Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Cannot connect to server through ssh
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Demonking
n00b
n00b


Joined: 12 Mar 2007
Posts: 41

PostPosted: Thu Sep 18, 2014 5:10 pm    Post subject: Cannot connect to server through ssh Reply with quote

Hello,

i'm trying to access my server with ssh from my Notebook, but it's not working.
When i'm connecting with my Pc, it's working, so it couldn't be a service or
something like that from my server.

When I'm using the ssh command:

Code:

 ssh -vvv 192.168.2.77
OpenSSH_6.6, OpenSSL 1.0.1i 6 Aug 2014
debug1: Reading configuration data /etc/ssh/ssh_config


In this moment it hangs and i'm unable to connect.

But I'm able to connect my pc with ssh to my notebook.
So it means that the ssh deamon works !


The content of ssh_config is:
http://pastebin.com/abY2zuHq

After google i found out, that sometimes it is neccessary to deactivate the "hpn" Use-Flag but also this doesn't work.
Also i have tried to recreate a new SSH-Key but, this doesn't helped.

Have someone an another idea?
_________________
I finally understand why Java's security model is so torturous:
It's to protect everyone else against people who write code like this.

The Answer to Life, the Universe, and Everything = 42
Back to top
View user's profile Send private message
Melsion
n00b
n00b


Joined: 01 Nov 2007
Posts: 33

PostPosted: Thu Sep 18, 2014 11:53 pm    Post subject: Reply with quote

Hello,

first of all, ssh daemon and ssh client are two different (and independent) things, if one works doesn't mean the other will.

By the output of your ssh, I'd say it hangs trying to stablish a connection. I'd try to connect to your pc with your laptop, if you can make connections from your laptop and to your server with your pc, the problem must be in the middle (wifi, router blocking ports, firewall, notebook's network configuration, etc). The configuration file seems just fine. A bad network card or kernel module is also possible.

It once happened to me I couldn't connect to my pc from my laptop, after an hour of testig every possible thing I could think of.... I realized my laptop was connected to my neighbour's open wifi.... damn I felt stupid...... XD
Back to top
View user's profile Send private message
Demonking
n00b
n00b


Joined: 12 Mar 2007
Posts: 41

PostPosted: Fri Sep 19, 2014 10:45 am    Post subject: Reply with quote

Melsion wrote:
Hello,

first of all, ssh daemon and ssh client are two different (and independent) things, if one works doesn't mean the other will.


You are right, but it means, that port 22 on my notebook is open ;)

Melsion wrote:

By the output of your ssh, I'd say it hangs trying to stablish a connection. I'd try to connect to your pc with your laptop, if you can make connections from your laptop and to your server with your pc, the problem must be in the middle (wifi, router blocking ports, firewall, notebook's network configuration, etc). The configuration file seems just fine. A bad network card or kernel module is also possible.


I don't think, that it is a firewall problem,wifi or a router problem, because my router doesn't blocks port 22.
And i'm able to connect my pc with my notebook through ssh without a problem,but reverse is not working.

Melsion wrote:


It once happened to me I couldn't connect to my pc from my laptop, after an hour of testig every possible thing I could think of.... I realized my laptop was connected to my neighbour's open wifi.... damn I felt stupid...... XD


I have also tested it with wired eth0 but it doesn't work. :(
_________________
I finally understand why Java's security model is so torturous:
It's to protect everyone else against people who write code like this.

The Answer to Life, the Universe, and Everything = 42
Back to top
View user's profile Send private message
Melsion
n00b
n00b


Joined: 01 Nov 2007
Posts: 33

PostPosted: Fri Sep 19, 2014 12:45 pm    Post subject: Reply with quote

Demonking wrote:
Melsion wrote:
Hello,

first of all, ssh daemon and ssh client are two different (and independent) things, if one works doesn't mean the other will.


You are right, but it means, that port 22 on my notebook is open ;)


Well, I meant port 22 is accepting incoming connections, but that has nothing to do with ssh-client opening outgoing connections, in fact, you could have a firewall configured to allow incoming connections in port 22 and block all outgoing connections.

If I understand correctly, you can't ssh from your laptop to neither your server or pc. Can you ping or browse the web from your notebook? If you can, and you don't have a firewall, I'd guess something like:

- missing USE flag: mine are "X hpn ldap pam tcpd", the last two should be the minimum for stablishing a working tcp connection.
- a misconfigured kernel: missing some module from the networking section
- a corrupt binary file: try re-emerging openssh, but this is extremely unlikely.
Back to top
View user's profile Send private message
RazielFMX
l33t
l33t


Joined: 23 Apr 2005
Posts: 835
Location: NY, USA

PostPosted: Fri Sep 19, 2014 1:04 pm    Post subject: Reply with quote

Can you try the following:

Code:
telnet 192.168.2.77 22


And give the output? Telnet is my favorite tool for debugging connection problems. If you don't have a telnet client installed, you can use net-misc/netkit-telnetd.

Thanks!
Back to top
View user's profile Send private message
Demonking
n00b
n00b


Joined: 12 Mar 2007
Posts: 41

PostPosted: Fri Sep 19, 2014 3:13 pm    Post subject: Reply with quote

RazielFMX wrote:
Can you try the following:

Code:
telnet 192.168.2.77 22


And give the output? Telnet is my favorite tool for debugging connection problems. If you don't have a telnet client installed, you can use net-misc/netkit-telnetd.

Thanks!


I prefer net-misc/telnet-bsd ;)

Output:

Code:

Trying 192.168.2.77...
Connected to 192.168.2.77.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.6p1-hpn14v4
#wait here some mins
Connection closed by foreign host.



Melsion wrote:

If I understand correctly, you can't ssh from your laptop to neither your server or pc. Can you ping or browse the web from your notebook? If you can, and you don't have a firewall, I'd guess something like:


Yes,i can't ssh from notebook to somewhere else , and the firewall was not configured.


Melsion wrote:

- missing USE flag: mine are "X hpn ldap pam tcpd", the last two should be the minimum for stablishing a working tcp connection.

Tried it some mins before, but nothing changed.
USE="-ldap -hpn -X" emerge -av openssh

Melsion wrote:

- a misconfigured kernel: missing some module from the networking section

What kind of module is neccessary for ssh ?
Melsion wrote:

- a corrupt binary file: try re-emerging openssh, but this is extremely unlikely.


Also have tried to re-emerge is, but also nothing changed.


Greetz

Demonking
_________________
I finally understand why Java's security model is so torturous:
It's to protect everyone else against people who write code like this.

The Answer to Life, the Universe, and Everything = 42
Back to top
View user's profile Send private message
Demonking
n00b
n00b


Joined: 12 Mar 2007
Posts: 41

PostPosted: Fri Sep 19, 2014 3:37 pm    Post subject: Reply with quote

Really Strange ....
i was trying everything what could be stupid ....

And somehow

Code:
ssh 192.168.2.77 -p 22


is working ...

Can someone explain me, why the ssh default port has changed?
And how i could define it ?

Please no alias or something like that ;)
_________________
I finally understand why Java's security model is so torturous:
It's to protect everyone else against people who write code like this.

The Answer to Life, the Universe, and Everything = 42
Back to top
View user's profile Send private message
RazielFMX
l33t
l33t


Joined: 23 Apr 2005
Posts: 835
Location: NY, USA

PostPosted: Fri Sep 19, 2014 5:58 pm    Post subject: Reply with quote

Do you have a ~/.ssh/config file?
Back to top
View user's profile Send private message
Demonking
n00b
n00b


Joined: 12 Mar 2007
Posts: 41

PostPosted: Fri Sep 19, 2014 6:37 pm    Post subject: Reply with quote

RazielFMX wrote:
Do you have a ~/.ssh/config file?


No, there is no ~/.ssh/config file.

I also have checked the source code of openssh, but port 22
was defined as default :/
_________________
I finally understand why Java's security model is so torturous:
It's to protect everyone else against people who write code like this.

The Answer to Life, the Universe, and Everything = 42
Back to top
View user's profile Send private message
RazielFMX
l33t
l33t


Joined: 23 Apr 2005
Posts: 835
Location: NY, USA

PostPosted: Fri Sep 19, 2014 8:33 pm    Post subject: Reply with quote

Alright. You will have to pastebin this one. You will need to emerge dev-util/strace if you have not done so already.

Code:
strace /usr/bin/ssh -o ConnectTimeout=15 192.168.2.77 date > /tmp/ssh.trace 2>&1


Then pastebin the strace output. I'm forcing a 15 second timeout so you aren't waiting forever for it to exit.
Back to top
View user's profile Send private message
Melsion
n00b
n00b


Joined: 01 Nov 2007
Posts: 33

PostPosted: Fri Sep 19, 2014 8:41 pm    Post subject: Reply with quote

Glad you found it... had to be something stupid :lol:
Back to top
View user's profile Send private message
Demonking
n00b
n00b


Joined: 12 Mar 2007
Posts: 41

PostPosted: Fri Sep 19, 2014 9:28 pm    Post subject: Reply with quote

RazielFMX wrote:
Alright. You will have to pastebin this one. You will need to emerge dev-util/strace if you have not done so already.

Code:
strace /usr/bin/ssh -o ConnectTimeout=15 192.168.2.77 date > /tmp/ssh.trace 2>&1


Then pastebin the strace output. I'm forcing a 15 second timeout so you aren't waiting forever for it to exit.


Here it is ;)


http://pastebin.com/TECy7Jhs

Melsion wrote:
Glad you found it... had to be something stupid :lol:


I think too
_________________
I finally understand why Java's security model is so torturous:
It's to protect everyone else against people who write code like this.

The Answer to Life, the Universe, and Everything = 42
Back to top
View user's profile Send private message
RazielFMX
l33t
l33t


Joined: 23 Apr 2005
Posts: 835
Location: NY, USA

PostPosted: Sat Sep 20, 2014 8:20 pm    Post subject: Reply with quote

Hmmm, it looks like it was killed before anything interesting happened (SIGINT). How odd.
Back to top
View user's profile Send private message
Demonking
n00b
n00b


Joined: 12 Mar 2007
Posts: 41

PostPosted: Sat Sep 20, 2014 8:41 pm    Post subject: Reply with quote

RazielFMX wrote:
Hmmm, it looks like it was killed before anything interesting happened (SIGINT). How odd.


The SIGINT was from me, because i have wait around 15 mins and the ssh haven't timedout ;)
_________________
I finally understand why Java's security model is so torturous:
It's to protect everyone else against people who write code like this.

The Answer to Life, the Universe, and Everything = 42
Back to top
View user's profile Send private message
cboldt
l33t
l33t


Joined: 24 Aug 2005
Posts: 829

PostPosted: Sat Sep 20, 2014 11:44 pm    Post subject: Reply with quote

Check for a /etc/ssh/ssh_config file too. That can be used to modify the default port used on invocation of ssh.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5592

PostPosted: Sun Sep 21, 2014 2:50 am    Post subject: Reply with quote

Does your desktop have hpn enabled? Try turning it off on the server end and see if that changes things.
Back to top
View user's profile Send private message
Demonking
n00b
n00b


Joined: 12 Mar 2007
Posts: 41

PostPosted: Sun Sep 21, 2014 8:00 am    Post subject: Reply with quote

cboldt wrote:
Check for a /etc/ssh/ssh_config file too. That can be used to modify the default port used on invocation of ssh.


I have done it already, but i was afraid, that somehow something other could break.
The default port of ssh should be 22, but i haven't started to define my firewall for my notebook, so it
is a strange behaviour of ssh.

Ant P. wrote:
Does your desktop have hpn enabled? Try turning it off on the server end and see if that changes things.


Have tried it, and no changes.
I can connect with ssh to another pc, but it is only possible when is use the -p Argument on every call.
_________________
I finally understand why Java's security model is so torturous:
It's to protect everyone else against people who write code like this.

The Answer to Life, the Universe, and Everything = 42
Back to top
View user's profile Send private message
jenkler
Apprentice
Apprentice


Joined: 28 Apr 2003
Posts: 205
Location: Sweden - Stockholm

PostPosted: Sun Sep 21, 2014 9:03 am    Post subject: Reply with quote

Strange, have you tried to recompile and do you have any strange USE flags on?

Mine!

[ebuild R ] net-misc/openssh-6.6_p1-r1 USE="X hpn pam tcpd -X509 -bindist -kerberos -ldap -ldns -libedit (-selinux) -skey -static" 1,273 kB
[ebuild R ] virtual/ssh-0 USE="-minimal" 0 kB

If you use minimal some stuff can break :)
_________________
This is me: Mikael Jenkler, use google translate when viewing my page, please!
Back to top
View user's profile Send private message
Demonking
n00b
n00b


Joined: 12 Mar 2007
Posts: 41

PostPosted: Sun Sep 21, 2014 9:14 am    Post subject: Reply with quote

jenkler wrote:
Strange, have you tried to recompile and do you have any strange USE flags on?

Mine!

[ebuild R ] net-misc/openssh-6.6_p1-r1 USE="X hpn pam tcpd -X509 -bindist -kerberos -ldap -ldns -libedit (-selinux) -skey -static" 1,273 kB
[ebuild R ] virtual/ssh-0 USE="-minimal" 0 kB

If you use minimal some stuff can break :)


My default emerge :

Code:

    [ebuild   R    ] net-misc/openssh-6.6_p1-r1  USE="X hpn ldap pam tcpd -X509 -bindist -kerberos -ldns -libedit (-selinux) -skey -static" 0 kB
    [ebuild   R    ] virtual/ssh-0  USE="-minimal" 0 kB


Strange behaviour .... I have tried everything recompile openssh ssh with different flags, also
generate a new ssh-key, because it could be broken...

Nothing helped.

Only set the Port in the /etc/ssh_config ...

But Thanks to all of you for the Help, i hope the Port in the ssh_config wouldn't broke something else.
_________________
I finally understand why Java's security model is so torturous:
It's to protect everyone else against people who write code like this.

The Answer to Life, the Universe, and Everything = 42
Back to top
View user's profile Send private message
RazielFMX
l33t
l33t


Joined: 23 Apr 2005
Posts: 835
Location: NY, USA

PostPosted: Tue Sep 23, 2014 1:34 pm    Post subject: Reply with quote

I think I have a theory (especially since my ConnectTimeout option didn't kill you in 15 seconds, which only happens on socket connect; you never made it there but still hung).

The last thing your application did was this:

Code:

open("/var/db/services.db", O_RDONLY|O_CLOEXEC) = 3
read(3, "\1\6\21\335\2\0\0\0`\0\0\0\0\0\0\0XQ\0\0\0\0\0\0h\313\0\0\0\0\0\0", 32) = 32
mmap(NULL, 52072, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7ff49d09d000
close(3)                                = 0
--- SIGINT {si_signo=SIGINT, si_code=SI_KERNEL} ---
Process 6923 detached


This is super interesting, especially since your '-p 22' fixed the issue. I think that the SSH was hanging on doing a by name lookup of the SSH port (which does not happen if you specify a numeric port).

Can you try this?

Code:

$ getent services | grep ssh
ssh                   22/tcp
ssh                   22/udp
x11-ssh               6010/tcp x11-ssh-offset
x11-ssh               6010/udp x11-ssh-offset


I strongly suspect your services configuration is bad. Please also include the contents of your /etc/nsswitch.conf file, or, at the very least, the output of 'grep ^services /etc/nsswitch.conf'.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum