Troubleshooting
Problem
Connections using ssh, sftp or scp may abruptly terminate during authentication.
Cause
OpenSSH on AIX requests PKCS12 support by default when EFS is enabled and non-AIX systems may reject these PKCS12 requests.
Environment
AIX (any version)
OpenSSH 7.1 or higher
Diagnosing The Problem
Collect debug logs from ssh or sshd (for outgoing or incoming connections, respectively). The log output will contain the following messages. The string at the end of the "Received disconnect" message may vary.
debug1: Sent ALLOW_PKCS12_KEYSTORE_CLIENT_FLAG packet
debug2: we sent a publickey packet, wait for reply
Received disconnect from 142.148.10.122 port 2222:11: Error processing packet
Resolving The Problem
Add the following line to the /etc/ssh/ssh_config and/or /etc/ssh/sshd_config files.
AllowPKCS12KeystoreAutoOpen no
Document Location
Worldwide
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
Was this topic helpful?
Document Information
Modified date:
21 June 2019
UID
ibm10887275