openssh upgrading.

Ben Lindstrom mouring at offwriting.org
Sat Nov 15 05:59:08 EST 2014


Have you checked your /etc/ssh/sshd_config  after the upgrade?  By default most platforms disable root as a valid login user via:  "PermitRootLogin"

- Ben

> On Nov 14, 2014, at 12:32 PM, Chandra Kumara <chandra.kumara at shipxpress.com> wrote:
> 
> Hi Openssh support,
> 
> 
> 
> I have upgraded openssh from 5.3p1 to 6.2p2 in a RHEL 6.6 - 64 bit server
> and now i can't login to server remotely using same root password. It always
> prompting the password saying  "Permission denied, please try again."
> 
> 
> 
> Please help me to resolve the issue.
> 
> 
> 
> Following are the steps i have followd.
> 
> 
> 
> ----------------------------------------------------------------
> 
> [root at test ~]# ssh -V
> 
> OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
> 
> 
> 
> [root at test ~]# cat /etc/redhat-release 
> 
> Red Hat Enterprise Linux Server release 6.6 (Santiago)
> 
> 
> 
> [root at test ~]# rpm -qa |grep openssh
> 
> openssh-server-5.3p1-104.el6.x86_64
> 
> openssh-clients-5.3p1-104.el6.x86_64
> 
> openssh-5.3p1-104.el6.x86_64
> 
> 
> 
> yum install rpm-build
> 
> yum install gcc glibc-devel pam-devel libX11-devel krb5-devel zlib-devel
> 
> yum install openssh-devel openssl-devel tcp_wrappers-devel libXt-devel imake
> gtk2-devel
> 
> 
> 
> wget http://ftp.spline.de/pub/OpenBSD/OpenSSH/portable/openssh-6.2p2.tar.gz
> 
> wget
> http://pkgs.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.
> gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
> 
> 
> 
> tar zxvf openssh-6.2p2.tar.gz
> 
> cp openssh-6.2p2/contrib/redhat/openssh.spec .
> 
> rpmbuild -bb openssh.spec
> 
> 
> 
> cp x11-ssh-askpass-1.2.4.1.tar.gz /root/rpmbuild/SOURCES/
> 
> cp openssh-6.2p2.tar.gz /root/rpmbuild/SOURCES/
> 
> cp openssh.spec /root/rpmbuild/SOURCES/
> 
> 
> 
> rpmbuild -bb openssh.spec
> 
> 
> 
> cd /root/rpmbuild/RPMS/x86_64/
> 
> rpm -Uvh *
> 
> /etc/init.d/sshd restart
> 
> 
> 
> [root at test ~]# rpm -qa |grep openss
> 
> openssl-devel-1.0.1e-30.el6_6.4.x86_64
> 
> openssh-server-6.2p2-1.x86_64
> 
> openssl-1.0.1e-30.el6_6.4.x86_64
> 
> openssh-askpass-gnome-6.2p2-1.x86_64
> 
> openssh-debuginfo-6.2p2-1.x86_64
> 
> openssh-6.2p2-1.x86_64
> 
> openssh-clients-6.2p2-1.x86_64
> 
> 
> 
> 
> 
> [root at plutotest .ssh]# ssh -v root at 192.168.0.38
> 
> OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
> 
> debug1: Reading configuration data /etc/ssh/ssh_config
> 
> debug1: Applying options for *
> 
> debug1: Connecting to 192.168.0.38 [192.168.0.38] port 22.
> 
> debug1: Connection established.
> 
> debug1: permanently_set_uid: 0/0
> 
> debug1: identity file /root/.ssh/identity type -1
> 
> debug1: identity file /root/.ssh/identity-cert type -1
> 
> debug1: identity file /root/.ssh/id_rsa type -1
> 
> debug1: identity file /root/.ssh/id_rsa-cert type -1
> 
> debug1: identity file /root/.ssh/id_dsa type -1
> 
> debug1: identity file /root/.ssh/id_dsa-cert type -1
> 
> debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
> 
> debug1: match: OpenSSH_6.2 pat OpenSSH*
> 
> debug1: Enabling compatibility mode for protocol 2.0
> 
> debug1: Local version string SSH-2.0-OpenSSH_5.3
> 
> debug1: SSH2_MSG_KEXINIT sent
> 
> debug1: SSH2_MSG_KEXINIT received
> 
> debug1: kex: server->client aes128-ctr hmac-md5 none
> 
> debug1: kex: client->server aes128-ctr hmac-md5 none
> 
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> 
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> 
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> 
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> 
> debug1: Host '192.168.0.38' is known and matches the RSA host key.
> 
> debug1: Found key in /root/.ssh/known_hosts:9
> 
> debug1: ssh_rsa_verify: signature correct
> 
> debug1: SSH2_MSG_NEWKEYS sent
> 
> debug1: expecting SSH2_MSG_NEWKEYS
> 
> debug1: SSH2_MSG_NEWKEYS received
> 
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> 
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> 
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> 
> debug1: Next authentication method: gssapi-with-mic
> 
> debug1: Unspecified GSS failure.  Minor code may provide more information
> 
> Cannot determine realm for numeric host address
> 
> 
> 
> debug1: Unspecified GSS failure.  Minor code may provide more information
> 
> Cannot determine realm for numeric host address
> 
> 
> 
> debug1: Unspecified GSS failure.  Minor code may provide more information
> 
> 
> 
> 
> 
> debug1: Unspecified GSS failure.  Minor code may provide more information
> 
> Cannot determine realm for numeric host address
> 
> 
> 
> debug1: Next authentication method: publickey
> 
> debug1: Trying private key: /root/.ssh/identity
> 
> debug1: Trying private key: /root/.ssh/id_rsa
> 
> debug1: Trying private key: /root/.ssh/id_dsa
> 
> debug1: Next authentication method: password
> 
> root at 192.168.0.38's password: 
> 
> debug1: Authentications that can continue:
> publickey,gssapi-with-mic,password
> 
> Permission denied, please try again.
> 
> root at 192.168.0.38's password:
> 
> ----------------------------------------------------------------
> 
> Regards,
> 
> Chandra Kumara, SSA
> 
> ShipXpress.
> 
> 2315 Beach Blvd - Suite 104 || Jacksonville Beach, FL 32250
> 
> phone: +94 11 2826814/15 || website:  <http://www.shipxpress.com/>
> http://www.shipxpress.com
> 
> 
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



More information about the openssh-unix-dev mailing list