getting ssh to work

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Sep 3 01:43:16 PDT 2004 

On Fri, Sep 03, 2004 at 01:23:35AM -0700, David Syphers wrote:
> I recently tried to ssh into my desktop from another machine, and found that 
> it doesn't work (it times out). I'm not sure what I need to do to make it 
> work. I'm running 5-CURRENT from August 3 (back when 5 was still -CURRENT).
> 
> I've confirmed that sshd is running (sshd_enable="YES" is in rc.conf). I've 
> checked /etc/ssh/sshd_config, and I haven't changed any of the defaults. My 
> firewall should allow this sort of thing, and just to make absolutely sure, I 
> told my firewall to (temporarily) let in _everything_ from the entire class B 
> network the remote machine is on. netstat says that my machine is listening 
> on port 22. And I can 'ssh localhost' from my desktop to itself (though it 
> does say, "socket: Protocol not supported" before successfully asking for my 
> password).
> 
> The remote machine in question is running OpenSSH_3.6.1p2, and I'm running 
> OpenSSH_3.8.1p1. I thought maybe for some odd reason ssh'ing out is blocked 
> on the remote machine, but then I remembered that a friend tried to ssh in 
> from his OS X laptop the other day, and that timed out the same way the 
> current remote machine is. And I don't get a "Permission denied" sort of 
> error on the remote machine, just a timeout.

One thing to check -- do you have the machine key for the remote
machine cached somewhere -- ~/.ssh/known_hosts would be a likely
candidate -- and if so, is your cached copy of the key up to date.
Similarly does the remote machine have a cached copy of your host's
key?  Unless you took steps to backup and recover the key,
reinstalling your system will generate a whole new key for you.

Failing that, try running ssh and/or sshd in debug mode.  On the
client side you can run:

    % ssh -v -v -v username at otherhost

which will trace exactly what ssh is trying to do as you log in.

Even more useful is to do the equivalent on the server side, if you
have access there:

    # sshd -d -d -d -p 2222

which runs a foreground instance of sshd bound to port 2222 with all
the debugging information turned on.  Connect to it by:

    % ssh -p 2222 user at otherhost

That will support one session, and then quit when the remote user logs
out.  Note that running sshd with maximum debugging can reveal some
sensitive information, so avoid achieving the same effect by fibbling
with the LogLevel settings in sshd_config.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040903/0e1ce2e3/attachment.bin

More information about the freebsd-questions mailing list