Troubleshooting
Problem
Unable to ssh into device using keyfile. Setup is identical to a partner switch which works fine.
Symptom
Heres a snippet of the symptoms seen:
Switch with BUG
debug2: key: /export/home/dsvprd/.ssh/id_rsa (xxxxxxxx)
debug2: key: /export/home/dsvprd/.ssh/id_dsa (xxxxxxxx)
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /export/home/dsvprd/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
----------------- Heres were switches differentiate
debug1: Authentications that can continue: publickey,password
debug1: Offering DSA public key: /export/home/dsvprd/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
vs our other same level switch, which has the same key on it:
Good switch
debug2: key: /export/home/dsvprd/.ssh/id_rsa (xxxxxxxx)
debug2: key: /export/home/dsvprd/.ssh/id_dsa ((xxxxxxxx)
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /export/home/dsvprd/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
----------------- Heres were switches differentiate
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp xx:xx:xx:xx:xx:xx:xx:xx:xxxx:xx:xx:xx:xx:xx:xx
debug3: sign_and_send_pubkey: RSA xx:xx:xx:xx:xx:xx:xx:xx:xxxx:xx:xx:xx:xx:xx:xx
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to OSSRTR04 ([xx.xx.xxx.xx]:xx).
This is fixed in 7.4.1e.
Contact IBM for verification and workaround.
Environment
Concerning the two switches:
Both switches are at the same FOS levels v7.4.1d and sshutil was used on the first switch to put the public key from our source server into the switch. Same key is on both switches but only works on one of them. After key is exchanged we are able to SSH in using a key and no password on one switch but the other switch doesn't accept key and requires password.
In this case customer ran into DEFECT000616486, where in Fabric OS v7.4.1d,sshutil changes the permissions of the public keys to 600 with chmod,which eliminates any admin level users from reading the public key to authenticate.
Related Information
[{"Product":{"code":"STQPPK","label":"IBM Storage Networking SAN512B-6"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"","label":"N\/A"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"STNNL8","label":"IBM Storage Networking SAN24B-5"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"STNNL8","label":"IBM Storage Networking SAN24B"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"STQPLH","label":"IBM Storage Networking SAN256B-6 (8961-F04)"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"STMSBR","label":"Storage area network (SAN)->SAN384B-2 Fabric Backbone (2499-416)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMKPN","label":"SAN384B Fabric Backbone (2499-192)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMN38","label":"Storage area network (SAN)->SAN42B-R (2498-R42)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMSCJ","label":"Storage area network (SAN)->SAN48B-5 Switch (2498-F48)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STQPJB","label":"SAN64B-6 Switch (8960-F64-N64)"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"STMSAD","label":"Storage area network (SAN)->SAN768B-2 Fabric Backbone (2499-816)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMKQC","label":"SAN768B Fabric Backbone (2499-384)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMKSX","label":"SAN80B-4 Switch (2498-B80)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STNNAB","label":"Storage area network (SAN)->SAN96B-5 Switch (2498-F96, N96)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}}]
Was this topic helpful?
Document Information
Modified date:
27 February 2023
UID
ssg1S1012415