LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-27-2006, 07:40 PM   #1
tomj88
Member
 
Registered: Apr 2005
Location: Wolverhampton, England
Distribution: Ubuntu
Posts: 334

Rep: Reputation: 30
Problem with ssh hanging, but only on Linux


Hi
I have been getting problems with SSH on my network. Basically:
  • I can connect to an SSH server on my Windows computer, but not on Linux
  • I can connect to my SSH server running on Ubuntu from my Windows computer (and on Localhost)
  • Other people cannot connect to my SSH server from outside my internal network

What happens when I get problems, is it will ask for the password, and after the password is entered, SSH hangs. This happens when I try to SSH into other SSH servers, and when friends try to SSH into my server. If I check /var/log/auth.log I get

Quote:
May 28 00:05:15 localhost sshd[7940]: Accepted password for [username] from [friends-ip] port 1493 ssh2
May 28 00:05:16 localhost sshd[7950]: (pam_unix) session opened for user [username] by (uid=0)
...
May 28 00:23:21 localhost sshd[7950]: (pam_unix) session closed for user [username]
So obviously the connection is being made, but it seems to be hanging after the password has been sent. Am I correct in think that after the connection is made, ssh sessions run on a different port to 22 (here I can see port 1493 being used)? I had similar problems with FTP servers before, but only that friends could not ftp into me. However, again FTP servers worked on Windows before. I have had the same problems on all the distro's I have tried. This leads me to believe that these are problems with my router. I have DMZ turned on for my Ubuntu box on my router.

Any suggestions?

Thanks in advance, Tom.
 
Old 05-27-2006, 07:51 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
The problem is too big right now. It would help to isolate some factors - i.e. remove the router from the equation. For now just test with computers within your internal network.

It's not clear to me from reading your post what you're even trying to do. Are you trying to ssh from your Windows box to your Ubuntu box? If so, which Windows client are you using?

Quote:
Am I correct in think that after the connection is made, ssh sessions run on a different port to 22 (here I can see port 1493 being used)?
The client-side port is 1493 (high-numbered, random port). The server-side port is whatever you set it at in the config file. By default that is 22.
 
Old 05-27-2006, 08:05 PM   #3
tomj88
Member
 
Registered: Apr 2005
Location: Wolverhampton, England
Distribution: Ubuntu
Posts: 334

Original Poster
Rep: Reputation: 30
I can ssh from my windows box to the linux box on the internal network, using PuTTY. The problems occur when using SSH on my Linux box to connect to something outside my network, or when someone tries to connect to my ssh server on my Linux box.
 
Old 05-27-2006, 11:15 PM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
This leads me to believe that these are problems with my router.
I agree with that now. You say you can ssh to the Ubuntu box from within your private network with no problems. And you can ssh to the Ubuntu box from external networks (i.e. authentication works), but then you experience a hang.

Make sure you don't have iptables/netfilter rules that could be interfering with the external connections to the Ubuntu box. Specifically, you should be allowing ESTABLISHED,RELATED connections on your INPUT chain for all IPs.

If that is not the problem, then it's time to play around with the ol' router.
 
Old 05-27-2006, 11:19 PM   #5
tomj88
Member
 
Registered: Apr 2005
Location: Wolverhampton, England
Distribution: Ubuntu
Posts: 334

Original Poster
Rep: Reputation: 30
No, there are no IP Tables rules that are blocking any traffic on port 22.

Any suggestions for what to set on the router? It seems weird that it is working for the Windows computer, but not for the Linux computer (especially seeing as the router is running Linux). FYI the router is a DLink something or another (I forget the model).
 
Old 05-28-2006, 02:07 AM   #6
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
No, there are no IP Tables rules that are blocking any traffic on port 22.
That's not what I meant - have a look at your iptables rules
Code:
iptables -nvL
Make sure you have a rule that looks like:
Code:
ACCEPT  all  --  *  *   0.0.0.0/0    0.0.0.0/0   state RELATED,ESTABLISHED
for your INPUT chain. If you don't, you'll need it. If Ubuntu uses some custom chains you'll want to take a look at those as well (it may be there).

If you do have that rule, then I'm not sure why your router is working correctly for the Windows box but not the Ubuntu box. Maybe there are some settings per IP that need to be tweaked. I won't be able to help with that - look at your router manual.
 
Old 05-28-2006, 03:11 PM   #7
tomj88
Member
 
Registered: Apr 2005
Location: Wolverhampton, England
Distribution: Ubuntu
Posts: 334

Original Poster
Rep: Reputation: 30
That command shows I have no rules in iptables.

How would I go about making that rule you suggested (I have no clue on iptables)?
 
Old 05-28-2006, 03:28 PM   #8
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
You have no rules? What are the default policies on your chains? It might be easier if you just posted the output.

The nice thing is if your default policies are all ACCEPT, and there are no other rules, you can at least eliminate iptables/netfilter as a potential cause of the problem. Then it's probably time to look at the router.
 
Old 05-28-2006, 03:32 PM   #9
tomj88
Member
 
Registered: Apr 2005
Location: Wolverhampton, England
Distribution: Ubuntu
Posts: 334

Original Poster
Rep: Reputation: 30
iptables -nvL
Quote:
Chain INPUT (policy ACCEPT 2433 packets, 334K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 15682 packets, 1357K bytes)
pkts bytes target prot opt in out source destination
on my router, the output of iptables -nvL is
Quote:
Chain INPUT (policy ACCEPT 2790 packets, 202K bytes)
pkts bytes target prot opt in out source destination
202 27974 ACCEPT all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- ppp0 * 192.168.1.2 0.0.0.0/0 state NEW tcp dpt:23
3426 281K DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 227K packets, 21M bytes)
pkts bytes target prot opt in out source destination
25749 1386K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS set 1414
285K 281M ACCEPT all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 192.168.1.3 tcp dpt:6882
5180 320K ACCEPT all -- ppp0 * 0.0.0.0/0 192.168.1.2

Chain OUTPUT (policy ACCEPT 2476 packets, 283K bytes)
pkts bytes target prot opt in out source destination
0 0 DROP icmp -- * ppp0 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 DROP icmp -- * ppp0 0.0.0.0/0 0.0.0.0/0 state INVALID
(192.168.1.2 is this computer, 192.168.1.3 is the Windows computer)
 
Old 05-28-2006, 09:59 PM   #10
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
I believe TCPMSS represents custom rules in your FORWARD chain. Did you create these router firewall rules yourself? (i.e. Can you blow them away and start from scratch, or are these rules important to your setup?)

As an aside, I'm curious as to why you're allowing telnet access.
 
Old 05-28-2006, 10:04 PM   #11
tomj88
Member
 
Registered: Apr 2005
Location: Wolverhampton, England
Distribution: Ubuntu
Posts: 334

Original Poster
Rep: Reputation: 30
In the router's configuration page, I set enabled DMZ for 192.168.1.2 (the Ubuntu computer), so I did not create these rules myself. I could create a backup of the firmware and try blowing these rules away.

I have telnet enabled because it only has web and telnet access, but telnet should only be enabled for the ubuntu box
 
Old 05-28-2006, 10:06 PM   #12
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
tomj88, I am not sure what else to suggest at this point. Do you have a support contract or some such for that router?

Good luck. I'll be curious to read about if you get it corrected.
 
Old 05-28-2006, 10:09 PM   #13
tomj88
Member
 
Registered: Apr 2005
Location: Wolverhampton, England
Distribution: Ubuntu
Posts: 334

Original Poster
Rep: Reputation: 30
I've had the router for a while, so any support is going to cost too much to warrent the hastle, plus I doubt any of the technical support are going to know anything other than how to get dsl working. I might be better off just building a router out of cheap parts. Thanks for your help.
 
  


Reply

Tags
network, ssh, sshd, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh/tcp hanging/sleeping problem Jim Deakin Linux - Networking 0 12-13-2005 08:11 AM
Rpm hanging problem jacky Red Hat 1 05-13-2004 11:48 AM
Console hanging and scp transfer low when using ssh XStorm Linux - Networking 1 12-08-2003 10:34 PM
Strange hanging problem... CEdstrom Slackware 7 10-20-2003 12:16 PM


All times are GMT -5. The time now is 03:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration