Paramiko not connecting on Solaris 11

[asarkisian]

On Linux & Solaris 10, the following code works but if it is Solaris 11, it throws the following error message paramiko.ssh_exception.AuthenticationException: Authentication failed.. The credentials/authentication details are correct. The host, username and password are all correct but for some reason it complains about Authentication failure. I know that Solaris 11 has much more beefed up security. Is there any thing else I need to add to my code to get this to work? (more details below):

` def setup_remote_gateway_client_connection(self, gateway_host, gateway_username, gateway_password, client_host, client_username, client_password, gateway_port=22, client_port=22):
self.gateway_host=paramiko.SSHClient()
self.gateway_host.set_missing_host_key_policy(paramiko.AutoAddPolicy())
self.gateway_host.connect(gateway_host, username=gateway_username, password=gateway_password )

    gateway_transport = self.gateway_host.get_transport()
    src_addr = (gateway_host, gateway_port)
    dest_addr = (client_host, client_port)
    gateway_channel = gateway_transport.open_channel("direct-tcpip", dest_addr, src_addr)

    client_host=paramiko.SSHClient()
    client_host.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    client_host.connect(client_host, username=client_username, password=client_password, sock=gateway_channel)

    stdin, stdout, stderr = client_host.exec_command('ls -la')
    for line in stdout.read().split(b'\n'):
      print(str(line))

    stdin, stdout, stderr = client_host.exec_command('hostname')
    for line in stdout.read().split(b'\n'):
      print(str(line))

    client_host.close()
    self.gateway_host.close()`

Upon execution, I get the following:

`fixture.py:28: in setup_remote_gateway_client_connection
client_host.connect(client_host, username=client_username, password=client_password, sock=gateway_channel)
/usr/local/lib/python3.10/site-packages/paramiko/client.py:450: in connect
self._auth(
/usr/local/lib/python3.10/site-packages/paramiko/client.py:781: in _auth
raise saved_exception
/usr/local/lib/python3.10/site-packages/paramiko/client.py:768: in _auth
self._transport.auth_password(username, password)
/usr/local/lib/python3.10/site-packages/paramiko/transport.py:1564: in auth_password
return self.auth_handler.wait_for_response(my_event)

---

self = <paramiko.auth_handler.AuthHandler object at 0x107691ae0>
event = <threading.Event object at 0x107691a20>

def wait_for_response(self, event):
    max_ts = None
    if self.transport.auth_timeout is not None:
        max_ts = time.time() + self.transport.auth_timeout
    while True:
        event.wait(0.1)
        if not self.transport.is_active():
            e = self.transport.get_exception()
            if (e is None) or issubclass(e.__class__, EOFError):
                e = AuthenticationException("Authentication failed.")
            raise e
        if event.is_set():
            break
        if max_ts is not None and max_ts <= time.time():
            raise AuthenticationException("Authentication timeout.")

    if not self.is_authenticated():
        e = self.transport.get_exception()
        if e is None:
            e = AuthenticationException("Authentication failed.")
        # this is horrible.  Python Exception isn't yet descended from
        # object, so type(e) won't work. :(
        if issubclass(e.__class__, PartialAuthentication):
            return e.allowed_types

      raise e

E paramiko.ssh_exception.AuthenticationException: Authentication failed.

/usr/local/lib/python3.10/site-packages/paramiko/auth_handler.py:259: AuthenticationException`

[jun66j5]

Please provide the details about the following:

• What version of paramiko are you using?
• What version of the SSH server in Solaris 11?
• Please provide log file using paramiko.util.log_to_file('/path/to/paramiko.log')

p.s. I recommend to use triple backticks for code block (please edit).

[asarkisian]

@jun66j5

I am using Paramiko version: paramiko 2.12.0. I also used ssh -vv to get the version as well as some info/debug verbose comments.

• Sun_SSH_1.1.9, SSH protocols 1.5/2.0, OpenSSL 0x100021af
• debug1: Reading configuration data /home/my_user/.ssh/config
• debug1: Reading configuration data /etc/ssh/ssh_config
• debug2: Default value for UseOpenSSLEngine is 0
• debug1: Rhosts Authentication disabled, originating port will not be trusted.
• debug1: ssh_connect: needpriv 0
• debug1: Connecting to my_server [***] port 22.
• debug1: Connection established.
• debug1: identity file /home/my_user/.ssh/id_rsa type 1
• debug1: identity file /home/my_user/.ssh/id_dsa type -1
• debug1: Logging to host: my_host
• debug1: Local user: my_user Remote user: my_user
• debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4
• debug1: match: OpenSSH_8.4 pat OpenSSH*
• debug1: Enabling compatibility mode for protocol 2.0
• debug1: Local version string SSH-2.0-Sun_SSH_1.1.9
• debug1: My KEX proposal before adding the GSS KEX algorithm:
• debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
• debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
• debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
• debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
• debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
• debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
• debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
• debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
• debug2: kex_parse_kexinit: i-default
• debug2: kex_parse_kexinit: i-default
• debug2: kex_parse_kexinit: first_kex_follows 0
• debug2: kex_parse_kexinit: reserved 0
• debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
• Unknown code 0
• )
• debug1: SSH2_MSG_KEXINIT sent
• debug1: SSH2_MSG_KEXINIT received
• debug1: My KEX proposal I sent to the peer:
• debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
• debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
• debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
• debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,3des-cbc
• debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
• debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5,hmac-md5-96
• debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
• debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
• debug2: kex_parse_kexinit: i-default
• debug2: kex_parse_kexinit: i-default
• debug2: kex_parse_kexinit: first_kex_follows 0
• debug2: kex_parse_kexinit: reserved 0
• debug1: KEX proposal I received from the peer:
• debug2: kex_parse_kexinit: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
• debug2: kex_parse_kexinit: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed25519
• debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
• debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
• debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
• debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
• debug2: kex_parse_kexinit: none,zlib@openssh.com
• debug2: kex_parse_kexinit: none,zlib@openssh.com
• debug2: kex_parse_kexinit:
• debug2: kex_parse_kexinit:
• debug2: kex_parse_kexinit: first_kex_follows 0
• debug2: kex_parse_kexinit: reserved 0
• debug2: mac_init: found hmac-sha2-256
• debug1: kex: server->client aes128-ctr hmac-sha2-256 none
• debug2: mac_init: found hmac-sha2-256
• debug1: kex: client->server aes128-ctr hmac-sha2-256 none
• debug1: Host key algorithm 'ssh-rsa' chosen for the KEX.
• debug1: Peer sent proposed langtags, ctos:
• debug1: Peer sent proposed langtags, stoc:
• debug1: We proposed langtags, ctos: i-default
• debug1: We proposed langtags, stoc: i-default
• debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
• debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
• debug1: dh_gen_key: priv key bits set: 247/512
• debug1: bits set: 2038/4096
• debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
• debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
• debug1: Host 'my_host' is known and matches the RSA host key.
• debug1: Found key in /home/my_user/.ssh/known_hosts:8
• debug1: bits set: 2134/4096
• debug1: ssh_rsa_verify: signature correct
• debug2: kex_derive_keys
• debug2: set_newkeys: mode 1
• debug1: set_newkeys: setting new keys for 'out' mode
• debug1: SSH2_MSG_NEWKEYS sent
• debug1: expecting SSH2_MSG_NEWKEYS
• debug2: set_newkeys: mode 0
• debug1: set_newkeys: setting new keys for 'in' mode
• debug1: SSH2_MSG_NEWKEYS received
• debug1: done: ssh_kex2.
• debug1: send SSH2_MSG_SERVICE_REQUEST
• debug2: service_accept: ssh-userauth
• debug1: got SSH2_MSG_SERVICE_ACCEPT
• debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
• debug1: Next authentication method: gssapi-keyex
• debug2: we did not send a packet, disable method
• debug1: Next authentication method: gssapi-with-mic
• debug1: Failed to acquire GSS-API credentials for any mechanisms (No credentials were supplied, or the credentials were unavailable or inaccessible
• Unknown code 0
• )
• debug2: we did not send a packet, disable method
• debug1: Next authentication method: publickey
• debug1: Trying public key: /home/my_user/.ssh/id_rsa
• debug2: we sent a publickey packet, wait for reply
• debug1: Server accepts key: pkalg ssh-rsa blen 533 lastkey 80310 hint 0
• debug2: input_userauth_pk_ok: fp 87:36:2d:40:23:00:3b:2e:3d:e7:42:40:f6:34:87:3b
• debug1: Trying private key: /home/my_user/.ssh/id_dsa
• debug2: we did not send a packet, disable method
• debug1: Next authentication method: keyboard-interactive
• debug2: userauth_kbdint
• debug2: we sent a keyboard-interactive packet, wait for reply
• debug2: input_userauth_info_req
• debug2: input_userauth_info_req: num_prompts 1
• Password: *********
• debug2: input_userauth_info_req
• debug2: input_userauth_info_req: num_prompts 0
• debug1: Authentication succeeded (keyboard-interactive)
• debug2: TCP receive buffer size: 49640 B
• debug1: SSH receive window size: 198560 B
• debug1: channel 0: new [client-session]
• debug1: send channel open 0
• debug1: Entering interactive session.
• debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
• debug1: Remote: /home/my_user/.ssh/authorized_keys2:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
• debug2: callback start
• debug1: ssh_session2_setup: id 0
• debug1: channel request 0: env
• debug2: Sent request for environment variable LC_CTYPE=en_US.ISO8859-1
• debug1: channel request 0: env
• debug2: Sent request for environment variable LC_COLLATE=en_US.ISO8859-1
• debug1: channel request 0: env
• debug2: Sent request for environment variable LC_TIME=en_US.ISO8859-1
• debug1: channel request 0: env
• debug2: Sent request for environment variable LC_NUMERIC=en_US.ISO8859-1
• debug1: channel request 0: env
• debug2: Sent request for environment variable LC_MONETARY=en_US.ISO8859-1
• debug1: channel request 0: env
• debug2: Sent request for environment variable LC_MESSAGES=C
• debug1: channel request 0: pty-req
• debug2: x11_get_proto: /usr/openwin/bin/xauth list unix:15.0 2>/dev/null
• debug1: Requesting X11 forwarding with authentication spoofing.
• debug1: channel request 0: x11-req
• debug1: channel request 0: shell
• debug1: fd 4 setting TCP_NODELAY
• debug2: callback done
• debug1: channel 0: open confirm rwindow 0 rmax 32768
• debug2: channel 0: rcvd adjust 2097152
• Logged in. Welcome!

---

As for the log file, here you go:

• DEB [20221220-07:17:01.348] thr=1 paramiko.transport: starting thread (client mode): 0xc653c10
• DEB [20221220-07:17:01.348] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.12.0
• DEB [20221220-07:17:01.373] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-Sun_SSH_1.1.9
• INF [20221220-07:17:01.373] thr=1 paramiko.transport: Connected (version 2.0, client Sun_SSH_1.1.9)
• DEB [20221220-07:17:01.380] thr=1 paramiko.transport: === Key exchange possibilities ===
• DEB [20221220-07:17:01.380] thr=1 paramiko.transport: kex algos: diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1
• DEB [20221220-07:17:01.380] thr=1 paramiko.transport: server key: ssh-rsa, ssh-dss
• DEB [20221220-07:17:01.380] thr=1 paramiko.transport: client encrypt: aes128-ctr, aes192-ctr, aes256-ctr
• DEB [20221220-07:17:01.380] thr=1 paramiko.transport: server encrypt: aes128-ctr, aes192-ctr, aes256-ctr
• DEB [20221220-07:17:01.380] thr=1 paramiko.transport: client mac: hmac-sha2-256, hmac-sha2-512, hmac-sha1
• DEB [20221220-07:17:01.380] thr=1 paramiko.transport: server mac: hmac-sha2-256, hmac-sha2-512, hmac-sha1
• DEB [20221220-07:17:01.380] thr=1 paramiko.transport: client compress: none, zlib@openssh.com, zlib
• DEB [20221220-07:17:01.380] thr=1 paramiko.transport: server compress: none, zlib@openssh.com, zlib
• DEB [20221220-07:17:01.381] thr=1 paramiko.transport: client lang: en-CA, en-US, es, es-MX, fr, fr-CA, i-default
• DEB [20221220-07:17:01.381] thr=1 paramiko.transport: server lang: en-CA, en-US, es, es-MX, fr, fr-CA, i-default
• DEB [20221220-07:17:01.381] thr=1 paramiko.transport: kex follows: False
• DEB [20221220-07:17:01.381] thr=1 paramiko.transport: === Key exchange agreements ===
• DEB [20221220-07:17:01.381] thr=1 paramiko.transport: Kex: diffie-hellman-group-exchange-sha256
• DEB [20221220-07:17:01.381] thr=1 paramiko.transport: HostKey: ssh-rsa
• DEB [20221220-07:17:01.381] thr=1 paramiko.transport: Cipher: aes128-ctr
• DEB [20221220-07:17:01.381] thr=1 paramiko.transport: MAC: hmac-sha2-256
• DEB [20221220-07:17:01.381] thr=1 paramiko.transport: Compression: none
• DEB [20221220-07:17:01.381] thr=1 paramiko.transport: === End of kex handshake ===
• DEB [20221220-07:17:01.393] thr=1 paramiko.transport: Got server p (3191 bits)
• DEB [20221220-07:17:01.577] thr=1 paramiko.transport: kex engine KexGexSHA256 specified hash_algo
• DEB [20221220-07:17:01.577] thr=1 paramiko.transport: Switch to new keys ...
• DEB [20221220-07:17:01.578] thr=2 paramiko.transport: Adding ssh-rsa host key for my_gateway_host: b'0bb34f14ce64f4a49c1094b778305842'
• DEB [20221220-07:17:01.793] thr=2 paramiko.transport: Trying discovered key b'ae859545cdde8caf4924bc9604db40a3' in /Users/my_user/.ssh/id_rsa
• DEB [20221220-07:17:01.806] thr=1 paramiko.transport: userauth is OK
• DEB [20221220-07:17:01.806] thr=1 paramiko.transport: Finalizing pubkey algorithm for key of type 'ssh-rsa'
• DEB [20221220-07:17:01.806] thr=1 paramiko.transport: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
• DEB [20221220-07:17:01.806] thr=1 paramiko.transport: Server did not send a server-sig-algs list; defaulting to our first preferred algo ('rsa-sha2-512')
• DEB [20221220-07:17:01.806] thr=1 paramiko.transport: NOTE: you may use the 'disabled_algorithms' SSHClient/Transport init kwarg to disable that or other algorithms if your server does not support them!
• INF [20221220-07:17:01.833] thr=1 paramiko.transport: Authentication (publickey) failed.
• DEB [20221220-07:17:01.844] thr=1 paramiko.transport: userauth is OK
• INF [20221220-07:17:11.030] thr=1 paramiko.transport: Authentication (password) successful!
• DEB [20221220-07:17:11.031] thr=2 paramiko.transport: [chan 0] Max packet in: 32768 bytes
• DEB [20221220-07:17:11.042] thr=1 paramiko.transport: [chan 0] Max packet out: 32768 bytes
• DEB [20221220-07:17:11.042] thr=1 paramiko.transport: Secsh channel 0 opened.
• DEB [20221220-07:17:11.043] thr=3 paramiko.transport: starting thread (client mode): 0xc6905e0
• DEB [20221220-07:17:11.043] thr=3 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.12.0
• DEB [20221220-07:17:11.055] thr=3 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_8.4
• INF [20221220-07:17:11.055] thr=3 paramiko.transport: Connected (version 2.0, client OpenSSH_8.4)
• DEB [20221220-07:17:11.073] thr=3 paramiko.transport: === Key exchange possibilities ===
• DEB [20221220-07:17:11.073] thr=3 paramiko.transport: kex algos: curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, diffie-hellman-group14-sha256
• DEB [20221220-07:17:11.073] thr=3 paramiko.transport: server key: rsa-sha2-512, rsa-sha2-256, ssh-rsa, ssh-ed25519
• DEB [20221220-07:17:11.073] thr=3 paramiko.transport: client encrypt: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
• DEB [20221220-07:17:11.073] thr=3 paramiko.transport: server encrypt: chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
• DEB [20221220-07:17:11.073] thr=3 paramiko.transport: client mac: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
• DEB [20221220-07:17:11.073] thr=3 paramiko.transport: server mac: umac-64-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com, umac-64@openssh.com, umac-128@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1
• DEB [20221220-07:17:11.074] thr=3 paramiko.transport: client compress: none, zlib@openssh.com
• DEB [20221220-07:17:11.074] thr=3 paramiko.transport: server compress: none, zlib@openssh.com
• DEB [20221220-07:17:11.074] thr=3 paramiko.transport: client lang:
• DEB [20221220-07:17:11.074] thr=3 paramiko.transport: server lang:
• DEB [20221220-07:17:11.074] thr=3 paramiko.transport: kex follows: False
• DEB [20221220-07:17:11.074] thr=3 paramiko.transport: === Key exchange agreements ===
• DEB [20221220-07:17:11.074] thr=3 paramiko.transport: Kex: curve25519-sha256@libssh.org
• DEB [20221220-07:17:11.074] thr=3 paramiko.transport: HostKey: ssh-ed25519
• DEB [20221220-07:17:11.074] thr=3 paramiko.transport: Cipher: aes128-ctr
• DEB [20221220-07:17:11.074] thr=3 paramiko.transport: MAC: hmac-sha2-256
• DEB [20221220-07:17:11.074] thr=3 paramiko.transport: Compression: none
• DEB [20221220-07:17:11.074] thr=3 paramiko.transport: === End of kex handshake ===
• DEB [20221220-07:17:11.176] thr=3 paramiko.transport: kex engine KexCurve25519 specified hash_algo
• DEB [20221220-07:17:11.176] thr=3 paramiko.transport: Switch to new keys ...
• DEB [20221220-07:17:11.176] thr=3 paramiko.transport: Got EXT_INFO: {'server-sig-algs': b'ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com'}
• DEB [20221220-07:17:11.176] thr=2 paramiko.transport: Adding ssh-ed25519 host key for my_host: b'330bbfbad4c8665b17e94527d5f10c5e'
• DEB [20221220-07:17:11.389] thr=2 paramiko.transport: Trying discovered key b'ae859545cdde8caf4924bc9604db40a3' in /Users/my_user/.ssh/id_rsa
• DEB [20221220-07:17:11.423] thr=3 paramiko.transport: userauth is OK
• DEB [20221220-07:17:11.424] thr=3 paramiko.transport: Finalizing pubkey algorithm for key of type 'ssh-rsa'
• DEB [20221220-07:17:11.424] thr=3 paramiko.transport: Our pubkey algorithm list: ['rsa-sha2-512', 'rsa-sha2-256', 'ssh-rsa']
• DEB [20221220-07:17:11.424] thr=3 paramiko.transport: Server-side algorithm list: ['ssh-ed25519', 'sk-ssh-ed25519@openssh.com', 'ssh-rsa', 'rsa-sha2-256', 'rsa-sha2-512', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'sk-ecdsa-sha2-nistp256@openssh.com', 'webauthn-sk-ecdsa-sha2-nistp256@openssh.com']
• DEB [20221220-07:17:11.424] thr=3 paramiko.transport: Agreed upon 'rsa-sha2-512' pubkey algorithm
• INF [20221220-07:17:11.474] thr=3 paramiko.transport: Authentication (publickey) failed.
• DEB [20221220-07:17:11.486] thr=3 paramiko.transport: userauth is OK
• INF [20221220-07:17:11.525] thr=3 paramiko.transport: Authentication (password) failed.
• DEB [20221220-07:17:11.646] thr=2 paramiko.transport: [chan 0] EOF sent (0)
• DEB [20221220-07:17:11.646] thr=2 paramiko.transport: Dropping user packet because connection is dead.
• DEB [20221220-07:17:11.646] thr=2 paramiko.transport: Dropping user packet because connection is dead.

[jun66j5]

Thanks.

Your remote ssh server is SunSSH, a fork of OpenSSH (refs. https://docs.oracle.com/cd/E53394_01/html/E54793/sshuser-6.html).

DEB [20221220-07:17:01.373] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-Sun_SSH_1.1.9

The password authentication failure is logged. Check log of remote ssh server in Solaris. I guess the given username and/or password is wrong.

INF [20221220-07:17:11.525] thr=3 paramiko.transport: Authentication (password) failed.

[asarkisian]

@jun66j5 Yes, that is the interesting part is the credentials are not incorrect. It is the correct username/password but yet it is still complaining about "Authentication Failure". any ideas what I shoud try?

[jun66j5]

Ah, sorry for missed description in this issue.

You've connected 2 servers (gateway_host SunSSH, client_host OpenSSH) in the provided log:

DEB [20221220-07:17:01.348] thr=1 paramiko.transport: starting thread (client mode): 0xc653c10
DEB [20221220-07:17:01.348] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.12.0
DEB [20221220-07:17:01.373] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-Sun_SSH_1.1.9
INF [20221220-07:17:01.373] thr=1 paramiko.transport: Connected (version 2.0, client Sun_SSH_1.1.9)
...
INF [20221220-07:17:01.833] thr=1 paramiko.transport: Authentication (publickey) failed.
DEB [20221220-07:17:01.844] thr=1 paramiko.transport: userauth is OK
INF [20221220-07:17:11.030] thr=1 paramiko.transport: Authentication (password) successful!
DEB [20221220-07:17:11.031] thr=2 paramiko.transport: [chan 0] Max packet in: 32768 bytes
DEB [20221220-07:17:11.042] thr=1 paramiko.transport: [chan 0] Max packet out: 32768 bytes
DEB [20221220-07:17:11.042] thr=1 paramiko.transport: Secsh channel 0 opened.

DEB [20221220-07:17:11.043] thr=3 paramiko.transport: starting thread (client mode): 0xc6905e0
DEB [20221220-07:17:11.043] thr=3 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.12.0
DEB [20221220-07:17:11.055] thr=3 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_8.4
INF [20221220-07:17:11.055] thr=3 paramiko.transport: Connected (version 2.0, client OpenSSH_8.4)
...
INF [20221220-07:17:11.474] thr=3 paramiko.transport: Authentication (publickey) failed.
DEB [20221220-07:17:11.486] thr=3 paramiko.transport: userauth is OK
INF [20221220-07:17:11.525] thr=3 paramiko.transport: Authentication (password) failed.
DEB [20221220-07:17:11.646] thr=2 paramiko.transport: [chan 0] EOF sent (0)
DEB [20221220-07:17:11.646] thr=2 paramiko.transport: Dropping user packet because connection is dead.
DEB [20221220-07:17:11.646] thr=2 paramiko.transport: Dropping user packet because connection is dead.

Please check log of ssh server in client_host. Reason of the failure should be logged.

[asarkisian]

@jun66j5 Do I check on the machine itself? Where would I check? Is there a log path?

[jun66j5]

Log path of ssh server is depended on OS/distribution, syslog configuration, etc... What kind of distribution is the cilent_host (OpenSSH_8.4)?

• Debian, Ubuntu - /var/log/auth.log
• RHEL, CentOS - /var/log/secure
• Solaris - (I don't known)