Here is working config file (sshd_config). Check if it work for you
Protocol 2
Port 22
AllowTcpForwarding no
GatewayPorts no
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd no
KeepAlive yes
SyslogFacility auth
LogLevel info
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
KeyRegenerationInterval 3600
StrictModes yes
LoginGraceTime 600
MaxAuthTries 6
MaxAuthTriesLog 3
PermitEmptyPasswords no
PasswordAuthentication yes
PAMAuthenticationViaKBDInt yes
PermitRootLogin yes
Subsystem sftp /usr/lib/ssh/sftp-server
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
<><><><><><><><><><><><><><><><><><><><><>
Regards: Romeo Ninov
http://www.ninov.info
<><><><><><><><><><><><><><><><><><><><><>
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of John Dunn
Sent: Thursday, January 07, 2010 3:25 PM
To: Solaris-Users mailing list
Subject: Re: [Solaris-Users] ssh from SUN10 to SUN8
Permssions on .ssh directory are 700
I cannot even ssh to the local (Solaris 10) server
Here is the verbose log :
ssh -v produ...@sun10
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to SUN10 [10.5.1.16] port 22.
debug1: Connection established.
debug1: identity file /home/producer/.ssh/identity type -1
debug1: identity file /home/producer/.ssh/id_rsa type -1
debug1: identity file /home/producer/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: Failed to acquire GSS-API credentials for any mechanisms (No
credentials
were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: Peer sent proposed langtags, ctos: i-default
debug1: Peer sent proposed langtags, stoc: i-default
debug1: We proposed langtags, ctos: i-default
debug1: We proposed langtags, stoc: i-default
debug1: Negotiated lang: i-default
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: Remote: Negotiated main locale: C
debug1: Remote: Negotiated messages locale: C
debug1: dh_gen_key: priv key bits set: 134/256
debug1: bits set: 1577/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host 'sun10 (10.5.1.16)' can't be established.
RSA key fingerprint is 5c:c6:fe:0e:62:4d:de:4d:b1:5f:4a:b9:12:c8:0f:f4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sun10,10.5.1.16' (RSA) to the list of known
hosts.
debug1: bits set: 1633/3191
debug1: ssh_rsa_verify: signature correct
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,publicke
y,password,keyboard-interactive
debug1: Next authentication method: gssapi-keyex
debug1: Next authentication method: gssapi-with-mic
debug1: Failed to acquire GSS-API credentials for any mechanisms (No
credentials
were supplied, or the credentials were unavailable or inaccessible
Unknown code 0
)
debug1: Next authentication method: publickey
debug1: Trying private key: /home/producer/.ssh/identity
debug1: Trying private key: /home/producer/.ssh/id_rsa
debug1: Trying public key: /home/producer/.ssh/id_dsa
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,publicke
y,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:
John Dunn
Sefas Innovation Limited.
Tel: + 44 (0) 117 373 6122
P Please consider the environment before printing this email
________________________________
From: John Dunn
Sent: 07 January 2010 10:43
To: Solaris-Users mailing list
Subject: ssh from SUN10 to SUN8
I am trying to enable passwordless ssh between a user on a Solaris10 box
and a Solaris 8 box.
I have generated the rsa key on the Solaris 10 box with an empty
passphrase, copied to authorized_keys and copied to the Solaris8 box.
The .ssh directory for the user on the Solaris8 box is as below.
But when I try to ssh to the user from the Solaris10 box to the Solaris8
box , I am still prompted for the password.
-r-------- 1 producer producer 224 Jan 7 11:36 authorized_keys
-rw------- 1 producer producer 887 Jan 7 11:36 id_rsa
-rw-r--r-- 1 producer producer 224 Jan 7 11:36 id_rsa.pub
Is this a permissions issue?
John Dunn
Product Consultant
Sefas Innovation Limited.
Tel: + 44 (0) 117 373 6122
www.sefas.com <http://www.sefas.com/>
P Please consider the environment before printing this email
Sefas Innovation Limited, CityPoint, Temple Gate, Bristol BS1 6PL, UK.
Tel: +44 (0) 117 373 6114 Fax: +44 (0) 117 373 6115.
Registered No: 3769761 England.
Registered Office: One New Street, Wells, Somerset, BA5 2LA, United
Kingdom.
VAT Registration No: GB 741 5377 32
Unless stated to be non-confidential, this email and any attachments are
private and confidential and are for the addressee only. Sefas monitors
e-mails to ensure its systems operate effectively and to minimize the
risk of viruses. Whilst Sefas has taken reasonable steps to scan this
email, it does not accept liability for any virus that may be contained
in it.
Internet communications are not 100% secure and as such Sefas is not
responsible for their abuse by 3rd parties, nor for any alteration or
corruption in transmission.
_______________________________________________
Solaris-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/solaris-users
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4750 (20100107) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4750 (20100107) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
_______________________________________________
Solaris-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/solaris-users
