From owner-freebsd-questions@FreeBSD.ORG Sun Jun 5 10:10:19 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90C0916A41C for ; Sun, 5 Jun 2005 10:10:19 +0000 (GMT) (envelope-from michal.mertl@i.cz) Received: from ss.eunet.cz (ss.eunet.cz [193.85.228.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3598743D1F for ; Sun, 5 Jun 2005 10:10:18 +0000 (GMT) (envelope-from michal.mertl@i.cz) Received: from localhost.i.cz (ss.eunet.cz [193.85.228.13]) by ss.eunet.cz (8.13.1/8.13.1) with ESMTP id j55AA4Ph072071 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Sun, 5 Jun 2005 12:10:05 +0200 (CEST) (envelope-from michal.mertl@i.cz) From: Michal Mertl To: john@day-light.com In-Reply-To: References: Content-Type: text/plain Date: Sun, 05 Jun 2005 12:10:01 +0200 Message-Id: <1117966201.7060.18.camel@genius1.i.cz> Mime-Version: 1.0 X-Mailer: Evolution 2.2.2 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org, Glenn Dawson Subject: RE: inbound ssh ceased on 4 servers at same time X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jun 2005 10:10:19 -0000 John Brooks wrote: > sshd is running on the affected machines > > no errors on console or logs, just times out waiting for > the password prompt. interestingly: when investigating this > at the console, attempting ssh sessions from the db server > and backup server to the file server (these two are 'deeper' > in the network so there was never an occasion to ssh FROM > them before) produced the std warning about an unknown host > prompting for inclusion in the ~/.ssh/known_hosts file. > > dns is not really involved, the ssh session is sent to the > ip address directly as in "ssh john@10.3.3.10" With SSH a host name lookup is always involved. The server performs reverse and forward lookup on the connecting IP. I've recently also had problem with SSH and it was DNS issue. A good test if a daemon is running is connecting with telnet to its port - you can see three kinds of responses - connection reset (refused) on a closed port (nothing listens on this port), nothing (just message 'Trying...' - on non-existent/firewalled host/port) and established connection (telnet says 'Connected to...'). If you get 'Connected' with ssh and nothing is displayed it's in 99% of cases a DNS issue. If you get some message or the server just disconnects you (you get 'Connection closed' message) it might be tcpwrappers' decision (man 5 hosts_access). If you happen to have intermittent DNS issues you might better put the important hosts into /etc/hosts which is by default queried before the DNS servers. The other daemons working need not to mean much - they may not do a reverse DNS lookup on connecting IP. > ping works in both directions as does all other network > services (internal mysql, intranet http, pop3, smtp, smbd, > nmdb, dns). network hardware and cabling issues have been > effectively ruled out. > > -- > John Brooks > john@day-light.com > > > -----Original Message----- > > From: Glenn Dawson [mailto:glenn@antimatter.net] > > Sent: Saturday, June 04, 2005 2:56 PM > > To: john@day-light.com > > Cc: freebsd-questions@freebsd.org > > Subject: Re: inbound ssh ceased on 4 servers at same time > > > > > > At 09:05 AM 6/4/2005, you wrote: > > >Yesterday at about noon, all four freebsd servers on a clients lan > > >quit accepting ssh connections. All were running 4.11-release-p4, > > >and had been cvsup'd at the same time from cvs-10, cvs-11, or > > >cvs-12. Outbound ssh (from console of the affected boxes) works as > > >expected, both to local openbsd boxes and to remote locations. > > >There are no host based firewalls involved, and all other network > > >services are operating correctly. Netstat shows port 22 as listening. > > >At 11:20 am (40 minutes earlier), ssh was working properly on all boxes. > > > > > >Has anybody encountered a situation like this before? > > > > Not specifically, but the first things I would check: > > > > is sshd running on the affected machines? > > > > when trying to connect to the affected machines, do the clients give any > > error messages? or does the connection just time out? > > > > are there any relevant entries in the log files on the affected > > machines? specifically /var/log/messages and /var/log/auth.log > > > > are the affected machines using the same name server? and if they > > are, can > > the affected machines do forward and reverse lookups for the IP of the > > system you are trying to connect from? > > > > -Glenn > > > > > > >-- > > >John Brooks > > >john@day-light.com > > >_______________________________________________