can't ssh out?

Matt Price matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Mon Apr 9 21:38:03 UTC 2007 

On Mon, 2007-09-04 at 16:52 -0400, Fernando Duran wrote:
> Hmmm, some semi-random thoughts:
> 
> - I guess you upgraded to ubuntu feisty (perhaps
> apt-get dist-upgrade ?) and that version is still not
> stable (wait till later this month?). Was ssh working
> properly before the upgrade? Any other recent change,
> networking?
> 
i've been running feisty for some time, since about november- -
occacionally my system's been broken, but very rarely.  this breakage is
less than a week old, probably quite a bit less; but i'm not sure when
the last change to ssh-client or ssh-server was.  

> - Time-outs always makes me suspect DNS. Just for the
> sake of it, use ip addresses instead of host name,
> localhost. Some people (especially mac users) have
> problems when reverse dns is not set and it takes them
> minutes to log in.
this doesn't seem to be it; i've tried plain ip addresses and there's no
difference, and this user can find url's using dns in other contexts.
> 
> - Problem just for a user: Try delete (leaving home
> directory) and recreate the user? Any difference (for
> instance in /etc/password) between your main older
> user and the new one (like shell etc)? compare also
> their env variables. What happens if from root you:
> sudo -u matt ssh 127.0.0.1 ?
interesting.  This works.  and, ah!  env shows two ssh-related
variables:
$ env | grep -i ssh
SSH_AGENT_PID=7098
SSH_AUTH_SOCK=/tmp/ssh-XeRWOq7017/agent.7017.seahorse

i'd forgotten about that.  from root of course this isn't an issue:
~# sudo -u matt env | grep -i ssh
~#

so, tried killing seahorse-agent, and solves the problem!  yay.  now i
justh ave to figure out what's wrong with seahorse and how to fix it.
any suggestions?  thanks,

matt


> 
> - Look at the logs /var/logs/messages /var/log/secure
> for possible ssh/authentication error messages
> 
> - sanity checks: /etc/init.d/sshd restart , netstat
> -talp while connecting, backup and clean the
> /etc/ssh/ssh_config file, leave only defaults.
> 
> - for extra points: tcpdump, strace... 
> 
> Fernando
> 
> --- Matt Price <matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org> wrote:
> 
> > Thanks to Lennart and Fernando, need to correct my
> > own error though:
> > 
> > 
> > On Mon, 2007-09-04 at 13:53 -0400, Matt Price wrote:
> > > ho folks,
> > > 
> > > on an otherwise functioning laptop, I've suddenly
> > found I can't ssh out,
> > > although, fortunately, I can ssh IN, so my data's
> > not entirely trapped.
> > > I've tried from various user accounts, including
> > one fresh one, so the
> > > problem doesn't seem to be in the ~/.ssh/
> > directory.  
> > > 
> > ok, i *thought* i'd done that -- but due to
> > something, perhaps using
> > sudo instead of su, i made some kind of error,
> > because it turns out that
> > this problem *is* really limited to my main user
> > account (which of
> > course makes it *much* less crippling).  ssh out
> > from root or other
> > accounts (there aren't any other real accounts on
> > this laptop, but i
> > made up a fake one) work fine.  
> > 
> > I tried deleting my ~/.ssh directory, but that made
> > no
> > difference.  /etc/ssh/* seem to me to be fine;
> > here's the output of your
> > grep command, ferndando:
> > :~$ grep ^[^#] /etc/ssh/ssh_config
> > Host 192.* mythtv anarres 
> > StrictHostKeyChecking no 
> > UserKnownHostsFile /dev/null
> > Host *
> >     SendEnv LANG LC_*
> >     HashKnownHosts yes
> >     GSSAPIAuthentication yes
> >     GSSAPIDelegateCredentials no
> > 
> > ----
> > ssh localhost fails, but works fine from other
> > accounts; ssh -vvv gives
> > (just at the end):  
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug3: check_host_in_hostfile: filename
> > /home/matt/.ssh/known_hosts
> > debug3: check_host_in_hostfile: match line 1
> > debug1: Host 'localhost' is known and matches the
> > RSA host key.
> > debug1: Found key in /home/matt/.ssh/known_hosts:1
> > debug2: bits set: 477/1024
> > debug1: ssh_rsa_verify: signature correct
> > debug2: kex_derive_keys
> > debug2: set_newkeys: mode 1
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: expecting SSH2_MSG_NEWKEYS
> > debug2: set_newkeys: mode 0
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: SSH2_MSG_SERVICE_REQUEST sent
> > debug2: service_accept: ssh-userauth
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > ----
> > ... and then a long hang.  This is with a fresh
> > ~/.ssh directory...  
> > 
> > tahnks again, and sorry for the misleading
> > misinformation,
> > 
> > matt
> > 
> > 
> > 
> > > thanks,
> > > matt
> > > 	
> > > 
> > > 
> > -- 
> > Matt Price
> > History Dept
> > University of Toronto
> > matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org
> > 
> 
> 
> ---------------------
> Fernando Duran
> http://www.fduran.com
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
-- 
Matt Price
History Dept
University of Toronto
matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://gtalug.org/pipermail/legacy/attachments/20070409/b50aac89/attachment.sig>

More information about the Legacy mailing list