Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page [SOLVED] Cannot perform admin functions due to SSH problem (6.0.3 OSS, RHEL4)

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 12-14-2009, 09:01 AM
Active Member
  
Posts: 30
Exclamation [SOLVED] Cannot perform admin functions due to SSH problem (6.0.3 OSS, RHEL4)
I'm getting the following error attempting to perform certain admin tasks (installing a cert, etc) after upgrading to 6.0.3 from 5.0.11. It's likely---I can't recall---I had this issue before the upgrade, but the certificate broke on upgrade and now it's a more serious issue:

Message: system failure: exception during auth {RemoteManager: host.domain->zimbra@host.domain:22} Error code: service.FAILURE Method: GetCertRequest Details:soap:Receiver

I've stepped through Mail Queue Monitoring - Zimbra :: Wiki and verified my SSH settings. There's no firewall, nor have I changed ports. I'm still getting prompted for a password when I run:

Code:
ssh -vi .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
I'm pretty sure this is an SSH problem and not a Zimbra one, but I can't find out how/why/what it is or how to diagnose it effectively.
Reply With Quote
  #2 (permalink)  
Old 12-14-2009, 02:15 PM
Moderator
  
Posts: 1,147
Default
Have you tried the steps outlined in the Wiki article you linked to regenerate the SSH keys?
Reply With Quote
  #3 (permalink)  
Old 12-14-2009, 02:51 PM
Active Member
  
Posts: 30
Default
Yes, I did.

Ran the fix permissions script, regenerated the keys, checked hosts.allow and sshd_conf and unlocked (repeatedly) and verified the lockout status of the account---all of it.

At this point I think I'm down to a problem with SSH. What information would be helpful in diagnosing why it's not allowing keyfile auth?
Reply With Quote
  #4 (permalink)  
Old 12-14-2009, 11:06 PM
Moderator
  
Posts: 1,147
Default
Any errors in /var/log/security? (or your OS's equivalent)
Reply With Quote
  #5 (permalink)  
Old 12-14-2009, 11:24 PM
Zimbra Consultant & Moderator
  
Posts: 20,312
Default
You said earlier there's no firewall (are you absolutely sure ), have you also disabled SElinux (you should)?
__________________
Regards


Bill
Reply With Quote
  #6 (permalink)  
Old 12-17-2009, 02:42 PM
Active Member
  
Posts: 30
Default
Figured it out.

SSH was set to use PAM, and when we replaced the firewall I didn't reestablish the ruleset that allowed PAM to backend onto AD. Funny, since the "zimbra" account didn't auth via PAM, and I could log in as a non-PAM-auth'ed user. Fixing the firewall rule worked, but so would have disabling PAM in sshd_config or removing the pam config entries that pointed to the domain.

It didn't make any sense until I ran ssh with maximum verbosity. Even then it wasn't at all clear.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.