On 10/02/2010 08:38 PM, JD wrote: > > On 10/02/2010 04:35 PM, Jim wrote: >> On 10/02/2010 07:05 PM, JD wrote: >>> On 10/02/2010 12:14 PM, Jim wrote: >>>> On 10/02/2010 02:52 PM, JD wrote: >>>>> On 10/02/2010 11:43 AM, Jim wrote: >>>>>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 >>>>> OK, So port 22 is open. >>>>> Is this on the server where sshd is running or is this >>>>> on the client where you are invoking /usr/bin/ssh ?? >>>>> >>>>> If on the server, then take a look at the contents of >>>>> the server's >>>>> /var/log/secure >>>>> /var/log/iptables (if you have configured iptables to log there) >>>>> /var/log/messages >>>>> >>>>> and search for any messages pertaining to ssh or port 22 ...etc >>>>> >>>> /var/log/secure >>>> >>>> This is the only entries, and they repeated a number of different times. >>>> >>>> Sep 29 09:34:19 Acer sshd[1564]: Server listening on 0.0.0.0 port 22. >>>> Sep 29 09:34:19 Acer sshd[1564]: Server listening on :: port 22. >>>> >>>> >>>> /var/log/iptables >>>> >>>> There is no /var/log/iptables on server. >>>> >>>> >>>> >>>> /var/log/messages >>>> >>>> There is no entries in /var/log/messages for port 22. >>> If you have admin privs on the server, can you edit >>> /etc/init.d/sshd and modify the line >>> >>> $SSHD $OPTIONS&& success || failure >>> to >>> $SSHD $OPTIONS -d&& success || failure >>> >>> The -d will turn on debug. >>> >>> You will look for messages in the debug output where >>> an incoming connection request is getting dropped. >>> >>> >>> >> I guess the debug output will show up in /var/log/messages ? > No. > On the sshd server, you open a terminal. > Edit that script in the terminal, then > sudo service sshd restart > and all debug will come out on that terminal. > Do not hit control-c or do not interrupt the service. > > Now go to the client machine and try to ssh into > the server where you just restarted the sshd service. > and observe what the debug output is saying. > > Here is a sample debug output when I ssh into the server where > the -d flag is set: > > debug1: Server will not fork when running in debugging mode. > debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 > debug1: inetd sockets after dupping: 3, 3 > Connection from ::1 port 53426 > debug1: Client protocol version 2.0; client software version OpenSSH_5.4 > debug1: match: OpenSSH_5.4 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.4 > debug1: permanently_set_uid: 74/74 > debug1: list_hostkey_types: ssh-rsa,ssh-dss > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received > debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT > debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug1: userauth-request for user jd service ssh-connection method none > debug1: attempt 0 failures 0 > debug1: PAM: initializing for "jd" > debug1: PAM: setting PAM_RHOST to "localhost" > debug1: PAM: setting PAM_TTY to "ssh" > debug1: userauth-request for user jd service ssh-connection method password > debug1: attempt 1 failures 0 > debug1: PAM: password authentication accepted for jd > debug1: do_pam_account: called > Accepted password for jd from ::1 port 53426 ssh2 > debug1: monitor_child_preauth: jd has been authenticated by privileged > process > debug1: temporarily_use_uid: 1008/1008 (e=0/0) > debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism > debug1: restore_uid: 0/0 > debug1: SELinux support disabled > debug1: PAM: establishing credentials > User child is on pid 12452 > debug1: PAM: establishing credentials > debug1: permanently_set_uid: 1008/1008 > debug1: Entering interactive session for SSH2. > debug1: server_init_dispatch_20 > debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max > 16384 > debug1: input_session_request > debug1: channel 0: new [server-session] > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: server_input_channel_open: confirm session > debug1: server_input_global_request: rtype no-more-sessions@xxxxxxxxxxx > want_reply 0 > debug1: server_input_channel_req: channel 0 request pty-req reply 1 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req pty-req > debug1: Allocating pty. > debug1: session_new: session 0 > debug1: session_pty_req: session 0 alloc /dev/pts/2 > debug1: server_input_channel_req: channel 0 request env reply 0 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req env > debug1: server_input_channel_req: channel 0 request env reply 0 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req env > debug1: server_input_channel_req: channel 0 request shell reply 1 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req shell > debug1: Setting controlling tty using TIOCSCTTY. > > From the Client to Server ssh george@xxxxxxxxxxxxx and the Client timed out and nothing has shown up on Server debug. I can ssh to any of my laptops on my local lan but not across the internet. if I knew that when I went from FC12 to 13 I would have stayed with F12. oh Well FC14 comes out in another month, i hope I have better luck. Below is all i get on the debug below, it just sits there listening . # service sshd restart Stopping sshd: [FAILED] Starting sshd: debug1: sshd version OpenSSH_5.4p1 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-d' Set /proc/self/oom_adj from 0 to -17 debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Bind to port 22 on ::. Server listening on :: port 22. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
