On 10/02/2010 04:35 PM, Jim wrote: > On 10/02/2010 07:05 PM, JD wrote: >> On 10/02/2010 12:14 PM, Jim wrote: >>> On 10/02/2010 02:52 PM, JD wrote: >>>> On 10/02/2010 11:43 AM, Jim wrote: >>>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 >>>> OK, So port 22 is open. >>>> Is this on the server where sshd is running or is this >>>> on the client where you are invoking /usr/bin/ssh ?? >>>> >>>> If on the server, then take a look at the contents of >>>> the server's >>>> /var/log/secure >>>> /var/log/iptables (if you have configured iptables to log there) >>>> /var/log/messages >>>> >>>> and search for any messages pertaining to ssh or port 22 ...etc >>>> >>> /var/log/secure >>> >>> This is the only entries, and they repeated a number of different times. >>> >>> Sep 29 09:34:19 Acer sshd[1564]: Server listening on 0.0.0.0 port 22. >>> Sep 29 09:34:19 Acer sshd[1564]: Server listening on :: port 22. >>> >>> >>> /var/log/iptables >>> >>> There is no /var/log/iptables on server. >>> >>> >>> >>> /var/log/messages >>> >>> There is no entries in /var/log/messages for port 22. >> If you have admin privs on the server, can you edit >> /etc/init.d/sshd and modify the line >> >> $SSHD $OPTIONS&& success || failure >> to >> $SSHD $OPTIONS -d&& success || failure >> >> The -d will turn on debug. >> >> You will look for messages in the debug output where >> an incoming connection request is getting dropped. >> >> >> > I guess the debug output will show up in /var/log/messages ? No. On the sshd server, you open a terminal. Edit that script in the terminal, then sudo service sshd restart and all debug will come out on that terminal. Do not hit control-c or do not interrupt the service. Now go to the client machine and try to ssh into the server where you just restarted the sshd service. and observe what the debug output is saying. Here is a sample debug output when I ssh into the server where the -d flag is set: debug1: Server will not fork when running in debugging mode. debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from ::1 port 53426 debug1: Client protocol version 2.0; client software version OpenSSH_5.4 debug1: match: OpenSSH_5.4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.4 debug1: permanently_set_uid: 74/74 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes128-ctr hmac-md5 none debug1: kex: server->client aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user jd service ssh-connection method none debug1: attempt 0 failures 0 debug1: PAM: initializing for "jd" debug1: PAM: setting PAM_RHOST to "localhost" debug1: PAM: setting PAM_TTY to "ssh" debug1: userauth-request for user jd service ssh-connection method password debug1: attempt 1 failures 0 debug1: PAM: password authentication accepted for jd debug1: do_pam_account: called Accepted password for jd from ::1 port 53426 ssh2 debug1: monitor_child_preauth: jd has been authenticated by privileged process debug1: temporarily_use_uid: 1008/1008 (e=0/0) debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism debug1: restore_uid: 0/0 debug1: SELinux support disabled debug1: PAM: establishing credentials User child is on pid 12452 debug1: PAM: establishing credentials debug1: permanently_set_uid: 1008/1008 debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_global_request: rtype no-more-sessions@xxxxxxxxxxx want_reply 0 debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_new: session 0 debug1: session_pty_req: session 0 alloc /dev/pts/2 debug1: server_input_channel_req: channel 0 request env reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req env debug1: server_input_channel_req: channel 0 request env reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req env debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: Setting controlling tty using TIOCSCTTY. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
