Log inUsernamePassword
Log me on automatically each visit    
Register
Register
Log in to check your private messages
Log in to check your private messages
SMS Forum Index » SMS User Support

Post new topic   Reply to topic
SSH login problems
View previous topic :: View next topic  
Author Message
toothandnail
Member


Joined: 17 Mar 2011
Posts: 63
Location: Oxfordshire, UK

PostPosted: Fri Jul 03, 2015 12:57 am    Post subject: SSH login problems Reply with quote

I've just had to rebuild an SMS server which is used mainly as a backup machine. It had been around for a while, so when I reinstalled, I installed 2.0.7 (had been 2.0.5 previously). Most things are working, since I was able to use backups created before the drive failure which made the reinstall necessary. One thing is giving me problems is SSH login from other machines.

I use key pairs for logging in, and had to original keys from the backup. However, every time I tried to log in from other machines, I was getting this error:

Code:
no matching cipher found: client arcfour256,blowfish-cbc,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com


After a bit of hunting, I found a couple of suggestions, which allowed me to SSH into the new SMS server. However, I found I was having to use the root password (not disabled in /etc/ssh/sshd_conf, fortunately).

Once on the server, I had a look at the log, and found this:

Code:
Jul  2 15:50:08 filestore perl: pam_unix(webmin:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=root
Jul  2 15:50:11 filestore perl: PAM prelude-client: Unable to initialize prelude client: could not open '/etc/prelude/profile/PAM/config' for reading: No such file or directory  Profile 'PAM' does not exist. In order to create it, please run: prelude-admin register "PAM" "idmef:w" <manager address> --uid 0 --gid 0.


I've not found much on prelude, and I'm wondering what I've missed in setting the server up?

Paul.
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Fri Jul 03, 2015 5:50 pm    Post subject: Reply with quote

Hi,

you need to enable all ciphers, or switch to *-ctr ones, *-cbc are disabled on latest versions...
SMS-2.0.5 had openssh-6.2.

As for the prelude error don't worry, its normal, that is for PAM, which is optional..

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
toothandnail
Member


Joined: 17 Mar 2011
Posts: 63
Location: Oxfordshire, UK

PostPosted: Sat Jul 04, 2015 5:31 am    Post subject: Reply with quote

gerasimos_h wrote:
Hi,

you need to enable all ciphers, or switch to *-ctr ones, *-cbc are disabled on latest versions...
SMS-2.0.5 had openssh-6.2.


Thanks. That could be interesting. The machine I have to use to get to the SMS server is an SME server. Looking at it, its running this version of OpenSSH/SSL:

Code:
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008


I've tried enabling some of the *-ctr ciphers (have to do it manully from the command line until I get it working...), but so far, that allows me to log in, but only after going through a password prompt, so something is not working as it should.

Quote:
As for the prelude error don't worry, its normal, that is for PAM, which is optional..


Smile Thanks. I'll leave that one alone then. Just need to get the ciphers working properly.

Paul.l
Back to top
View user's profile Send private message
toothandnail
Member


Joined: 17 Mar 2011
Posts: 63
Location: Oxfordshire, UK

PostPosted: Mon Aug 10, 2015 11:33 pm    Post subject: Reply with quote

I managed to get past the cipher problem by enabling all the ciphers in /etc/ssh/sshd_config on the SMS machine. Now I've hit another problem.....

When I attempt to ssh into the SMS machine from one of the SME machines, it fails to use the public keys. Since I hadn't turned off password authentication, I've been able to get into the SMS machine, but Its failing the public keys every time. I enabled verbose logging in sshd_config and I'm getting this error:

Code:
Aug 10 21:45:44 filestore sshd[19125]: Connection from 192.168.0.254 port 37638 on 192.168.0.221 port 22
Aug 10 21:45:45 filestore sshd[19125]: Failed publickey for root from 192.168.0.254 port 37638 ssh2: RSA 9c:02:8a:20:dd:83:67:64:43:fa:8d:49:47:b6:3e:15
Aug 10 21:45:48 filestore sshd[19125]: Failed password for root from 192.168.0.254 port 37638 ssh2
Aug 10 21:45:57 filestore sshd[19125]: Accepted password for root from 192.168.0.254 port 37638 ssh2
Aug 10 21:45:57 filestore sshd[19125]: Starting session: shell on pts/0 for root from 192.168.0.254 port 37638


Smile forget the failed password - mistyped it the first time round....

If I ssh from the SMS machine to one of the SME servers, I have no problems - the public keys work fine. I had public keys working on the SMS machine prior to the rebuild, and had the same keys in place on the new install. I've replaced the public keys from the SME servers in /root/.ssh/authorized_keys and authorized_keys2, no change.

Any ideas why the public key authentication should be failing. Any idas?

Paul.
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1757
Location: Greece

PostPosted: Sat Aug 22, 2015 1:09 am    Post subject: Reply with quote

Hi,
sorry for the late reply, didn't see it...

Are the permissions correct under ~/.ssh/, it should be 600 (-rw------- )

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
toothandnail
Member


Joined: 17 Mar 2011
Posts: 63
Location: Oxfordshire, UK

PostPosted: Sat Aug 22, 2015 8:48 pm    Post subject: Reply with quote

gerasimos_h wrote:
Hi,
sorry for the late reply, didn't see it...


No problem - I probably should have started a new topic.

Quote:
Are the permissions correct under ~/.ssh/, it should be 600 (-rw------- )

gerasimos_h


Yes. Found the problem (eventually). Embarassed I didn't cause it, but I should have spotted it, and I ended up repeating it...

When I first had problems, I tried replacing the public/private keys, thinking they might have been damaged due to the drive problems the machine had. I coudn't get to the site, so I had someone do the job for me - gave them step by step instructions.

Trouble was that the person doing the key change can't spell - the new public keys went into ~/.ssh/authoriszed_keys and authoriszed_keys2. I didn't notice the error and when I tried replacing the keys again, I used tab-completion to overwrite the old files, so I just continued the error.

When I finally noticed and corrected the file names, keys started working again.

Regards, Paul.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    SMS Forum Index » SMS User Support All times are GMT + 2 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

SMS - Superb! Mini Server Project © 2016
Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional