The Sys Admin

Since starting at MIT my support focus has been on the Linux and Solaris environments as opposed to Microsoft environments from my last position. Getting reacquainted with SSH, SSL and Apache has been fun and picking up Kerberos, PGP, GPG, and Oracle Application Server has been great. I wanted to share an SCP problem that I was having that had me stumped for a couple of days.

Our environments are locked down and for the most part individual accounts are restricted. We use Kerberos authentication for access to restricted accounts and because of this SCP is not a good solution to use directly between servers, as we do not have a full username and password access. What we do is push and pull files to a staging server, and then push or pull the files to the default location. I built a desktop running RedHat Enterprise Server 5.0 and was using this new environment as my staging server. I ran into a problem on the RedHat Enterprise Server when attempting to SCP to and from Solaris environments. I would receive the following error:

"scp bad packet length problem"

I could scp between all of my RedHat servers and all of my Ubuntu desktops however I could not push or pull to a Solaris server. After some research, the error appeared to be caused by different versions of ssh. I found a link on the openbsd.org site explaining all all ssh parameters . Here is the reference to the Protocol Parameter:

Protocol

Specifies the protocol versions ssh(1) should support in order of
preference. The possible values are `1' and `2'. Multiple ver-
sions must be comma-separated. The default is ``2,1''. This
means that ssh tries version 2 and falls back to version 1 if
version 2 is not available.

I looked at the ssh config files located in /etc/ssh and found the Protocol parameter in sshd_config. "Protocol 2,1" was commented out and "Protocol 2" was uncommented. I commented out the "Protocol 2", uncommented "Protocol 2,1" and restarted ssh "/etc/init.d/sshd restart".

This solved the problem.

Technorati : scp ssh RedHat

I am sorry for the lack of posts here, I recently changed positions which has kept me fairly busy. I just started at MIT in their application infrastructure services group and have been focusing on my new position more than my blogs. This weekend I started reading and came across a post from Kris at Geekbits³ that was relevant to me and I am sure will be relevant to all admins that manage a large number of UNIX hosts.

On most Corporate networks, telnet is disabled and ssh is required for connectivity between Unix hosts. SSH requires a password and depending on how it is configure, could also require a key phrase.

Kris outlines a secure configuration of connecting to your hosts with SSH that eliminates the need for a password or an SSH key phrase. This process needs to be followed on all of your servers, however once in place will increase your efficiency and provide you with extend remote support on all of your servers.

Here is an overview of Kris's post ......

Passwordless Login For SSH

I've recently set-up a new backup server, I wanted to be able to automate backups from my workstations to the server. I will be using OpenSSH (scp) as the transfer agent between the workstations and the server. By default the OpenSSH server asks for a password every time you login, therefore automation is impossible, without a bit of tweaking.

Creating an environment where passwords are unnecessary can be achieved using public-key cryptography. In this process we create unique identification between workstation (or other system) and server. The server can then recognize the user using a private/public key pair.

There are a number of steps that need to be completed, on both workstation and server, to achieve password-less logins. I have written the required server commands within the `ssh' command, to simplify the process. You will need to have a working OpenSSH server, and user login before beginning.

Read the rest of Kris's SSH entry ...

Technorati : Support, System Administration, Unix