LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > AIX
User Name
Password
AIX This forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.

Notices

Reply
 
Search this Thread
Old 02-13-2013, 12:10 AM   #1
LinuxLover
Member
 
Registered: Feb 2004
Distribution: Solaris 10/11 , RHEL 6 ,AIX 7.1
Posts: 188

Rep: Reputation: 32
AIX 7.1 ssh connection problem


Hi,
We were using AIX 5.3 on Power Servers. Now we installed few machines with AIX 7.1. On which we are facing that most of the ssh client (like RHEL 5 ssh client, secure shell client) are unable to login to AIX 7.1 box via ssh whereas putty client is able to login on same AIX 7.1 hosts.

Below is the debuging log from a RHEL 5 client ssh machine to AIX 7.1 server.

[kmumtaz]$ ssh -vvv 10.1.X.100
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.1.X.X [10.1.X.X] port 22.
debug1: Connection established.
debug1: identity file /home/kmumtaz/.ssh/identity type -1
debug1: identity file /home/kmumtaz/.ssh/id_rsa type -1
debug1: identity file /home/kmumtaz/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 120/256
debug2: bits set: 528/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Connection closed by 10.1.X.100


Any Idea how to resolve the isse
 
Old 02-13-2013, 01:42 AM   #2
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 842
Blog Entries: 2

Rep: Reputation: 212Reputation: 212Reputation: 212
Does this help? http://www.held.org.il/blog/2011/05/...reset-by-peer/
 
Old 02-13-2013, 06:54 AM   #3
LinuxLover
Member
 
Registered: Feb 2004
Distribution: Solaris 10/11 , RHEL 6 ,AIX 7.1
Posts: 188

Original Poster
Rep: Reputation: 32
After enabling auth.debug in AIX 7.1 syslog.conf file getting below error in log file while user try to connect from ssh cleint

Feb 13 13:27:15 node1 auth|security:crit sshd15204500: fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc preauth
 
Old 04-18-2013, 02:23 PM   #4
gpratt3151
LQ Newbie
 
Registered: Apr 2013
Posts: 1

Rep: Reputation: Disabled
Possible Solution

We have experienced the same problem. After much research it appears the cypher length is too big which causes the connection to die before proceeding further. You can test this theory by executing the following:
ssh -c aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, <HOSTNAME>

To permanently resolve, you should update the version of openssh client on your Linux host.

Good luck!
 
Old 04-22-2013, 01:10 AM   #5
LinuxLover
Member
 
Registered: Feb 2004
Distribution: Solaris 10/11 , RHEL 6 ,AIX 7.1
Posts: 188

Original Poster
Rep: Reputation: 32
Hi gpratt3151,

I forgot to update on this forum. I was able to resolve the problem after changing the cipher in client list.By default client was using archfour , after changing it to some other like blowfish etc now client are able to connect quite nicely. It seem that in AIX 7.1 they have tighten the rope towards security and weakness.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh connexion problem from AIX server to Windows 2003 Server TIAHA David Linux - Newbie 7 03-25-2010 09:04 AM
SSH Problem RHEL -> AIX Connection closed by remote host unixteam Linux - Networking 6 03-04-2010 12:29 AM
ssh connection problem. windstory Linux - Newbie 2 01-02-2009 07:25 PM
A problem with ssh connection lawrence_lee_lee Linux - Software 5 05-16-2008 09:14 AM
ssh connection problem klemen Linux - Networking 2 06-19-2005 05:01 AM


All times are GMT -5. The time now is 02:32 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration