Hi guys,
I'm stuck on this. I can ssh my target prod server (call it server
A), and from there ssh into my repo server (say server B) fine. When
I run some scripts that are accessing server B from server A via ssh
however they get a a "failed password". Any ideas? What is the
difference from server B's perspective how the ssh connection is being
established? Here's a tail of the secure.log from Server B for both
cases.
---------- server B log when "manually ssh'ing in " -------------------
Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: checkpw()
succeeded, creating credential for user greg
Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: checkpw()
succeeded, creating shared credential for user greg
Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: Succeeded
authorizing right system.login.tty by client /usr/sbin/sshd for
authorization created by /usr/sbin/sshd.
Feb 6 15:23:18 Macintosh-2 sshd[2372]: Accepted
keyboard-interactive/pam for greg from 10.1.1.1 port 49636 ssh2
--------- server B log when scripts are trying to access ------------
Feb 6 15:23:53 Macintosh-2 sshd[2414]: error: PAM: Authentication
failure for greg from home.gregsdomainname.org
Feb 6 15:23:53: --- last message repeated 2 times ---
Feb 6 15:23:53 Macintosh-2 sshd[2414]: Failed password for greg from
10.1.1.1 port 50366 ssh2
Not sure if it's significant, however I acutally trigger the scripts
running on Server A from Server B itself. Hence end-to-end it is:
Server A (run capistrano init) ==ssh==> Sever B (run scripts)
====ssh===>Server A
Server B ssh config (/etc/ssh_config)
=========================
Macintosh-2:etc greg$ cat /etc/ssh_config
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication yes
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange yes
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
Thanks
I'm stuck on this. I can ssh my target prod server (call it server
A), and from there ssh into my repo server (say server B) fine. When
I run some scripts that are accessing server B from server A via ssh
however they get a a "failed password". Any ideas? What is the
difference from server B's perspective how the ssh connection is being
established? Here's a tail of the secure.log from Server B for both
cases.
---------- server B log when "manually ssh'ing in " -------------------
Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: checkpw()
succeeded, creating credential for user greg
Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: checkpw()
succeeded, creating shared credential for user greg
Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: Succeeded
authorizing right system.login.tty by client /usr/sbin/sshd for
authorization created by /usr/sbin/sshd.
Feb 6 15:23:18 Macintosh-2 sshd[2372]: Accepted
keyboard-interactive/pam for greg from 10.1.1.1 port 49636 ssh2
--------- server B log when scripts are trying to access ------------
Feb 6 15:23:53 Macintosh-2 sshd[2414]: error: PAM: Authentication
failure for greg from home.gregsdomainname.org
Feb 6 15:23:53: --- last message repeated 2 times ---
Feb 6 15:23:53 Macintosh-2 sshd[2414]: Failed password for greg from
10.1.1.1 port 50366 ssh2
Not sure if it's significant, however I acutally trigger the scripts
running on Server A from Server B itself. Hence end-to-end it is:
Server A (run capistrano init) ==ssh==> Sever B (run scripts)
====ssh===>Server A
Server B ssh config (/etc/ssh_config)
=========================
Macintosh-2:etc greg$ cat /etc/ssh_config
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication yes
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange yes
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
Thanks