SSH Problems

phunni · 2005-07-18 15:50:18

Whenever I try to ssh to another of my machines, the terminal simply hangs.

I've already edited hosts.allow and .deny but I still have the same problem...

I've also tried switching the firewall off to see if that's causing the issue, but it doesn't seem to be.

I have no idea what else to try - anyone got any thoughts?

colnago · 2005-07-18 23:12:46

It should eventually time out and complain about something. When I get this it is usually because I forgot to run the sshd on the host.

Try 'ssh -v ', as there is lots of helpful output. You could also try logging on the server. Like so for iptables:

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG

phunni · 2005-07-19 19:14:50

sshd is definately running on the server. Running ssh -v returns the following (after I've entered my password)

debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.

phrakture · 2005-07-19 19:27:27

phunni wrote:

sshd is definately running on the server.

How can you tell if you can't ssh into the box?

Did you change any config rules that could be keeping you from connecting? (sshd_config stuff)?

phunni · 2005-07-19 19:32:04

I haven't edited the configs at all - except the hosts.deny file.

OK, I guess I can;t be certain it's running, but I get no startup errors when I start or restart the daemon...

Dusty · 2005-07-19 19:52:48

pidof sshd should tell you if its running, no?

have you edited hosts.allow as well?

sshd: ALL

Dusty

colnago · 2005-07-19 20:31:07

sshd is running on the server if you are getting that far. Here is what I get:

debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
Last login: Tue Jul 19 13:25:48 2005 from home

basically the same as you only on to the prompt for me. I only edited /etc/hosts.allow and added 'sshd:ALL'.

Did you change your default shell? It is strange that there are not further messages.

Once you get to the '...Entering interactive session.' point, maybe try going to your server and looking to see if there is something in /var/log

phunni · 2005-07-21 17:00:31

added sshd: ALL to /etc/hosts.allow and I still get exactly the same...

cactus · 2005-07-21 17:06:09

try adding

UseDNS no

to the sshd_config file. I used to have *very* long waits to get into my server, because it was doing name lookups, against a private ip address... lol

EDIT: ps. dont forget to restart ssh after you make the change.

phunni · 2005-07-21 18:47:00

no dice I did restart ssh

phunni · 2005-08-16 20:42:31

bump - any ideas anyone?

cactus · 2005-08-16 20:56:15

post the output of `ssh -vvv user@host`
of course, replace user and host with reasonable values for your testing.
yes. 3 v's. That means 3 times the verbosity. you can then see the debug3 messages.

phunni · 2005-08-17 16:55:37

results:

 
 ssh -vvv paul@server
OpenSSH_4.1p1, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/paul/.ssh/identity type -1
debug1: identity file /home/paul/.ssh/id_rsa type -1
debug1: identity file /home/paul/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.1
debug1: match: OpenSSH_4.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:      
debug2: kex_parse_kexinit:      
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:      
debug2: kex_parse_kexinit:      
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 121/256
debug2: bits set: 506/1024      
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/paul/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /home/paul/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host 'server' is known and matches the RSA host key.
debug1: Found key in /home/paul/.ssh/known_hosts:1
debug2: bits set: 495/1024      
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys         
debug2: set_newkeys: mode 1     
debug1: SSH2_MSG_NEWKEYS sent   
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0     
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/paul/.ssh/identity ((nil))
debug2: key: /home/paul/.ssh/id_rsa ((nil))
debug2: key: /home/paul/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/paul/.ssh/identity
debug3: no such identity: /home/paul/.ssh/identity
debug1: Trying private key: /home/paul/.ssh/id_rsa
debug3: no such identity: /home/paul/.ssh/id_rsa
debug1: Trying private key: /home/paul/.ssh/id_dsa
debug3: no such identity: /home/paul/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
paul@server's password: 
debug3: packet_send2: adding 64 (len 55 padlen 9 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 0
debug3: tty_make_modes: ospeed 38400
debug3: tty_make_modes: ispeed 38400
debug3: tty_make_modes: 1 3
debug3: tty_make_modes: 2 28
debug3: tty_make_modes: 3 127
debug3: tty_make_modes: 4 21
debug3: tty_make_modes: 5 4
debug3: tty_make_modes: 6 0
debug3: tty_make_modes: 7 0
debug3: tty_make_modes: 8 17
debug3: tty_make_modes: 9 19
debug3: tty_make_modes: 10 26
debug3: tty_make_modes: 12 18
debug3: tty_make_modes: 13 23
debug3: tty_make_modes: 14 22
debug3: tty_make_modes: 18 15
debug3: tty_make_modes: 30 1
debug3: tty_make_modes: 31 0
debug3: tty_make_modes: 32 0
debug3: tty_make_modes: 33 0
debug3: tty_make_modes: 34 0
debug3: tty_make_modes: 35 0
debug3: tty_make_modes: 36 1
debug3: tty_make_modes: 37 0
debug3: tty_make_modes: 38 1
debug3: tty_make_modes: 39 0
debug3: tty_make_modes: 40 0
debug3: tty_make_modes: 41 1
debug3: tty_make_modes: 50 1
debug3: tty_make_modes: 51 1
debug3: tty_make_modes: 52 0
debug3: tty_make_modes: 53 1
debug3: tty_make_modes: 54 1
debug3: tty_make_modes: 55 1
debug3: tty_make_modes: 56 0
debug3: tty_make_modes: 57 0
debug3: tty_make_modes: 58 0
debug3: tty_make_modes: 59 1
debug3: tty_make_modes: 60 1
debug3: tty_make_modes: 61 1
debug3: tty_make_modes: 62 0
debug3: tty_make_modes: 70 1
debug3: tty_make_modes: 71 0
debug3: tty_make_modes: 72 1
debug3: tty_make_modes: 73 0
debug3: tty_make_modes: 74 0
debug3: tty_make_modes: 75 0
debug3: tty_make_modes: 90 1
debug3: tty_make_modes: 91 1
debug3: tty_make_modes: 92 0
debug3: tty_make_modes: 93 0
debug2: channel 0: request shell confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072

cactus · 2005-08-17 17:12:55

ok. it looks like it is definately connecting, and logging you in.

Have you tried connecting as another use? What are the contents of your .bashrc and .bash_profile files?

Also, try 'ssh -vvv -2 user@host'
and check /var/log/auth.log for any messages or information

phunni · 2005-08-18 19:30:38

Interestingly, I can use scp to copy files over ssh, which makes me wonder if it's not so much a network issue as a failure to get a shell - or something along those lines...

does that make any sense?

cactus · 2005-08-18 20:16:25

again..what do you have in your .bashrc and .bash_profile?

phunni · 2005-08-18 20:53:58

Interestingly - nothing, those files don't exist on the server.

My local ones (just in case...) have:

.bashrc:

alias ls='ls --color=auto'
PS1='[u@h W]$ '

.bash_profile:

. $HOME/.bashrc

Although I'm guessing it's only the server ones that are relevant...

phrakture · 2005-08-18 21:42:57

can you login as that user on the box?

cactus · 2005-08-18 23:10:43

does that user have a home dir? o.O
appropriate permissions on their home dir (chown'ed to user, read/w/etc.)?

Can you login with another user via ssh? try creating one and see..

useradd -m -s /bin/bash username
passwd username

phunni · 2005-08-19 06:55:47

I can log in as any user on the box. I created another user and had the same problem.

I noticed that my user directory was owned by paul:root - so I changed it to paul:users, but it hasn't made any difference...

Just thinking out loud really, but could this be to do with ptys?

phunni · 2005-08-19 07:00:33

I just checked /var/log/auth.log over again and this time spotted the following:

error: openpty: No such file or directory
error: session_pty_req: session 0 alloc failed

Give any clues?

cactus · 2005-08-19 08:13:48

http://lists.debian.org/debian-devel/19 … 01078.html

http://lists.debian.org/debian-devel/19 … 01189.html

phunni · 2005-08-19 10:00:06

Thanks for that - does the stock kernel contain what is required?

phunni · 2005-08-19 13:49:08

never mind. I added the line to fstab about /dev/pts and mounted it and it now works.

Thanks for all your help

cactus · 2005-08-19 15:07:35

cool beans!

Arch Linux

#1 2005-07-18 15:50:18

SSH Problems

#2 2005-07-18 23:12:46

Re: SSH Problems

#3 2005-07-19 19:14:50

Re: SSH Problems

#4 2005-07-19 19:27:27

Re: SSH Problems

#5 2005-07-19 19:32:04

Re: SSH Problems

#6 2005-07-19 19:52:48

Re: SSH Problems

#7 2005-07-19 20:31:07

Re: SSH Problems

#8 2005-07-21 17:00:31

Re: SSH Problems

#9 2005-07-21 17:06:09

Re: SSH Problems

#10 2005-07-21 18:47:00

Re: SSH Problems

#11 2005-08-16 20:42:31

Re: SSH Problems

#12 2005-08-16 20:56:15

Re: SSH Problems

#13 2005-08-17 16:55:37

Re: SSH Problems

#14 2005-08-17 17:12:55

Re: SSH Problems

#15 2005-08-18 19:30:38

Re: SSH Problems

#16 2005-08-18 20:16:25

Re: SSH Problems

#17 2005-08-18 20:53:58

Re: SSH Problems

#18 2005-08-18 21:42:57

Re: SSH Problems

#19 2005-08-18 23:10:43

Re: SSH Problems

#20 2005-08-19 06:55:47

Re: SSH Problems

#21 2005-08-19 07:00:33

Re: SSH Problems

#22 2005-08-19 08:13:48

Re: SSH Problems

#23 2005-08-19 10:00:06

Re: SSH Problems

#24 2005-08-19 13:49:08

Re: SSH Problems

#25 2005-08-19 15:07:35

Re: SSH Problems

Board footer