Fwd: Re:can't ssh out?

Fernando Duran liberosec-FFYn/CNdgSA at public.gmane.org
Mon Apr 9 21:27:22 UTC 2007


A couple more sanity checks:

- use "find" to see what config files (ssh,
networking...) changed recently in /etc ,

- compare with diff the .ssh directory contents of
both users, copy the new one over the old one

- apt-get update; apt-get upgrade

Although by looking at
https://launchpad.net/ubuntu/+source/openssh it seems
that the openssh version is the same for edgy and
feisty; it changed from dapper.

Fernando

--- Fernando Duran <liberosec-FFYn/CNdgSA at public.gmane.org> wrote:

> Date: Mon, 9 Apr 2007 16:52:29 -0400 (EDT)
> From: Fernando Duran <liberosec-FFYn/CNdgSA at public.gmane.org>
> Subject: Re: [TLUG]: can't ssh out?
> To: tlug-lxSQFCZeNF4 at public.gmane.org
> 
> Hmmm, some semi-random thoughts:
> 
> - I guess you upgraded to ubuntu feisty (perhaps
> apt-get dist-upgrade ?) and that version is still
> not
> stable (wait till later this month?). Was ssh
> working
> properly before the upgrade? Any other recent
> change,
> networking?
> 
> - Time-outs always makes me suspect DNS. Just for
> the
> sake of it, use ip addresses instead of host name,
> localhost. Some people (especially mac users) have
> problems when reverse dns is not set and it takes
> them
> minutes to log in.
> 
> - Problem just for a user: Try delete (leaving home
> directory) and recreate the user? Any difference
> (for
> instance in /etc/password) between your main older
> user and the new one (like shell etc)? compare also
> their env variables. What happens if from root you:
> sudo -u matt ssh 127.0.0.1 ?
> 
> - Look at the logs /var/logs/messages
> /var/log/secure
> for possible ssh/authentication error messages
> 
> - sanity checks: /etc/init.d/sshd restart , netstat
> -talp while connecting, backup and clean the
> /etc/ssh/ssh_config file, leave only defaults.
> 
> - for extra points: tcpdump, strace... 
> 
> Fernando
> 
> --- Matt Price <matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org> wrote:
> 
> > Thanks to Lennart and Fernando, need to correct my
> > own error though:
> > 
> > 
> > On Mon, 2007-09-04 at 13:53 -0400, Matt Price
> wrote:
> > > ho folks,
> > > 
> > > on an otherwise functioning laptop, I've
> suddenly
> > found I can't ssh out,
> > > although, fortunately, I can ssh IN, so my
> data's
> > not entirely trapped.
> > > I've tried from various user accounts, including
> > one fresh one, so the
> > > problem doesn't seem to be in the ~/.ssh/
> > directory.  
> > > 
> > ok, i *thought* i'd done that -- but due to
> > something, perhaps using
> > sudo instead of su, i made some kind of error,
> > because it turns out that
> > this problem *is* really limited to my main user
> > account (which of
> > course makes it *much* less crippling).  ssh out
> > from root or other
> > accounts (there aren't any other real accounts on
> > this laptop, but i
> > made up a fake one) work fine.  
> > 
> > I tried deleting my ~/.ssh directory, but that
> made
> > no
> > difference.  /etc/ssh/* seem to me to be fine;
> > here's the output of your
> > grep command, ferndando:
> > :~$ grep ^[^#] /etc/ssh/ssh_config
> > Host 192.* mythtv anarres 
> > StrictHostKeyChecking no 
> > UserKnownHostsFile /dev/null
> > Host *
> >     SendEnv LANG LC_*
> >     HashKnownHosts yes
> >     GSSAPIAuthentication yes
> >     GSSAPIDelegateCredentials no
> > 
> > ----
> > ssh localhost fails, but works fine from other
> > accounts; ssh -vvv gives
> > (just at the end):  
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug3: check_host_in_hostfile: filename
> > /home/matt/.ssh/known_hosts
> > debug3: check_host_in_hostfile: match line 1
> > debug1: Host 'localhost' is known and matches the
> > RSA host key.
> > debug1: Found key in /home/matt/.ssh/known_hosts:1
> > debug2: bits set: 477/1024
> > debug1: ssh_rsa_verify: signature correct
> > debug2: kex_derive_keys
> > debug2: set_newkeys: mode 1
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: expecting SSH2_MSG_NEWKEYS
> > debug2: set_newkeys: mode 0
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: SSH2_MSG_SERVICE_REQUEST sent
> > debug2: service_accept: ssh-userauth
> > debug1: SSH2_MSG_SERVICE_ACCEPT received
> > ----
> > ... and then a long hang.  This is with a fresh
> > ~/.ssh directory...  
> > 
> > tahnks again, and sorry for the misleading
> > misinformation,
> > 
> > matt
> > 
> > 
> > 
> > > thanks,
> > > matt
> > > 	
> > > 
> > > 
> > -- 
> > Matt Price
> > History Dept
> > University of Toronto
> > matt.price-H217xnMUJC0sA/PxXw9srA at public.gmane.org
> > 
> 
> 
> ---------------------
> Fernando Duran
> http://www.fduran.com
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> 


---------------------
Fernando Duran
http://www.fduran.com

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list