3 Replies Latest reply on Feb 16, 2009 4:42 PM by 444677

    SSH Connector not working

    444677
      Hello, I'm trying to use the SSH (version 9.0.4.5) connector for Oracle Identity Manager 9.1.0.1.
      I'm trying to provision users. The target machine is Ubunto Linux 7.4 (I tried also Fedora 10)
      I followed all the steps in the documentation for installing and configuring the connector. I tried the test utility to check whether things were working but the connector didn't connect to the ssh server.
      Here is the OIM test utility log:
      -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
      INFO,12 Feb 2009 18:19:59,890,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: STARTED
      DEBUG,12 Feb 2009 18:19:59,890,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: IT Resource parameters received for creating a session
      DEBUG,12 Feb 2009 18:19:59,890,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: protocol = SSH
      DEBUG,12 Feb 2009 18:19:59,905,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: portInt = 22
      DEBUG,12 Feb 2009 18:19:59,905,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: username = root
      DEBUG,12 Feb 2009 18:19:59,905,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: hostname = 192.168.139.131
      DEBUG,12 Feb 2009 18:19:59,905,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: shellPrompt = $
      DEBUG,12 Feb 2009 18:19:59,905,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: osType = LINUX
      DEBUG,12 Feb 2009 18:19:59,921,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: port = 22
      DEBUG,12 Feb 2009 18:19:59,921,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: mirrorPwdFilepath =
      DEBUG,12 Feb 2009 18:19:59,921,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: mirrorShadowFilepath =
      DEBUG,12 Feb 2009 18:19:59,921,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: privateKey = id_rsa
      DEBUG,12 Feb 2009 18:19:59,921,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: SudoOrRBAC = NONE
      DEBUG,12 Feb 2009 18:19:59,936,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: timeOut =40000
      DEBUG,12 Feb 2009 18:19:59,936,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: SET_DEFAULT_CHARENCODE = UTF-8
      DEBUG,12 Feb 2009 18:19:59,999,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: with private key
      DEBUG,12 Feb 2009 18:20:00,483,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: Set default character encoding: UTF-8
      DEBUG,12 Feb 2009 18:20:00,499,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: Before SSH Connect
      INFO,12 Feb 2009 18:20:41,827,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: SSH Session reconnecting. Attempt Number : 1
      DEBUG,12 Feb 2009 18:21:01,827,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: Before SSH Connect
      INFO,12 Feb 2009 18:21:53,155,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: SSH Session reconnecting. Attempt Number : 2
      ERROR,12 Feb 2009 18:21:53,155,[OIMCP.TELNETSSH],TelnetSSHConnectionUtil::getSSHSession: SSH Session could not be established
      ERROR,12 Feb 2009 18:21:53,155,[OIMCP.TELNETSSH],SSHProvisioning::createUser: SshException Error Message = Could not connect for 40000 milliseconds
      com.jscape.inet.ssh.SshException: Could not connect for 40000 milliseconds
      at com.jscape.inet.ssh.Ssh.connect(Unknown Source)
      at com.jscape.inet.ssh.SshSession.connect(Unknown Source)
      at com.thortech.xl.integration.telnetssh.util.TelnetSSHConnectionUtil.getSSHSession(Unknown Source)
      at com.thortech.xl.integration.telnetssh.helper.SSHProvisioning.createUser(Unknown Source)
      at com.thortech.xl.integration.telnetssh.helper.TelnetSSHController.createUser(Unknown Source)
      at com.thortech.xl.integration.telnetssh.tests.SSHProvisioningTest.main(Unknown Source)
      DEBUG,12 Feb 2009 18:21:53,202,[OIMCP.TELNETSSH],SSHProvisioning::createUser: result = SSH_USER_NOTCONNECTED_FAIL
      INFO,12 Feb 2009 18:21:53,202,[OIMCP.TELNETSSH],SSHProvisioning::createUser: FINISHED
      INFO,12 Feb 2009 18:21:53,218,[OIMCP.TELNETSSH],TelnetSSHController::createUser: result = SSH_USER_NOTCONNECTED_FAIL
      INFO,12 Feb 2009 18:21:53,218,[OIMCP.TELNETSSH],TelnetSSHController::createUser: FINISHED
      Result --> SSH_USER_NOTCONNECTED_FAIL
      ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      Here is the sshd log on the linux machine:
      ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
      debug1: sshd version OpenSSH_5.1p1 Debian-3ubuntu1
      debug1: read PEM private key done: type RSA
      debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
      debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
      debug1: private host key: #0 type 1 RSA
      debug1: read PEM private key done: type DSA
      debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
      debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
      debug1: private host key: #1 type 2 DSA
      debug1: rexec_argv[0]='/usr/sbin/sshd'
      debug1: rexec_argv[1]='-d'
      debug1: Bind to port 22 on ::.
      Server listening on :: port 22.
      debug1: Bind to port 22 on 0.0.0.0.
      Server listening on 0.0.0.0 port 22.
      debug1: Server will not fork when running in debugging mode.
      debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
      debug1: inetd sockets after dupping: 3, 3
      Connection from 192.168.139.128 port 29903
      debug1: Client protocol version 2.0; client software version 1.0
      debug1: no match: 1.0
      debug1: Enabling compatibility mode for protocol 2.0
      debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
      debug1: permanently_set_uid: 113/65534
      debug1: list_hostkey_types: ssh-rsa,ssh-dss
      debug1: SSH2_MSG_KEXINIT sent
      debug1: SSH2_MSG_KEXINIT received
      debug1: kex: client->server 3des-cbc hmac-md5 none
      debug1: kex: server->client 3des-cbc hmac-md5 none
      debug1: expecting SSH2_MSG_KEXDH_INIT
      debug1: SSH2_MSG_NEWKEYS sent
      debug1: expecting SSH2_MSG_NEWKEYS
      debug1: SSH2_MSG_NEWKEYS received
      debug1: KEX done
      debug1: userauth-request for user root service ssh-connection method publickey
      debug1: attempt 0 failures 0
      debug1: test whether pkalg/pkblob are acceptable
      debug1: PAM: initializing for "root"
      debug1: PAM: setting PAM_RHOST to "192.168.139.128"
      debug1: PAM: setting PAM_TTY to "ssh"
      debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
      debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
      debug1: temporarily_use_uid: 0/0 (e=0/0)
      debug1: trying public key file /.ssh/id_rsa.pub
      debug1: fd 4 clearing O_NONBLOCK
      debug1: matching key found: file /.ssh/id_rsa.pub, line 1
      Found matching RSA key: 52:65:3f:0a:01:61:21:3f:c0:c9:cd:c3:a4:5f:23:5a
      debug1: restore_uid: 0/0
      Postponed publickey for root from 192.168.139.128 port 29903 ssh2
      debug1: userauth-request for user root service ssh-connection method publickey
      debug1: attempt 1 failures 0
      debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
      debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
      debug1: temporarily_use_uid: 0/0 (e=0/0)
      debug1: trying public key file /.ssh/id_rsa.pub
      debug1: fd 4 clearing O_NONBLOCK
      debug1: matching key found: file /.ssh/id_rsa.pub, line 1
      Found matching RSA key: 52:65:3f:0a:01:61:21:3f:c0:c9:cd:c3:a4:5f:23:5a
      debug1: restore_uid: 0/0
      debug1: ssh_rsa_verify: signature correct
      debug1: do_pam_account: called
      Accepted publickey for root from 192.168.139.128 port 29903 ssh2
      debug1: monitor_child_preauth: root has been authenticated by privileged process
      debug1: PAM: establishing credentials
      debug1: Entering interactive session for SSH2.
      debug1: server_init_dispatch_20
      debug1: server_input_channel_open: ctype session rchan 0 win 65535 max 32768
      debug1: input_session_request
      debug1: channel 0: new [server-session]
      debug1: session_new: session 0
      debug1: session_open: channel 0
      debug1: session_open: session 0: link with channel 0
      debug1: server_input_channel_open: confirm session
      debug1: server_input_channel_req: channel 0 request pty-req reply 0
      debug1: session_by_channel: session 0 channel 0
      debug1: session_input_channel_req: session 0 req pty-req
      debug1: Allocating pty.
      debug1: session_pty_req: session 0 alloc /dev/pts/1
      debug1: SELinux support disabled
      debug1: server_input_channel_req: channel 0 request shell reply 0
      debug1: session_by_channel: session 0 channel 0
      debug1: session_input_channel_req: session 0 req shell
      debug1: Setting controlling tty using TIOCSCTTY.
      debug1: session_by_channel: session 0 channel 0
      debug1: session_close_by_channel: channel 0 child 18755
      debug1: session_close_by_channel: channel 0: has child
      debug1: session_pty_cleanup: session 0 release /dev/pts/1
      debug1: Received SIGCHLD.
      debug1: session_by_pid: pid 18755
      debug1: session_exit_message: session 0 channel 0 pid 18755
      debug1: session_exit_message: release channel 0
      debug1: session_by_channel: session 0 channel 0
      debug1: session_close_by_channel: channel 0 child 0
      debug1: session_close: session 0 pid 0
      debug1: channel 0: free: server-session, nchannels 1
      Connection closed by 192.168.139.128
      debug1: do_cleanup
      debug1: PAM: cleanup
      debug1: PAM: deleting credentials
      debug1: PAM: closing session
      Transferred: sent 3592, received 1552 bytes
      Closing connection to 192.168.139.128 port 29903
      ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

      Apparently, after a successful authentication, the connector closes the connection, but looking at its log, it seems like there is a timeout problem.
      From the machine OIM in installed (Windows 2003 Server) I am able to connect to the Linux machine using Putty utility along with the private key
      generated in the Linux machine.

      Any help would be greatly appreciated.

      Best Regards,
      Stefano Emiliozzi
        • 1. Re: SSH Connector not working
          kunwar.nitesh
          Hi,

          Can you provide your all SSH IT Resource parameter?

          Regards
          Nitesh
          • 2. Re: SSH Connector not working
            444677
            Hello, here are the parameters:

            Admin Password / Private Key file Pwd ******
            Port 22
            Shadow Mirror File /etc/shadow1
            Passwd Mirror File / User Mirror File (AIX) /etc/passwd1
            Server IP Address 192.168.139.131
            Delay 15000
            TimeOut 40000
            MaxRetry 2
            Sudo Or RBAC NONE
            RBAC Role Name
            Shell Prompt $
            Protocol SSH
            Server OS LINUX
            Whether Trusted System (HP-UX) NO
            Target Date Format yyyy-MM-dd HH:mm
            Admin UserId root
            Private Key E:\oracle\product\9.1.0\server\xellerate\XLIntegrations\SSH\config\id_rsa
            RBAC Role Passwd

            Thank you in advance,
            Stefano
            • 3. Re: SSH Connector not working
              444677
              Hello, I solved the problem using a RedHat distribution for which the connector is certified. It's strange that Fedora 10 + OpenSSH is not working, though.

              Best Regards,
              Stefano Emiliozzi