Topic
4 replies Latest Post - ‏2013-04-29T20:45:10Z by 32DD_Jalal_Dababseh
LinuxL0ver
LinuxL0ver
4 Posts
ACCEPTED ANSWER

Pinned topic AIX 7.1 ssh connection problem

‏2013-02-13T05:08:28Z |
Hi,
We were using AIX 5.3 on Power Servers. Now we installed few machines with AIX 7.1. On which we are facing that most of the ssh client (like RHEL 5 ssh client, secure shell client) are unable to login to AIX 7.1 box via ssh whereas putty client is able to login on same AIX 7.1 hosts.

Below is the debuging log from a RHEL 5 client ssh machine to AIX 7.1 server.

kmumtaz$ ssh -vvv 10.1.X.100
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.1.X.X http://10.1.X.X port 22.
debug1: Connection established.
debug1: identity file /home/kmumtaz/.ssh/identity type -1
debug1: identity file /home/kmumtaz/.ssh/id_rsa type -1
debug1: identity file /home/kmumtaz/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 120/256
debug2: bits set: 528/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Connection closed by 10.1.X.100

Any Idea how to resolve the isse
Updated on 2013-03-20T03:25:11Z at 2013-03-20T03:25:11Z by SystemAdmin
  • LinuxL0ver
    LinuxL0ver
    4 Posts
    ACCEPTED ANSWER

    Re: AIX 7.1 ssh connection problem

    ‏2013-02-13T08:28:12Z  in response to LinuxL0ver
    Hi,
    After enabling auth.debug in AIX 7.1 syslog.conf file getting below error in log file while user try to connect from ssh cleint

    Feb 13 13:27:15 node1 auth|security:crit sshd15204500: fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc preauth
    • SystemAdmin
      SystemAdmin
      6907 Posts
      ACCEPTED ANSWER

      Re: AIX 7.1 ssh connection problem

      ‏2013-03-20T03:25:11Z  in response to LinuxL0ver
      I found Tech note regarding this.
      Check http://www-01.ibm.com/support/docview.wss?uid=isg3T1019142

      james
    • This reply was deleted by 32DD_Jalal_Dababseh 2013-04-29T20:46:32Z.
  • SystemAdmin
    SystemAdmin
    6907 Posts
    ACCEPTED ANSWER

    Re: AIX 7.1 ssh connection problem

    ‏2013-03-20T03:41:50Z  in response to LinuxL0ver
    Hi the information was really helpful for me Specially I’m beginner in web design and always be confuse about the page layout
    http://www.louisvuittonwelcome.com
    http://www.louisvuittonamy.com