two users on same machine, one can ssh to another machine, the other can't - SSH

This is a discussion on two users on same machine, one can ssh to another machine, the other can't - SSH ; All, I have two users on a machine. There are three other machines that these users should be able to ssh to. The "from" machine is setup: ncsu# ssh -V OpenSSH_4.2p1, OpenSSL 0.9.7h 11 Oct 2005 The "to" machine that ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: two users on same machine, one can ssh to another machine, the other can't

  1. two users on same machine, one can ssh to another machine, the other can't

    All,

    I have two users on a machine. There are three other machines that
    these users should be able to ssh to. The "from" machine is setup:

    ncsu# ssh -V
    OpenSSH_4.2p1, OpenSSL 0.9.7h 11 Oct 2005

    The "to" machine that is problematic is setup:

    $ ssh -V
    OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004

    User A can ssh to all three machines without issue; the other user - B
    - can ssh to only two of the machines. (I can't tell you what versions
    are on the other two machines as I do not have the password to get in,
    but the ssh call from the "from" machine gets the expected "Password"
    prompts.)

    When I set the debug level to DEBUG3 on the "from" machine and using
    user A, I get lots of debug output. When using user B, I get:

    $ ssh -l donkey a.b.c.d

    Authorization failed executing: /usr/bin/ssh -l donkey a.b.c.d

    I took a look at the code - it seems that user B's attempt to get to
    a.b.c.d bails before attempting to connect. Any assistance would be
    appreciated.

    Thanks,

    Greg.


  2. Re: two users on same machine, one can ssh to another machine, the other can't

    >>>>> "KH" == kiwihughes2000 writes:

    KH> All, I have two users on a machine. There are three other
    KH> machines that these users should be able to ssh to. The "from"
    KH> machine is setup:

    KH> ncsu# ssh -V OpenSSH_4.2p1, OpenSSL 0.9.7h 11 Oct 2005

    KH> The "to" machine that is problematic is setup:

    KH> $ ssh -V OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004

    KH> User A can ssh to all three machines without issue; the other user
    KH> - B - can ssh to only two of the machines. (I can't tell you what
    KH> versions are on the other two machines as I do not have the
    KH> password to get in

    $ telnet 22

    KH> $ ssh -l donkey a.b.c.d
    KH> Authorization failed executing: /usr/bin/ssh -l donkey a.b.c.d

    This looks like some sort of local restriction, like a restricted shell --
    it's not an SSH message.

    --
    Richard Silverman
    res@qoxp.net


  3. Re: two users on same machine, one can ssh to another machine, the other can't

    kiwihughes2000@yahoo.ca writes:

    >All,


    >I have two users on a machine. There are three other machines that
    >these users should be able to ssh to. The "from" machine is setup:


    >ncsu# ssh -V
    >OpenSSH_4.2p1, OpenSSL 0.9.7h 11 Oct 2005


    >The "to" machine that is problematic is setup:


    >$ ssh -V
    >OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004


    >User A can ssh to all three machines without issue; the other user - B
    >- can ssh to only two of the machines. (I can't tell you what versions
    >are on the other two machines as I do not have the password to get in,
    >but the ssh call from the "from" machine gets the expected "Password"
    >prompts.)


    >When I set the debug level to DEBUG3 on the "from" machine and using
    >user A, I get lots of debug output. When using user B, I get:


    >$ ssh -l donkey a.b.c.d


    >Authorization failed executing: /usr/bin/ssh -l donkey a.b.c.d


    >I took a look at the code - it seems that user B's attempt to get to
    >a.b.c.d bails before attempting to connect. Any assistance would be
    >appreciated.


    ssh -vvv -l donkey a.b.c.d
    for very verbose output.

    Also are you sure that ssh is not a script in B's directory or something?
    Do you hae problem if you do /usr/bin/ssh -l donkey a.b.c.d as well?




  4. Re: two users on same machine, one can ssh to another machine, the other can't

    >>>>> "BU" == Unruh writes:

    >> $ ssh -l donkey a.b.c.d


    >> Authorization failed executing: /usr/bin/ssh -l donkey a.b.c.d


    >> I took a look at the code - it seems that user B's attempt to get
    >> to a.b.c.d bails before attempting to connect. Any assistance
    >> would be appreciated.


    BU> ssh -vvv -l donkey a.b.c.d for very verbose output.

    He already tried that; see his setting of the DebugLevel. There will be
    no output, since ssh is not being run.

    --
    Richard Silverman
    res@qoxp.net


  5. Re: two users on same machine, one can ssh to another machine, the other can't

    On 2006-03-22, kiwihughes2000@yahoo.ca wrote:
    > Authorization failed executing: /usr/bin/ssh -l donkey a.b.c.d


    As Richard pointed out, ssh doesn't generate that error and it looks
    like some local reason is preventing the user from even running ssh.
    Can the user in question run, eg, "ssh -V" ?

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  6. Re: two users on same machine, one can ssh to another machine, the other can't

    Yes, you are correct. B runs under rksh. Thanks.


  7. Re: two users on same machine, one can ssh to another machine, the other can't

    I was running ssh from B's system prompt. I never thought that someone
    had wrapped ssh in a script buried in B's PATH - but it was. (And
    under the restricted shell - see reply to Richard - I did not see which
    ssh was running, I had to dig for it.) In that shell was the line
    "Authorisation failed . . ." - and it was not on the basis of an
    attempt at running the ssh, but on some other security-based apparatus.
    I am checking that now as that appears to be the source of my
    problems. Apologies for the red-herring - and thanks for responding.


+ Reply to Thread