login about faq

ssh host@host "Waiting another client to complete hostkey query"

OpenSSL machines are fine, but tectia ssh returns this message and does not allow to ssh into the same machine.

Could you please help ?

ssh -V

sshg3.bin: SSH Tectia Client 6.1.3 on sparc-sun-solaris2.8 Build: 59 
Product: SSH Tectia Client 
License type: commercial

ssh -v user@host

Host key for the host "host" not found from database.

The fingerprint of the host public key is: "xxx00-zzzbb-zzzbb-zzzbb-zzzbb-ffyyf-ffyyf-ffyyf-ffyyf-ffyyf-hyxux"

You can get a public key's fingerprint by running % ssh-keygen-g3 -F publickey.pub on the key file.

Please select how you want to proceed. 
cancel) Cancel the connection. 
once) Proceed with the connection but do not save the key. 
save) Proceed with the connection and save the key for future use. 
Please select one (cancel, once, save):

If I type "save" it will prompt me for the password of the private key, then for PAM Authentication, and it succeeds. However, I would need to get rid of all the 'save' and password prompting in order to ssh into my the host from the shell script.

asked Jul 26 '11 at 21:54

graceR's gravatar image

graceR
1111

edited Jul 27 '11 at 15:57

Roman's gravatar image

Roman ♦♦
7735817

Hi, can you specify which version of Tectia client and server are running? Also can you try using the -v (verbose) option, such as:

ssh -v user@host

and paste the output into your question?

(Jul 27 '11 at 14:49) Roman ♦♦ Roman's gravatar image

Ok, I run ssh-keygen-g3 -F publickey.pub on the key file and I am able to bypass the save prompt and the password typing. THis sves my problem, many thanks.

link

answered Jul 27 '11 at 15:46

graceR's gravatar image

graceR
1111

Sorry the problem persists. It seems that teh steps above do not last beyond the session, and when I log again into the machine, the same warning appears even when I ssh -v user@host

(Jul 27 '11 at 18:09) graceR graceR's gravatar image

This time actually the message is "Waiting another client to complete passphrase query."

(Jul 27 '11 at 18:09) graceR graceR's gravatar image

Do you mean that even after selecting "save", you are still getting prompted for accepting the server hostkey? This message:

Host key for the host "host" not found from database.

This probably means that there is a problem that prevents the hostkey from being saved.

What happens if you run the keygen and give the hostname as parameter, such as:

ssh-keygen-g3 -F host

This should print the location of where the hostkey is saved on the system. If the hostkey is not found on the system, check that you are able to write to $HOME/.ssh2/hostkeys/

You can also try saving the hostkey using the keyfetch tool:

ssh-keyfetch -a -l host

link

answered Jul 27 '11 at 18:27

Roman's gravatar image

Roman ♦♦
7735817

Also, check if you have any client configuration options that could be affecting this, the client configurations would be under:

$HOME/.ssh2/ssh-broker-config.xml or /etc/ssh2/ssh-broker-config.xml

Specifically check if there is any hostkey related options defined under the general element.

(Jul 27 '11 at 18:31) Roman ♦♦ Roman's gravatar image

Tried the steps you suggested, but see message "Waiting another client to complete passphrase query."

ssh-keygen-g3 -F host Fingerprint for key `host': (from location /users/myuser/.ssh2/hostkeys/keys_5bb6ccc1221990er7d991752b32f71d6221ee32f) xofos-xofos-xofos-xofos-fyvyf-fyvyf-pyhyk-xofos-zanek-fyvyf-xofos(DSA)

Then,

I tried sshg3 host and got "Waiting another client to complete passphrase query."

(Jul 27 '11 at 18:36) graceR graceR's gravatar image

I am going to check the client configuration options

(Jul 27 '11 at 18:37) graceR graceR's gravatar image

No hostkey related options defined under the general element in ssh-broker-config.xml

(Jul 27 '11 at 18:40) graceR graceR's gravatar image

The "Waiting another client .." message probably means that there are other clients that have a password prompt open. I believe in some 6.1.x versions this could also be caused by interrupting the authentication with CTR+C.

Can you try killing any ssh-broker processes for that user (note that this will close any connections open for the user) and try again?

(Jul 27 '11 at 18:41) Roman ♦♦ Roman's gravatar image

going to

(Jul 27 '11 at 18:44) graceR graceR's gravatar image

Ok, now it prompts me for a passphrase, which I do not remember (very dumb !!!)

(Jul 27 '11 at 18:52) graceR graceR's gravatar image

is there a way to recover the passphrase of I should recreate the priv-pub key pairs ?

(Jul 27 '11 at 18:53) graceR graceR's gravatar image

going to recreate the ppriv-pub key pair ...

(Jul 27 '11 at 18:56) graceR graceR's gravatar image

There is no way to recover the passphrase, so yeah I recommend recreating those.

(Jul 27 '11 at 18:58) Roman ♦♦ Roman's gravatar image
showing 5 of 10 show all

If you are setting this up for running in a shell script you'll want to setup non-interactive authentication.

For that you'll need to:

  • Use batch mode (if using ssh, this is done using the -B option) This way if your script for some reason requires interaction it will fail, rather than hang waiting for input.
    ssh -B user@host
  • Setup a non-interactive authentication method. One option is to generate a public key pair without a passphrase. Other options are listed in this KB article.

link

answered Jul 27 '11 at 19:03

Roman's gravatar image

Roman ♦♦
7735817

I am going to try the no passphrase option and the other ones in the article. Many thanks for your very patient and detailed assistance. I'll write back if other problems occur. Hopefully none.

(Jul 27 '11 at 19:41) graceR graceR's gravatar image

Great, no problem. Glad to be of assistance

(Jul 28 '11 at 11:34) Roman ♦♦ Roman's gravatar image

I recreated the priv-pub key pair, then was able to ssh into the machine.

The only problem now is that the "password will expire in 7 days" So, I will have to change the password every 7 days to make sure all app scripts can run ? That is not ideal, unfortunately.

You were right about with "Waiting another client ..." message

link

answered Jul 27 '11 at 19:07

graceR's gravatar image

graceR
1111

Good that it works now. The password expiration has nothing to do with Tectia though. This is enforced by the operating system on the server side for the account you are connecting with.

(Jul 27 '11 at 19:10) Roman ♦♦ Roman's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×17
×1

Asked: Jul 26 '11 at 21:54

Seen: 5,634 times

Last updated: Jul 28 '11 at 11:34

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.