Bizarre SSH problem. Ready to cry. Or yell "bug".

This makes absolutely no sense. Prepare yourself.

I have three PC's connected to a linksys router, under my desk. Two
are linux PC's and one is Win2K. There are no other PC's on my home
lan, not even a printer, and it's not wireless so it's really only me
here.

I can do all of the following just fine, tested over and over again:

1. Use the web on any one of the PC's.
2. SSH out to a remote server on the net, from any of the 3 PC's.
3. SSH from the remote server, into either of the linux PC's (if I
change the port forwarding on the router for port 22, but don't worry
about that).
4. SSH into either linux PC from the win2k PC.
5. Any one of the three PC's can ping any other of the three PC's.

Ok, consider all of that, and now here's what I can NOT do:

I can't SSH from one linux PC to the other. From either to either.

??????

I've never touched hosts.allow or .deny on either box, they're empty
except for comments. The machines CAN ping each other, remember. And
this can't be a firewall problem because they allow SSH sessions from
both the win2k box and the outside (through/from the router). But I
checked that anyway and the port is open.

I've tried ssh -1 and ssh -2. Neither works.

The behavior when I ssh is that is just times out.

ssh -v 192.168.1.110
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: Connecting to 192.168.1.110 [192.168.1.110] port 22.
(hangs forever)

One linux PC is mandrake 9.2, the other is completly fresh install of
Fedora Core 2.

!!!?!??

Before you ask any questions, ask yourself "but why can he ssh from
the win2k box" that negates most questions, hence the "ready to cry"
bit.

In comp.os.linux.networking mrbog <(E-Mail Removed)> wrote:

> Before you ask any questions, ask yourself "but why can he ssh from
> the win2k box" that negates most questions, hence the "ready to cry"
> bit.

Hmm, for a case such as this, I might think that the network
configuration is incorrect in some way (perhaps a netmask is wrong
somewhere), but since you can ping successfully, that would indicate
that routing is correct and working normally.

I would suggest breaking out tcpdump on the client AND server machine,
and seeing what it's doing on the network.

Are you using DNS at all internally?

What happens when you down the firewall on both machines?

iptables -F
iptables -X

Does the behaivour disapper when you substitute one end for something
such as Knoppix?

Have you double-checked that each of the linux machines have a different
IP address? (yes, I know you can ping them, but can you be sure of what
you're pinging?)

--
Cameron Kerr
(E-Mail Removed) : http://nzgeeks.org/cameron/
Empowered by Perl!

On 27 May 2004 00:05:51 -0700, mrbog <(E-Mail Removed)> wrote:
| This makes absolutely no sense. Prepare yourself.

| I can't SSH from one linux PC to the other. From either to either.
|
| ??????
|
| I've never touched hosts.allow or .deny on either box, they're empty
| except for comments. The machines CAN ping each other, remember. And
| this can't be a firewall problem because they allow SSH sessions from
| both the win2k box and the outside (through/from the router). But I
| checked that anyway and the port is open.
|
| I've tried ssh -1 and ssh -2. Neither works.
|
| The behavior when I ssh is that is just times out.
|
| ssh -v 192.168.1.110
| OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
| debug1: Reading configuration data /etc/ssh/ssh_config
| debug1: Applying options for *
| debug1: Rhosts Authentication disabled, originating port will not be
| trusted.
| debug1: Connecting to 192.168.1.110 [192.168.1.110] port 22.
| (hangs forever)
|
| One linux PC is mandrake 9.2, the other is completly fresh install of
| Fedora Core 2.
|
| !!!?!??
|
| Before you ask any questions, ask yourself "but why can he ssh from
| the win2k box" that negates most questions, hence the "ready to cry"
| bit.


Have you tried running the ssh server with debugging flags to see what is
happening on the other end?

'sshd -d' ( or 'sshd -ddd' for extra info).


--
Reverend Paul Colquhoun, ULC. http://andor.dropbear.id.au/~paulcol
Asking for technical help in newsgroups? Read this first:
http://catb.org/~esr/faqs/smart-questions.html#intro

Hi,

it would probably be a good idea to provide a bit more information about your
configuration. Especially the firewalling on your linux boxes.

Ok, the thing with sshd-logs mentioned by Paul is a good idea anyway.

I want to add some comments:

- that you can connect from your win2k-box means, the linux boxes allow
incomming traffic on port 22.

Form the lines you provided, it seems that connecting fails at the first
place from the linux boxes. I'm not sure what outgoing port ssh client
would use, but do you have firewall rules restricting outgoing connections
on your linux boxes? They might stop ssh client from connecting....

- Ok, the is only an idea, which seems not reasonable, but i'll say it anyway.
There might be a problem when sshd tries to allocate a virtual terminal
or ssh client might have problems with terminals/shells as well.

Please check your ssh client configuration file for strange entries.
Have you played with it already?

- When you use ssh client from linux, it assumes the user you are logged in as.
Maybe the sshd on the other side doesn't like that user.......
Ok, but then it would show a bit more messages....

It really seems that the problem lies in connecting to the other machine.
Whatever might cause that.

HTH

Ralf

Hi again,

sorry i missed the point that you can ssh out to the net without problems.
So my first comment seems stupid. But check firewall rules anyway.
And consider checking ssh client configuration as well....

Ciao

Ralf

Ralf Herrmann <(E-Mail Removed)> wrote in message news:<c94dlh$cql$(E-Mail Removed)>...
> Hi again,
>
> sorry i missed the point that you can ssh out to the net without problems.
> So my first comment seems stupid. But check firewall rules anyway.
> And consider checking ssh client configuration as well....
>
> Ciao
>
> Ralf

Ralf, thanks, but check the firewall and ssh config for what, exactly?
I've never touched the ssh config on either box, they are set to
whatever the defaults are. And as for the firewall- again, what am I
checking for? The port is open on both, the win2k box can ssh into
both.

(Also, remember, the problem happens from either linux pc connecting
to the other linux pc. Not just from one to the other, but either to
either.)

Hi,

> Ralf, thanks, but check the firewall and ssh config for what, exactly?
> I've never touched the ssh config on either box, they are set to
> whatever the defaults are. And as for the firewall- again, what am I
> checking for? The port is open on both, the win2k box can ssh into
> both.

Well, firewalls have seperate rules for incomming and outgoing connections.
Seems like both linux boxes have correct rules for incomming ssh connections.
But when you use ssh client on a linux box, i don't know which port is used
as outgoing port. Whaterever the FW settings on your linux boxes are,
they may prevent ssh client from getting out of the box.

However, this would be a strange case since you've been able to ssh
machines on the internet from all your boxes....

Ralf

On Don, 27 Mai 2004 at 16:38 GMT, mrbog wrote:

[quote of Ralf Hermann]

>
> Ralf, thanks, but check the firewall and ssh config for what, exactly?
> I've never touched the ssh config on either box, they are set to
> whatever the defaults are. And as for the firewall- again, what am I
> checking for? The port is open on both, the win2k box can ssh into
> both.
>

Just an idea, do you have enabled StrictHostKeyChecking for the
ssh-client (see file ~/.ssh/config)? If so and disable it. This will
cause adding hostkeys to ~/ssh/known_hosts.

[snip]

HTH
--

Robert...

On 27 May 2004 00:05:51 -0700, mrbog <(E-Mail Removed)> wrote:
>
> Before you ask any questions, ask yourself "but why can he ssh from
> the win2k box" that negates most questions, hence the "ready to cry"
> bit.

#netstat -a

tcp 0 0 slug.kgab.org:ssh gp.kgab.org:4428 ESTABLISHED
winxp ^^^^
tcp 0 0 slug.kgab.org:ssh tay.kgab.org:33099 ESTABLISHED
slackware ^^^^^
tcp 0 0 slug.kgab.org:33000 tay.kgab.org:ssh ESTABLISHED
slackware ^^^^
Looks like the window machine uses a different port range than the
linux machines.
HTH
--
Ken P

Ken P <(E-Mail Removed)> wrote in message news:<wiutc.13046$(E-Mail Removed) hlink.net>...
> On 27 May 2004 00:05:51 -0700, mrbog <(E-Mail Removed)> wrote:
> >
> > Before you ask any questions, ask yourself "but why can he ssh from
> > the win2k box" that negates most questions, hence the "ready to cry"
> > bit.
>
> #netstat -a
>
> tcp 0 0 slug.kgab.org:ssh gp.kgab.org:4428 ESTABLISHED
> winxp ^^^^
> tcp 0 0 slug.kgab.org:ssh tay.kgab.org:33099 ESTABLISHED
> slackware ^^^^^
> tcp 0 0 slug.kgab.org:33000 tay.kgab.org:ssh ESTABLISHED
> slackware ^^^^
> Looks like the window machine uses a different port range than the
> linux machines.
> HTH


Yea but see point #3 in my original post. Frustrating, right? Thanks
for trying tho.