- 论坛徽章:
- 0
|
本帖最后由 okwiner 于 2011-07-01 15:43 编辑
大家好,
我在一下版本的Aix上安装了openssh 5.2.0.53
5.3.9
5300-09-03-0918
5300-06-01-0000
5300-07-00-0000
5.3.6
遇到了证书认证无法登陆成功的问题。从Linux 登录到 Aix 5.3,使用密码认证可以登录,但是使用证书认证就报 错“连接被关闭 by IP”
请问在Aix 5.3上 sshd 的log在那个路径下面? 怎么启动sshd才能进入debug log 模式?
下面是我预计到的错误信息,我确定我的公钥文件的部署肯定没有问题,因为检查了好几天了,而且所有的5.3都不行,6.1没有问题,linux也没有问题- [ti@SHSHSH1 bk]$ ssh -i id_rsa 11.2.13.6 -vvv
- OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
- debug1: Reading configuration data /etc/ssh/ssh_config
- debug1: Applying options for *
- debug2: ssh_connect: needpriv 0
- debug1: Connecting to 11.2.13.6 [11.2.13.6] port 22.
- debug1: Connection established.
- debug3: Not a RSA1 key file id_rsa.
- debug2: key_type_from_name: unknown key type '-----BEGIN'
- debug3: key_read: missing keytype
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug3: key_read: missing whitespace
- debug2: key_type_from_name: unknown key type '-----END'
- debug3: key_read: missing keytype
- debug1: identity file id_rsa type 1
- debug1: loaded 1 keys
- debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
- debug1: match: OpenSSH_5.2 pat OpenSSH*
- debug1: Enabling compatibility mode for protocol 2.0
- debug1: Local version string SSH-2.0-OpenSSH_4.3
- debug2: fd 3 setting O_NONBLOCK
- debug1: SSH2_MSG_KEXINIT sent
- debug1: SSH2_MSG_KEXINIT received
- debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
- debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
- debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
- debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
- debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
- debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit: first_kex_follows 0
- debug2: kex_parse_kexinit: reserved 0
- debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
- debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
- debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
- debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
- debug2: kex_parse_kexinit: none,zlib@openssh.com
- debug2: kex_parse_kexinit: none,zlib@openssh.com
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit:
- debug2: kex_parse_kexinit: first_kex_follows 0
- debug2: kex_parse_kexinit: reserved 0
- debug2: mac_init: found hmac-md5
- debug1: kex: server->client aes128-cbc hmac-md5 none
- debug2: mac_init: found hmac-md5
- debug1: kex: client->server aes128-cbc hmac-md5 none
- debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
- debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
- debug2: dh_gen_key: priv key bits set: 117/256
- debug2: bits set: 506/1024
- debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
- debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
- debug3: check_host_in_hostfile: filename /usr/tideway/.ssh/known_hosts
- debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
- debug3: check_host_in_hostfile: filename /usr/tideway/.ssh/known_hosts
- debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
- debug2: no key of type 0 for host 11.2.13.6
- debug3: check_host_in_hostfile: filename /usr/tideway/.ssh/known_hosts2
- debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
- debug3: check_host_in_hostfile: filename /usr/tideway/.ssh/known_hosts
- debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
- debug2: no key of type 2 for host 11.2.13.6
- The authenticity of host '11.2.13.6 (11.2.13.6)' can't be established.
- RSA key fingerprint is 95:c8:eb:7b:26:d8:d7:77:1a:08:2e:fc:b5:ee:12:b6.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added '11.2.13.6' (RSA) to the list of known hosts.
- debug2: bits set: 518/1024
- debug1: ssh_rsa_verify: signature correct
- debug2: kex_derive_keys
- debug2: set_newkeys: mode 1
- debug1: SSH2_MSG_NEWKEYS sent
- debug1: expecting SSH2_MSG_NEWKEYS
- debug2: set_newkeys: mode 0
- debug1: SSH2_MSG_NEWKEYS received
- debug1: SSH2_MSG_SERVICE_REQUEST sent
- debug2: service_accept: ssh-userauth
- debug1: SSH2_MSG_SERVICE_ACCEPT received
- debug2: key: id_rsa (0x2ad3e320cbc0)
- debug1: Authentications that can continue: publickey,password,keyboard-interactive
- debug3: start over, passed a different list publickey,password,keyboard-interactive
- debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
- debug3: authmethod_lookup publickey
- debug3: remaining preferred: keyboard-interactive,password
- debug3: authmethod_is_enabled publickey
- debug1: Next authentication method: publickey
- debug1: Offering public key: id_rsa
- debug3: send_pubkey_test
- debug2: we sent a publickey packet, wait for reply
- Connection closed by 11.2.13.6
复制代码 |
|