Monday, June 19, 2017

Solaris 5.11/SSH -- Password authentication - Permission denied (gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive)

Here is a quick tip for you.
If you encounter permission denied errors in ssh (in Solaris or anywhere else), use -vvv argument for the analysis.

Ex: ssh -vvv root@<ip_address>..

The output produced by this "ssh -vvv" very readable and most of the time, it will make you see the cause and take the corrective actions.

I said most of the time, because sometimes it can not..

I have faced a case where a junior executed chmod to /etc . (chmod -R 777 /etc)

He said, he did it for making Oracle OS user to be able to create the oraInst.loc file during a new EBS installation:)

Anyways,this command "chmod -R 777 /etc", which seems harmless, may make your system function inappropriately.

For instance, in Solaris, you won't be able to relogin using SSH after executing this command..
ssh -vvv can not catch this. I mean, its output will seem clean but cut.

Actually, some files like passwd, which is stored in /etc, should not be world readable-writeable.

So, in such a case where you have 777 for all files in /etc, you end up with ssh permission denied errors. (this is only one of the things that you will face bytheway :)

A quick and working solution to this, is executing chmod -R 755 /etc, but a proper fix is to make the permissions of files in /etc to be equal with the files in the /etc directory of an identical and an untouched system.

No comments :

Post a Comment