Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
06-08-2011, 12:32 PM
|
#1
|
LQ Newbie
Registered: Jun 2011
Distribution: Ubuntu Server 11.04
Posts: 3
Rep: 
|
SSH Troubleshooting
So, I had ssh running just fine. I then added a pubkey to the authorized keys file and it worked; albeit briefly. Now I cannot access ssh from anything but localhost. At one point I got an error message about not being able to load ssh_host_rsa_key (and the .._dsa_.. and .._ecdsa_..) but this error message no longer shows up when i start ssh.
lsof and netstat tell me that ssh is indeed listening on the correct port. For some reason a loopback scan with nmap doesn't show the port to be open but a port specific loopback scan does (eg: nmap 127.0.0.1 -p 100-1024).
'service ssh status' tells me that ssh is up and running... i've reloaded and restarted it several times over the course of this problem.
my iptables (as far as I can tell) are fine. the port is forwarded on the router.... toggling between sshd_config and sshd_config.original show nothing that would screw this up. my only changes are: a changed port, a verbose log level, not permitting root login, an authorized_keys file, not permitting a password login, and allowing TCP forwarding. There are no changes to ssh_config.
Everything seems to me to be set up correctly.
Any suggestions?
|
|
|
06-08-2011, 01:19 PM
|
#2
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
If you run "ssh -vvv" you'll get more verbosity from the session which may help.
The most common reason for SECURE shell not to work however is that it thinks the connection is NOT "secure". Check permissions on the source and target users' home directories. They should be 755 at most - if you give execute bit to group or other then ssh won't think it is secure. Check .ssh in the users home directories. They should be 700 at the most. If any one other than the user can access .ssh then ssh won't think it is secure. Unfortunately ssh never really tells you these permissions are the reasons it isn't connecting so it can be quite maddening. That is why it is always the first thing I check when I see ssh issues.
|
|
|
06-08-2011, 03:07 PM
|
#3
|
LQ Newbie
Registered: Jun 2011
Distribution: Ubuntu Server 11.04
Posts: 3
Original Poster
Rep: 
|
Thanks for your timely reply,
Permissions for /home/public are 755 and /home/public/.ssh are 700.
I changed the port back to the default; verbose output is as follows:
Quote:
me@server:~$ ssh -vvv public@server
OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.1.4] port 22.
debug1: connect to address 192.168.1.4 port 22: No route to host
ssh: connect to host server port 22: No route to host
|
So... ssh is able to communicate with the router to get the local IP of the server. But for some reason it is unable to connect. Sounds like a firewall issue to me. But I have firestarter to permit ssh use on port 22.
Any other suggestions?
|
|
|
06-08-2011, 03:30 PM
|
#4
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
Is public the user on both sides of the ssh connection? The permissions I mentioned above have to be OK for both the originating and the destination host.
It sure sounds like a firewall issue - "no route to host" is usually what I see when the port is blocked but then again if ssh is refusing it then you might see that as well. You can verify that by simply turning off the firewall and testing. If it works then you can turn it back on and start trying to determine what the issue is.
If you run "lsof -i :22" on the server does it show it listening on the external interface? Maybe the issue is it isn't - you mentioned previously nmap isn't seeing it.
|
|
|
06-08-2011, 03:48 PM
|
#5
|
LQ Newbie
Registered: Jun 2011
Distribution: Ubuntu Server 11.04
Posts: 3
Original Poster
Rep: 
|
Here's the issue. My server was originally with the LAN address of 192.168.1.4. It was still listed as such on the router. I had some networking issues earlier and switched the ethernet connection from eth1 to eth0 in order to fix the problem (I don't know what I did to break or fix the networking but I can connect to the internet again, I'll take it). Switching the ethernet caused my router to create a new connection for a new server at 192.168.1.6. So, I renamed this connection in the router to be server, forwarded the requisite ports, restarted ssh and viola, success.
I just wasted about 2 hours on such a simple problem.
Hey, thanks a ton for your help.
Last edited by aquowf; 06-08-2011 at 03:51 PM.
Reason: Because I forgot to thank you.
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 04:03 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|