Dears,,
i hope everything is going fine with you,,
Yesterday i was trying to log into My Solaris 10 u10 x86 Via SSH , But it showing me many error message and refusing to login even with with the root account and below you can find the error message:
[root@home:~] # ssh -v root@192.168.10.1
Sun_SSH_1.1.4, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 192.168.10.1 [192.168.10.1] port 22.
debug1: Connection established.
debug1: identity file /export/home/root/.ssh/identity type -1
debug1: identity file /export/home/root/.ssh/id_rsa type -1
debug1: identity file /export/home/root/.ssh/id_dsa type -1
debug1: Logging to host: 192.168.10.1
debug1: Local user: root Remote user: root
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.5
debug1: match: Sun_SSH_1.1.5 pat Sun_SSH_1.1.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.4
debug1: use_engine is 'yes'
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
debug1: pkcs11 engine initialization complete
debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
Unknown code 0)
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
no common kex alg: client 'diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1', server 'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g=='
debug1: Calling cleanup 0x807177a(0x0)
After google if found that i have to delete the /etc/ssh/ssh_host_*
So i logged into the system Via Fail safe > mounted the / to /a and deleted the ssh_hos_*
After reboot the machine i found there is another logs (also the diffie-hellman error still exist :
/usr/lib/security/pam_authtok_get.so.1 writable by group
/usr/lib/security/pam_dhkeys.so.1 writable by group
That's make me very confused, after more searching i found topic advising to check for the permission for the pam files, so loged into the system Via fail-safe and found out that all files taking full permission and i believe it's not good, below you can find the permission:
-rwxrwxrwx+
So i will be appreciated if you help me in this case is really it make me confused.
BR
Ahmed