LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 01-04-2011, 07:28 PM   #1
Volkner
LQ Newbie
 
Registered: Aug 2010
Posts: 8

Rep: Reputation: 0
Unhappy Can't SSH as root anymore (but can still FTP)


So at work, we host most of our clients websites on a server we have (from Lunar Pages) and I can ssh as root from work just fine, but from home, all of a sudden, I can't ssh as root anymore. I can't ssh as anyone (certain users have permission to ssh).

I can still FTP into the different sites and stuff from home, so it isn't an AFP issue (I doubled checked the deny_hosts.rules (or whatever it is) just in case).

I used to be able to ssh as root into the server from home... what could have changed? Has anyone had this problem? Being able to FTP from all IPs but only SSH from some?

Thanks
 
Old 01-04-2011, 08:27 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Compare 'ssh -v -v -v' from a denied and an accepted remote location with auth, system and daemon log output on the server. However using or accessing a root account directly over the network is not a security best practice. So whatever got changed, if server-side, was good.
 
Old 01-04-2011, 11:07 PM   #3
Volkner
LQ Newbie
 
Registered: Aug 2010
Posts: 8

Original Poster
Rep: Reputation: 0
Here's the one from the denied host:

cameron-laptop:~ cameron$ ssh -v -v -v root@hostrainmaker.com
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to hostrainmaker.com [209.200.237.113] port 22.
debug1: connect to address 209.200.237.113 port 22: Operation timed out
ssh: connect to host hostrainmaker.com port 22: Operation timed out
cameron-laptop:~ cameron$

I'll check out the results from my work computer tomorrow.
 
Old 01-05-2011, 04:51 AM   #4
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
Is there any company firewall out of your reach which was reconfigured?
 
Old 01-05-2011, 11:06 AM   #5
Volkner
LQ Newbie
 
Registered: Aug 2010
Posts: 8

Original Poster
Rep: Reputation: 0
No company firewall.

Here's the -v -v -v output from work:

Cameron:~ cameron$ ssh -v -v -v root@hostrainmaker.com
OpenSSH_5.2p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to hostrainmaker.com [209.200.237.113] port 22.
debug1: Connection established.
debug1: identity file /Users/cameron/.ssh/identity type -1
debug1: identity file /Users/cameron/.ssh/id_rsa type -1
debug1: identity file /Users/cameron/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 131/256
debug2: bits set: 535/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /Users/cameron/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug3: check_host_in_hostfile: filename /Users/cameron/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'hostrainmaker.com' is known and matches the RSA host key.
debug1: Found key in /Users/cameron/.ssh/known_hosts:2
debug2: bits set: 493/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/cameron/.ssh/identity (0x0)
debug2: key: /Users/cameron/.ssh/id_rsa (0x0)
debug2: key: /Users/cameron/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-with-mic,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/cameron/.ssh/identity
debug3: no such identity: /Users/cameron/.ssh/identity
debug1: Trying private key: /Users/cameron/.ssh/id_rsa
debug3: no such identity: /Users/cameron/.ssh/id_rsa
debug1: Trying private key: /Users/cameron/.ssh/id_dsa
debug3: no such identity: /Users/cameron/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@hostrainmaker.com's password:
 
Old 01-05-2011, 11:21 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
I asked you to compare output with auth, system and daemon log output on the server.

// *snort* you don't even use pubkey auth...
 
Old 01-05-2011, 11:34 AM   #7
Volkner
LQ Newbie
 
Registered: Aug 2010
Posts: 8

Original Poster
Rep: Reputation: 0
Yeah... I don't know what either of those things means. I didn't set up this server, I don't own the server, I just want access.
 
Old 01-05-2011, 12:36 PM   #8
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by Volkner
debug1: Connecting to hostrainmaker.com [209.200.237.113] port 22.
debug1: connect to address 209.200.237.113 port 22: Operation timed out
Short and skinny: if you can't complete a tcp handshake from certain locations, then there is a device that is filtering packets at some point along the way. That could be something your ISP has in place, a corporate firewall, switch, router, or even a host-level firewall on hostrainmaker itself.
 
Old 01-05-2011, 02:42 PM   #9
Volkner
LQ Newbie
 
Registered: Aug 2010
Posts: 8

Original Poster
Rep: Reputation: 0
Ok, thanks. I'll dig further and let you know what I find out.

Thanks for your input.
 
Old 01-07-2011, 11:43 PM   #10
Volkner
LQ Newbie
 
Registered: Aug 2010
Posts: 8

Original Poster
Rep: Reputation: 0
I guess it needed to be specifically whitelisted. I could have sworn it was working before, but maybe not... Maybe I'm crazy.

Thanks for your guys' help and sorry for wasting you time =)

[edit]:
To be specific, I added my home IP to /etc/apf/allow_host.rules

Last edited by Volkner; 01-07-2011 at 11:44 PM.
 
Old 01-09-2011, 08:54 AM   #11
sweetdreamz
LQ Newbie
 
Registered: Jan 2011
Posts: 3

Rep: Reputation: 0
check the port your trying to connect is correct & firewall is not blocking your connection.

Last edited by GrapefruiTgirl; 01-09-2011 at 09:17 AM. Reason: Signature disabled due to advertising.
 
  


Reply

Tags
blocked, ftp, server, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Access to one server via root/ssh/ftp on other only ftp anthonychallis Linux - Newbie 4 01-12-2010 02:23 PM
ssh not working anymore astroboiii Linux - Software 12 04-01-2008 10:59 PM
cannot login to ssh anymore chadi Linux - General 12 11-18-2004 01:31 PM
Only Root Login via ssh / ftp Lanmate Linux - General 2 12-22-2003 11:11 PM
SSH doesn't work anymore rlina50 Linux - Networking 1 01-29-2002 07:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration