Strange SSH Problem

I am having a very strange problem with secure shell.

I used to connect from here (home, ADSL connection) to my office
(university) via ssh without problems (SuSE 9.1 on both mavhines).

I installed SuSE Linux Proffesional 9.3 a few days ago at home and now
ssh behaves very strange. I can't connect now from home to my office,
but I can connect from office to home.

The really strange thing is that when I am connected from "office",
logged in by ssh at "home", and I initiate a ssh connection back to
"office", it works perfectly!. An hour later, I try the same sitting in
front of my home computer and nothing, I enter the command

home:> ssh myself@office

and nothing happens, not error messages, until time out.

Any idea or advice to find the cause of this??

Thanks to all

Regards

Milan

In comp.os.linux.networking MD <(E-Mail Removed)>:
> I am having a very strange problem with secure shell.

> I used to connect from here (home, ADSL connection) to my office
> (university) via ssh without problems (SuSE 9.1 on both mavhines).

> I installed SuSE Linux Proffesional 9.3 a few days ago at home and now
> ssh behaves very strange. I can't connect now from home to my office,
> but I can connect from office to home.

> The really strange thing is that when I am connected from "office",
> logged in by ssh at "home", and I initiate a ssh connection back to
> "office", it works perfectly!. An hour later, I try the same sitting in
> front of my home computer and nothing, I enter the command

> home:> ssh myself@office

> and nothing happens, not error messages, until time out.

Use 'ssh -vvv ...' for more verbose output.

> Any idea or advice to find the cause of this??

The problem is known, suse in their wisdom switched off password
authentication, so only keys will work, check sshd_config and
enable password authentication again, restart/reload sshd.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 363: Out of cards on drive D:

Thank you for your reply

> Use 'ssh -vvv ...' for more verbose output.
Here is the output with -vvv (addresses have been changed for anonimity)

myself@home:~> ssh -vvv myself@office
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to "office" port 22.
debug1: connect to address "office" port 22: Connection timed out
ssh: connect to host "office" port 22: Connection timed out

>>Any idea or advice to find the cause of this??

> The problem is known, suse in their wisdom switched off password
> authentication, so only keys will work, check sshd_config and
> enable password authentication again, restart/reload sshd.

Do you mean change this config in sshd_config on the server side, that
is, my office? What is the idea? I didn't change anything in my office,
the only change was at home (SuSE 9.1 to SuSE 9.3), which is acting as
client.

Thanks for the help

Regards
Milan

In comp.os.linux.networking MD <(E-Mail Removed)>:
> Thank you for your reply

>> Use 'ssh -vvv ...' for more verbose output.
> Here is the output with -vvv (addresses have been changed for anonimity)

> myself@home:~> ssh -vvv myself@office
> OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to "office" port 22.
> debug1: connect to address "office" port 22: Connection timed out
> ssh: connect to host "office" port 22: Connection timed out

Connection is blocked, check office server logs, ask firewall
guys.

>>>Any idea or advice to find the cause of this??

>> The problem is known, suse in their wisdom switched off password
>> authentication, so only keys will work, check sshd_config and
>> enable password authentication again, restart/reload sshd.

> Do you mean change this config in sshd_config on the server side, that
> is, my office? What is the idea? I didn't change anything in my office,
> the only change was at home (SuSE 9.1 to SuSE 9.3), which is acting as
> client.

We heard of this problem with suse 9.3 as server, seems missread
who is client/server in the heat of the moment.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 392: It's union rules. There's nothing we can do
about it. Sorry.

Thank you for your help, and sorry if last mesage sounded a little bit
agressive, it wasn't meant to, really. Read below please:

>>Thank you for your reply
>
>>>Use 'ssh -vvv ...' for more verbose output.
>>Here is the output with -vvv (addresses have been changed for anonimity)
>
>>myself@home:~> ssh -vvv myself@office
>>OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
>>debug1: Reading configuration data /etc/ssh/ssh_config
>>debug1: Applying options for *
>>debug2: ssh_connect: needpriv 0
>>debug1: Connecting to "office" port 22.
>>debug1: connect to address "office" port 22: Connection timed out
>>ssh: connect to host "office" port 22: Connection timed out
>
> Connection is blocked, check office server logs, ask firewall
> guys.

That's what I would think, but, as I said, when I start a ssh connection
from "office" to "home", then I make "home" connect to "office" (this
is, a ssh connection started from a ssh conenction), then it works, it
connects. That's the strange thing!. This is the challenging thing! Any
explanation?

Also, when I do a traceroute from "home" to "office", I can reach "office".
ping messages, however, are filtered by a server in front of my office
computer.

>
>>>>Any idea or advice to find the cause of this??
>
>>>The problem is known, suse in their wisdom switched off password
>>>authentication, so only keys will work, check sshd_config and
>>>enable password authentication again, restart/reload sshd.
>
>>Do you mean change this config in sshd_config on the server side, that
>>is, my office? What is the idea? I didn't change anything in my office,
>>the only change was at home (SuSE 9.1 to SuSE 9.3), which is acting as
>>client.
>
> We heard of this problem with suse 9.3 as server, seems missread
> who is client/server in the heat of the moment.
>
Oh, ok, sorry.

In comp.os.linux.networking MD <(E-Mail Removed)>:

[ Problems establishing ssh connection ]

>>>myself@home:~> ssh -vvv myself@office
>>>OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
>>>debug1: Reading configuration data /etc/ssh/ssh_config
>>>debug1: Applying options for *
>>>debug2: ssh_connect: needpriv 0
>>>debug1: Connecting to "office" port 22.
>>>debug1: connect to address "office" port 22: Connection timed out
>>>ssh: connect to host "office" port 22: Connection timed out
>>
>> Connection is blocked, check office server logs, ask firewall
>> guys.

> That's what I would think, but, as I said, when I start a ssh connection
> from "office" to "home", then I make "home" connect to "office" (this
> is, a ssh connection started from a ssh conenction), then it works, it
> connects. That's the strange thing!. This is the challenging thing! Any
> explanation?

The corporate firewall may use something like ESTABLISHED/RELATED
targets like iptables allows. And you have already a connection
passing through. Sure this is a guess, you want to talk to the
guys in charge for the firewall.

[..]

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 186: permission denied

Michael Heiming wrote:
> In comp.os.linux.networking MD <(E-Mail Removed)>:
>
> [ Problems establishing ssh connection ]
>
>>>>myself@home:~> ssh -vvv myself@office
>>>>OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
>>>>debug1: Reading configuration data /etc/ssh/ssh_config
>>>>debug1: Applying options for *
>>>>debug2: ssh_connect: needpriv 0
>>>>debug1: Connecting to "office" port 22.
>>>>debug1: connect to address "office" port 22: Connection timed out
>>>>ssh: connect to host "office" port 22: Connection timed out
>>>Connection is blocked, check office server logs, ask firewall
>>>guys.
>
>>That's what I would think, but, as I said, when I start a ssh connection
>>from "office" to "home", then I make "home" connect to "office" (this
>>is, a ssh connection started from a ssh conenction), then it works, it
>>connects. That's the strange thing!. This is the challenging thing! Any
>>explanation?
>
> The corporate firewall may use something like ESTABLISHED/RELATED
> targets like iptables allows. And you have already a connection
> passing through. Sure this is a guess, you want to talk to the
> guys in charge for the firewall.
>
> [..]
>
Now it is working, but I am not sure how I did it.
I cleared the file at my home folder .ssh/hosts, which was created by
the old ssh (from SuSE 9.1). Then it didn't work.

Then I edited /etc/ssh/ssh_config, uncommenting some lines. Then it
didn't work. Then I edited ssh_config again, to leave it back as it was
before, and then I tried ssh just one more time... and voila, it is
working now.

I was almost convinced that, as you said, it had to be something related
to the firewall at the uni... some new rule that blocks init-session
like packets. Then when I connected from office toward home, a TCP
connection between both machines, thru port 22 was established. By then,
when I tried to make a ssh connection back from home to office, the TCP
conenction was already established, and the new ssh session could flow
through it (I suppose). But now it works anyway... hummm. Thanks for the
help.
Milan

MD wrote:
> Michael Heiming wrote:
>
>>In comp.os.linux.networking MD <(E-Mail Removed)>:
>>
>>[ Problems establishing ssh connection ]
>>
>>
>>>>>myself@home:~> ssh -vvv myself@office
>>>>>OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
>>>>>debug1: Reading configuration data /etc/ssh/ssh_config
>>>>>debug1: Applying options for *
>>>>>debug2: ssh_connect: needpriv 0
>>>>>debug1: Connecting to "office" port 22.
>>>>>debug1: connect to address "office" port 22: Connection timed out
>>>>>ssh: connect to host "office" port 22: Connection timed out
>>>>
>>>>Connection is blocked, check office server logs, ask firewall
>>>>guys.
>>
>>>That's what I would think, but, as I said, when I start a ssh connection
>>
>>>from "office" to "home", then I make "home" connect to "office" (this
>>
>>>is, a ssh connection started from a ssh conenction), then it works, it
>>>connects. That's the strange thing!. This is the challenging thing! Any
>>>explanation?
>>
>>The corporate firewall may use something like ESTABLISHED/RELATED
>>targets like iptables allows. And you have already a connection
>>passing through. Sure this is a guess, you want to talk to the
>>guys in charge for the firewall.
>>
>>[..]
>>
>
> Now it is working, but I am not sure how I did it.
> I cleared the file at my home folder .ssh/hosts, which was created by
> the old ssh (from SuSE 9.1). Then it didn't work.
>
> Then I edited /etc/ssh/ssh_config, uncommenting some lines. Then it
> didn't work. Then I edited ssh_config again, to leave it back as it was
> before, and then I tried ssh just one more time... and voila, it is
> working now.
>
> I was almost convinced that, as you said, it had to be something related
> to the firewall at the uni... some new rule that blocks init-session
> like packets. Then when I connected from office toward home, a TCP
> connection between both machines, thru port 22 was established. By then,
> when I tried to make a ssh connection back from home to office, the TCP
> conenction was already established, and the new ssh session could flow
> through it (I suppose). But now it works anyway... hummm. Thanks for the
> help.
> Milan

perhaps there are different user environments depending on how you
'login' and the ssh config was off.

Perhaps your clidnt was not properly displaying the 'accept this new
server' message.

--
Respectfully,


CL Gilbert