LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-21-2006, 04:34 PM   #1
Killbot_5000
LQ Newbie
 
Registered: Aug 2004
Location: Southern IL
Distribution: OpenSuSE 10.1
Posts: 24

Rep: Reputation: 15
SSH: One moment, I can log in, next I can't!!


Running OpenSSH_3.8.1p1, Debian-8.sarge.4, 2.4.27-2-386.

I'm having major issues with ssh. I authenticate via an rsa key. Sometimes, I can log in without any incident. Other times, though, I get this:

Code:
[root@client ~]# ssh -v user@remote_server
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to remote_server [192.168.1.6] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
I'll try it again immediately, probably get the same results. But after 5-6 tries, BAM, I'm back in, no problem.

I know for a fact this isn't a client issue. I've checked my hosts.deny (which is blank) and my hosts.allow (SSH: ALL\nSSHD: ALL\nALL: ALL).

It worked for MONTHS, a couple of hundred of automatic logins a day without any incident, and then it started happening.

I can't find a log that has the failed ssh attempts. /var/www/auth.log only has successes recorded.

Any ideas?
 
Old 06-23-2006, 12:01 AM   #2
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 116Reputation: 116
communications link problem?
 
Old 06-23-2006, 12:18 AM   #3
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
Quote:
communications link problem?
most probably. also check for packet loss.
 
Old 06-23-2006, 11:39 PM   #4
fedora4002
Member
 
Registered: Mar 2004
Posts: 135

Rep: Reputation: 15
maybe the cable is loose.
 
Old 06-24-2006, 08:00 PM   #5
Killbot_5000
LQ Newbie
 
Registered: Aug 2004
Location: Southern IL
Distribution: OpenSuSE 10.1
Posts: 24

Original Poster
Rep: Reputation: 15
Code:
11734 packets transmitted, 11734 received, 0% packet loss, time 11733437ms
rtt min/avg/max/mdev = 0.167/0.340/0.804/0.093 ms
0% packet loss. Any other ideas?
 
Old 06-24-2006, 09:52 PM   #6
evilDagmar
Member
 
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480

Rep: Reputation: 31
Looks like simple instability on the remote host to me. If you want to know more about what's going on, run `tcpdump -l -v -n port 22` on it in a screen session or something while you're connecting to it. What sshd writes to the syslog isn't going to be entirely useful in debugging why a connection is dumped if sshd is coredumping before it can decide whether to drop or accept the connection.
 
Old 06-25-2006, 04:09 PM   #7
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 79
In addition to the suggestions above, why don't you look at the most detailed debug logs (debug3) on both sides (if you have that kind of control).

Also, why are you logging in as root?
 
Old 06-26-2006, 09:27 AM   #8
Killbot_5000
LQ Newbie
 
Registered: Aug 2004
Location: Southern IL
Distribution: OpenSuSE 10.1
Posts: 24

Original Poster
Rep: Reputation: 15
Why am I logging in as root? The prompt above is a fake. Would it even matter if I was logged in as root (for the sake of troubleshooting), or were you going to just give the advice that I shouldn't be logged in as root?

Why don't I post the debug logs? Because they haven't had anything appended to them in the last 20 days. Considering that this error happens hundreds of times a day, logic would suggest that this error is not producing output to my debug log. Is there something I'm not understanding?
 
Old 06-26-2006, 09:40 AM   #9
Killbot_5000
LQ Newbie
 
Registered: Aug 2004
Location: Southern IL
Distribution: OpenSuSE 10.1
Posts: 24

Original Poster
Rep: Reputation: 15
Ok, apparently I'm getting a build-up of hanging ssh connections/processes. When I reach my cap, I get that error.

Thanks for your help!
 
Old 06-26-2006, 12:04 PM   #10
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
how do we generate an idea when we could not regenerate the problem? haven't seen whats its like. right now its only bits of suggesstions (check this, check that) i am afraid and i have run out of that too.
 
Old 06-28-2006, 09:37 PM   #11
evilDagmar
Member
 
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480

Rep: Reputation: 31
Well, for one thing, I'm saying use tcpdump to look at the traffic (on both ends) to be sure that you're actually talking to the machine you're talking to. Someone might be trying to perform a MITM attack for all we know of your network topology.
 
Old 06-29-2006, 02:22 AM   #12
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
Try regenerating your RSA key:

ssh-keygen -t rsa

reinsert the RSA key into the .ssh/authorized-keys on the server side.

When you try to login from the client, specify the identity key explicitly with the -i option:

ssh -i .ssh/id_rsa.pub remote_server

I am not sure whether the steps are identical on Debian Sarge but it should be similar.

Not sure that it will help but its worth a try.

*EDIT*
seems you've solved the problem. sorry for the repost

Last edited by SlackDaemon; 06-29-2006 at 02:25 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh log? IchBin Linux - Newbie 9 08-25-2010 04:50 AM
cannot log in via ssh tredontho Linux - General 19 07-06-2006 11:54 AM
Weird Mounting issues. One moment you can write, another moment, you can't. StevenO Linux - Software 1 02-09-2006 12:58 PM
ssh cant log on!! e1000 Linux - Networking 4 02-16-2004 02:59 PM
SSH Log Crashed_Again Linux - Security 4 01-25-2003 10:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration