV480. I am not able to login with ssh in this server, both rlogin and telnet is working.If you have any solution for this please update
Thanks
RPS

svcs -l ssh
fmri svc:/network/ssh:default
name SSH server
enabled true
state offline
next_state none
state_time Thu 03 Aug 2006 06:09:24 PM IST
restarter svc:/system/svc/restarter:default
dependency require_all/none svc:/system/filesystem/local (online)
dependency optional_all/none svc:/system/filesystem/autofs (online)
dependency require_all/none svc:/network/loopback (online)
dependency require_all/none svc:/network/physical (maintenance)
dependency require_all/none svc:/system/cryptosvc (online)
dependency require_all/none svc:/system/utmp (online)
dependency require_all/restart file://localhost/etc/ssh/sshd_config (online)

INSTALLING SSH IN SOLARIS 8

Hello,
I�m trying to install openssh in a Solaris 8 machine. I followed these setps:
1.- Install the patch 112438-03 and boot -r
2.- pkgadd -d openssh-4.4p1-sol8-sparc-local
pkgadd -d openssl-0.9.6i-sol8-sparc-local
pkgadd -d zlib-1.2.3-sol8-sparc-local
3.- mkdir /var/empty
chown root:sys /var/empty
chmod 755 /var/empty
groupadd sshd
useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
4.-modify /usr/local/etc/sshd_config (making reference to /usr/local/libexec/sftp-server)
5.-implement the files /etc/hosts.allow and /etc/hosts.deny
6.- NOW I HAVE TRIED THE FOLLOWING ACCORDING WITH THE INSTRUCTIONS IN INSTALL.openssl document:
$ ./config
PROBLEMS: WHERE IS THE "config" script localted? I get the message "ksh: ./config: not found"
Please, help me! How can I follow from this point. I don`t know from where execute the config script.
thanks

Follow this steps recently i did it in a solaris 8 box
hope this will solve your issue
Ssh installation for Solaris 8
Introduction:
Secure shell (SSH) is a protocol that provides a secure, remote connection to any device with ssh support. SSH is a substitute to Berkeley r-tools like telnet, rlogin, rsh and rcp which are not secure. SSH provides more security to any data that is being transported to the Internet by providing more authentication, encryption and authorization procedures. There are currently two versions of SSH available, SSH Version 1 and SSH Version 2
openssh
openssl (SSL)
prngd (Psuedo Random Generator Daemon)
zlib (Z library)
Installation:
#pkgadd -d openssl-0.9.6c-sol8-sparc-local
The following packages are available:
1 SMCosslc openssl
(sparc) 0.9.6c
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
#pkgadd -d prngd-0.9.23-sol8-sparc-local
The following packages are available:
1 SMCprngd prngd
(sparc) 0.9.23
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
#pkgadd -d zlib-1.1.4-sol8-sparc-local
The following packages are available:
1 SMCzlib zlib
(sparc) 1.1.4
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
#pkgadd -d openssh-3.1p1-sol8-sparc-local
The following packages are available:
1 SMCossh openssh
(sparc) 3.1p1
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
Note:- If you are facing any problem like PRNG is not seeded please apply 112438-01 patch and reboot the system and create a symbolic link
ln -s /devices/pseudo/random@0:random /dev/random
ln -s /devices/pseudo/random@0:urandom /dev/urandom
This is because of missing /dev/random
Create SSHD account and directory
# mkdir /var/empty
# chown root:sys /var/empty
# groupadd sshd
# useradd -g sshd -c "SSHD Admin" -d /var/empty �s /bin/false sshd
Startup Scripts:
Create a startup script for the ssh daemon.
/etc/init.d/sshd
#! /bin/sh
# start/stop the secure shell daemon
case "$1" in
'start')
# Start the ssh daemon
if [ -f /usr/local/sbin/sshd ]; then
echo "starting SSHD daemon"
/usr/local/sbin/sshd &
fi
'stop')
# Stop the ssh deamon
PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep sshd | /usr/bin/awk '{print $1}'`
if [ ! -z "$PID" ] ; then
/usr/bin/kill ${PID} >/dev/null 2>&1
fi
echo "usage: /etc/init.d/sshd {start|stop}"
esac
Make the script executable and create a startup script on run level 2.
#sh sshd start
#chmod +x /etc/init.d/sshd
#ln �s /etc/init.d/sshd /etc/rc2.d/S99sshd
Create a startup script for the pseudo random generator daemon.
/etc/init.d/prngd
#! /bin/sh
# start/stop the pseudo random generator daemon
case "$1" in
'start')
# Start the ssh daemon
if [ -f /usr/local/bin/prngd ]; then
echo "starting PRNG daemon"
/usr/local/bin/prngd /var/spool/prngd/pool&
fi
'stop')
# Stop the ssh deamon
PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep prngd | /usr/bin/awk '{print $1}'`
if [ ! -z "$PID" ] ; then
/usr/bin/kill ${PID} >/dev/null 2>&1
fi
echo "usage: /etc/init.d/prngd {start|stop}"
esac
Make the script executable and create a startup script on run level 2.
#chmod +x /etc/init.d/prngd
#ln �s /etc/init.d/prngd /etc/rc2.d/S99prngd
# /etc/init.d/prngd start
starting PRNG daemon
Info: Random pool not (yet) seeded
Could not bind socket to /var/spool/prngd/pool: No such file or directory
# mkdir -p /var/spool/prngd
#/etc/init.d/prngd start
starting PRNG daemon
# Info: Random pool not (yet) seeded
Next is to start the actual ssh daemon,
# /etc/init.d/sshd start
starting SSHD daemon
Could not load host key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
The errors above are due to the fact that we didn't create any key pairs for our ssh server.
Create a public key pair to support the new, DSA-based version 2 protocol
# /usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N ""
Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
00:91:f5:8a:55:7c:ac:ff:b7:08:1f:ce:23:aa:f2:79 root@solaris8
Create a public key pair to support the old, RSA-based version 1 protocol
# /usr/local/bin/ssh-keygen -b 1024 -f /usr/local/etc/ssh_host_rsa_key -t rsa -N ""
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
8e:b0:1d:8a:22:f2:d2:37:1f:92:96:02:e8:74:ca:ea root@solaris8
Edit ssh daemon configuration file /usr/local/etc/sshd_config, enable protocol 2 and 1
Uncomment the line, that says
protocol 2,1
# /etc/init.d//sshd start
starting SSHD daemon
Thnaks
RK

Impossible to connect to an ssh server with Mysecureshell

Hi,
I have a SSH server (openssh) with MySecureShell and fail2ban installed.
When I try to connect as an user whose shell is MySecureShell, I got "permission denied" (in terminal) or "critical error, impossible to connect" in filezilla. As soon as I replace /bin/MySecureShell by /bin/bash in /etc/passwd, I am able to connect. When I desactivate fail2ban, nothing changes. The problem is thus likely to come from MySecureShell.
I append my /etc/ssh/sshd_config:
# $OpenBSD: sshd_config,v 1.89 2013/02/06 00:20:42 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
and my /etc/ssh/sftp_config:
## MySecureShell Configuration File ##
#Default rules for everybody
<Default>
GlobalDownload 0 #total speed download for all clients
# o -> bytes k -> kilo bytes m -> mega bytes
GlobalUpload 0 #total speed download for all clients (0 for unlimited)
Download 0 #limit speed download for each connection
Upload 0 #unlimit speed upload for each connection
StayAtHome true #limit client to his home
VirtualChroot true #fake a chroot to the home account
LimitConnection 10 #max connection for the server sftp
LimitConnectionByUser 10 #max connection for the account
LimitConnectionByIP 10 #max connection by ip for the account
Home /home/$USER #overrite home of the user but if you want you can use
# environment variable (ie: Home /home/$USER)
IdleTimeOut 5m #(in second) deconnect client is idle too long time
ResolveIP true #resolve ip to dns
# IgnoreHidden true #treat all hidden files as if they don't exist
# DirFakeUser true #Hide real file/directory owner (just change displayed permissions)
# DirFakeGroup true #Hide real file/directory group (just change displayed permissions)
# DirFakeMode 0400 #Hide real file/directory rights (just change displayed permissions)
#Add execution right for directory if read right is set
HideNoAccess true #Hide file/directory which user has no access
# MaxOpenFilesForUser 20 #limit user to open x files on same time
# MaxWriteFilesForUser 10 #limit user to x upload on same time
# MaxReadFilesForUser 10 #limit user to x download on same time
DefaultRights 0666 0777 #Set default rights for new file and new directory
# MinimumRights 0400 0700 #Set minimum rights for files and dirs
ShowLinksAsLinks false #show links as their destinations
# ConnectionMaxLife 1d #limits connection lifetime to 1 day
# Charset "ISO-8859-15" #set charset of computer
</Default>
#Rules only for group ftp
#<Group ftp>
# Download 25 k/s
# LogFile /var/log/sftp-server_ftp.log #Change logfile
# ExpireDate "2007-02-28 18:31:01"
#</Group>
#<Group sftp_administrator>
# IsAdmin true #can admin the server
# VirtualChroot false #you must disable chroot to have a full support of admin
# StayAtHome true
# IdleTimeOut 0
#</Group>
#<Group old_client>
# SftpProtocol 3 #force protocol SFTP
# DisableAccount true #disable account
#</Group>
#Rules only for group ftpnolimit
#<Group ftpnolimit>
# Download 0 #0 = unlimited
# IdleTimeOut 0 #no timeout
# DirFakeUser false #show real user on file/directory
# DirFakeGroup false #show real group on file/directory
# DirFakeMode 0 #show real rights on file/directory
# MaxReadFilesForUser 0 #0 = unlimited but still have the restriction MaxOpenFilesForUser
#</Group>
#<IpRange 192.168.0.1-192.168.0.5>
# ByPassGlobalDownload true #bypass GlobalDownload restriction
# ByPassGlobalUpload true #bypass GlobalUpload restriction
# Download 0
# DisableAccount false #enable account
# IdleTimeOut 0 #disable timeout
# LimitConnectionByIP 0 #no limit
#</IpRange>
#<Group trusted_users>
# Shell /bin/tcsh #give a shell access to TRUSTED clients !!!
#</Group>
#<VirtualHost *:22>
# DirFakeUser false #show real user on file/directory
# DirFakeGroup false #show real group on file/directory
# DirFakeMode 0 #show real rights on file/directory
# HideNoAccess false
# IgnoreHidden false
#</VirtualHost>
#Include /etc/my_sftp_config_file #include this valid configuration file
My installation is up to date.
Please let me know if you need supplementary info.
Last edited by Vincent D (2013-04-15 09:54:06)

Vincent D wrote:
Gat wrote:I'm getting the same error, but without using MySecureShell. The problem occurs with any script being placed in user's home directory and specified in /etc/passwd instead of /bin/bash. It's possible for a user to log in to bash and then run the script, so it doesn't seem to be a file permission problem.
Do you also get the "permission denied"?
My workaround is to purely remove MySecureShell, but this is not very safe.
Yes I'm also getting a permission denied error. I guess this might be something we need to set in PAM config, but I wasn't able to find it.

Proper way to Connect to Automatically Connect to SSH Server

What is the proper way to automatically connect to an ssh server via applescript?
I've tried a variety of different things, none of them seemed to have worked yet... I've searched Google for quite awhile, and was wondering if anyone could please shed some light.
1. do shell script "ssh user@hostname"
Error Msg: Pseudo-terminal will not be allocated because stdin in not a terminal
2. do shell script "ssh -t -t user@hostname"
Error Msg: None; However it doesn't allow me to put a password in
3. do shell script "ssh user@hostname > /dev/null &"
Error Msg: None; Same as above
4. tell application "Terminal"
do script "stty -echo"
do script "ssh user@hostname"
end tell
Error Msg: None. Popups a terminal window for user to enter password
I've been using password prompt box, for the user to enter a password and would like a way to pass it directly to ssh terminal running in the background.
I've also though about using SSH RSA keypairs the only way to accomplish this (no login regquired) but would prefer to use user/password authentication rather than trusted RSA keypairs.

I am trying to setup an automated port forward through ssh -L and run it in the background for someone who has no idea what ssh is..
Then either Terminal.app or private keys are your option.
Could you shed some light on why RSA private keys are more secure? Because can't they be used by any user on that machine?
Not unless you set it up wrong.
SSH keys require two matching pieces of information - a private key (normally stored in the .ssh directory in your home directory) and a matching public key stored in the authorized_keys file in the .ssh directory of the home directory of the account you're logging in as.
These two pieces of data have to match and since they're in the home directories of the respective accounts, they are only accessible to the specific user and not everyone.
Whereas password authentication requires it to typed in.
And if it's wrong (e.g. a hacker guesses incorrectly) he can try again, and again, and again until he either gets bored (not likely since he's probably using an automated script anyway) or he gets lucky and gets in.
People are notoriously bad at selecting passwords. All too often passwords are weak and can be broken via simple dictionary attacks (try combinations of common dictionary words) or social engineering techniques. Public keys cannot be broken in such way (or, at least, the brute force attack is estimated to take the average hacker several years to break through).
There are also trojan keylogger applications (more common on Windows, of course) - these have the ability to record every keystroke made on the system, which makes it easy to capture someone's password any time they type it.

3rd party ssh server in SMF

3rd Party SSH Server:
=================
I am using a 3rd party ssh application. I did add this to the startup through SMF and I got this error in my console.
I copied the ssh.xml and revised some lines from manifest(ssh.xml) and revised particularly the below entries
*1. [Since this ssh server has no config (as I knew). I removed this entry so that it won't look for such config entry related]*
<dependency name='config_data'
grouping='require_all'
restart_on='restart'
type='path'>
<service_fmri
value='file://localhost/etc/ssh/sshd_config' />
</dependency>
*2. [I point the exec where the executable file resides]*
exec='/usr/local/sbin/sshd start' <== modified
exec='/lib/svc/method/sshd start' <== default config
*3. [I point the exec where the executable file resides]*
exec='/usr/local/sbin/sshd restart' <== modified
exec='/lib/svc/method/sshd restart' <== default config
I rebooted the machine and here is the aftermath.
Jul xx 18:33:11 svc.startd[7]: svc:/network/ssh:default: Method "/usr/local/sbin
/sshd start" failed with exit status 255.
Jul xx 18:33:12 netrat1 sshd[299]: FATAL ERROR: Extra arguments in command line
Jul xx 18:33:12 netrat1 sshd[319]: FATAL ERROR: Extra arguments in command line
Jul xx 18:33:12 netrat1 svc.startd[7]: network/ssh:default failed: transitioned
to maintenance (see 'svcs -xv' for details)
I would really appreciate your help for this.

See those posts:
content repository with web center
Re: How to Integrate Webcenter and MS Sharepoint

Ssh server with keys for authentication?

Anyone have a link to doco or tutorial that covers how to setup an ssh server running on your Mac (latest version OSX) such that:
* assumption - port forward ssh port on your home gateway to your Mac
* keys established (for better security) - i.e. need to have the key available on your external PC when wanting to ssh back to home
* custom ssh port
* only access ssh requires for logon from predefined external IP addresses (or perhaps this is something you'll setup on your home internet gateway/router along with port forwarding)

hi kbwrecker,
as i know, sharepoint will as well follow the diagram that you posted before, additional article
https://technet.microsoft.com/en-us/library/cc262350(v=office.15).aspx#plansaml
i checked with our ADFS engineer, the certificate is to sign the token, so, it should not have any relation directly to each of the realm.
i am not quite sure on how this ADFS and token signing, will work that deep, as from sharepoint side, we may need only the certificate that is valid, and update them to our environment, to make it work.
for more details regarding this issue, you may try to open a thread as well in the ADFS thread for this.
based on the additional article, your design may able to work, but we encourage you to seek more deep answer in ADFS forum thread
https://technet.microsoft.com/en-us/windowsserver/dd448613.aspx
Regards,
Aries
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Can not connect to a remote SSH server with my mac

Ok have tried 4 different applications, fetch , captain ftp, terminal, etc.
I am trying and connect to a friends ssh server to upload some file logs. I have the correct login/password, have tried both protocol 1 and 2. Port 22 is correct. I keep getting the error message
User logging error - captain ftp
SFTP connection to ..... could not be opened becasue the connection to the SFTP server could not be established or was lost - Fetch
sshexchangeidentification: Connection closed by remote host - Ternminal
We have tested it using Telnet and other programs on a PC and all is well.
When i try and connect he receives the message
Refused connect from cpe-"ip address"(ip address)
policy: HostKey/etc/ssh/sshhost_rsakey
Do i have a setting somewhere i am missing.

1st, is the server behind a home router? Has port 22 been "Port Forwarded" from the internet side to the server's side of the router?
2nd, from a Terminal session use the command:
ssh -v -v -v [email protected]
The -v -v -v triplets will give you a wealth of ssh connection information. If you read through this carefully you may find the root cause of your problems (assuming the 1st step above doesn't yield results).
Another thing to consider, is that ssh will not make a connection to an account that it does not consider to be reasonably secure. This means that the home directory of the account and specific key subdirectories must have proper ownership and permissions, or ssh will not connect. The specific ownership and permissions needed and the files and directories checked are spelled out in the ssh man page
man ssh

Moving ssh server off port 22

I want to move my ssh server off port 22.
I understand I need to modify /etc/sshd_config to replace the line
#Port 22
by
Port 2222 (or whatever)
but must I also modify something in /etc/services ?
I'm running 10.4.5 Tiger on both server and client.
There seem to have been discussions in the forums last year but some of these
are already archived or deleted...

PPS
I think you have perhaps missed the point here. Yes - security is a concern - but not one I was addressing with this question. LittleSaint realized I might be concerned about security issues and I agree that simply moving off port 22 has little effect beyond "security by obscurity". That's why moving off port 22 was not my initial priority. Now I have in place what I consider to be reasonable security measures I thought moving away from port 22 would nevertheless still be helpful.
In my experience it is not true that robot scanners commonly search for ports on which ssh is running. I regularly have log entries in my /var/log/ipfw.log for ports such as 80, 106, 443 and others, but since I don't have services running on these ports it doesn't seem to matter: the packets are blocked by ipfw and as far as I know nothing further happens. The difference with ssh is that someone could be legitimately trying to login. When I see 900 lines in /var/log/ipfw.log with non-existent user names then it is an irritation. I can use grep to check if they happen to hit on a valid user name, but I am currently thinking that if my ssh server was running on port 2**@ instead of 22 then probably I wouldn't see 900 lines in my log file.
I have seen the effect of an nmap scan on my system to scan every single port - but only because my Systems Manager obligingly had a go -- I have not yet seen such a scan arrive from the wild.
Point me in the direction of any further security measure I can take. At present I feel I have done everything sensible - but always open to new suggestions.

Can the NSS6000 be used as a SFTP/SSH Server?

We are presently using an old PC as a SFTP/SSH Server. The software is COPSSH. We would like our partners to directly transfer their data to the NSS6000.
Can it be done?
Thanks for your help!
Joachim W. Wussow

Sorry for the very late reply, but unfortunately this cannot be done at this time. The NSSs are set up only to receive connections via the UI and will not accept any other form.

Is there a built in SSH Server in 2012?

PASS = If so, how is it enabled and configured?
FAIL = If not, could you recommend any other free and working SSH server other than cygwin?
Gracias,
QA4ever

No there are no SSH server, MS uses built-in WinRM / Powershell instead
Powershell remote:
http://technet.microsoft.com/en-us/magazine/ff700227.aspx
WinRM
http://msdn.microsoft.com/en-us/library/windows/desktop/aa384426(v=vs.85).aspx
This posting is provided "AS IS" with no warranties or guarantees and confers no rights. Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

Transfer files from One server(Solaris OS) to another server(Solaris OS)

Hi,
I want to Transfer files from One Server(Solaris OS) to another Server(Solaris OS) on private network through ftp and after transferring the files i want to delete these files from first server.
How can i do that ?
thanks

http://commons.apache.org/net/

Time machine on a ssh server

Is it possible to mount a ssh server on os x as if it were a local disk and pass it to the time machine for the backup?
Please, avoid recommending any apple kind network mounting service. I only have a ssh server available for this purpose.
Thank you

Standardization across the systems is the way to go for the health of everybody.
Have you heard that the european union is imposing standard ac power adapter?
It should be the same for the filesystems
Of course we have to make sure we choose the best solution avaiable and in this case I think it would be possible.
Then you know that is going to be Windows FAT32 (if we are lucky and not the original FAT).
I am sorry, I still don't get what these attributes are for?
Is it some sort of dynamic information that gets attached to the personal files as the os runs and therefore can be restore later if lost during a copy or what is it?
Mac OS X security ACLs (Access Control Lists). Not all file systems support ACLs and not all ACL implementation are equal in any event.
Symlinks - Not all file systems support symbolic links. Although since you are asking this in the Unix forum, and ssh is often associated with Unix, I'm guessing you may have symlink support.
Here are a list of single bit attriburtes, so of which are carry over from Mac OS Classic, and some are still being used by Mac OS X
Alias file
Has bundle
Custom icon (allowed on folders)
Located on the desktop (allowed on folders)
Extension is hidden (allowed on folders)
Inited - Finder is aware of this file and has given it a location in a window. (allowed on folders)
Locked
Shared (can run multiple times)
File has no INIT resource
System file (name locked)
"Stationery Pad" file
Invisible (allowed on folders)
Busy (allowed on folders)
There is the Mac OS Classic Type/Creator pair. Most Mac OS X applications do not use these, but there may be an app that still depends on them.
The Creation Date. Unix file systems do not maintain the Creation Date. Unix file systems maintain 3 dates. Last control data change, last time data was read, last time the file was modified. Some people confuse the control change with create time, but Unix does not have a Create time.
Mac OS X file may have a Resource Fork. That is to say, a file may have a second file within the file call the Resource fork where an application can store information about the contents of the file. For example an applications might decide to store information about fonts, colors, the author, etc... Mac OS X uses the Resource fork for file aliases.
And as mentioned before, the Mac OS X file system allows hardlinks that point to directories, which is typically prohibited by other Unix file systems, as it is a great way to create an infinite directory tree loop.
I may have missed some Mac OS X HFS+ features that are not typically part of a traditional Unix file system, but I think I've listed a lot of them.

TECTIA SSH Server & Solaris 10

Similar Messages

Maybe you are looking for