LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-15-2004, 02:20 PM   #1
TrulyTessa
Member
 
Registered: Nov 2004
Location: Canada, eh
Distribution: SuSE 9.2 Pro
Posts: 63

Rep: Reputation: 15
Problems getting SSH to work


I'm running SuSE 9.2 pro and I have a three part question related to SSH:

1. I have no trouble SSH-ing out of my linux machine, but SSH-ing in from remote locations is another story. At the moment, I can ping my (static) IP address from other machines, but I cannot ping my domain name, which I suspect is part of the problem.

Furthermore, when I try to SSH to my IP address, I am told that there are "No further authentication methods available". When I try to SSH to my domain name, I am told the host is unknown.

How can I make SSH work so I can log into my linux machine from remote locations?

2. Does ssh-agent have to be running in order for me to be able to log in remotely?

3. In tinkering around, I set up a public or private key for SSH, which I shouldn't have done since I prefer to log in with a password. (I used the command ssh-keygen -p -t rsa and that put stuff related to the keys into ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub ...) How do I delete these keys so I don't have to use them in the future? I can't find out how to delete keys anywhere in any documentation. Can I just delete the two files I mentioned above, or will that create new problems?

Many thanks.

Last edited by TrulyTessa; 11-15-2004 at 02:24 PM.
 
Old 11-15-2004, 03:24 PM   #2
TrulyTessa
Member
 
Registered: Nov 2004
Location: Canada, eh
Distribution: SuSE 9.2 Pro
Posts: 63

Original Poster
Rep: Reputation: 15
Here's a weird thing that may help shed light on what's going wrong: when I log in from my linux box to a remote box running unix (which has nothing to do with my problem; I just logged into it to see if I could glean any info about my current problem), the remote box gets my computer's name wrong. (That is, when I give the command 'who', the login location it has for me is wrong.) It thinks I'm SSH-ing in from my windows machine which happens to be plugged into the same hub but has a different IP address.

I think my linux machine is having identity problems.

When I look at /etc/hosts, I see what looks (to me) to be correct, so I'm not sure why another machine sees my machine with the wrong name (albeit the right domain):

127.0.0.1 localhost

my.correct.ip.address correctname.my.domain.com correctname

plus the following other stuff appears between those two lines:

::1 localhost ipv6-localhost ipv6-loopback
fe00::0 ipv6-localnet
ff00::1 ipv6-mcastprefix
ff02::2 ipv6-allrouters
ff02::3 ipv6-allhosts
 
Old 11-15-2004, 05:34 PM   #3
NetAX
Member
 
Registered: Mar 2004
Location: Boston, MA
Distribution: SuSE Linux Open/Enterprise, Red Hat, Ubuntu
Posts: 147

Rep: Reputation: 17
In order to SSH from remote locations, i.e. school/work, You need to configure the box for port forwarding. SSH accepts connections on port 22. You mot likely will have to configure your router to listen on port 22. Furthermore your linux firewall (that's if you have one must accept port 22 from the router). Last but not least you must find out your external IP address. A quixk way to finding out this is by visiting http://www.whatismyip.com/.

You use the external IP address to login with SSH. When the router receives a connection on port 22 it forwards it to the box.

Diagram:

externalIP_of_your router:22 ->internal_router:22->linux:22 box.

PS:
Don't worry about the public/private key's until your able to access SSH remotely. (it will only mess things up more.)
 
Old 11-15-2004, 07:15 PM   #4
TrulyTessa
Member
 
Registered: Nov 2004
Location: Canada, eh
Distribution: SuSE 9.2 Pro
Posts: 63

Original Poster
Rep: Reputation: 15
I know my external IP because I configured my machine to have a static IP. (That's what I was referring to above when I wrote "my.correct.IP.address".) The problem is that when I attempt to SSH to my IP address (or my machine's name), I can't connect. (I'm not trying to SSH to 127.0.0.1 -- I'm trying to SSH to my actual IP address.)

I presumed that when I used SuSE's configuration tools to set up the firewall to allow SSH connections, it opened up port 22. If you think that's incorrect, could you tell me how to check / be sure?

Thanks NetAX for taking the time to reply. If you or anyone else has suggestions on how to address question 1, or any comments on my questions 2 or 3, I'd be glad to hear your thoughts. (And a follow-up question -- let's call it question 4 -- will my having set up public/private keys now prevent me from being able to establish a connection?)
 
Old 11-15-2004, 07:28 PM   #5
NetAX
Member
 
Registered: Mar 2004
Location: Boston, MA
Distribution: SuSE Linux Open/Enterprise, Red Hat, Ubuntu
Posts: 147

Rep: Reputation: 17
If you used SuSE's configuration wizard then yes, the port should be opened correctly.

Are you using a router?(like i said earlier the router needs to accept port 22)

You can easily check what ports are open by using nmap IP_address_or_domain_name -p 22 from a remote linux machine.

4. No, public/private key authentication will not prevent you from establishing a connection. It is used to create a secure connection/session between two known hosts. (I only stated not to work with it now because its harder to work on getting two things two work at the same time, instead of working on one problem at a time. It's basic troubleshooting. )
 
Old 11-16-2004, 08:43 AM   #6
TrulyTessa
Member
 
Registered: Nov 2004
Location: Canada, eh
Distribution: SuSE 9.2 Pro
Posts: 63

Original Poster
Rep: Reputation: 15
Yes, I'm using a router, so now I understand a bit better what you're getting at.

I don't have easy access to a remote linux box, but I'll look into finding out if port 22 is open on my router. It'll have to wait 'til I'm back in the office with the linux box in it, so I'll post an update in a couple of days.

Meanwhile, does anyone know a good reference for tinkering with the settings on my router? Assuming I find out that port 22 isn't open, I'll need to figure out how to open it.

I guess I understand now why the remote unix box I was SSH-ing into was getting my machine's 'identity' wrong. What I saw when I used 'who' was probably the identity of my router, not my Windows machine which shares the same hub.

Thanks.
 
Old 11-16-2004, 11:09 AM   #7
TrulyTessa
Member
 
Registered: Nov 2004
Location: Canada, eh
Distribution: SuSE 9.2 Pro
Posts: 63

Original Poster
Rep: Reputation: 15
My IT people (who don't officially support linux which is what makes this whole exercise so painful) have asked me whether my linux machine has the port 22 / SSH daemon enabled. I know the firewall is open to allow port 22 connections, but do I need to be running an SSH daemon to connect from a remote machine? This relates to my original question #2... Does something have to be running in the background in order for my linux box to be able to accept SSH connections?

I'm still working on finding out the answer to the router questions NetAX asked previously... Will report back when able.
 
Old 11-16-2004, 11:13 AM   #8
lhoff
Member
 
Registered: Jun 2001
Location: Chicago
Distribution: Mandrake 10.0 Official
Posts: 181

Rep: Reputation: 30
As root, type

Code:
service sshd status
If it's running, you should see a declaration to that effect. If not, try
Code:
service sshd start
Hope it's as simple as that!
 
Old 11-16-2004, 01:40 PM   #9
TrulyTessa
Member
 
Registered: Nov 2004
Location: Canada, eh
Distribution: SuSE 9.2 Pro
Posts: 63

Original Poster
Rep: Reputation: 15
Thanks lhoff, I'll try that on Thursday!
 
Old 11-18-2004, 09:28 AM   #10
TrulyTessa
Member
 
Registered: Nov 2004
Location: Canada, eh
Distribution: SuSE 9.2 Pro
Posts: 63

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by lhoff
As root, type

Code:
service sshd status
If it's running, you should see a declaration to that effect. If not, try
Code:
service sshd start
Hope it's as simple as that!
I couldn't run 'service sshd status', but '/etc/init.d/sshd start' worked to get the SSH daemon running.

Sadly, I still can't connect remotely though:

When I SSH to my machine name, I'm told my host name is unknown.

When I SSH to my IP, I'm told 'no further authentication methods available'
 
Old 11-18-2004, 12:49 PM   #11
TrulyTessa
Member
 
Registered: Nov 2004
Location: Canada, eh
Distribution: SuSE 9.2 Pro
Posts: 63

Original Poster
Rep: Reputation: 15
Folks, I tried verbose mode in attempting to ssh into my linux machine from a remote location, thinking the result might help isolate the problem. The first thing that strikes me in the response (attached below) is the expression "Remote version has rekey incompatibility bug." Another noteworthy issue is the fact that the connection is shut down locally after the 'publickey' and 'keyboard-interactive' authentication methods are offered. Any idea how I might address this problem? Evidently I'm not having trouble connecting to port 22, it's what comes after contact is made that's causing the failure.

Incidentally, I have tried tinkering with my ssh_config file, making sure PasswordAuthentication is set to yes and playing around with PreferredAuthentications (adding password, and even removing keyboard-interactive and publickey), but the error message remains the same.

Code:
debug: SshAppCommon/sshappcommon.c:154/ssh_app_get_global_regex_context: Allocat
ing global SshRegex context.
debug: SshConfig/sshconfig.c:2184/ssh2_parse_config: Unable to open /homes/[deleted personal info]/.ssh2/ssh2_config
debug: Connecting to [deleted personal info], port 22...
debug: Ssh2/ssh2.c:1956/main: Entering event loop.
debug: Ssh2Client/sshclient.c:1330/ssh_client_wrap: Creating transport protocol.
debug: SshAuthMethodClient/sshauthmethodc.c:137/ssh_client_authentication_initialize: Added "publickey" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:137/ssh_client_authentication_initialize: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1362/ssh_client_wrap: Creating userauth protocol.
debug: client supports 2 auth methods: 'publickey,password'
debug: Ssh2Common/sshcommon.c:496/ssh_common_wrap: local ip = [deleted personal info], loc
al port = 15648
debug: Ssh2Common/sshcommon.c:498/ssh_common_wrap: remote ip = [deleted personal info], rem
ote port = 22
debug: SshConnection/sshconn.c:1889/ssh_conn_wrap: Wrapping...
debug: Remote version: SSH-1.99-OpenSSH_3.9p1
debug: Ssh2Transport/trcommon.c:1373/ssh_tr_input_version: Remote version has rekey incompatibility bug.
debug: Ssh2Transport/trcommon.c:1376/ssh_tr_input_version: Remote version is OpenSSH, KEX guesses disabled.
debug: Ssh2Transport/trcommon.c:1717/ssh_tr_negotiate: lang s to c: `', lang c to s: `'
debug: Ssh2Transport/trcommon.c:1783/ssh_tr_negotiate: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1786/ssh_tr_negotiate: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Remote host key found from database.
debug: Ssh2Common/sshcommon.c:291/ssh_common_special: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:341/ssh_common_special: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: server offers auth methods 'publickey,keyboard-interactive'.
debug: SshConfig/sshconfig.c:2184/ssh2_parse_config: Unable to open /homes/[deleted personal info]/.ssh2/identification
debug: Ssh2AuthClient/sshauthc.c:316/ssh_authc_completion_proc: Method 'publickey' disabled.
debug: server offers auth methods 'publickey,keyboard-interactive'.
debug: Ssh2Common/sshcommon.c:137/ssh_common_disconnect: DISCONNECT received: No further authentication methods available.
warning: Authentication failed.
debug: Ssh2/ssh2.c:117/client_disconnect: locally_generated = TRUE
Disconnected; no more authentication methods available (No further authentication methods available.).
debug: Ssh2Client/sshclient.c:1395/ssh_client_destroy: Destroying client.
debug: SshConnection/sshconn.c:1937/ssh_conn_destroy: Destroying SshConn object.
debug: Ssh2Client/sshclient.c:1448/ssh_client_destroy_finalize: Destroying client completed.
debug: SshAuthMethodClient/sshauthmethodc.c:162/ssh_client_authentication_uninitialize: Destroying authentication method array.

Last edited by TrulyTessa; 11-18-2004 at 01:17 PM.
 
Old 11-18-2004, 03:56 PM   #12
TrulyTessa
Member
 
Registered: Nov 2004
Location: Canada, eh
Distribution: SuSE 9.2 Pro
Posts: 63

Original Poster
Rep: Reputation: 15
Cool

Hey, I figured it out!

I needed to edit my sshd_config file. PasswordAuthentication had been set to no. I commented the line out and rebooted, and that changed it back to the default of yes, enabling me to log in with my password.

Still lots to learn, but I feel like I have graduated from Newbie level 0 to Newbie level 0.1

 
Old 11-18-2004, 04:31 PM   #13
NetAX
Member
 
Registered: Mar 2004
Location: Boston, MA
Distribution: SuSE Linux Open/Enterprise, Red Hat, Ubuntu
Posts: 147

Rep: Reputation: 17
Contragulations! Working the problem until you find a solution shows how persistent you are.
 
Old 11-30-2004, 04:30 AM   #14
buldir
Member
 
Registered: Mar 2004
Location: Fairbanks, AK USA
Posts: 135

Rep: Reputation: 15
Thanks!

Quote:
Originally posted by TrulyTessa
Hey, I figured it out!

I needed to edit my sshd_config file. PasswordAuthentication had been set to no. I commented the line out and rebooted, and that changed it back to the default of yes, enabling me to log in with my password.

Still lots to learn, but I feel like I have graduated from Newbie level 0 to Newbie level 0.1

Thanks TrulyTessa! I was banging my head against the Google wall for about 30 minutes dealing with this same issue in Suse 9.1.
 
Old 11-30-2004, 09:19 AM   #15
TrulyTessa
Member
 
Registered: Nov 2004
Location: Canada, eh
Distribution: SuSE 9.2 Pro
Posts: 63

Original Poster
Rep: Reputation: 15
Glad to hear it buldir!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
why my ssh doesn't work? lisa2005 Linux - Networking 2 08-24-2005 02:20 AM
SSH from work Vindane Linux - Networking 5 05-30-2004 08:06 PM
Can't ssh into my box from work. donk3 Linux - Security 3 08-27-2003 07:54 AM
SSH doesn't work anymore rlina50 Linux - Networking 1 01-29-2002 07:57 PM
Getting ssh-agent to work.. Sonny Linux - Security 16 01-25-2002 06:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration