SSH hangs

Hi all,

At a little bit of loss here. I have a Linux box (Redhat Enterprise 4) that has been working flawlessly for a while, that is until late Tuesday when none of the users could ssh into it. The machine is in a DMZ over which I have no control of the network settings. Here is the debug output from both the client (which is an AIX 5.1 box, although from other types of client machines the results are the same) and the Linux server.

Client debug output:

/home/cjohnson [25] > ssh -vv xxx.xxx.xxx.xxx

OpenSSH_4.4p1, OpenSSL 0.9.6g 9 Aug 2002
debug1: Reading configuration data /usr/local/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 199.46.169.20 [199.46.169.20] port 22.
debug1: Connection established.
debug1: identity file /home/cjohnson/.ssh/identity type 0
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/cjohnson/.ssh/id_rsa type 1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/cjohnson/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.4
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent

Server debug output:

Oct 16 12:54:12 localhost sshd[6269]: debug3: fd 4 is not O_NONBLOCK
Oct 16 12:54:12 localhost sshd[6279]: debug1: rexec start in 4 out 4 newsock 4 pipe 7 sock 8
Oct 16 12:54:12 localhost sshd[6269]: debug1: Forked child 6279.
Oct 16 12:54:12 localhost sshd[6269]: debug3: send_rexec_state: entering fd = 8 config len 445
Oct 16 12:54:12 localhost sshd[6269]: debug3: ssh_msg_send: type 0
Oct 16 12:54:12 localhost sshd[6269]: debug3: send_rexec_state: done
Oct 16 12:54:12 localhost sshd[6279]: debug1: inetd sockets after dupping: 3, 3
Oct 16 12:54:12 localhost sshd[6279]: Connection from xxx.xxx.xxx.xxx port 34621
Oct 16 12:54:12 localhost sshd[6279]: debug1: Client protocol version 2.0; client software version OpenSSH_4.4
Oct 16 12:54:12 localhost sshd[6279]: debug1: match: OpenSSH_4.4 pat OpenSSH*
Oct 16 12:54:12 localhost sshd[6279]: debug1: Enabling compatibility mode for protocol 2.0
Oct 16 12:54:12 localhost sshd[6279]: debug1: Local version string SSH-2.0-OpenSSH_3.9p1
Oct 16 12:54:12 localhost sshd[6279]: debug2: fd 3 setting O_NONBLOCK
Oct 16 12:54:12 localhost sshd[6280]: debug3: privsep user:group 74:74
Oct 16 12:54:12 localhost sshd[6279]: debug2: Network child is on pid 6280
Oct 16 16:54:12 localhost sshd[6280]: debug1: permanently_set_uid: 74/74
Oct 16 12:54:12 localhost sshd[6279]: debug3: preauth child monitor started
Oct 16 16:54:12 localhost sshd[6280]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Oct 16 12:54:12 localhost sshd[6279]: debug3: mm_request_receive entering
Oct 16 16:54:12 localhost sshd[6280]: debug1: SSH2_MSG_KEXINIT sent

My initial guess is that the firewall is allowing the initial connection through on port 22 but then is denying any subsequent connection on non-privileged ports.

Anyone have any ideas?

I know both versions of ssh are old and should be updated but I have just rejoined this project and it is on my todo list.

I should note there have been no changes to the system at all.

What happens when you try to establish a connection using userid and password instead of shared keys?

Not using shared keys. Also tried the MTU packet frag fix, that didn't solve the problem either.

Did you ever get a password prompt? (I assume you did not, is that right?)

Neo,
Correct no password prompt, just hangs until it times out.

Sounds like you guessed it right, a firewall rule might have been changed in the DMZ since you worked on the project.

Neo,

Thanks for the quick replies.