AIX 5.3 TL11 + OpenSSH 5.2: public key authentication not working?
Bernd Nies
We have a new installed AIX 5.3 TL 11 with the latest serviepack and
the OpenSSH that came on the DVD. There seems to be a bug with public
key authentication. If "PubkeyAuthentication yes" is set in /etc/ssh/
sshd_config and the user has public keys in his .ssh directory then
the user cannot login. It gets disconnected immediately. If
PubkeyAuthentication is set to "no" then one can log in with SSH using
password.
This worked in an older AIX 5.3 release and older OpenSSH version. But
that version does not run on this AIX release due to library problems.
Is there a fix for this available? Or do I have to compile OpenSSH by
myself from source? I didn't find something useful googling around and
searching IBM.
# oslevel -s
5300-11-02-1007
# ssh -V
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
# lslpp -l "openssh.*"
Fileset Level State Description
----------------------------------------------------------------------------
Path: /usr/lib/objrepos
openssh.base.client 5.2.0.5300 COMMITTED Open Secure Shell
Commands
openssh.base.server 5.2.0.5300 COMMITTED Open Secure Shell
Server
openssh.man.en_US 5.2.0.5300 COMMITTED Open Secure Shell
Documentation - U.S.
English
openssh.msg.EN_US 5.2.0.5300 COMMITTED Open Secure Shell
Messages -
U.S. English (UTF)
openssh.msg.en_US 5.2.0.5300 COMMITTED Open Secure Shell
Messages -
U.S. English
Path: /etc/objrepos
openssh.base.client 5.2.0.5300 COMMITTED Open Secure Shell
Commands
openssh.base.server 5.2.0.5300 COMMITTED Open Secure Shell
Server
Thanks in advance and best regards,
Bernd
Terry Polzin
what are the perms on the authorized_keys file? they s/b 600
Bernd Nies
> what are the perms on the authorized_keys file? they s/b 600
That's not it. Public key authentication works fine on several hundred
hosts with different unixes (Solaris, Linux, other AIX releases).
Here's the output of the debug system log when trying to do a public
key authentication.
Mar 31 13:27:23 aixhost auth|security:debug sshd[389146]: debug1: fd 4
clearing O_NONBLOCK
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Mar 31 13:27:23 aixhost auth|security:debug sshd[389146]: debug1:
Forked child 356474.
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
inetd sockets after dupping: 5, 5
Mar 31 13:27:23 aixhost auth|security:info sshd[356474]: Connection
from 123.123.123.123 port 39575
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
Client protocol version 2.0; client software version OpenSSH_5.2
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
match: OpenSSH_5.2 pat OpenSSH*
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
Enabling compatibility mode for protocol 2.0
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
Local version string SSH-2.0-OpenSSH_5.2
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): \t0509-022
Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).\n\t0509-026
System error: A file or directory in the path name does not exist.\n
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
Error loading Kerberos, disabling the Kerberos auth
Mar 31 13:27:23 aixhost auth|security:info sshd[356474]: Failed none
for bernd from 123.123.123.123 port 39575 ssh2
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
temporarily_use_uid: 3031/102 (e=0/0)
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
trying public key file /home/bernd/.ssh/authorized_keys
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1: fd 7
clearing O_NONBLOCK
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
matching key found: file /home/bernd/.ssh/authorized_keys, line 1
Mar 31 13:27:23 aixhost auth|security:info sshd[356474]: Found
matching RSA key: 7b:0b:a1:0a:64:87:64:ec:3b:04:5a:c6:7c:3c:b7:27
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
restore_uid: 0/0
Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
do_cleanup
Bye
Bernd
Hajo Ehlers
> temporarily_use_uid: 3031/102 (e=0/0)
> Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
> trying public key file /home/bernd/.ssh/authorized_keys
> Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1: fd 7
> clearing O_NONBLOCK
> Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
> matching key found: file /home/bernd/.ssh/authorized_keys, line 1
> Mar 31 13:27:23 aixhost auth|security:info sshd[356474]: Found
> matching RSA key: 7b:0b:a1:0a:64:87:64:ec:3b:04:5a:c6:7c:3c:b7:27
> Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
> restore_uid: 0/0
> Mar 31 13:27:23 aixhost auth|security:debug sshd[356474]: debug1:
> do_cleanup
1) I would use at least debug level 3 ( ssh -v -v -v targetnode )
2) Compare the output to a working AIX system
3) Enable syslog for the sshd on the target node
A note to your debug output
Its looks like that ssh is switching to your id ( 3021/102) from
effective 0/0
...
> temporarily_use_uid: 3031/102 (e=0/0)
...
> restore_uid: 0/0
...
and after the restore you are out ...
At least on our system - openssh 5.0.0.5301 , openssl 0.9.8.801 - i
do not see this behaviour.
Another point to watch is the the auth method configured in the
following files.
Thats what it looks like on my machines.
/etc/security/login.cfg
auth_type = STD_AUTH
/etc/ssh/sshd_config
UsePAM yes
Thus pam is enabled but not used.
hth
Hajo
Mark
"Bernd Nies" <bernd...@gmail.com> wrote in message
news:a9ae6490-6811-423d...@z3g2000yqz.googlegroups.com...
Bernd,
Check the permissions of the users home directory.
If these have write permission for the group and strictmode is set to yes,
user will not be able to logon.
See StrictModes section in the man page for sshd_config.
Mark
Bernd Nies
To clarify things: SSH login on the AIX 5.3 TL11 with OpenSSH_5.2p1
that came on IBM DVD host works fine with password authentication if
either
(a) "PubkeyAuthentication no" is configured on the AIX host in /etc/
ssh/sshd_config, OR
(b) the user doesn't have public keys in it's ~/.ssh directory
But login with public key authentication does not work here. It works
fine on other unixes or also on another AIX 5.3 host with this Release
of AIX and OpenSSH and same configuration. That AIX hosts and OpenSSH
release is:
# oslevel -s
5300-10-01-0921
# ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.7l 28 Sep 2006
Setup was pretty much default AIX 5.3 installation. I only configured
the system for LDAP authentication according to IBM's guide. Here are
the configs on the AIX server:
bash-3.2# cat /etc/ssh/sshd_config
Protocol 2
SyslogFacility AUTH
LogLevel DEBUG
PubkeyAuthentication no
ChkHomeDir yes
UsePAM no
PidFile /var/run/sshd.pid
Subsystem sftp /usr/sbin/sftp-server
bash-3.2# cat /etc/security/login.cfg
default:
sak_enabled = false
logintimes =
logindisable = 0
logininterval = 0
loginreenable = 0
logindelay = 0
usw:
shells = /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh,/bin/
ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin/ksh,/usr/bin/
tsh,/
usr/bin/ksh93,/usr/bin/rksh,/usr/bin/rksh93,/usr/sbin/uucp/uucico,/
usr/
sbin/sliplogin,/usr/sbin/snappd,/bin/bash,/usr/bin/bash
maxlogins = 32767
logintimeout = 60
auth_type = STD_AUTH
bash-3.2# cat /etc/security/user
default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 = NONE
tpath = nosak
umask = 022
expires = 0
SYSTEM = LDAP
registry = LDAP
logintimes =
pwdwarntime = 0
account_locked = false
loginretries = 0
histexpire = 0
histsize = 0
minage = 0
maxage = 0
maxexpired = -1
minalpha = 0
minother = 0
minlen = 0
mindiff = 0
maxrepeats = 8
dictionlist =
pwdchecks =
root:
admin = true
SYSTEM = files
registry = files
loginretries = 0
account_locked = false
[...]
ldap:
admin = false
SYSTEM = files
registry = files
sshd:
admin = false
account_locked = true
login = false
SYSTEM = files
registry = files
rlogin = false
And here the full debug log of SSH client (linuxhost) and SSH server
(aixhost). One can see that the client offers the public key and the
server finds it in the users authorized_keys file. Then the connection
is closed. The user has a shared NFS home directory, which is mounted
by automounter /etc/auto* files.
bash-3.2# tail -f /var/log/messages
Apr 1 03:49:51 aixhost auth|security:debug sshd[286742]: debug1: fd 4
clearing O_NONBLOCK
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Apr 1 03:49:51 aixhost auth|security:debug sshd[286742]: debug1:
Forked child 454868.
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
inetd sockets after dupping: 5, 5
Apr 1 03:49:51 aixhost auth|security:info sshd[454868]: Connection
from 222.222.222.222 port 43088
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
Client protocol version 2.0; client software version OpenSSH_5.2
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
match: OpenSSH_5.2 pat OpenSSH*
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
Enabling compatibility mode for protocol 2.0
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
Local version string SSH-2.0-OpenSSH_5.2
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): \t0509-022
Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).\n\t0509-026
System error: A file or directory in the path name does not exist.\n
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
Error loading Kerberos, disabling the Kerberos auth
Apr 1 03:49:51 aixhost auth|security:info sshd[454868]: Failed none
for bernd from 222.222.222.222 port 43088 ssh2
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
temporarily_use_uid: 3031/102 (e=0/0)
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
trying public key file /home/bernd/.ssh/authorized_keys
Apr 1 03:49:51 aixhost daemon:debug automountd[282788]:
nfs_args=0x2ff21328 version=3 protocol=0
Apr 1 03:49:51 aixhost daemon:debug automountd[282788]: Attempt a TCP
connection.
Apr 1 03:49:51 aixhost daemon:debug automountd[282788]: TCP -
Success!
Apr 1 03:49:51 aixhost daemon:debug automountd[282788]: before mount
of /vol/home/bernd from nfsserver.example.com failed error 0
Apr 1 03:49:51 aixhost daemon:debug automountd[282788]: mount of /
home:bernd status 0
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1: fd 7
clearing O_NONBLOCK
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
matching key found: file /home/bernd/.ssh/authorized_keys, line 1
Apr 1 03:49:51 aixhost auth|security:info sshd[454868]: Found
matching RSA key: 7b:0b:a1:0a:64:87:64:ec:3b:04:5a:c6:7c:3c:b7:27
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
restore_uid: 0/0
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
do_cleanup
bernd@linuxhost:~> ssh -v -v -v aixhost
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /home/bernd/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to aixhost [123.123.123.123] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /home/bernd/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/bernd/.ssh/id_rsa type 1
debug1: identity file /home/bernd/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-
ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-
ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-
ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-
ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: zl...@openssh.com,zlib,none
debug2: kex_parse_kexinit: zl...@openssh.com,zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-
ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-
ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,aes192-cbc,aes256-cbc,arcfour,rijnda...@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-
ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,uma...@openssh.com,hmac-
ripemd160,hmac-ri...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zl...@openssh.com
debug2: kex_parse_kexinit: none,zl...@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 zl...@openssh.com
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 zl...@openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 114/256
debug2: bits set: 512/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/bernd/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 4
debug3: check_host_in_hostfile: filename /home/bernd/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 4
debug1: Host 'aixhost' is known and matches the RSA host key.
debug1: Found key in /home/bernd/.ssh/known_hosts:4
debug2: bits set: 516/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/bernd/.ssh/id_rsa (0xb77c44a0)
debug2: key: /home/bernd/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-
interactive
debug3: start over, passed a different list
publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/bernd/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Connection closed by 123.123.123.123
Bye
Bernd
Hajo Ehlers
> Hello,
>
> To clarify things: SSH login on the AIX 5.3 TL11 with OpenSSH_5.2p1
> that came on IBM DVD host works fine with password authentication if
> either
>
> (a) "PubkeyAuthentication no" is configured on the AIX host in /etc/
> ssh/sshd_config, OR
> (b) the user doesn't have public keys in it's ~/.ssh directory
>
> But login with public key authentication does not work here. It works
> fine on other unixes or also on another AIX 5.3 host with this Release
> of AIX and OpenSSH and same configuration. That AIX hosts and OpenSSH
> release is:
>
> # oslevel -s
> 5300-10-01-0921
> # ssh -V
> OpenSSH_4.3p2, OpenSSL 0.9.7l 28 Sep 2006
>
> Setup was pretty much default AIX 5.3 installation. I only configured
> the system for LDAP authentication according to IBM's guide. Here are
> the configs on the AIX server:
Disable LDAP and autofs for a given test user and redo your tests!
There are problems with autofs,ldap and ssh.
Search fixcentral for "autofs ldap ssh"
So /etc/security/user should be set to
SYSTEM = "compat"
registry = files
for a given test user.
BTW: Anything written from the sshd to the syslog ?
cheers
Hajo
Bernd Nies
The SSH daemon syslog output is shown in a previous post. LDAP, Autofs
and SSH is working fine. Only public key authentication fails. The SSH
daemon finds a matching public key in the ~/.ssh/authorized_keys file:
Apr 1 03:49:51 aixhost auth|security:debug sshd[454868]: debug1:
matching key found: file /home/bernd/.ssh/authorized_keys, line 1
Apr 1 03:49:51 aixhost auth|security:info sshd[454868]: Found
matching RSA key: 7b:0b:a1:0a:64:87:64:ec:3b:04:5a:c6:7c:3c:b7:27
But then it fails and the user doesn't get logged in. Most likely IBM
shipped an OpenSSH monday release with AIX 5.3 TL11 which has never
been tested with public key authentication.
Bye
Bernd
root
Are you sure the account on the target host is not expired or disabled ?
Had this problem on another operating system, and OpenSSH did not give a
decent error-message about this.
Henry
not seen any evidence of the perms on the $HOME or $HOME/.ssh or the
*key* files
I've been tripped up by AIX SSH packaging changes (GRR!) including the
root key updating, moving of binaries from /usr to /usr/local.
the suggestion by "root" is good, but 99% of my problems are with file
permissions, and the 1% are bugs.
You could always compile it yourself and create your own package.
in /etc/security/user what about rlogin and login rules ?
loginretries ? account_locked ?
SSH seems to mask UNIX-type faults - have you tried telnet
(localhost) ?
Bernd Nies
Login with telnet works fine. SSH only works when one removes the
~/.ssh directory and does a password login or the public key
authentication is disabled in /etc/ssh/sshd_config on the AIX server.
Public key authentication works on an older AIX 5.3 TL release with an
older OpenSSH that came on the Linux tools CD.
Bye
Bernd
Bill
Just found this thread..
I am having a very similar issue, between AIX 5.3 and AIX 6.1.
AIX 5.3 servers:
#> oslevel -s
5300-11-00-0000
#> ssh -V
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
#>
AIX 6.1 servers:
#> oslevel -s
6100-04-01-0944
#> ssh -V
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
#>
ssh_config is exactly the same on all servers, sshd_config is the same
EXCEPT for 6.1 has "Protocol 2" and 5.3 has "Protocol 1"
I am able to ssh between servers using ssh keys (with or without
passphrases) 6.1 -> 6.1 and 5.3 -> 6.1, but NOT able to ssh 6.1 ->
5.3.
Tried changing the Protocol on the 5.3 servers to '2' but then when I
try to ssh 6.1->5.3 using keys and get disconnected immediately.
Don't have root access on the 6.1 servers to try to bring it back to
Protocol 1.
I kind of understand the protocols not being forward compatible, but
what is it that would cause Protocol 2 to not work on AIX 5.3?
Cheers
Bill
Ben
I've had exactly the same issue. Later that day i installed a newer
OpenSSL and OpenSSH for AIX, and the problem disappeared.
Ben
Roy
permission on either the client or the server