cannot ssh into a box with DHCP assigned IP address

Wed Feb 20 10:27:39 UTC 2013

Ok I think you've got a DNS resolution problem here, so when you try to establish the connection, SSHD tries to resolve your client's hostname.

It fails and times out, however your ssh login gracetime is already over.

You have several options here:

1/ increase the login grace time in sshd_config
2/ set usedns no (or do both, btw)
3/ fix DNS resolution ;)

I would definitely recommend turning off hostname resolution for sshd, it is of marginal value (to me at least).

On Feb 20, 2013, at 11:21 AM, Anton Shterenlikht <mexas at bristol.ac.uk> wrote:

> 	From ml at my.gd Wed Feb 20 10:11:12 2013
> 
> 	Run this on your server:
> 
> 	tcpdump -ni wlan0 ip and port 22
> 
> 	Then try to ssh to the box,
> 	 see if SYN packets arrive,
> 	 see if your box sends SYN/ACK back.
> 
> 172.21.220.12 is the ssh server
> 137.222.187.241 is the ssh client (where I login from)
> 
> There's lots of output on the server:
> 
> 10:13:40.396933 IP 172.21.220.12.20541 > 137.222.187.241.22: Flags [P.], seq 528
> :576, ack 897, win 1040, options [nop,nop,TS val 166697722 ecr 2764601194], leng
> th 48
> 10:13:40.400142 IP 137.222.187.241.22 > 172.21.220.12.20541: Flags [P.], seq 897
> :945, ack 576, win 1040, options [nop,nop,TS val 2764601829 ecr 166697722], leng
> th 48
> 10:13:40.499768 IP 172.21.220.12.20541 > 137.222.187.241.22: Flags [.], ack 945,
> win 1040, options [nop,nop,TS val 166697825 ecr 2764601829], length 0
> 10:13:41.126804 IP 172.21.220.12.20541 > 137.222.187.241.22: Flags [P.], seq 576
> :624, ack 945, win 1040, options [nop,nop,TS val 166698452 ecr 2764601829], leng
> th 48
> 10:13:41.129465 IP 137.222.187.241.22 > 172.21.220.12.20541: Flags [P.], seq 945
> :993, ack 624, win 1040, options [nop,nop,TS val 2764602558 ecr 166698452], leng
> th 48
> 10:13:41.229792 IP 172.21.220.12.20541 > 137.222.187.241.22: Flags [.], ack 993,
> win 1040, options [nop,nop,TS val 166698555 ecr 2764602558], length 0
> 10:14:06.042148 IP 137.222.187.241.22 > 172.21.220.12.46009: Flags [P.], seq 691
> 166491:691166555, ack 2147595671, win 1040, options [nop,nop,TS val 2121228740 e
> cr 166423364], length 64
> 10:14:06.043854 IP 172.21.220.12.46009 > 137.222.187.241.22: Flags [P.], seq 1:3
> 3, ack 64, win 1040, options [nop,nop,TS val 166723368 ecr 2121228740], length 3
> 2
> 10:14:06.144924 IP 137.222.187.241.22 > 172.21.220.12.46009: Flags [.], ack 33,
> win 1040, options [nop,nop,TS val 2121228843 ecr 166723368], length 0
> 
> 10:15:02.017361 IP 137.222.187.241.22 > 172.21.220.12.46009: Flags [P.], seq 159
> 04:16240, ack 7169, win 1040, options [nop,nop,TS val 2121284715 ecr 166779337],
> length 336
> 10:15:02.017969 IP 137.222.187.241.22 > 172.21.220.12.46009: Flags [P.], seq 162
> 40:16576, ack 7169, win 1040, options [nop,nop,TS val 2121284716 ecr 166779337],
> length 336
> 10:15:02.018079 IP 172.21.220.12.46009 > 137.222.187.241.22: Flags [.], ack 1657
> 6, win 1035, options [nop,nop,TS val 166779343 ecr 2121284715], length 0
> 10:15:02.018319 IP 137.222.187.241.22 > 172.21.220.12.46009: Flags [P.], seq 165
> 76:16896, ack 7169, win 1040, options [nop,nop,TS val 2121284716 ecr 166779337],
> length 320
> 10:15:02.018510 IP 137.222.187.241.22 > 172.21.220.12.46009: Flags [P.], seq 168
> 96:17232, ack 7169, win 1040, options [nop,nop,TS val 2121284716 ecr 166779337],
> length 336
> 10:15:02.018626 IP 172.21.220.12.46009 > 137.222.187.241.22: Flags [.], ack 1723
> 2, win 1030, options [nop,nop,TS val 166779344 ecr 2121284716], length 0
> 10:15:02.019583 IP 137.222.187.241.22 > 172.21.220.12.46009: Flags [P.], seq 172
> 32:17568, ack 7169, win 1040, options [nop,nop,TS val 2121284716 ecr 166779337],
> length 336
> 10:15:02.019840 IP 137.222.187.241.22 > 172.21.220.12.46009: Flags [P.], seq 175
> 68:17840, ack 7169, win 1040, options [nop,nop,TS val 2121284717 ecr 166779337],
> length 272
> 10:15:02.019927 IP 172.21.220.12.46009 > 137.222.187.241.22: Flags [.], ack 1784
> 0, win 1036, options [nop,nop,TS val 166779345 ecr 2121284716], length 0
> 
> Thanks
> 
> Anton