Hello,
I tried to connect with root or any other user to AIX using ssh. It throws me error like Permission denied (publickey,keyboard-interactive). i don't know why!!
and the PermitRootLogin is yes
any help will be appreciated
Thanks
Have you made sure the other users do exist on the target system? ssh makes a point of not indicating anything to the outside, therefore you get a "permission denied" (and not a "user does not exist") when you try to connect with a non-existent user-account.
This means you have not exchanged any (valid) key which ssh could have tried (->"publickey"), ssh has asked you for a password and you typed no valid one (-> "keyboard-interactive").
Well - this was the reason why. There is no mystery about it. ;-))
Which versions of ssh did you use on both sides? And what does the file /etc/sshd.config look on the system you are trying to connect to? Post it here (comments removed, they are usually 95% of the file) and let us have a look.
Generally, it is a good idea to post relevant version information along with the problem description.
I hope this helps.
bakunin
Thanks for your reply
It not accept the password through ssh
# ssh root@localhost
root@localhost password:
Permission denied, please try again.
root@localhost password:
Permission denied, please try again.
root@localhost password:
Permission denied (publickey,password,keyboard-interactive).
also when i run # /usr/sbin/sshd -dd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 164
debug2: parse_server_config: config /etc/ssh/sshd_config len 164
debug1: sshd version OpenSSH_6.0p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-dd'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: The socket name is already in use..
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Bind to port 22 on :: failed: The socket name is already in use..
Cannot bind any address.
The sshd_config file
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/sbin/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding yes
# AllowTcpForwarding no
# ForceCommand cvs server
Thanks
Do you want to connect from another computer to the AIX computer? If so, then you are using a wrong ssh command. ssh root@localhost will obviously try to connect to the same computer on which you are typing this command. It doesn't make sense.
Try ssh root@<insert ip address of AIX computer here> or ssh root@<insert name of AIX computer here>
---------- Post updated at 12:55 PM ---------- Previous update was at 12:53 PM ----------
By the way: the sshd_config file doesn't look valid and working to me. If you leave all the comments out, only two lines remain:
Protocol 2
Subsystem sftp /usr/sbin/sftp-server
It not connect ssh locally or from remote host
after i connect via telnet local i'm trying to connect shh
#ssh root@servername
it prompt ssh password but it refused the password
Permission denied, please try again.
also the same issue when i try to connect from remote host.
Thanks
It is quite common that the login of the root user is prohibited. Usually normal user accounts log in and are then allowed to become root. Issue an
lsuser root
and have a look at the user attributes. Alternatively do a smitty chuser and check there.
This seems to be pretty obvious, doesn't it? Whatever occupies port 22 either has to go or you will have to use another (unoccupied) port for ssh.
I asked you to remove the comments and i really did mean it. It seems that PermitRootLogin yes is not set at all and other relevant parameters are not set either.
Correct your sshd_config (you can find many examples for AIX here in this board) and then restart your ssh-daemon. Btw., newer versions of the sshd (you still haven't told us which version/package you are using) are controlled via the systems resource controller: instead of starting it from the command line you do a:
refresh -s sshd
or, if it is not started (check with lssrc )
startsrc -s sshd
I hope this helps.
bakunin
Can i replace the sshd_config file with one already working in other machine?
Thanks
That depends. It depends on what stands in the working configuration file and if anything of this is machine-dependent or not. IF there is nothing in the file which is only valid for the source machine (something like a hostname, an IP address, or whatever) and IF the one system is supposed to have the same configuration as the other, then, probably, yes, you can copy that file.
Notice, though, that a daemon process reads its configuration at startup and doesn't notice a changed configuration file if not explicitly told to do so. Depending on your configuration (which we still do not know) either restart the service via the SRC (see posting above) or by sending a HUP signal to the daemon:
# ps -fe | grep ssh
root 2687266 5439554 0 Jun 14 - 0:00 /usr/sbin/sshd
root 11796770 26411068 0 12:48:12 pts/1 0:00 grep ssh
# kill -1 2687266
I hope this helps.
bakunin