SSHD not working after OS upgraded to FC5

IBF · 07-11-2006, 12:24 PM

Hello there, I used to have a FC4 box that remotely was accessed via openssh successfully but after we upgraded to Fedora 5 now we get timed out messages from even different clients...the one we use is putty.
I disabled the firewall and Selinux, there are not entries on the hosts.allow and deny files, I can ping the box....I have tried so hard to troubleshoot this issue that finally I decided to give it a try with you guys because I am giving up....here I copied the sshd_config, the /var/log/secure file, netstat results as well as debugg prints....any guru out there can see why this thing stopped working???......I will apprecciate any help.....here is the info....

debuggin......

[root@localhost ~]# /usr/sbin/sshd -d -d -d
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 321
debug2: parse_server_config: config /etc/ssh/sshd_config len 321
debug1: sshd version OpenSSH_4.2p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-d'
debug1: rexec_argv[3]='-d'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
socket: Address family not supported by protocol
Cannot bind any address.

openBSD config file

$OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2
#ListenAddress 208.254.75.124
#LIstenAddress 0.0.0.0
#IPv4 only
#HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
#AllowUsers ibrana
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#ShowPatchLevel no

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

netstat return.................

[root@localhost ~]# netstat -atlpn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN 1690/rpc.statd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 2123/smbd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1672/portmap
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2730/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1996/cupsd
tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN 1978/mDNSResponder
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2069/sendmail: acce
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 2123/smbd
tcp 0 0 208.254.75.124:47904 216.239.53.104:80 ESTABLISHED 2794/firefox-bin
tcp 0 0 208.254.75.124:53560 72.14.211.104:80 ESTABLISHED 2794/firefox-bin

log file prints....

Jul 11 07:49:24 localhost sshd[1951]: Server listening on 0.0.0.0 port 22.
Jul 11 08:07:54 localhost sshd[2728]: fatal: Cannot bind any address.
Jul 11 10:18:05 localhost sshd[1951]: Received signal 15; terminating.
Jul 11 10:18:05 localhost sshd[5567]: Server listening on 0.0.0.0 port 22.
Jul 11 10:30:05 localhost sshd[2046]: Server listening on 0.0.0.0 port 22.
Jul 11 10:38:15 localhost sshd[2730]: Server listening on 0.0.0.0 port 22.

Thanks

unSpawn · 07-11-2006, 07:24 PM

Please post the clientside (triple -v) as well.

IBF · 07-12-2006, 08:08 AM

Thanks for following my thread unSpawn....here you go, this is what I get on putty.log

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2006.07.12 09:03:16 =~=~=~=~=~=~=~=~=~=~=~=
Event Log: Writing new session log (SSH packets mode) to file: putty.log
Event Log: Looking up host "208.254.75.124"
Event Log: Connecting to 208.254.75.124 port 22
Event Log: Failed to connect to 208.254.75.124: Network error: Connection timed out
Event Log: Network error: Connection timed out
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2006.07.12 09:04:34 =~=~=~=~=~=~=~=~=~=~=~=
Event Log: Appending session log (SSH packets mode) to file: putty.log
Event Log: Looking up host "208.254.75.124"
Event Log: Connecting to 208.254.75.124 port 22
Event Log: Failed to connect to 208.254.75.124: Network error: Connection timed out
Event Log: Network error: Connection timed out

I apprecciate your help.
Thanks

unSpawn · 07-12-2006, 09:08 AM

Unfortunately that's not much info. Are there any other services running on the FC5 box (could do a quick test setting up Apache)? Accessable? If you can, load "/usr/sbin/sshd -d -d -d -p 2022" serverside then install http://sourceforge.net/project/showf...roup_id=103886 (and disable service sshd) and run "ssh -v -v -v -p 2022".

IBF · 07-12-2006, 09:17 AM

yes I can run other services, I was able to set SMB, will try what you said and c what happens....will post here later....thanks buddy.

unSpawn · 07-12-2006, 10:47 AM

Hmm. Or boot any GNU/Linux Live CD.

IBF · 07-13-2006, 02:58 PM

I regret about other services...sorry I was browsing a backup server when tried....nope, can't run any other service, tried apache and samba and none of them are accesible from the outside though locally they work fine..I tried deisntalling the wole OpenSSH package and re-installing it again and no luck.....have no ipchains rules, selinux and firewall are disabled, still the box is pingable.....any other recommendation except for stopping by home depot and buying a hammer????............lol....this is so weird!!!.....but thanks anyways, I will keep reading and trying...

IBF · 07-13-2006, 03:02 PM

and also I forgot to mention that I am in the same layer 2 segment without Vlans or any firewall.......geeezzz I hate this server......lol

unSpawn · 07-14-2006, 05:27 AM

Uhmm, can you access anything on the LAN or teh intarweb *from* the b0rken server?

IBF · 07-14-2006, 06:58 AM

Yes, I can browse the internet, download files from an FTP server...have not tried ssh since there is not any client installed....wiil try later...thanks

IBF · 07-18-2006, 02:26 PM

I finally got it back!, it looks like there was no entry in the hosts.allow file and that was causing to deny all by default...after adding a subnet entry it all came back again...not sure why not having entries on that file it causes a deny all...but it worked!!! thanks a lot!!!