ssh question

Lisa Kachold lisakachold at obnosis.com
Sat Jun 18 08:00:05 MST 2011 

On Sat, Jun 18, 2011 at 12:30 AM, Dazed_75 <lthielster at gmail.com> wrote:

> Mike,
> The netstat lines I think you wanted to see are:
> tcp        0      0 0.0.0.0:22              0.0.0.0:*
> LISTEN
> tcp6       0      0 :::22                   :::*
> LISTEN
>
> Yes, ssh localhost works on all machines including lapdog2.  Not sure that
> proves anything as the only problem is ssh TO lapdog2 from any other
> machine.
>
> stop is not a valid argument to iptables and selinux is not in play.
>
> Steve,
> Nothing in the host files.
>
> Lisa,
> Name resolution is done by dnsmasq in the router for hosts on the LAN.
> Although nsswitch.conf shows files before dns, there is nothing in any of
> the host files or on resolv.conf.  No dynamic dns is is use for anything on
> the network.
>
> Had you read the posts and replies, you would have seen there was no IP
> error.  It was an error between the keyboard and my chair.
>

Whoa little buddy!  What a terse response.  Generally when someone assists
you, it's very poor form to accuse them of not reading your message?

I read a confused message indicating that your lapdog2 machine had changed
dynamic IP and now you could no longer ssh to it.  I did not see what
message you received (timeout?) that indicates the issue.  Specifics are
very important in linux/unix/os x troubleshooting!  What message was that?


0) When you do a:

# ping lapdog2

Are you using the "new" address?

If not you are using a cache.

1) When you do a:

# nmap lapdog2

Can you see that port 22 is open?
Can you ssh via IP address?

2) Did you verify if you have strict host checking on [/etc/ssh/sshd_config]
or a key in your $HOME/.ssh/known_hosts file?

You can delete that key in the known_hosts file.  Edit it and search forward
for machine name lapdog2 then delete the whole line.  Be sure to copy the
file to backup before you do so, just in case.

3) Take Stephen's advise and enter a hosts entry just to see what happens
[and to rule out/verify the sshd_config strict host checking (which is
certainly also was a factor)]?  Since you /etc/nsswitch.conf says file then
dns, you will use the host file FIRST.

4) You can also setup manual DNS for all your machines, using an /etc/hosts
file to provide name to ip resolution inside so this won't happen every time
you get a new dynamic dns address.

This is basic networking, basic ssh and basic host resolution.  I suggest
you either give a presentation (so you can learn yourself) on these
subjects.

>
>
>
> On Fri, Jun 17, 2011 at 10:04 AM, Stephen <cryptworks at gmail.com> wrote:
>
>> Gonna toss out an obvious was there a hosts entry?
>> On Jun 17, 2011 8:49 AM, "Dazed_75" <lthielster at gmail.com> wrote:
>> > These machines are all gigabit ethernet and connected to the same
>> gigabit
>> > switch with little network traffic at the time of these attempts.
>> >
>> > On Fri, Jun 17, 2011 at 6:23 AM, Joseph Sinclair
>> > <plug-discussion at stcaz.net>wrote:
>> >
>> >> A connection timed out usually occurs due to:
>> >> 1) The ip address has no host (ping the same IP address, then use
>> telnet to
>> >> connect to port 22)
>> >>
>> >
>> > I realized after sending the message I should have included the
>> successful
>> > ping of lapdog2 which was done by name. Telnet also fails.
>> >
>> > 2) tcp wrappers is dropping the connection (check /et/hosts.allow and
>> >> /etc/hosts.deny on lapdog3)
>> >>
>> >
>> > Nothing but comments in either file.
>> >
>> >
>> >> 3) the firewall on lapdog3 is dropping the connection (check the
>> firewall
>> >> configuration on lapdog3 via iptables-save or ufw status)
>> >>
>> >
>> > ufw status was inactive at that time. As far as I can tell this morning,
>> > iptables says nothing about port 22 or ssh though last night I could
>> have
>> > sworn it did and said to accept. In any case, I get the same result this
>> > morning though I am on a different machine trying to ssh to lapdog2.
>> >
>> >
>> >> 4) SSHD is not on port 22 or dropping connections (check sshd
>> configuration
>> >> on lapdog3)
>> >>
>> >
>> > It is using port 22. I do not know how to check for dropping
>> connections.
>> > I did check syslog and dmesg/messages. NOTE: lapdog2 is able to ssh to
>> this
>> > machine but then ssh'ing back to lapdog 2 gives the same results as
>> doing it
>> > directly on this machine.
>> >
>> >
>> >>
>> >> On 06/17/2011 02:14 AM, Dazed_75 wrote:
>> >> > Ignore the original question. I checked lapdog2's IP in a terminal
>> that
>> >> was
>> >> > logged into a different machine. The ssh was using the right IP but
>> >> getting
>> >> > this result and I cannot figure out why:
>> >> >
>> >> > larry at hammerhead:~$ ssh -v lapdog2
>> >> >> OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
>> >> >> debug1: Reading configuration data /etc/ssh/ssh_config
>> >> >> debug1: Applying options for *
>> >> >> debug1: Connecting to lapdog2 [192.168.2.124] port 22.
>> >> >> debug1: connect to address 192.168.2.124 port 22: Connection timed
>> out
>> >> >> ssh: connect to host lapdog2 port 22: Connection timed out
>> >> >> larry at hammerhead:~$
>> >> >>
>> >> >
>> >> >
>> >> > On Fri, Jun 17, 2011 at 2:00 AM, Dazed_75 <lthielster at gmail.com>
>> wrote:
>> >> >
>> >> >> I tried to ssh from this machine to my laptop (ssh lapdog3) and find
>> >> that
>> >> >> ssh is somehow using an old IP instead of doing name resolution on
>> th e
>> >> name
>> >> >> lapdog2 which now has a new lease on a different IP.
>> >> >>
>> >> >> 1) How do I fix this?
>> >> >> 2) Why does ssh use an old, apparently, stored IP?
>> >> >>
>> >> >> --
>> >> >> Dazed_75 a.k.a. Larry
>> >> >>
>> >> >> The spirit of resistance to government is so valuable on certain
>> >> occasions,
>> >> >> that I wish it always to be kept alive.
>> >> >> - Thomas Jefferson
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > ---------------------------------------------------
>> >> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> >> > To subscribe, unsubscribe, or to change your mail settings:
>> >> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>> >>
>> >>
>> >> ---------------------------------------------------
>> >> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> >> To subscribe, unsubscribe, or to change your mail settings:
>> >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>> >>
>> >
>> >
>> >
>> > --
>> > Dazed_75 a.k.a. Larry
>> >
>> > The spirit of resistance to government is so valuable on certain
>> occasions,
>> > that I wish it always to be kept alive.
>> > - Thomas Jefferson
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> Dazed_75 a.k.a. Larry
>
> The spirit of resistance to government is so valuable on certain occasions,
> that I wish it always to be kept alive.
>   - Thomas Jefferson
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
(602) 791-8002  Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com <http://www.homesmartinternational.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110618/69c6c75d/attachment.html>

More information about the PLUG-discuss mailing list