Results 1 to 7 of 7

Thread: Mail Queue SSH Public Key problem

  1. #1
    markymarknz is offline Junior Member
    Join Date
    May 2007
    Posts
    7
    Rep Power
    8

    Exclamation Mail Queue SSH Public Key problem

    Hi Everyone,

    Just for the record I have been searching the forums about this problem for quite some time now and have tried all the suggestions but nothing seems to be working for me.

    So my basic problem I get is that when clicking on the Mail Queue menu I get the following error:
    Code:
    2007-05-27 15:06:00,271 INFO  [http-7071-Processor44] [ua=ZimbraWebClient - FF2.0 (Win)/undefined;ip=125.238.104.251;name=admin@markymark.net.nz;] SoapEngine
     - handler exception
    com.zimbra.common.service.ServiceException: system failure: exception during auth {RemoteManager: mail.markymark.net.nz->zimbra@mail.markymark.net.nz:22}
            at com.zimbra.common.service.ServiceException.FAILURE(ServiceException.java:175)
            at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:197)
            at com.zimbra.cs.rmgmt.RemoteManager.execute(RemoteManager.java:134)
            at com.zimbra.cs.service.admin.GetMailQueueInfo.handle(GetMailQueueInfo.java:56)
            at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:270)
            at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:168)
            at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:90)
            at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:223)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
            at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:162)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
            at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
            at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
            at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
            at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
            at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
            at java.lang.Thread.run(Thread.java:595)
    Caused by: java.io.IOException: auth failed
            at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:190)
            ... 24 more
    From other people's threads I know the common problems are either SSHD isn't running on port 22 or the zimbra_identity file hasn't been generated correctly.
    I know SSHD is running fine as I am administering this server through SSH running on port 22 using public key authentication. I have also regenerated the zimbra_identity file a few times through the:
    Code:
    su -zimbra
    zmsshkeygen
    zmupdateauthkeys
    tomcat restart
    When I try:
    ssh -i .ssh/zimbra_identity localhost
    I get the following:
    Permission denied (publickey).

    I am going mad trying to work out what the problem could be.
    My sshd_config file has the following:
    Code:
    # Package generated configuration file
    # See the sshd(8) manpage for details
    
    # What ports, IPs and protocols we listen for
    Port 22
    # Use these options to restrict which interfaces/protocols sshd will bind to
    #ListenAddress ::
    #ListenAddress 0.0.0.0
    Protocol 2
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    #Privilege Separation is turned on for security
    UsePrivilegeSeparation yes
    
    # Lifetime and size of ephemeral version 1 server key
    KeyRegenerationInterval 3600
    ServerKeyBits 768
    
    # Logging
    SyslogFacility AUTH
    LogLevel INFO
    
    # Authentication:
    LoginGraceTime 120
    PermitRootLogin no
    StrictModes yes
    
    RSAAuthentication yes
    PubkeyAuthentication yes
    #AuthorizedKeysFile     %h/.ssh/authorized_keys
    
    # Don't read the user's ~/.rhosts and ~/.shosts files
    IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/ssh_known_hosts
    RhostsRSAAuthentication no
    # similar for protocol version 2
    HostbasedAuthentication no
    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
    #IgnoreUserKnownHosts yes
    
    # To enable empty passwords, change to yes (NOT RECOMMENDED)
    PermitEmptyPasswords no
    
    # Change to yes to enable challenge-response passwords (beware issues with
    # some PAM modules and threads)
    ChallengeResponseAuthentication no
    
    # Change to no to disable tunnelled clear text passwords
    PasswordAuthentication no
    
    # Kerberos options
    KerberosAuthentication yes
    #KerberosGetAFSToken no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    
    X11Forwarding no
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog yes
    KeepAlive yes
    #UseLogin no
    
    #MaxStartups 10:30:60
    #Banner /etc/issue.net
    
    # Allow client to pass locale environment variables
    AcceptEnv LANG LC_*
    Subsystem sftp /usr/lib/openssh/sftp-server
    UsePAM no
    Any help would be greatly appreciated

  2. #2
    markymarknz is offline Junior Member
    Join Date
    May 2007
    Posts
    7
    Rep Power
    8

    Default

    Bump

    I'm really stumped by this.
    zmcontrol status shows everything is running fine.
    This is running on Ubuntu 6.06 Dapper

    Anyone able to help?

  3. #3
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Hey Mark,
    Can you take a look here:
    NCSA: Changes in OpenSSH since v3.8

    that might be able to help.

    john

  4. #4
    markymarknz is offline Junior Member
    Join Date
    May 2007
    Posts
    7
    Rep Power
    8

    Default

    Thanks for your post John.
    Unfortunately I have already looked at that from other posts but I already have KerberosAuthentication enabled and the zimbra account isn't disabled

  5. #5
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Man, I need to read closer.
    I just saw this:
    Code:
    Caused by: java.io.IOException: auth failed
            at com.zimbra.cs.rmgmt.RemoteManager.getSession(RemoteManager.java:190)
            ... 24 more
    This indicates that either the zimbra password is wrong, the zimbra account is disabled, or that the Zimbra user doesn't have access to this machine.

  6. #6
    markymarknz is offline Junior Member
    Join Date
    May 2007
    Posts
    7
    Rep Power
    8

    Default

    Thanks again John.
    Yeah I'm certain the problem is to do with the public key authentication as the account isn't locked and I don't allow password login only public key. The trouble is I have regenerated the keys numerous times which hasn't fixed it doing:

    su -zimbra
    zmsshkeygen
    zmupdateauthkeys
    tomcat restart

    I think I will just have to do a new install as something isn't happy

  7. #7
    markymarknz is offline Junior Member
    Join Date
    May 2007
    Posts
    7
    Rep Power
    8

    Default Working now

    Ok I have reinstalled everything from scratch and taken it slowly.
    Everything seems to be working fine now so I am very happy.
    Thanks

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 01:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 08:09 AM
  4. DynDNS and Zimbra
    By afterwego in forum Installation
    Replies: 30
    Last Post: 04-01-2007, 03:34 PM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •