Date: Fri, 3 Sep 2004 09:43:07 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: David Syphers <dsyphers@u.washington.edu> Cc: freebsd-questions@freebsd.org Subject: Re: getting ssh to work Message-ID: <20040903084307.GA63597@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <200409030123.35778.dsyphers@u.washington.edu> References: <200409030123.35778.dsyphers@u.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--82I3+IH0IqGh5yIs
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Sep 03, 2004 at 01:23:35AM -0700, David Syphers wrote:
> I recently tried to ssh into my desktop from another machine, and found t=
hat=20
> it doesn't work (it times out). I'm not sure what I need to do to make it=
=20
> work. I'm running 5-CURRENT from August 3 (back when 5 was still -CURRENT=
).
>=20
> I've confirmed that sshd is running (sshd_enable=3D"YES" is in rc.conf). =
I've=20
> checked /etc/ssh/sshd_config, and I haven't changed any of the defaults. =
My=20
> firewall should allow this sort of thing, and just to make absolutely sur=
e, I=20
> told my firewall to (temporarily) let in _everything_ from the entire cla=
ss B=20
> network the remote machine is on. netstat says that my machine is listeni=
ng=20
> on port 22. And I can 'ssh localhost' from my desktop to itself (though i=
t=20
> does say, "socket: Protocol not supported" before successfully asking for=
my=20
> password).
>=20
> The remote machine in question is running OpenSSH_3.6.1p2, and I'm runnin=
g=20
> OpenSSH_3.8.1p1. I thought maybe for some odd reason ssh'ing out is block=
ed=20
> on the remote machine, but then I remembered that a friend tried to ssh i=
n=20
> from his OS X laptop the other day, and that timed out the same way the=
=20
> current remote machine is. And I don't get a "Permission denied" sort of=
=20
> error on the remote machine, just a timeout.
One thing to check -- do you have the machine key for the remote
machine cached somewhere -- ~/.ssh/known_hosts would be a likely
candidate -- and if so, is your cached copy of the key up to date.
Similarly does the remote machine have a cached copy of your host's
key? Unless you took steps to backup and recover the key,
reinstalling your system will generate a whole new key for you.
Failing that, try running ssh and/or sshd in debug mode. On the
client side you can run:
% ssh -v -v -v username@otherhost
which will trace exactly what ssh is trying to do as you log in.
Even more useful is to do the equivalent on the server side, if you
have access there:
# sshd -d -d -d -p 2222
which runs a foreground instance of sshd bound to port 2222 with all
the debugging information turned on. Connect to it by:
% ssh -p 2222 user@otherhost
That will support one session, and then quit when the remote user logs
out. Note that running sshd with maximum debugging can reveal some
sensitive information, so avoid achieving the same effect by fibbling
with the LogLevel settings in sshd_config.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--82I3+IH0IqGh5yIs
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFBOC6biD657aJF7eIRAq1iAJ999a5/NSUcydF330wNYYXErceyCQCgpS1g
Gi6PC/tVFZC/8bDyea/dQDw=
=3fjP
-----END PGP SIGNATURE-----
--82I3+IH0IqGh5yIs--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040903084307.GA63597>