Skip to main content

Troubleshooting ssh connectivity issue using public/private key




We have a scenario in which our code is failing to establish ssh connection to an AIX host using public/private key. I took the following approach to perform the troubleshooting,

i. Our code uses JSCH library to establish the SSH connection. To make sure this is not an issue with jsch usage, I made sure the following
1) Public key - Made sure public key is configured in .ssh/authorized_keys file in the target host
2) Private key - Made sure we have the private key and setting it correctly in jsch library
ii. Next step is to see if we are able to connect using ssh tool from a linux machine. Following are the steps
1) Get the private key and create a file named 'privatekey'. Put the content of the private key in the file
2) Now connect to the target machine using ssh -v -i key user@hostname. If it doesn't work, then you can be sure that the problem is not with your code
iii. Next step is to run sshd in debug mode and then try to connect and analyze the debug logs to troubleshoot the issue. Follow the below steps
1) stopsrc -s sshd  -> To stop the sshd service
2) /usr/sbin/sshd -D -e -ddd > /tmp/sshd.log 2>&1  - To start the sshd in debug mode. Logs will get written to /tmp/sshd.log
3) Connect to the target host using ssh -v -i key user@hostname
4) Press CTRL + C to stop sshd in debug mode
5) startsrc -s sshd  - To start the sshd daemon
iv. Collect the logs and analyze and you should get some clue about what is going wrong

In my case, it is trying to get the public key from authorized_keys2 and as per the my google search this is deprecated log time back in early 2000. Now to figure out from where it is taking authorized_keys2
i. This information is available in the config file /etc/ssh/sshd_config and you need to look for the key "AuthorizedKeysFile". In my case this value is set to authorized_keys2 and after editing this value everything started working
Labels:

Comments

Post a Comment

Popular posts from this blog

Base64 Encoding

The base-64 encoding converts a series of arbitrary bytes into a longer sequence of common text characters that are all legal header field values. Base-64 encoding takes a sequence of 8-bit bytes, breaks the sequence into 6-bit pieces, and assigns each 6-bit piece to one of 64 characters comprising the base-64 alphabet. Base 64–encoded strings are about 33% larger than the original values. For example “Ow!” -> “T3ch” 1. The string “Ow!” is broken into 3 8-bit bytes (0x4F, 0x77, 0x21). 2. The 3 bytes create the 24-bit binary value 010011110111011100100001. 3. These bits are segmented into the 6-bit sequences 010011, 110111, 01110,100001.
Post a Comment
Read more

Unicode and UTF8 Encoding

Unicode provides a unique number for every character, no matter what the platform, no matter what the program, no matter what the language. Unicode officially encodes 1,114,112 characters, from 0x000000 to 0x10FFFF. (The idea that Unicode is a 16-bit encoding is completely wrong.) For maximum compatibility, individual Unicode values are usually passed around as 32-bit integers (4 bytes per character), even though this is more than necessary. The consensus is that storing four bytes per character is wasteful, so a variety of representations have sprung up for Unicode characters. The most interesting one for C programmers is called UTF-8. UTF-8 is a "multi-byte" encoding scheme, meaning that it requires a variable number of bytes to represent a single Unicode value. Given a so-called "UTF-8 sequence", you can convert it to a Unicode value that refers to a character. http://www.cprogramming.com/tutorial/unicode.html There are 3 types of encoding in unicode, UT...
Post a Comment
Read more

How to find locked binaries as part of upgrade/fresh installation?

How to find locked binaries as part of upgrade/fresh installation? When you upgrade an application using windows installer many a time you might have come across issues like the files which you wanted to overwrite or delete is already in use or in another way some other application is already using that binary. In such cases, the windows installer will show a FilesInUse dialog. However, the problem here is this dialog will show only the application name which is consuming the binary and not the actual binary name. This has 2 problems, in case of a simple application which a handful of binaries we can easily figure out the binary getting locked, however in case of a large application with several binaries and run times it might be tricky to find out such locked binaries. The problem gets even more complicated if this scenario occurs in an environment where you don't have access, for example, a customer environment. Let me briefly explain how installer identifies and shows th...
Post a Comment
Read more