Results 1 to 6 of 6

Thread: [SOLVED] Cannot perform admin functions due to SSH problem (6.0.3 OSS, RHEL4)

  1. #1
    psarhjinian is offline Active Member
    Join Date
    Dec 2009
    Posts
    30
    Rep Power
    5

    Exclamation [SOLVED] Cannot perform admin functions due to SSH problem (6.0.3 OSS, RHEL4)

    I'm getting the following error attempting to perform certain admin tasks (installing a cert, etc) after upgrading to 6.0.3 from 5.0.11. It's likely---I can't recall---I had this issue before the upgrade, but the certificate broke on upgrade and now it's a more serious issue:

    Message: system failure: exception during auth {RemoteManager: host.domain->zimbra@host.domain:22} Error code: service.FAILURE Method: GetCertRequest Details:soap:Receiver

    I've stepped through Mail Queue Monitoring - Zimbra :: Wiki and verified my SSH settings. There's no firewall, nor have I changed ports. I'm still getting prompted for a password when I run:

    Code:
    ssh -vi .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
    I'm pretty sure this is an SSH problem and not a Zimbra one, but I can't find out how/why/what it is or how to diagnose it effectively.

  2. #2
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Have you tried the steps outlined in the Wiki article you linked to regenerate the SSH keys?

  3. #3
    psarhjinian is offline Active Member
    Join Date
    Dec 2009
    Posts
    30
    Rep Power
    5

    Default

    Yes, I did.

    Ran the fix permissions script, regenerated the keys, checked hosts.allow and sshd_conf and unlocked (repeatedly) and verified the lockout status of the account---all of it.

    At this point I think I'm down to a problem with SSH. What information would be helpful in diagnosing why it's not allowing keyfile auth?

  4. #4
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Any errors in /var/log/security? (or your OS's equivalent)

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    You said earlier there's no firewall (are you absolutely sure ), have you also disabled SElinux (you should)?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    psarhjinian is offline Active Member
    Join Date
    Dec 2009
    Posts
    30
    Rep Power
    5

    Default

    Figured it out.

    SSH was set to use PAM, and when we replaced the firewall I didn't reestablish the ruleset that allowed PAM to backend onto AD. Funny, since the "zimbra" account didn't auth via PAM, and I could log in as a non-PAM-auth'ed user. Fixing the firewall rule worked, but so would have disabling PAM in sshd_config or removing the pam config entries that pointed to the domain.

    It didn't make any sense until I ran ssh with maximum verbosity. Even then it wasn't at all clear.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Mail Queue SSH Public Key problem
    By markymarknz in forum Installation
    Replies: 6
    Last Post: 06-05-2007, 04:43 PM
  2. Problem Accessing Web Admin Console
    By PimpDaDdy in forum Administrators
    Replies: 2
    Last Post: 01-27-2007, 04:25 PM
  3. old server name admin web gui problem.
    By demanl in forum Administrators
    Replies: 2
    Last Post: 07-26-2006, 05:11 AM
  4. problem with admin page display.
    By jamesjr555 in forum Users
    Replies: 4
    Last Post: 06-30-2006, 12:52 PM
  5. Zimbra M3-270 Admin login problem
    By phoenix in forum Administrators
    Replies: 0
    Last Post: 12-09-2005, 06:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •