can't ssh out?
Fernando Duran
liberosec-FFYn/CNdgSA at public.gmane.org
Mon Apr 9 20:52:29 UTC 2007
Hmmm, some semi-random thoughts:
- I guess you upgraded to ubuntu feisty (perhaps
apt-get dist-upgrade ?) and that version is still not
stable (wait till later this month?). Was ssh working
properly before the upgrade? Any other recent change,
networking?
- Time-outs always makes me suspect DNS. Just for the
sake of it, use ip addresses instead of host name,
localhost. Some people (especially mac users) have
problems when reverse dns is not set and it takes them
minutes to log in.
- Problem just for a user: Try delete (leaving home
directory) and recreate the user? Any difference (for
instance in /etc/password) between your main older
user and the new one (like shell etc)? compare also
their env variables. What happens if from root you:
sudo -u matt ssh 127.0.0.1 ?
- Look at the logs /var/logs/messages /var/log/secure
for possible ssh/authentication error messages
- sanity checks: /etc/init.d/sshd restart , netstat
-talp while connecting, backup and clean the
/etc/ssh/ssh_config file, leave only defaults.
- for extra points: tcpdump, strace...
Fernando
--- Matt Price <matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org> wrote:
> Thanks to Lennart and Fernando, need to correct my
> own error though:
>
>
> On Mon, 2007-09-04 at 13:53 -0400, Matt Price wrote:
> > ho folks,
> >
> > on an otherwise functioning laptop, I've suddenly
> found I can't ssh out,
> > although, fortunately, I can ssh IN, so my data's
> not entirely trapped.
> > I've tried from various user accounts, including
> one fresh one, so the
> > problem doesn't seem to be in the ~/.ssh/
> directory.
> >
> ok, i *thought* i'd done that -- but due to
> something, perhaps using
> sudo instead of su, i made some kind of error,
> because it turns out that
> this problem *is* really limited to my main user
> account (which of
> course makes it *much* less crippling). ssh out
> from root or other
> accounts (there aren't any other real accounts on
> this laptop, but i
> made up a fake one) work fine.
>
> I tried deleting my ~/.ssh directory, but that made
> no
> difference. /etc/ssh/* seem to me to be fine;
> here's the output of your
> grep command, ferndando:
> :~$ grep ^[^#] /etc/ssh/ssh_config
> Host 192.* mythtv anarres
> StrictHostKeyChecking no
> UserKnownHostsFile /dev/null
> Host *
> SendEnv LANG LC_*
> HashKnownHosts yes
> GSSAPIAuthentication yes
> GSSAPIDelegateCredentials no
>
> ----
> ssh localhost fails, but works fine from other
> accounts; ssh -vvv gives
> (just at the end):
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename
> /home/matt/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 1
> debug1: Host 'localhost' is known and matches the
> RSA host key.
> debug1: Found key in /home/matt/.ssh/known_hosts:1
> debug2: bits set: 477/1024
> debug1: ssh_rsa_verify: signature correct
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> ----
> ... and then a long hang. This is with a fresh
> ~/.ssh directory...
>
> tahnks again, and sorry for the misleading
> misinformation,
>
> matt
>
>
>
> > thanks,
> > matt
> >
> >
> >
> --
> Matt Price
> History Dept
> University of Toronto
> matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org
>
---------------------
Fernando Duran
http://www.fduran.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list