Re: SSh and NIS problems - related?

On Mon, Jul 14, 2008 at 12:44:05PM +0200, Ronelle van Niekerk wrote:

All,


I am relatively new to AIX - having come back to it after a 12 year
hiatus - and I am experiencing some strange ssh and NIS issues that I
can't find answers to on the net.


The server is running AIX5.3 and it is a P6.


SSH (but sounds like NIS really)

For some reason I can't ssh to the server as myself (a nis user) - I
get a "permission denied" from a unix server and an unexpected close
on putty from my desktop.


The following is in /var/log/secure:

Jul 11 17:11:35 uxcpti02 auth|security:info sshd[618816]: reverse
mapping checking getaddrinfo for ranger.cpt.intecbilling.com
[158.155.41.43] failed - POSSIBLE BREAK-IN ATTEMPT!

Jul 11 17:11:42 uxcpti02 auth|security:info sshd[618816]: Accepted
password for vanniekr from 158.155.41.43 port 52394 ssh2

Jul 11 17:11:42 uxcpti02 auth|security:crit sshd[614696]: fatal:
permanently_set_uid: was able to restore old [e]gid


And this is the only difference of a debug output to one that works:

debug3: channel 0: status: The following connections are open:

#0 client-session (t3 r-1 i0/0 o0/0 fd 4/5 cfd -1)

debug3: channel 0: close_fds r 4 w 5 e 6 c -1

Connection to uxcpti02 closed by remote host.

Connection to uxcpti02 closed.

debug1: Transferred: stdin 0, stdout 0, stderr 79 bytes in 0.2 seconds

debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 505.4

debug1: Exit status -1


I can su from root into any users, and some nis users can log in - the
ones who do not have to have their home directories automounted
(although automount obviously works when su'ing.)


The following is the entry in my /etc/passwd file:

+::0:0:::


My server is also totally inaccessible when I reboot the nis server -
I have to hard boot it


What am I missing?


-Ronelle van Niekerk
Hello Ronelle,
what does your server lookup for ranger.cpt.intecbilling.com?
Simply do:
host ranger.cpt.intecbilling.com
and
host 158.155.41.43
Do you have wrong entries in your /etc/hosts file?
Are you using the right DNS?

Cheers,
ku

--
C-3PO:
I do believe they think I am some kind of god.
Han Solo:
Well, why don't you use your divine influence and
get us out of this?
C-3PO:
I beg your pardon General Solo, but that just
wouldn't be proper.
Han Solo:
Proper???
C-3PO:
It's against my programming to impersonate a deity.

Relevant Pages

  • Re: Queston re Norton Internet Security 2003
    ... First, in the NIS Console, set Security to HIGH; ... about the more esoteric Trojans (due to your Internet habits), ... well worth your time to install one of the dedicated anti-Trojan software ... What's an 'unprotected server application'? ...
    (comp.security.firewalls)
  • Re: One login for multiple machines
    ... get authenticated from remote server (thus not need to create ... network) a centrally-stored login on a Linux server for Windows PCs ... I've excerpted some relevant info from two web pages on NIS and LDAP... ... It is for this reason that LDAP ...
    (Ubuntu)
  • SUMMARY: centralizing account mgmt? is it worth doing?
    ... LDAP-accessible directory server ... NIS is simple, still widely used, and probably exactly what ... one developer has 15 different UNIX accounts. ...
    (SunManagers)
  • Re: Should I renew NPF?
    ... I'm talking NIS, ... resulting log events (using Sven Schaefer's Log Viewer) and then CUSTOMIZE ... |> But this _does_ include any additional Default Trojan ... large -- like a web server, file server, mail server, chat server, news ...
    (comp.security.firewalls)
  • Re: need help with understanding NIS and Installation of Solaris 10
    ... How do we mount a CDROM and LUN on Solaris 10? ... Slice 4 was intended to hold state databases if I ever get around to mirroring the disk. ... for NIS. ... # Set up a YP master server ...
    (comp.unix.solaris)