Can't do ssh

darulprasad · July 2, 2008, 8:01am

We have a test box in solaris and some of 20 servers in prod. The problem is i can ping from test box to all prod box, but can't to ssh to prod box. If i try from prod to test box it giving unknown host error, SO what i need to check in test box
I did ps -ef |grep ssh it showing ssh is running

Please guide me what i need to do.

Thanks in Advance..
Prasad

beev1812 · July 2, 2008, 8:47am

Are your servers pointed to DNS server(s)? Or have an entry in /etc/hosts
If you ssh to the server using the hostname or alias, you must have an entry in your /etc/hosts file or calling the FQDN entry.

darulprasad · July 2, 2008, 8:54am

Its pointed to DNS server and i'm doing ssh hostname

incredible · July 2, 2008, 9:01am

which version of solaris are you doing?
if solaris 10, do svcs -vx and post the output.
if solaris 8 or 9, check the /etc/ssh/sshd_config file, /etc/defaultrouter , /etc/resolve.conf.
Are you able to ping to your gateway? whats the output of netstat -rn?

darulprasad · July 2, 2008, 9:25am

Its solaris 8

There is no ssh directory in etc, I can able to ping defaultrouter.

# more resolv.conf
domain domain.com
nameserver 10.0.108.12
nameserver 10.0.108.13

# ping 10.6.110.10
10.6.110.10 is alive

# netstat -rn

Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
10.6.110.0 10.6.110.139 U 1 12 dmfe0
224.0.0.0 10.6.110.139 U 1 0 dmfe0
default 10.6.110.10 UG 1 45
127.0.0.1 127.0.0.1 UH 2 9 lo0

# ps -ef |grep -i ssh
root 291 1 0 22:30:28 ? 0:00 /usr/local/sbin/sshd
root 532 370 0 06:13:00 console 0:00 grep -i ssh

darulprasad · July 2, 2008, 9:26am

In all other server defaultrouter is 10.15.14.1

incredible · July 2, 2008, 9:42am

since when you facing this issue? any changes made on the system recently? any reboot?
1) you can try to stop/start the sshd daemon
2) hope you're not trying to ssh as "root"
3) any subnets being blocked in the /etc/hosts.deny file (check the hosts.allow file as well)
4) how abt the sshd_config? PermitRootLogin line param?
5) can you ssh using the IP instead?
6) nslooklup hostname (does this return you your server IP)?

incredible · July 2, 2008, 9:47am

also try doing ssh -v <hostname> and see if the output throws any exceptions..
check the root dir for the .ssh dir (hidden file). check the known_hosts file if the servers' key which you're trying to ssh from is planted. Sorry bro, I wish I could help my level best, but without me trying infront of the system its always hard for me to put into good words...:o

darulprasad · July 2, 2008, 9:50am

In all other servers the gateway is 10.15.14.1

incredible · July 2, 2008, 9:51am

Did you create a password for the user using "passwd" at your destination host?. Even though you copied the public key correctly, and a match was found, the ssh daemon might throw an error that it failed public key authorization, and client would wait at a password prompt.
Fyi

incredible · July 2, 2008, 9:54am

is it a /etc/netmask or /etc/defaultrouter problem then?

darulprasad · July 2, 2008, 10:10am

yeah i can do ssh with ip, Its working

while doing nslookup it does not return to server ip
and sshd_config is not there and no ssh directory in etc.

darulprasad · July 2, 2008, 10:14am

the defaultrouter and netmasks is different in both servers. will it could be a problem.

darulprasad · July 2, 2008, 10:18am

what i need to do now, need to change the netmasks and defaultrouter as the prod server

mjkroner · July 2, 2008, 1:49pm

Your sshd_config file may be located in /etc/ssh2 You have to have one. run

find / -name "sshd*_config"

You can also test the connection to your test server by entering

ssh 0 which should connect to your loopback address

jhtrice · July 2, 2008, 1:59pm

Check /usr/local/etc/ for the ssh stuff. It looks like the install for ssh was done under /usr/local.