AIX SSH无法从windows登陆问题
问题描述:AIX6.1系统HA RAC配置完成之后发现AIX系统之间都能互相SSH,只要从windows 用sercurity(闪退) putty显示(Incorrect MAC received on packet)无法连接AIX
测试从sun和HP的小机都能SSH到AIX系统
已经重装过很多次SSH均测试没效果
这是不正常的DEBUG调试登陆信息
hpyl1:/>stopsrc -s sshd
0513-044 The sshd Subsystem was requested to stop.
hpyl1:/>/usr/sbin/sshd -d
debug1: sshd version OpenSSH_6.0p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
debug1: inetd sockets after dupping: 5, 5
Connection from 10.206.96.19 port 64223
debug1: Client protocol version 2.0; client software version SecureCRT_7.0.0 (x64 build 326) SecureCRT
debug1: no match: SecureCRT_7.0.0 (x64 build 326) SecureCRT
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling the Kerberos auth
debug1: permanently_set_uid: 205/213 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth]
debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth]
debug1: expecting SSH2_MSG_KEXDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
Corrupted MAC on input. [preauth]
Disconnecting: Packet corrupt [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: Killing privsep child 6095214
这是我从正常服务器登陆的DEBUG测试信息
# stopsrc -s sshd
0513-044 The sshd Subsystem was requested to stop.
# /usr/sbin/sshd -d
debug1: sshd version OpenSSH_6.0p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
debug1: inetd sockets after dupping: 4, 4
debug1: audit connection from 10.206.96.19 port 64241 euid 0
Connection from 10.206.96.19 port 64241
debug1: Client protocol version 2.0; client software version SecureCRT_7.0.0 (x64 build 326) SecureCRT
debug1: no match: SecureCRT_7.0.0 (x64 build 326) SecureCRT
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling the Kerberos auth
debug1: permanently_set_uid: 202/201 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth]
debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth]
debug1: expecting SSH2_MSG_KEXDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user root service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: Eff_sl:::Eff_tl: [preauth]
debug1: userauth-request for user root service ssh-connection method password [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: Encrypted:::len:16
Accepted password for root from 10.206.96.19 port 64241 ssh2
debug1: AIX/loginsuccess: msg Last login: Tue Dec 16 20:07:42 CST 2014 on /dev/pts/0 from 10.206.96.199
debug1: monitor_read_log: child log fd closed
debug1: monitor_child_preauth: root has been authenticated by privileged process
debug1: audit event euid 0 user root event 2 (SSH_authsuccess)
debug1: Return Val-1 for auditproc:0
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 131072 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/0
debug1: Ignoring unsupported tty mode opcode 13 (0xd)
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: Values: options.num_allow_users: 0
debug1: RLOGIN VALUE :1
setsid: Operation not permitted.
测试从sun和HP的小机都能SSH到AIX系统
已经重装过很多次SSH均测试没效果
这是不正常的DEBUG调试登陆信息
hpyl1:/>stopsrc -s sshd
0513-044 The sshd Subsystem was requested to stop.
hpyl1:/>/usr/sbin/sshd -d
debug1: sshd version OpenSSH_6.0p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
debug1: inetd sockets after dupping: 5, 5
Connection from 10.206.96.19 port 64223
debug1: Client protocol version 2.0; client software version SecureCRT_7.0.0 (x64 build 326) SecureCRT
debug1: no match: SecureCRT_7.0.0 (x64 build 326) SecureCRT
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling the Kerberos auth
debug1: permanently_set_uid: 205/213 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth]
debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth]
debug1: expecting SSH2_MSG_KEXDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
Corrupted MAC on input. [preauth]
Disconnecting: Packet corrupt [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: Killing privsep child 6095214
这是我从正常服务器登陆的DEBUG测试信息
# stopsrc -s sshd
0513-044 The sshd Subsystem was requested to stop.
# /usr/sbin/sshd -d
debug1: sshd version OpenSSH_6.0p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
debug1: inetd sockets after dupping: 4, 4
debug1: audit connection from 10.206.96.19 port 64241 euid 0
Connection from 10.206.96.19 port 64241
debug1: Client protocol version 2.0; client software version SecureCRT_7.0.0 (x64 build 326) SecureCRT
debug1: no match: SecureCRT_7.0.0 (x64 build 326) SecureCRT
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling the Kerberos auth
debug1: permanently_set_uid: 202/201 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth]
debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth]
debug1: expecting SSH2_MSG_KEXDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user root service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: Eff_sl:::Eff_tl: [preauth]
debug1: userauth-request for user root service ssh-connection method password [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: Encrypted:::len:16
Accepted password for root from 10.206.96.19 port 64241 ssh2
debug1: AIX/loginsuccess: msg Last login: Tue Dec 16 20:07:42 CST 2014 on /dev/pts/0 from 10.206.96.199
debug1: monitor_read_log: child log fd closed
debug1: monitor_child_preauth: root has been authenticated by privileged process
debug1: audit event euid 0 user root event 2 (SSH_authsuccess)
debug1: Return Val-1 for auditproc:0
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 131072 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/0
debug1: Ignoring unsupported tty mode opcode 13 (0xd)
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: Values: options.num_allow_users: 0
debug1: RLOGIN VALUE :1
setsid: Operation not permitted.