SuSE 10.1 3.2M2 - Admin - Mail Queue - Not displaying

**brian** · 08-28-2006, 02:01 PM

Try to ssh with -v. This will usually give you more of a hint to why it doesn't like the keys or other authentication mechanisms.

**gmsmith** · 08-28-2006, 02:17 PM

Originally Posted by brian

Try to ssh with -v. This will usually give you more of a hint to why it doesn't like the keys or other authentication mechanisms.

zimbra@zimbra:~/.ssh> ssh -v host.name.com
OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to host.name.com [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /opt/zimbra/.ssh/identity type -1
debug1: identity file /opt/zimbra/.ssh/id_rsa type -1
debug1: identity file /opt/zimbra/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host 'host.name.com (xxx.xxx.xxx.xxx)' can't be established.
RSA key fingerprint is 1d:6e:94:62:56:ca:a6:02:8c:da:10:01:df:db:41:10.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host.name.com,xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /opt/zimbra/.ssh/identity
debug1: Trying private key: /opt/zimbra/.ssh/id_rsa
debug1: Trying private key: /opt/zimbra/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:

---------

What am I missing?

**brian** · 08-28-2006, 02:35 PM

When testing ssh by hand you need to specifically tell it the key to use.

ssh -v -i /opt/zimbra/.ssh/zimbra_identity zimbra@host.name.com

**gmsmith** · 08-28-2006, 03:04 PM

Originally Posted by brian

When testing ssh by hand you need to specifically tell it the key to use.

ssh -v -i /opt/zimbra/.ssh/zimbra_identity zimbra@host.name.com

Sorry

zimbra:~ # ssh -v -i /opt/zimbra/.ssh/zimbra_identity zimbra@host.name.com
OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to host.name.com [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /opt/zimbra/.ssh/zimbra_identity type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.2
debug1: match: OpenSSH_4.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'host.name.com' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /opt/zimbra/.ssh/zimbra_identity
debug1: Remote: Forced command: /opt/zimbra/libexec/zmrcd
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Remote: Forced command: /opt/zimbra/libexec/zmrcd
Connection closed by host.name.com

**marcmac** · 08-28-2006, 04:04 PM

debug1: Remote: Forced command: /opt/zimbra/libexec/zmrcd
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Remote: Forced command: /opt/zimbra/libexec/zmrcd

That almost looks like the execution of zmrcd on the target box is failing - can you run that by hand as the zimbra user?

**brian** · 08-28-2006, 04:34 PM

You should be seeing something like this when you ssh by hand, it should also hang waiting on input.

debug1: Remote: Forced command: /opt/zimbra/libexec/zmrcd
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.

The only other thing I can think of is because you have your server configured for both ssh protocol 1 and 2 you may want to ensure that protocol 2 is listed first. Or just loose the protocol 1 support all together.

I don't believe the Java ssh client that is being used supports protocol 1.

**illscientific** · 10-03-2006, 08:14 PM

Did anyone ever figure this out? I'm having the same issue.

**illscientific** · 10-04-2006, 08:57 AM

zimbra@chamber:~/libexec$ ssh -v -i /opt/zimbra/.ssh/zimbra_identity zimbra@mail.networks.com
OpenSSH_3.8.1p1 Debian-8.sarge.4, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to mail.networks.com [209.9.228.67] port 22.
debug1: Connection established.
debug1: identity file /opt/zimbra/.ssh/zimbra_identity type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-3
debug1: match: OpenSSH_4.3p2 Debian-3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'mail.networks.com' is known and matches the RSA host key.
debug1: Found key in /opt/zimbra/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /opt/zimbra/.ssh/zimbra_identity
debug1: Remote: Forced command: /opt/zimbra/libexec/zmrcd
debug1: Server accepts key: pkalg ssh-dss blen 435
debug1: read PEM private key done: type DSA
debug1: Remote: Forced command: /opt/zimbra/libexec/zmrcd
Connection closed by 209.9.228.67
zimbra@chamber:~/libexec$

How else can I troubleshoot this... or where would this be logged as to why its kicking me out as soon as I try an ssh in...

**illscientific** · 10-04-2006, 09:15 AM

When I run "/opt/zimbra/libexec/zmrcd" manually as the zimbra user it just returns me to the shell with no output and I don't see anything running in the process listing... Is there a way to enable some kind of debugging...?

**illscientific** · 10-08-2006, 05:04 PM

I bet I can make this work with libpam_chroot.. Ill keep you posted

Zimbra

Thread: SuSE 10.1 3.2M2 - Admin - Mail Queue - Not displaying

LinkBack

Thread Tools

Search Thread

Display

Thread Information

Users Browsing this Thread

Similar Threads

Problems with port 25

Post install : Zimbra start up is taking upwards of 10 minutes

fresh install down may be due to tomcat

DynDNS and Zimbra

receiveing mail

Posting Permissions