I have 140 hosts – 80% AIX, the rest LINUX. From one host, I can
ssh (no password needed) to all but 4 hosts. Why? I have checked everything I can think of. I can
ssh tho these four from any other host with zero problems.
Why this one host causes me grief? Any ideas, please?
————-The next day……..
How many of you noticed that when faced with a seemingly difficult issue as soon as you share your thoughts (and your grief + the pain) with someone else, the resolution magically appears shortly later? I do believe that the collective compassion multiplied by the desire to help you is the solution delivery vehicle. I really do.
First, I want to thank all who answered my call! It worked again! All four hosts had the same issue.
I have a host, from which we can login/execute commands (
ssh) on all other hosts with no need to enter the
root password. This mechanism works for all but four machines which do not allow
root logins and do not allow the following transaction too:
# ssh-copy-id -i id_rsa.pub root@badHost root@badHost's password: Permission denied, please try again. root@grdoraqp1's password: Permission denied, please try again. root@grdoraqp1's password:
The “business” end of
badHost looks like that:
# ls -ld /root/.ssh drwx------ 2 root system 256 May 14 10:38 .ssh
The inside of the
# ls -l total 32 drwx------ 2 root system 256 May 14 10:38 . drwx------ 5 root system 4096 Apr 09 15:43 .. -rw------- 1 root system 396 May 14 10:38 authorized_keys -rw------- 1 root system 1679 May 14 10:33 id_rsa -rw-r----- 1 root system 396 May 14 10:33 id_rsa.pub
I noticed that
root is the only one having these issues. For no apparent reason (I do not know it yet but the solution is being delivered right now ), I decided to change
root's password to something really simple, different.
# passwd root Changing password for "root" 3004-616 User "root" does not exist. 3004-709 Error changing password for "root".
Woo, this is a surprise! I can login to this host with
putty but I cannot change the password? Let’s see what AIX thinks about this accont.
# cd /etc # grep -w root: passwd root:!:0:0::/root:/usr/bin/ksh
Nothing wrong with the line above. Let’s dig deeper.
# cd security # grep -p root: user root: admin = true expires = 0 SYSTEM = "compat" account_locked = false rlogin = false loginretries = 0 histexpire = 0 histsize = 0 minage = 0 maxage = 0 maxexpired = -1 minalpha = 0 minother = 0 minlen = 0 mindiff = 0 maxrepeats = 8 dictionlist = pwdchecks = admgroups = asmadmin,dba,oinstall,itmusers
Now, if you have not been “dealing” lately with authentication issues you may miss it. Something in this output is missing! Do you know what?
root account is authenticated locally the missing line is:
registry = files
As soon, as this live was added all the issues disappeared…… My
ssh issues are over.