I cant ping to some of my machines, but ping works.
I attach screenshots. Port is open and it is 22.
I can't figure out why i cant access.
you can't ping, but ping works?
Hm.......
ping uses the ICMP protocol. It uses no ports. It does not need tcp or ssh.
ping can be blocked, but you gave us no system information.
See this for how ping can be blocked - How to Block Ping ICMP Requests to Linux Systems
Good, complete questions get better answers - we need the UNIX OS and version to give specific help.
The title says the problem is with ssh.
What problem? Connection refused? Connection timed out?
Putty is not ideal for testing it. Do you have telnet?
telnet remotehost 22
It should directly show the diagnostic message.
Hi tomislav,
You could also run ssh in verbose mode like;
ssh -v user@host # This is quite Verbose.
or;
ssh -v -v -v user@host # This is extremely verbose.
I'd bet though that if you are getting nothing back and can ping the IP Address of the server or the Hostname of the server that ssh may not be properly set up.
Regards
Gull04
this is output
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.10.50.6 [10.10.50.6] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p1 Ubunt u-2ubuntu1
debug1: match: OpenSSH_6.6p1 Ubuntu-2ubuntu1 pat OpenSSH_6.5*,OpenSSH_6.6* compa t 0x14000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "10.10.50.6" from file "/root/.s sh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug2: compat_kex_proposal: original KEX proposal: curve25519-sha256@libssh.org ,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-e xchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,di ffie-hellman-group1-sha1
debug2: Compat: skipping algorithm "curve25519-sha256@libssh.org"
debug2: compat_kex_proposal: compat KEX proposal: ecdh-sha2-nistp256,ecdh-sha2-n istp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-g roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug1: SSH2_MSG_KEXINIT sent
Hi,
So where are you running the telnet command from, presumably a command window?
What application are you using for ssh?
Is ssh connection allowed as root on the remote server? (Although that would normally give an access denied message.)
Also there seems to be no key in the known hosts file or no known hosts file.
Oh and one more thing, can you send the output of cat /etc/ssh/ssh_config from the target system.
Regards
Gull04
cat /etc/ssh/ssh_config
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
Hi Tomislav,
Just a quick question on this, can anybody connect to the target system using ssh or is it just a single system that can't connect?
Regards
Gull04
no one can.
The verbose execution shows that ssh is running and an authentication process seems to be starting up. But it seems strange, that it stops at the given output.
- Is this really all of the output you get? Please try again, wait up to a minute and if different post the output again.
- If possible take a
tail -f /var/log/auth.logof the target server(via system console) and watch the messages, while trying to log in via ssh. Post those messages here.
Best to debug from server side, the side you wish to connect to, if everything else seems ok.
You can do it by command line starting the ssh server with multiple (up to 3) -d switches, and observe the output on screen.
Or uncomment / change the LogLevel in sshd_config to DEBUG3 , restart and look at system logs.
Much more verbose output will follow.
I used this to succesfully debug one switch network brand which was unable to connect to SSH server due to server and client unable to find a common cipher to agree on.
Once i got it to debug mode, a server wrote a nice message, and when a chosen Cipher was added to server everything worked.
After you have identified the problem, turn it off since it will produce a lot of logs and possibly invade peoples privacy.
Hope that helps
Regards
Peasant.
I got this via tail from server
tail -f /var/log/auth.log
Nov 21 21:56:11 user1 sshd[8740]: debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [prea
uth]
Nov 21 21:56:11 user1 sshd[8740]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Nov 21 21:56:33 user1 sshd[8740]: Connection closed by 10.10.50.1 [preauth]
Nov 21 21:56:33 user1 sshd[8740]: debug1: do_cleanup [preauth]
Nov 21 21:56:33 user1 sshd[8740]: debug3: PAM: sshpam_thread_cleanup entering [preauth]
Nov 21 21:56:33 user1 sshd[8740]: debug1: monitor_read_log: child log fd closed
Nov 21 21:56:33 user1 sshd[8740]: debug3: mm_request_receive entering
Nov 21 21:56:33 user1 sshd[8740]: debug1: do_cleanup
Nov 21 21:56:33 user1 sshd[8740]: debug3: PAM: sshpam_thread_cleanup entering
Nov 21 21:56:33 user1 sshd[8740]: debug1: Killing privsep child 8741
Nov 21 21:57:00 user1 sshd[8686]: debug3: fd 5 is not O_NONBLOCK
Nov 21 21:57:00 user1 sshd[8686]: debug1: Forked child 8760.
Nov 21 21:57:00 user1 sshd[8686]: debug3: send_rexec_state: entering fd = 8 config len 724
Nov 21 21:57:00 user1 sshd[8686]: debug3: ssh_msg_send: type 0
Nov 21 21:57:00 user1 sshd[8686]: debug3: send_rexec_state: done
Nov 21 21:57:00 user1 sshd[8760]: debug3: oom_adjust_restore
Nov 21 21:57:00 user1 sshd[8760]: Set /proc/self/oom_score_adj to 0
Nov 21 21:57:00 user1 sshd[8760]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Nov 21 21:57:00 user1 sshd[8760]: debug1: inetd sockets after dupping: 3, 3
Nov 21 21:57:00 user1 sshd[8760]: Connection from 10.10.50.1 port 46509 on 10.10.50.6 port 22
Nov 21 21:57:00 user1 sshd[8760]: debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
p1 Ubuntu-2ubuntu2
Nov 21 21:57:00 user1 sshd[8760]: debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH* compat 0x04000
000
Nov 21 21:57:00 user1 sshd[8760]: debug1: Enabling compatibility mode for protocol 2.0
Nov 21 21:57:00 user1 sshd[8760]: debug1: Local version string SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1
Nov 21 21:57:00 user1 sshd[8760]: debug2: fd 3 setting O_NONBLOCK
Nov 21 21:57:00 user1 sshd[8760]: debug2: Network child is on pid 8761
Nov 21 21:57:00 user1 sshd[8760]: debug3: preauth child monitor started
Nov 21 21:57:00 user1 sshd[8760]: debug3: privsep user:group 116:65534 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug1: permanently_set_uid: 116/65534 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed2551
9 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug1: SSH2_MSG_KEXINIT received [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256
,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,dif
fie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
[preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arc
four128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-c
bc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arc
four128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-c
bc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.
com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,h
mac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@
openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
6,hmac-md5-96 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.
com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,h
mac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@
openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
6,hmac-md5-96 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: first_kex_follows 0 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: reserved 0 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2
-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diff
ie-hellman-group1-sha1 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-
sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-r
sa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecd
sa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arc
four128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-c
bc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arc
four128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-c
bc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.
com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,h
mac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@
openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
6,hmac-md5-96 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.
com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,h
mac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@
openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
6,hmac-md5-96 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: first_kex_follows 0 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: kex_parse_kexinit: reserved 0 [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: mac_setup: setup hmac-md5-etm@openssh.com [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [prea
uth]
Nov 21 21:57:00 user1 sshd[8760]: debug2: mac_setup: setup hmac-md5-etm@openssh.com [preauth]
Nov 21 21:57:00 user1 sshd[8760]: debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [prea
uth]
Nov 21 21:57:00 user1 sshd[8760]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Can you please post output of the following on the server :
uname -a
lsb_release -a
Also, can you run the following from client unable to connect (presuming clients are linux boxes)..
ping -M do -s 1472 <your ssh server>
Are you using VPN or behind firewalls ?
Regards
Peasant.
Can you post the output of the lastb command on the server running sshd (logged into server as root)?
Do you happen to try this via a VPN connection? I recently encountered this issue with one older client not supporting the compression algorithm.