can't ssh out?
Matt Price
matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Mon Apr 9 21:38:03 UTC 2007
On Mon, 2007-09-04 at 16:52 -0400, Fernando Duran wrote:
> Hmmm, some semi-random thoughts:
>
> - I guess you upgraded to ubuntu feisty (perhaps
> apt-get dist-upgrade ?) and that version is still not
> stable (wait till later this month?). Was ssh working
> properly before the upgrade? Any other recent change,
> networking?
>
i've been running feisty for some time, since about november- -
occacionally my system's been broken, but very rarely. this breakage is
less than a week old, probably quite a bit less; but i'm not sure when
the last change to ssh-client or ssh-server was.
> - Time-outs always makes me suspect DNS. Just for the
> sake of it, use ip addresses instead of host name,
> localhost. Some people (especially mac users) have
> problems when reverse dns is not set and it takes them
> minutes to log in.
this doesn't seem to be it; i've tried plain ip addresses and there's no
difference, and this user can find url's using dns in other contexts.
>
> - Problem just for a user: Try delete (leaving home
> directory) and recreate the user? Any difference (for
> instance in /etc/password) between your main older
> user and the new one (like shell etc)? compare also
> their env variables. What happens if from root you:
> sudo -u matt ssh 127.0.0.1 ?
interesting. This works. and, ah! env shows two ssh-related
variables:
$ env | grep -i ssh
SSH_AGENT_PID=7098
SSH_AUTH_SOCK=/tmp/ssh-XeRWOq7017/agent.7017.seahorse
i'd forgotten about that. from root of course this isn't an issue:
~# sudo -u matt env | grep -i ssh
~#
so, tried killing seahorse-agent, and solves the problem! yay. now i
justh ave to figure out what's wrong with seahorse and how to fix it.
any suggestions? thanks,
matt
>
> - Look at the logs /var/logs/messages /var/log/secure
> for possible ssh/authentication error messages
>
> - sanity checks: /etc/init.d/sshd restart , netstat
> -talp while connecting, backup and clean the
> /etc/ssh/ssh_config file, leave only defaults.
>
> - for extra points: tcpdump, strace...
>
> Fernando
>
> --- Matt Price <matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org> wrote:
>
> > Thanks to Lennart and Fernando, need to correct my
> > own error though:
> >
> >
> > On Mon, 2007-09-04 at 13:53 -0400, Matt Price wrote:
> > > ho folks,
> > >
> > > on an otherwise functioning laptop, I've suddenly
> > found I can't ssh out,
> > > although, fortunately, I can ssh IN, so my data's
> > not entirely trapped.
> > > I've tried from various user accounts, including
> > one fresh one, so the
> > > problem doesn't seem to be in the ~/.ssh/
> > directory.
> > >
> > ok, i *thought* i'd done that -- but due to
> > something, perhaps using
> > sudo instead of su, i made some kind of error,
> > because it turns out that
> > this problem *is* really limited to my main user
> > account (which of
> > course makes it *much* less crippling). ssh out
> > from root or other
> > accounts (there aren't any other real accounts on
> > this laptop, but i
> > made up a fake one) work fine.
> >
> > I tried deleting my ~/.ssh directory, but that made
> > no
> > difference. /etc/ssh/* seem to me to be fine;
> > here's the output of your
> > grep command, ferndando:
> > :~$ grep ^[^#] /etc/ssh/ssh_config
> > Host 192.* mythtv anarres
> > StrictHostKeyChecking no
> > UserKnownHostsFile /dev/null
> > Host *
> > SendEnv LANG LC_*
> > HashKnownHosts yes
> > GSSAPIAuthentication yes
> > GSSAPIDelegateCredentials no
> >
> > ----
> > ssh localhost fails, but works fine from other
> > accounts; ssh -vvv gives
> > (just at the end):
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug3: check_host_in_hostfile: filename
> > /home/matt/.ssh/known_hosts
> > debug3: check_host_in_hostfile: match line 1
> > debug1: Host 'localhost' is known and matches the
> > RSA host key.
> > debug1: Found key in /home/matt/.ssh/known_hosts:1
> > debug2: bits set: 477/1024
> > debug1: ssh_rsa_verify: signature correct
> > debug2: kex_derive_keys
> > debug2: set_newkeys: mode 1
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: expecting SSH2_MSG_NEWKEYS
> > debug2: set_newkeys: mode 0
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: SSH2_MSG_SERVICE_REQUEST sent
> > debug2: service_accept: ssh-userauth
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > ----
> > ... and then a long hang. This is with a fresh
> > ~/.ssh directory...
> >
> > tahnks again, and sorry for the misleading
> > misinformation,
> >
> > matt
> >
> >
> >
> > > thanks,
> > > matt
> > >
> > >
> > >
> > --
> > Matt Price
> > History Dept
> > University of Toronto
> > matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org
> >
>
>
> ---------------------
> Fernando Duran
> http://www.fduran.com
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
--
Matt Price
History Dept
University of Toronto
matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://gtalug.org/pipermail/legacy/attachments/20070409/b50aac89/attachment.sig>
More information about the Legacy
mailing list