On Friday 19 May 2006 10:18, Dan Lund wrote:
> Hi all,
>
> I'm working with a few of our RHEL3 and 4 machines right now, getting
> an automated ssh tunnel going between a RHEL3 (and 4 in prod) to a RH8
> machine. (8 in prod too)
>
> The problem I'm having is that with RHEL3/4, ssh doesn't seem to work
> the same. It's perplexing, and aggrevating. I
>
> 've used "ssh-keygen -t rsa" on the RHEL3 box to create the id_rsa and
> id_rsa.pub files, transferred the id_rsa.pub file to the remote RH8
> box and put it into the ${HOME}/.ssh/authorized_keys file. No dice.
> The verbose debugging says it negotiates as ssh2 between each other,
> reads the files, even finds the id_rsa file but then it says "we sent
> a publickey packet, waiting for reply" and then "we did not send a
> packet, disable method".
> my ssh_config is essentially empty (stock, bare, empty) and the
> sshd_config on the remote host is the same.
>
> I've done RH8 -> RH8, RH8 -> Gentoo, Gentoo -> Gentoo.. okay... let's
> just narrow it down and say I've done nearly every distribution to
> every distribution =) except RHEL3/4.
>
> Anyone ever ran into this problem before?
>
> RHEL4 uses OpenSSH 3.9p1, RH8 uses OpenSSH 3.4p1.
>
> I've also tried localhost with two individual users just to see if the
> RHEL3 or 4 box would auth against itself passwordless and it doesn't.
> SOMETHING technology-wise has changed.....
Have you checked the logs on the server side? Most of the time these sorts of
problems stem from permissions of either the .ssh directory or key files or
authorized_keys on either side. More recent SSH installs have been requiring
strict permissions. There is a config option to turn it off though but they
are a good idea.
Also, check for SELINUX settings. I have never had a problem with it but I
never turn it on on RHEL boxes.
Theres the standard stuff like /etc/hosts.allow/deny. Or you could have
strange things in your sshd_config file ... like no root logins (if you are
using root) ... or it could be restricting logins to given users. But you;ve
kindof covered that.
Austin
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss