|
[SMS] - Superb Mini Server Project Support Forum |
 |
|
 |
View previous topic :: View next topic |
Author |
Message |
toothandnail Member
Joined: 17 Mar 2011 Posts: 63 Location: Oxfordshire, UK
|
Posted: Fri Jul 03, 2015 12:57 am Post subject: SSH login problems |
|
|
I've just had to rebuild an SMS server which is used mainly as a backup machine. It had been around for a while, so when I reinstalled, I installed 2.0.7 (had been 2.0.5 previously). Most things are working, since I was able to use backups created before the drive failure which made the reinstall necessary. One thing is giving me problems is SSH login from other machines.
I use key pairs for logging in, and had to original keys from the backup. However, every time I tried to log in from other machines, I was getting this error:
Code: | no matching cipher found: client arcfour256,blowfish-cbc,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com |
After a bit of hunting, I found a couple of suggestions, which allowed me to SSH into the new SMS server. However, I found I was having to use the root password (not disabled in /etc/ssh/sshd_conf, fortunately).
Once on the server, I had a look at the log, and found this:
Code: | Jul 2 15:50:08 filestore perl: pam_unix(webmin:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=root
Jul 2 15:50:11 filestore perl: PAM prelude-client: Unable to initialize prelude client: could not open '/etc/prelude/profile/PAM/config' for reading: No such file or directory Profile 'PAM' does not exist. In order to create it, please run: prelude-admin register "PAM" "idmef:w" <manager address> --uid 0 --gid 0. |
I've not found much on prelude, and I'm wondering what I've missed in setting the server up?
Paul. |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Fri Jul 03, 2015 5:50 pm Post subject: |
|
|
Hi,
you need to enable all ciphers, or switch to *-ctr ones, *-cbc are disabled on latest versions...
SMS-2.0.5 had openssh-6.2.
As for the prelude error don't worry, its normal, that is for PAM, which is optional..
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
toothandnail Member
Joined: 17 Mar 2011 Posts: 63 Location: Oxfordshire, UK
|
Posted: Sat Jul 04, 2015 5:31 am Post subject: |
|
|
gerasimos_h wrote: | Hi,
you need to enable all ciphers, or switch to *-ctr ones, *-cbc are disabled on latest versions...
SMS-2.0.5 had openssh-6.2. |
Thanks. That could be interesting. The machine I have to use to get to the SMS server is an SME server. Looking at it, its running this version of OpenSSH/SSL:
Code: | OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 |
I've tried enabling some of the *-ctr ciphers (have to do it manully from the command line until I get it working...), but so far, that allows me to log in, but only after going through a password prompt, so something is not working as it should.
Quote: | As for the prelude error don't worry, its normal, that is for PAM, which is optional.. |
Thanks. I'll leave that one alone then. Just need to get the ciphers working properly.
Paul.l |
|
Back to top |
|
toothandnail Member
Joined: 17 Mar 2011 Posts: 63 Location: Oxfordshire, UK
|
Posted: Mon Aug 10, 2015 11:33 pm Post subject: |
|
|
I managed to get past the cipher problem by enabling all the ciphers in /etc/ssh/sshd_config on the SMS machine. Now I've hit another problem.....
When I attempt to ssh into the SMS machine from one of the SME machines, it fails to use the public keys. Since I hadn't turned off password authentication, I've been able to get into the SMS machine, but Its failing the public keys every time. I enabled verbose logging in sshd_config and I'm getting this error:
Code: | Aug 10 21:45:44 filestore sshd[19125]: Connection from 192.168.0.254 port 37638 on 192.168.0.221 port 22
Aug 10 21:45:45 filestore sshd[19125]: Failed publickey for root from 192.168.0.254 port 37638 ssh2: RSA 9c:02:8a:20:dd:83:67:64:43:fa:8d:49:47:b6:3e:15
Aug 10 21:45:48 filestore sshd[19125]: Failed password for root from 192.168.0.254 port 37638 ssh2
Aug 10 21:45:57 filestore sshd[19125]: Accepted password for root from 192.168.0.254 port 37638 ssh2
Aug 10 21:45:57 filestore sshd[19125]: Starting session: shell on pts/0 for root from 192.168.0.254 port 37638 |
forget the failed password - mistyped it the first time round....
If I ssh from the SMS machine to one of the SME servers, I have no problems - the public keys work fine. I had public keys working on the SMS machine prior to the rebuild, and had the same keys in place on the new install. I've replaced the public keys from the SME servers in /root/.ssh/authorized_keys and authorized_keys2, no change.
Any ideas why the public key authentication should be failing. Any idas?
Paul. |
|
Back to top |
|
gerasimos_h Site Admin
Joined: 09 Aug 2007 Posts: 1757 Location: Greece
|
Posted: Sat Aug 22, 2015 1:09 am Post subject: |
|
|
Hi,
sorry for the late reply, didn't see it...
Are the permissions correct under ~/.ssh/, it should be 600 (-rw------- )
gerasimos_h _________________ Superb! Mini Server Project Manager
http://sms.it-ccs.com |
|
Back to top |
|
toothandnail Member
Joined: 17 Mar 2011 Posts: 63 Location: Oxfordshire, UK
|
Posted: Sat Aug 22, 2015 8:48 pm Post subject: |
|
|
gerasimos_h wrote: | Hi,
sorry for the late reply, didn't see it... |
No problem - I probably should have started a new topic.
Quote: | Are the permissions correct under ~/.ssh/, it should be 600 (-rw------- )
gerasimos_h |
Yes. Found the problem (eventually). I didn't cause it, but I should have spotted it, and I ended up repeating it...
When I first had problems, I tried replacing the public/private keys, thinking they might have been damaged due to the drive problems the machine had. I coudn't get to the site, so I had someone do the job for me - gave them step by step instructions.
Trouble was that the person doing the key change can't spell - the new public keys went into ~/.ssh/authoriszed_keys and authoriszed_keys2. I didn't notice the error and when I tried replacing the keys again, I used tab-completion to overwrite the old files, so I just continued the error.
When I finally noticed and corrected the file names, keys started working again.
Regards, Paul. |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You can attach files in this forum You can download files in this forum
|
|
 |
 |
SMS - Superb! Mini Server Project © 2016
Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional
|
 |
|
|