LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-08-2011, 12:32 PM   #1
aquowf
LQ Newbie
 
Registered: Jun 2011
Distribution: Ubuntu Server 11.04
Posts: 3

Rep: Reputation: Disabled
SSH Troubleshooting


So, I had ssh running just fine. I then added a pubkey to the authorized keys file and it worked; albeit briefly. Now I cannot access ssh from anything but localhost. At one point I got an error message about not being able to load ssh_host_rsa_key (and the .._dsa_.. and .._ecdsa_..) but this error message no longer shows up when i start ssh.

lsof and netstat tell me that ssh is indeed listening on the correct port. For some reason a loopback scan with nmap doesn't show the port to be open but a port specific loopback scan does (eg: nmap 127.0.0.1 -p 100-1024).

'service ssh status' tells me that ssh is up and running... i've reloaded and restarted it several times over the course of this problem.

my iptables (as far as I can tell) are fine. the port is forwarded on the router.... toggling between sshd_config and sshd_config.original show nothing that would screw this up. my only changes are: a changed port, a verbose log level, not permitting root login, an authorized_keys file, not permitting a password login, and allowing TCP forwarding. There are no changes to ssh_config.
Everything seems to me to be set up correctly.

Any suggestions?
 
Old 06-08-2011, 01:19 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
If you run "ssh -vvv" you'll get more verbosity from the session which may help.

The most common reason for SECURE shell not to work however is that it thinks the connection is NOT "secure". Check permissions on the source and target users' home directories. They should be 755 at most - if you give execute bit to group or other then ssh won't think it is secure. Check .ssh in the users home directories. They should be 700 at the most. If any one other than the user can access .ssh then ssh won't think it is secure. Unfortunately ssh never really tells you these permissions are the reasons it isn't connecting so it can be quite maddening. That is why it is always the first thing I check when I see ssh issues.
 
Old 06-08-2011, 03:07 PM   #3
aquowf
LQ Newbie
 
Registered: Jun 2011
Distribution: Ubuntu Server 11.04
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks for your timely reply,

Permissions for /home/public are 755 and /home/public/.ssh are 700.

I changed the port back to the default; verbose output is as follows:
Quote:
me@server:~$ ssh -vvv public@server
OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to server [192.168.1.4] port 22.
debug1: connect to address 192.168.1.4 port 22: No route to host
ssh: connect to host server port 22: No route to host
So... ssh is able to communicate with the router to get the local IP of the server. But for some reason it is unable to connect. Sounds like a firewall issue to me. But I have firestarter to permit ssh use on port 22.

Any other suggestions?
 
Old 06-08-2011, 03:30 PM   #4
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
Is public the user on both sides of the ssh connection? The permissions I mentioned above have to be OK for both the originating and the destination host.

It sure sounds like a firewall issue - "no route to host" is usually what I see when the port is blocked but then again if ssh is refusing it then you might see that as well. You can verify that by simply turning off the firewall and testing. If it works then you can turn it back on and start trying to determine what the issue is.

If you run "lsof -i :22" on the server does it show it listening on the external interface? Maybe the issue is it isn't - you mentioned previously nmap isn't seeing it.
 
Old 06-08-2011, 03:48 PM   #5
aquowf
LQ Newbie
 
Registered: Jun 2011
Distribution: Ubuntu Server 11.04
Posts: 3

Original Poster
Rep: Reputation: Disabled
Here's the issue. My server was originally with the LAN address of 192.168.1.4. It was still listed as such on the router. I had some networking issues earlier and switched the ethernet connection from eth1 to eth0 in order to fix the problem (I don't know what I did to break or fix the networking but I can connect to the internet again, I'll take it). Switching the ethernet caused my router to create a new connection for a new server at 192.168.1.6. So, I renamed this connection in the router to be server, forwarded the requisite ports, restarted ssh and viola, success.

I just wasted about 2 hours on such a simple problem.

Hey, thanks a ton for your help.

Last edited by aquowf; 06-08-2011 at 03:51 PM. Reason: Because I forgot to thank you.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Troubleshooting kir2u Fedora 8 08-06-2009 10:00 PM
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 03:50 AM
ssh troubleshooting hosts dyndns infiniphunk Linux - Security 4 03-25-2007 03:54 PM
Passwordless SSH with SSH commercial server and open ssh cereal83 Linux - General 7 04-18-2006 01:34 PM
troubleshooting how-to? chilehead Linux - Hardware 2 02-06-2005 05:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration