Friday, January 3, 2014

SSH client decyrption failed on solaris

www.unixbabuforum.in-bash-3.00$ ssh -v -v redhat-server 
Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: Rhosts Authentication disabled, originating port will not be trusted. 
debug1: ssh_connect: needpriv 0 
debug1: Connecting to x.x.x.y [x.x.x.x] port 22. 
debug1: Connection established. 
debug1: identity file /export/backup/.ssh/identity type -1 
debug2: key_type_from_name: unknown key type '-----BEGIN' 
debug2: key_type_from_name: unknown key type '-----END' 
debug1: identity file /export/backup/.ssh/id_rsa type 1 
debug1: identity file /export/backup/.ssh/id_dsa type -1 
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 
debug1: match: OpenSSH_4.3 pat OpenSSH* 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-Sun_SSH_1.1.1 
debug1: use_engine is 'yes' 
debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers 
debug1: pkcs11 engine initialization complete 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc 
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,zlib 
debug2: kex_parse_kexinit: none,zlib 
debug2: kex_parse_kexinit: i-default 
debug2: kex_parse_kexinit: i-default 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug1: Failed to acquire GSS-API credentials for any mechanisms (An unsupported mechanism was requested 
Unknown code 0 

debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc 
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,zlib 
debug2: kex_parse_kexinit: none,zlib 
debug2: kex_parse_kexinit: i-default 
debug2: kex_parse_kexinit: i-default 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, email@removed ,aes128-ctr,aes192-ctr,aes256-ctr 
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, email@removed ,aes128-ctr,aes192-ctr,aes256-ctr 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, email@removed ,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160, email@removed ,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none, email@removed 
debug2: kex_parse_kexinit: none, email@removed 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5 
debug1: kex: server->client aes128-ctr hmac-md5 none 
debug2: mac_init: found hmac-md5 
debug1: kex: client->server aes128-ctr hmac-md5 none 
debug1: Peer sent proposed langtags, ctos: 
debug1: Peer sent proposed langtags, stoc: 
debug1: We proposed langtags, ctos: i-default 
debug1: We proposed langtags, stoc: i-default 
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP 
debug1: dh_gen_key: priv key bits set: 133/256 
debug1: bits set: 1011/2048 
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY 
debug1: Host '10.217.9.156' is known and matches the RSA host key. 
debug1: Found key in /export/backup/.ssh/known_hosts:2 
debug1: bits set: 1006/2048 
RSA_public_decrypt failed: error:8106A072:lib(129):func(106):reason(114) 
debug1: ssh_rsa_verify: signature incorrect 
key_verify failed for server_host_key 
debug1: Calling cleanup 0x348a4(0x0) 

The client is Solaris where as the server RHEL54


www.unixbabuforum.inCheck your user identity keys. 
Looks like you have an id_rsa mismatch. 

If allowed in your env, clear out the .ssh/ 
dir on the host and client and see if you can 
ssh in with keyboard-interactive auth (i.e. 
a password.) 

If not, test keys from a known good system pair. 

You may have to regen keys for yourself.

0 comments:

Post a Comment

 
Design by BABU | Dedicated to grandfather | welcome to BABU-UNIX-FORUM