SUMMARY: SSH Into Zone???

From: Baillargeon, Sonny <Sonny.Baillargeon_at_bmonb.com>
Date: Fri Jun 17 2005 - 07:59:37 EDT
Ok...so this was an easy one after banging my head on the desk for a
good while.

I ran debug mode on the sshd ($sshd -d -d -d) and saw that my home
direectory had the wrong permissions.

So I set the permissions and it worked.  I guess I can thank the admin
who set me up.  I guess I hindsight that should've been the first thing
that I did.

Thanks,
Sonny





-----Original Message-----
From: Baillargeon, Sonny
Sent: Thursday, June 16, 2005 4:28 PM
To: sunmanagers@sunmanagers.org
Subject: SSH Into Zone???

I am trying to unify, access everything from everywhere, SSH2 from
ssh.com and Sun's version of OpenSSH.  So I have a S10 box running the
out-of-the-box SSH and a S8 box running SSH2 3.2.9.1.

I can do SSH2 <=> OpenSSH no problems.  Got all the keys converted back
and forth.  When I ssh from the global zone on S10 to a sub-zone it
doesn't work.  The thing that is getting me, I think anyway, is that the
sub-zone is mounting my home directory from an NFS server, the same as
the S8 box.  I have kept the OpenSSH in the .ssh directory and the SSH2
in its .ssh2 directory.  The global zone is a local home directory.

This is what the verbose output from the client in the global zone to
the sub-zone.

Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to sub-zone [10.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /export/home/sbaillar/.ssh/identity type -1
debug1: identity file /export/home/sbaillar/.ssh/id_rsa type -1
debug1: identity file /export/home/sbaillar/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: Failed to acquire GSS-API credentials for any mechanisms (No
credentials were supplied, or the credentials were unavailable or
inaccessible Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: i-default
debug1: Peer sent proposed langtags, stoc: i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated lang: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: C
debug1: Remote: Negotiated messages locale: C
debug1: dh_gen_key: priv key bits set: 135/256
debug1: bits set: 1581/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sub-zone' is known and matches the RSA host key.
debug1: Found key in /export/home/sbaillar/.ssh/known_hosts:3
debug1: bits set: 1576/3191
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No
credentials were supplied, or the credentials were unavailable or
inaccessible Unknown code 0
)
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/sbaillar/.ssh/identity
debug1: Trying private key: /export/home/sbaillar/.ssh/id_rsa
debug1: Trying public key: /export/home/sbaillar/.ssh/id_dsa
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:

Am I missing something?

Any suggestions will be appreciated.

Thanks,
Sonny


<FONT SIZE =
1>**********************************************************************
1>*****
*
This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this e-mail and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal. Unless
otherwise stated, opinions expressed in this e-mail are those of the
author and are not endorsed by the author's employer.</FONT>




<FONT SIZE =
1>***************************************************************************
*
This e-mail and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the sender
immediately by return e-mail, delete this e-mail and destroy any copies. Any
dissemination or use of this information by a person other than the intended
recipient is unauthorized and may be illegal. Unless otherwise stated,
opinions expressed in this e-mail are those of the author and are not endorsed
by the author's employer.</FONT>
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri Jun 17 08:00:12 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:48 EST