Hi everyone! Maybe this one is off topic but I am not sure... We have a SuSE box acting as a webserver. Now I noticed during one of our regular nmaps that ipx ports is open. But: gw:/usr/src/linux # grep IPX .config # CONFIG_IPX is not set The other day I noticed somehting like rpc-sometime or similar. I immediately did stop all not 100% necessary processes and this one did vanish. Maybe this belongs to our tests with Sybase?! Any hint appreciated, Christian
Hi, I wonder if anyone could help me with an ssh problem. I have a couple of boxes running SuSE in two different location, one of which is in New York, and one of which is in London, where I live. Both of them were running 7.0 and I was logging on from the London box to the New York box using ssh (the 7.0 default ssh - I assume open ssh). Because I wasn't familiar with ssh I was using password authentication. Last week while I was in New York I upgraded the box to SuSE 7.1 and left a copy of my public key on the machine, so I could set things up securely when I got back. Unfortunately, when I got back I got a message from ssh saying: debug: Server refused our key. Permission denied. I tried moving the public and private keys out of my .ssh directory, but got the same message. I upgraded this end to SuSE 7.1 on the off chance that it might help, but continued to get the same response :( I have somone trustworthy who can access the New York end to fix this, but I'm not clear why I can't get password access any more. In my original attempt I'd made no changes to the local box - only to the remote box. Can anyone give me an indication of how I can get password access re-enabled so I can get to the remote machine and set up secure access? Alan Lenton
* Alan Lenton wrote on Mon, May 28, 2001 at 07:27 +0100:
debug: Server refused our key. Permission denied.
I tried moving the public and private keys out of my .ssh directory, but got the same message.
You need to place the contents (a single line) in the file ~/.ssh/authorized_keys (with ~ = /root). Make sure that you have a single line. Make sure that the owners of at least .ssh and .ssh/* are correct, and check permissions (must not be writeable for others!). SSH may have written more specified messages via syslog. Check the config files /etc/ssh/sshd_config (in case of OpenSSH). Make sure you said: RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication no (may have similar names, taken from ssh config, not OpenSSH).
I upgraded this end to SuSE 7.1 on the off chance that it might help, but continued to get the same response :(
Well, this don't seems like a bug but like a config issue...
I have somone trustworthy who can access the New York end to fix this, but I'm not clear why I can't get password access any more.
For testing, you may allow password auth, so you see if you get queried about password or key-passphrase. In the latter case it should work. Load ssh-agent, and try ssh -v host. If you don't get asked anythink, it should be working and you can disable password auth.
Can anyone give me an indication of how I can get password access re-enabled so I can get to the remote machine and set up secure access?
?!? It seems that I haven't understood... But take a phone, call your contact in NY, and ask to change /etc/ssh/sshd_config. The let send sshd a HUP and retry. Watch syslog. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Many thanks This resolved the problem, and I can now access the machine via ssh. The reason the default appeared to have changed was because some months ago the config file was edited to disallow password authentication. However, the person who did that forgot to restart sshd, so the old running version still allowed password authentication! When we did the upgrade, of course, it picked up the edited file and disabled password authentication. Moral of the story: When you change the configuration file of a running deamon, alway tell it to re-read the config file! Thanks a lot for your help. This sort of thing is what makes the SUSE lists so good. alan ----- Original Message ----- From: "Steffen Dettmer" <steffen@dett.de> To: <suse-security@suse.com> Sent: Monday, May 28, 2001 8:22 AM Subject: Re: [suse-security] open ssh - SuSE 7.1 * Alan Lenton wrote on Mon, May 28, 2001 at 07:27 +0100:
debug: Server refused our key. Permission denied.
I tried moving the public and private keys out of my .ssh directory, but got the same message.
You need to place the contents (a single line) in the file ~/.ssh/authorized_keys (with ~ = /root). Make sure that you have a single line. Make sure that the owners of at least .ssh and .ssh/* are correct, and check permissions (must not be writeable for others!). SSH may have written more specified messages via syslog. Check the config files /etc/ssh/sshd_config (in case of OpenSSH). Make sure you said: RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication no (may have similar names, taken from ssh config, not OpenSSH).
I upgraded this end to SuSE 7.1 on the off chance that it might help, but continued to get the same response :(
Well, this don't seems like a bug but like a config issue...
I have somone trustworthy who can access the New York end to fix this, but I'm not clear why I can't get password access any more.
For testing, you may allow password auth, so you see if you get queried about password or key-passphrase. In the latter case it should work. Load ssh-agent, and try ssh -v host. If you don't get asked anythink, it should be working and you can disable password auth.
Can anyone give me an indication of how I can get password access re-enabled so I can get to the remote machine and set up secure access?
?!? It seems that I haven't understood... But take a phone, call your contact in NY, and ask to change /etc/ssh/sshd_config. The let send sshd a HUP and retry. Watch syslog. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (3)
-
Alan Lenton -
Christian Lox -
Steffen Dettmer