On Sat, Jun 18, 2011 at 8:00 AM, Lisa Kachold <lisakachold@obnosis.com> wrote:

On Sat, Jun 18, 2011 at 12:30 AM, Dazed_75 <lthielster@gmail.com> wrote:
Mike,
The netstat lines I think you wanted to see are:
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN

Yes, ssh localhost works on all machines including lapdog2. Not sure that proves anything as the only problem is ssh TO lapdog2 from any other machine.

stop is not a valid argument to iptables and selinux is not in play.

Steve,
Nothing in the host files.

Lisa,
Name resolution is done by dnsmasq in the router for hosts on the LAN. Although nsswitch.conf shows files before dns, there is nothing in any of the host files or on resolv.conf. No dynamic dns is is use for anything on the network.

Had you read the posts and replies, you would have seen there was no IP error. It was an error between the keyboard and my chair.

Whoa little buddy! What a terse response. Generally when someone assists you, it's very poor form to accuse them of not reading your message?

I read a confused message indicating that your lapdog2 machine had changed dynamic IP and now you could no longer ssh to it. I did not see what message you received (timeout?) that indicates the issue. Specifics are very important in linux/unix/os x troubleshooting! What message was that?

The second message in this thread stated that there was no wrong IP being used. I stated the my observation of the wrong IP was because I forgot that terminal was logged into a remote machine.

0) When you do a:

# ping lapdog2

Are you using the "new" address?

If not you are using a cache.

The fifth message in the thread states that a ping of lapdog2 by name works properly.

1) When you do a:

# nmap lapdog2

larry@fogtest:~$ sudo nmap lapdog2
Starting Nmap 5.00 ( http://nmap.org ) at 2011-06-18 10:21 MST
All 1000 scanned ports on lapdog2 (192.168.2.124) are filtered
MAC Address xx:xx:xx:xx:xx;xx (Quanta Computer) <------ I removed the real mac addr
Nmap done: 1 IP address (1 host up) scanned in 21.56 seconds

Since I am not sure what filtered means, this could be the issue I suppose. BTW, I am at Eric;s server install workshop so I enable UFW which was not enabled at home.

Can you see that port 22 is open?

Don't really know how to tell. Sorry. Note in my previous message that port 22 was being LISTENed to.

Can you ssh via IP address?

No, I did try. As previously noted, none of the systems was ever using the wrong IP.

2) Did you verify if you have strict host checking on [/etc/ssh/sshd_config] or a key in your $HOME/.ssh/known_hosts file?

Strictmodes yes in /etc/ssh/sshd_config
$HOME/.ssh/known_hosts seems to have 5 listed hosts but I have no way to know what host each is for. No host names are in clear text.

You can delete that key in the known_hosts file. Edit it and search forward for machine name lapdog2 then delete the whole line. Be sure to copy the file to backup before you do so, just in case.

Cannot do this sine no host names are in clear text.

3) Take Stephen's advise and enter a hosts entry just to see what happens [and to rule out/verify the sshd_config strict host checking (which is certainly also was a factor)]? Since you /etc/nsswitch.conf says file then dns, you will use the host file FIRST.

Which means that with no entry in the hosts file, will always use dns which is always resolving correctly. Since I don't know what strict host checking means, I may be missing your point.

4) You can also setup manual DNS for all your machines, using an /etc/hosts file to provide name to ip resolution inside so this won't happen every time you get a new dynamic dns address.

Again, name/ip resolution is not a problem and is always working correctly. BTW, here is an attempt from today:
larry@fogtest:~$ ssh -v lapdog2
OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to lapdog2 [192.168.2.124] port 22.
debug1: connect to address 192.168.2.124 port 22: Connection timed out
ssh: connect to host lapdog2 port 22: Connection timed out
larry@fogtest:~$ ping -c 3 lapdog2
PING lapdog2 (192.168.2.124) 56(84) bytes of data.
64 bytes from lapdog2 (192.168.2.124): icmp_seq=1 ttl=64 time=0.587 ms
64 bytes from lapdog2 (192.168.2.124): icmp_seq=2 ttl=64 time=0.856 ms
64 bytes from lapdog2 (192.168.2.124): icmp_seq=3 ttl=64 time=0.996 ms

--- lapdog2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.587/0.813/0.996/0.169 ms
larry@fogtest:~$

Clearly the issue seems to be what is blocking communication to port 22 even though sshd is listening on it, iptables seems to allow it and ufw was disabled yesterday and being enabled today seems to change nothing.

This is basic networking, basic ssh and basic host resolution. I suggest you either give a presentation (so you can learn yourself) on these subjects.

On Fri, Jun 17, 2011 at 10:04 AM, Stephen <cryptworks@gmail.com> wrote:

Gonna toss out an obvious was there a hosts entry?

On Jun 17, 2011 8:49 AM, "Dazed_75" <lthielster@gmail.com> wrote:
> These machines are all gigabit ethernet and connected to the same gigabit
> switch with little network traffic at the time of these attempts.
>
> On Fri, Jun 17, 2011 at 6:23 AM, Joseph Sinclair
> <plug-discussion@stcaz.net>wrote:
>
>> A connection timed out usually occurs due to:
>> 1) The ip address has no host (ping the same IP address, then use telnet to
>> connect to port 22)
>>
>
> I realized after sending the message I should have included the successful
> ping of lapdog2 which was done by name. Telnet also fails.
>
> 2) tcp wrappers is dropping the connection (check /et/hosts.allow and
>> /etc/hosts.deny on lapdog3)
>>
>
> Nothing but comments in either file.
>
>
>> 3) the firewall on lapdog3 is dropping the connection (check the firewall
>> configuration on lapdog3 via iptables-save or ufw status)
>>
>
> ufw status was inactive at that time. As far as I can tell this morning,
> iptables says nothing about port 22 or ssh though last night I could have
> sworn it did and said to accept. In any case, I get the same result this
> morning though I am on a different machine trying to ssh to lapdog2.
>
>
>> 4) SSHD is not on port 22 or dropping connections (check sshd configuration
>> on lapdog3)
>>
>
> It is using port 22. I do not know how to check for dropping connections.
> I did check syslog and dmesg/messages. NOTE: lapdog2 is able to ssh to this
> machine but then ssh'ing back to lapdog 2 gives the same results as doing it
> directly on this machine.
>
>
>>
>> On 06/17/2011 02:14 AM, Dazed_75 wrote:
>> > Ignore the original question. I checked lapdog2's IP in a terminal that
>> was
>> > logged into a different machine. The ssh was using the right IP but
>> getting
>> > this result and I cannot figure out why:
>> >
>> > larry@hammerhead:~$ ssh -v lapdog2
>> >> OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
>> >> debug1: Reading configuration data /etc/ssh/ssh_config
>> >> debug1: Applying options for *
>> >> debug1: Connecting to lapdog2 [192.168.2.124] port 22.
>> >> debug1: connect to address 192.168.2.124 port 22: Connection timed out
>> >> ssh: connect to host lapdog2 port 22: Connection timed out
>> >> larry@hammerhead:~$
>> >>
>> >
>> >
>> > On Fri, Jun 17, 2011 at 2:00 AM, Dazed_75 <lthielster@gmail.com> wrote:
>> >
>> >> I tried to ssh from this machine to my laptop (ssh lapdog3) and find
>> that
>> >> ssh is somehow using an old IP instead of doing name resolution on th e
>> name
>> >> lapdog2 which now has a new lease on a different IP.
>> >>
>> >> 1) How do I fix this?
>> >> 2) Why does ssh use an old, apparently, stored IP?
>> >>
>> >> --
>> >> Dazed_75 a.k.a. Larry
>> >>
>> >> The spirit of resistance to government is so valuable on certain
>> occasions,
>> >> that I wish it always to be kept alive.
>> >> - Thomas Jefferson
>> >>
>> >
>> >
>> >
>> >
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> Dazed_75 a.k.a. Larry
>
> The spirit of resistance to government is so valuable on certain occasions,
> that I wish it always to be kept alive.
> - Thomas Jefferson

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

--
Dazed_75 a.k.a. Larry

The spirit of resistance to government is so valuable on certain occasions, that I wish it always to be kept alive.
- Thomas Jefferson

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

--

(602) 791-8002 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice

HomeSmartInternational.com

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss