11 Replies Latest reply: Feb 23, 2012 4:26 AM by Nandinho RSS

    access denied when loggin in as root

    Nandinho
      Hi All

      I am setting up a sun blade 6000 chassis with 4 blades on it, I have managed to install O.S. using remote control in the browser, I have also setup IP addresses for them, I also commented the line CONSOLE=/dev/console on the file /etc/default/login. BUT I am not able to login using ssh although the ssh service is online.
      Please can you help?

      regards

      Nandinho
        • 1. Re: access denied when loggin in as root
          Pascal Kreyer-Oracle
          You should also edit /etc/ssh/sshd_config and set PermitRootLogin to "yes". Then restart the ssh SMF service.
          • 2. Re: access denied when loggin in as root
            Nandinho
            Hi

            I have now changed the /etc/ssh/sshd_config, and restarted the SMF services using svcadm restart svc:/network/ssh:default, but I still cannot login

            Nandinho
            • 3. Re: access denied when loggin in as root
              Pascal Kreyer-Oracle
              Try to stop the service and start it again.

              Is your system pingable ?
              • 4. Re: access denied when loggin in as root
                Nandinho
                Yes

                I have done that, by using: svcadm refresh svc:/network/ssh:default, and them :
                bash-3.00# svcs -a | grep -i ssh
                online 15:28:19 svc:/network/ssh:default
                bash-3.00#


                but I still cannot login. The system is pingable yes:

                C:\Users\fretagi>ping 10.100.48.39

                Pinging 10.100.48.39 with 32 bytes of data:
                Reply from 10.100.48.39: bytes=32 time=1ms TTL=63
                Reply from 10.100.48.39: bytes=32 time<1ms TTL=63
                Reply from 10.100.48.39: bytes=32 time=1ms TTL=63
                Reply from 10.100.48.39: bytes=32 time<1ms TTL=63

                Ping statistics for 10.100.48.39:
                Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
                Approximate round trip times in milli-seconds:
                Minimum = 0ms, Maximum = 1ms, Average = 0ms

                C:\Users\fretagi>

                bash-3.00# ifconfig -a
                lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
                inet 127.0.0.1 netmask ff000000
                e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
                inet 10.100.48.39 netmask ffffff00 broadcast 10.100.48.255
                ether 0:c0:dd:1c:11:78
                bash-3.00#


                nandinho
                • 5. Re: access denied when loggin in as root
                  bobthesungeek76036
                  What OS are you running? It would help if we could see the output of "ssh -v 10.100.48.39".
                  • 6. Re: access denied when loggin in as root
                    Nandinho
                    hi

                    I am running solaris 10, when running what you suggested, it worked for only one blade, but did not for two others.:

                    for the one that worked, and from another solaris server:

                    root@moneta # ssh -v 10.100.48.39
                    Sun_SSH_1.1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
                    debug1: Reading configuration data /etc/ssh/ssh_config
                    debug1: Rhosts Authentication disabled, originating port will not be trusted.
                    debug1: ssh_connect: needpriv 0
                    debug1: Connecting to 10.100.48.39 [10.100.48.39] port 22.
                    debug1: Connection established.
                    debug1: identity file /.ssh/identity type -1
                    debug1: identity file /.ssh/id_rsa type -1
                    debug1: identity file /.ssh/id_dsa type -1
                    debug1: Logging to host: 10.100.48.39
                    debug1: Local user: root Remote user: root
                    debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.3
                    debug1: match: Sun_SSH_1.1.3 pat Sun_SSH_1.1.*
                    debug1: Enabling compatibility mode for protocol 2.0
                    debug1: Local version string SSH-2.0-Sun_SSH_1.1.3
                    debug1: use_engine is 'yes'
                    debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
                    debug1: pkcs11 engine initialization complete
                    debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
                    Unknown code 0
                    )
                    debug1: SSH2_MSG_KEXINIT sent
                    debug1: SSH2_MSG_KEXINIT received
                    debug1: kex: server->client aes128-ctr hmac-md5 none
                    debug1: kex: client->server aes128-ctr hmac-md5 none
                    debug1: Peer sent proposed langtags, ctos: en-CA,en-US,es,es-MX,fr,fr-CA,i-default
                    debug1: Peer sent proposed langtags, stoc: en-CA,en-US,es,es-MX,fr,fr-CA,i-default
                    debug1: We proposed langtags, ctos: i-default
                    debug1: We proposed langtags, stoc: i-default
                    debug1: Negotiated lang: i-default
                    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
                    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
                    debug1: Remote: Negotiated main locale: C
                    debug1: Remote: Negotiated messages locale: C
                    debug1: dh_gen_key: priv key bits set: 124/256
                    debug1: bits set: 1561/3191
                    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
                    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
                    The authenticity of host '10.100.48.39 (10.100.48.39)' can't be established.
                    RSA key fingerprint is 19:a0:14:61:d1:ac:b1:f3:23:c8:10:5d:42:39:f0:72.
                    Are you sure you want to continue connecting (yes/no)? yes
                    Warning: Permanently added '10.100.48.39' (RSA) to the list of known hosts.
                    debug1: bits set: 1577/3191
                    debug1: ssh_rsa_verify: signature correct
                    debug1: newkeys: mode 1
                    debug1: set_newkeys: setting new keys for 'out' mode
                    debug1: SSH2_MSG_NEWKEYS sent
                    debug1: expecting SSH2_MSG_NEWKEYS
                    debug1: newkeys: mode 0
                    debug1: set_newkeys: setting new keys for 'in' mode
                    debug1: SSH2_MSG_NEWKEYS received
                    debug1: done: ssh_kex2.
                    debug1: send SSH2_MSG_SERVICE_REQUEST
                    debug1: got SSH2_MSG_SERVICE_ACCEPT
                    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
                    debug1: Next authentication method: gssapi-keyex
                    debug1: Next authentication method: gssapi-with-mic
                    debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
                    Unknown code 0
                    )
                    debug1: Next authentication method: publickey
                    debug1: Trying private key: /.ssh/identity
                    debug1: Trying private key: /.ssh/id_rsa
                    debug1: Trying private key: /.ssh/id_dsa
                    debug1: Next authentication method: keyboard-interactive
                    Password:
                    debug1: Authentication succeeded (keyboard-interactive)
                    debug1: channel 0: new [client-session]
                    debug1: send channel open 0
                    debug1: Entering interactive session.
                    debug1: ssh_session2_setup: id 0
                    debug1: channel request 0: env
                    debug1: channel request 0: env
                    debug1: channel request 0: env
                    debug1: channel request 0: env
                    debug1: channel request 0: env
                    debug1: channel request 0: env
                    debug1: channel request 0: pty-req
                    debug1: channel request 0: shell
                    debug1: fd 4 setting TCP_NODELAY
                    debug1: channel 0: open confirm rwindow 0 rmax 32768
                    debug1: Remote: Channel 0 set: LC_CTYPE=en_US.ISO8859-1
                    debug1: Remote: Channel 0 set: LC_COLLATE=en_US.ISO8859-15
                    debug1: Remote: Channel 0 set: LC_TIME=en_US.ISO8859-15
                    debug1: Remote: Channel 0 set: LC_NUMERIC=en_US.ISO8859-15
                    debug1: Remote: Channel 0 set: LC_MONETARY=en_US.ISO8859-15
                    debug1: Remote: Channel 0 set: LC_MESSAGES=C
                    Last login: Wed Dec 21 12:43:34 2011
                    Oracle Corporation SunOS 5.10 Generic Patch January 2005
                    # hostname
                    nikira-app1


                    On this one I am now able to use putty.

                    for the others:

                    root@moneta # ssh -v 10.100.48.40
                    Sun_SSH_1.1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
                    debug1: Reading configuration data /etc/ssh/ssh_config
                    debug1: Rhosts Authentication disabled, originating port will not be trusted.
                    debug1: ssh_connect: needpriv 0
                    debug1: Connecting to 10.100.48.40 [10.100.48.40] port 22.
                    debug1: Connection established.
                    debug1: identity file /.ssh/identity type -1
                    debug1: identity file /.ssh/id_rsa type -1
                    debug1: identity file /.ssh/id_dsa type -1
                    debug1: Logging to host: 10.100.48.40
                    debug1: Local user: root Remote user: root
                    debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.3
                    debug1: match: Sun_SSH_1.1.3 pat Sun_SSH_1.1.*
                    debug1: Enabling compatibility mode for protocol 2.0
                    debug1: Local version string SSH-2.0-Sun_SSH_1.1.3
                    debug1: use_engine is 'yes'
                    debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
                    debug1: pkcs11 engine initialization complete
                    debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
                    Unknown code 0
                    )
                    debug1: SSH2_MSG_KEXINIT sent
                    debug1: SSH2_MSG_KEXINIT received
                    debug1: kex: server->client aes128-ctr hmac-md5 none
                    debug1: kex: client->server aes128-ctr hmac-md5 none
                    debug1: Peer sent proposed langtags, ctos: en-CA,en-US,es,es-MX,fr,fr-CA,i-default
                    debug1: Peer sent proposed langtags, stoc: en-CA,en-US,es,es-MX,fr,fr-CA,i-default
                    debug1: We proposed langtags, ctos: i-default
                    debug1: We proposed langtags, stoc: i-default
                    debug1: Negotiated lang: i-default
                    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
                    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
                    debug1: Remote: Negotiated main locale: C
                    debug1: Remote: Negotiated messages locale: C
                    debug1: dh_gen_key: priv key bits set: 126/256
                    debug1: bits set: 1588/3191
                    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
                    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
                    The authenticity of host '10.100.48.40 (10.100.48.40)' can't be established.
                    RSA key fingerprint is c1:70:d1:89:c0:06:f2:79:ed:f2:a8:25:ac:b7:13:32.
                    Are you sure you want to continue connecting (yes/no)? yes
                    Warning: Permanently added '10.100.48.40' (RSA) to the list of known hosts.
                    debug1: bits set: 1652/3191
                    debug1: ssh_rsa_verify: signature correct
                    debug1: newkeys: mode 1
                    debug1: set_newkeys: setting new keys for 'out' mode
                    debug1: SSH2_MSG_NEWKEYS sent
                    debug1: expecting SSH2_MSG_NEWKEYS
                    debug1: newkeys: mode 0
                    debug1: set_newkeys: setting new keys for 'in' mode
                    debug1: SSH2_MSG_NEWKEYS received
                    debug1: done: ssh_kex2.
                    debug1: send SSH2_MSG_SERVICE_REQUEST
                    debug1: got SSH2_MSG_SERVICE_ACCEPT
                    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
                    debug1: Next authentication method: gssapi-keyex
                    debug1: Next authentication method: gssapi-with-mic
                    debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
                    Unknown code 0
                    )
                    debug1: Next authentication method: publickey
                    debug1: Trying private key: /.ssh/identity
                    debug1: Trying private key: /.ssh/id_rsa
                    debug1: Trying private key: /.ssh/id_dsa
                    debug1: Next authentication method: keyboard-interactive
                    Password:
                    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
                    debug1: Next authentication method: keyboard-interactive
                    Password:
                    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
                    Password:
                    debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive
                    debug1: No more authentication methods to try.
                    Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive).
                    debug1: Calling cleanup 0x34cc8(0x0)
                    root@moneta #
                    ...................................

                    root@moneta # ssh -v 10.100.48.41
                    Sun_SSH_1.1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
                    debug1: Reading configuration data /etc/ssh/ssh_config
                    debug1: Rhosts Authentication disabled, originating port will not be trusted.
                    debug1: ssh_connect: needpriv 0
                    debug1: Connecting to 10.100.48.41 [10.100.48.41] port 22.
                    debug1: connect to address 10.100.48.41 port 22: Connection refused
                    ssh: connect to host 10.100.48.41 port 22: Connection refused
                    root@moneta # ssh -v 10.100.48.41
                    Sun_SSH_1.1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
                    debug1: Reading configuration data /etc/ssh/ssh_config
                    debug1: Rhosts Authentication disabled, originating port will not be trusted.
                    debug1: ssh_connect: needpriv 0
                    debug1: Connecting to 10.100.48.41 [10.100.48.41] port 22.
                    debug1: connect to address 10.100.48.41 port 22: Connection refused
                    ssh: connect to host 10.100.48.41 port 22: Connection refused
                    root@moneta #

                    Nandinho
                    • 7. Re: access denied when loggin in as root
                      bobthesungeek76036
                      Well I'm thoroughly confused now. From the output you clearly were able to ssh into 10.100.48.39. So what's the issue? Did you edit the /etc/ssh/sshd_config on the other systems like the earlier reply suggested? Looks like .40 might not have the suggested edit. For .41, it looks like you need to enable ssh via SMF.
                      • 8. Re: access denied when loggin in as root
                        BryanWood
                        He has one server that works: 10.100.48.39, and two that don't: 10.100.48.40 and 10.100.48.41

                        Suggestions:

                        - Make absolutely sure the root password is set to what you expect
                        - Make sure you have commented out the "CONSOLE=/dev/console" entry in /etc/default/login
                        - Remove “;type=role” from the root entry in /etc/user_attr (if applicable)
                        - Make sure root's home directory is not world writeable
                        - Make sure ~root/.ssh subdirectory is readable and executable
                        - Make sure ~root/.ssh/authorized_keys is readable

                        Best Regards,
                        Bryan Wood
                        • 9. Re: access denied when loggin in as root
                          bobthesungeek76036
                          BryanWood wrote:
                          He has one server that works: 10.100.48.39, and two that don't: 10.100.48.40 and 10.100.48.41

                          Suggestions:

                          - Make absolutely sure the root password is set to what you expect
                          - Make sure you have commented out the "CONSOLE=/dev/console" entry in /etc/default/login
                          - Remove “;type=role” from the root entry in /etc/user_attr (if applicable)
                          - Make sure root's home directory is not world writeable
                          - Make sure ~root/.ssh subdirectory is readable and executable
                          - Make sure ~root/.ssh/authorized_keys is readable

                          Best Regards,
                          Bryan Wood
                          And make sure "PermitRootLogin" is set to "yes" in /etc/ssh/sshd_config as mentioned earlier
                          • 10. Re: access denied when loggin in as root
                            Nandinho
                            Hi


                            all your suggestion are done, they were all correct, but after changing the IP address in one host it worked, but when I run "dladm show-dev" on another it shows me "link down".
                            Is this a cable issue?


                            Nandinho
                            • 11. Re: access denied when loggin in as root
                              Nandinho
                              Its OK, now, thank you all for your contributions, it turn out that I was putting the NIC cable in the wrong blades, sorry for this.


                              Nandinho