PDA

View Full Version : Cannot SSH to server



ncoppersmith
08-Dec-2011, 16:36
I have a number of different SLES 10 machines in production, all with
SSH enabled. From any machine on the network I can SSH in just fine.
From one particular server, when I try to SSH I instantly get a Network:
connection refused. This only occurs when I try to SSH into my two OES
boxes, one is file/print, the other runs Groupwise 8. I can SSH into
those two servers from other machines just fine (and have frequently).
However, the one server that DOESN'T work, we're using as a Platespin
Protect server, so it needs to be able to SSH into the two OES boxes,
which we want to protect.

Platespin Server (SSH client)
Server 2008R2
No firewall enabled on any profile
On same subnet
Can SSH into other Linux machines on network
Cannot SSH into SLES 10 servers running OES (connection refused)

SLES 10 / OES Server(s) (SSH Server)
SLES 10 / No apparmor profiles (not installed)
Firewall disabled
hosts.allow set to allow all local hosts
hosts.deny is empty
DNS is configured and working properly

I've tried running /usr/sbin/sshd -d -d -d to increase debugging
output, but nothing registers when I try to connect from the Platespin
server. If I connect from a different machine I do get debugging
output. I don't see anything under /var/log/messages either.

Anyone have any suggestions to test/try/troubleshoot? I'm using putty
as my ssh client and I've never had issues with this before. I think
it's on the SLES side as the Platespin server can ssh just fine to other
hosts on the network, just not the two that it needs to. :P


--
ncoppersmith
------------------------------------------------------------------------
ncoppersmith's Profile: http://forums.novell.com/member.php?userid=10383
View this thread: http://forums.novell.com/showthread.php?t=449338

ab
08-Dec-2011, 17:09
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tried getting a LAN trace from both sides to see what happens? Anything
interesting in /var/log/firewall on the server? A connection refused
makes me think that the firewall on the server hates you. ;-)

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJO4OFHAAoJEF+XTK08PnB5STkQAL2yCskIEa 6XF6qKjTp39o8M
NAOjoxyXRdS6R+VRefKKxZpSCi4yEF68n37wAwMtn+uUdi0H0g GUF4fNBGogmTPO
HQ5HMxmJXYdQh1Hv5pOVdKOMax1ipNUPRtddiIRqGz5I3CAMBk 7VaYyWqjPudmeL
9pGK/eUZxJ2e/Z/IzOf2fY1ML22hZO+yINXSl4ZLyq5hxgZHqQLRlgetikYtjq8l
wPkVE6ZMAh4SCfsXg5+Fqrbu6XJPnMWwEspzIhPQRn8d87bbRV uUCqREQsH/bITy
NH59C/meGrwD0cnsY59lIJi8yPtYPjgNPFtKHNt1aK8ITTzNLycQNUHx cH37w/+F
0/jRPXtojQoOCgEppcKXOJKfbZvjj6ZXs+hXhv7G7vcE6JdK+ZMw B1uDxbiV2Np1
VRmSVkUVO537d0INwVkDyN7K5HO8ZRX3AWnNcrULyska4uy3Iu TMv5HnofJ4++hE
WtVXLFQaqedLA2BvhFB6GZAkoWvdLUl6R6/QRc45ZOTQericZp4sKSeG8CnPxOE8
kaWabCjPOOs4/07QahXq9hGv5kgbNwIHr2iWxWXALWGIf7jTke2TbmkTP9cREaZ T
Qa9R8D2rr8rbtGiZx2zh0+e59PvcL97iDzdIwHJ+CtNdwb0nWT qVfv+cZ952Vdkl
3f94hjUC3xChp2kpIutc
=vb9y
-----END PGP SIGNATURE-----

Kevin Miller
08-Dec-2011, 18:27
On 12/08/2011 06:36 AM, ncoppersmith wrote:
>
> I have a number of different SLES 10 machines in production, all with
> SSH enabled. From any machine on the network I can SSH in just fine.
> From one particular server, when I try to SSH I instantly get a Network:
> connection refused. This only occurs when I try to SSH into my two OES
> boxes, one is file/print, the other runs Groupwise 8. I can SSH into
> those two servers from other machines just fine (and have frequently).
> However, the one server that DOESN'T work, we're using as a Platespin
> Protect server, so it needs to be able to SSH into the two OES boxes,
> which we want to protect.
>
> Platespin Server (SSH client)
> Server 2008R2
> No firewall enabled on any profile
> On same subnet
> Can SSH into other Linux machines on network
> Cannot SSH into SLES 10 servers running OES (connection refused)
>
> SLES 10 / OES Server(s) (SSH Server)
> SLES 10 / No apparmor profiles (not installed)
> Firewall disabled
> hosts.allow set to allow all local hosts
> hosts.deny is empty
> DNS is configured and working properly
>
> I've tried running /usr/sbin/sshd -d -d -d to increase debugging
> output, but nothing registers when I try to connect from the Platespin
> server. If I connect from a different machine I do get debugging
> output. I don't see anything under /var/log/messages either.
>
> Anyone have any suggestions to test/try/troubleshoot? I'm using putty
> as my ssh client and I've never had issues with this before. I think
> it's on the SLES side as the Platespin server can ssh just fine to other
> hosts on the network, just not the two that it needs to. :P

Are you using inetd to start ssh? Perhaps something in the hosts.allow
or hosts.deny files?

What user are you coming in as? IIRC using ssh as root is disallowed by
default. Come in as a regular user and su to root when you get there.

Perhaps it's the ssh version? Check that your using version 2 in all
the conf files.

Just some random thoughts...

--
Kevin Miller
Juneau, Alaska
http://www.alaska.net/~atftb
"In the history of the world, no one has ever washed a rented car."
- Lawrence Summers

ncoppersmith
08-Dec-2011, 21:16
hosts.allow is set to sshd : ALL : Allow
hosts.deny is empty
The connection is denied before a login is attempted, I would say
during session initiation.
This only happens when trying to connect from a specific client, so I
know that my configuration and what not is all good, just something
about this particular machine neither of the OES servers like. My
non-OES SLES servers allow connections from this particular client.
SSHD starts on boot, so I don't know if that's inetd or not. (not
really good on Linux under the hood, just basic administration)


--
ncoppersmith
------------------------------------------------------------------------
ncoppersmith's Profile: http://forums.novell.com/member.php?userid=10383
View this thread: http://forums.novell.com/showthread.php?t=449338

ncoppersmith
08-Dec-2011, 21:16
The LAN traces are inconclusive, it shows putty.exe traffic going to and
from the source and destination.
Firewall is disabled on the client (all profiles), as well as the SLES
server itself. The connection refused makes me think it's a firewall as
well, but since it only denies connections to these two servers it can't
be on the client side, and I disable the firewall during the install of
the SLES servers. (to avoid these types of problems) (/var/log/firewall
doesn't exist, due to the firewall not starting)


--
ncoppersmith
------------------------------------------------------------------------
ncoppersmith's Profile: http://forums.novell.com/member.php?userid=10383
View this thread: http://forums.novell.com/showthread.php?t=449338

ab
09-Dec-2011, 01:02
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not having a firewall is a bad idea; the firewall is simple and reliable
and at worst a minor inconvenience unless you go crazy with the
configuration. You should enable it and define exceptions as applicable
(at least SSH). In this case having the firewall enabled would at least
give you a message if the firewall was involved in blocking.

Post the LAN trace somewhere, even on Novell's FTP server if needed.

ftp://ftp.novell.com/incoming/

Please do minimal (if any) filtering. At least leave things like SSH
(whichever port) of course, plus DNS, any ARP stuff, etc. in there.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJO4VApAAoJEF+XTK08PnB53o0P/20E6w2xt6lQTIndU2Y9pbDp
XjFsV1ZQVDryjGlIlRxKni+gHgWauO/rz0CIV4H4HxK6npcjneV87Slz9932lZQa
nyEu8stYLG1gYbv5oTGw4AQc014zC8NTxWfejRlzcCESdAKbSy L5zPvbopxfRjV9
M5H762fz5SzWIzjb63HhJei/pYas4enzG5mPFghZhwQs6c9RvVuioz8j3IdO4YKT
0aef4kUjV24iRZOrLazFb1WYAD7+DY1NbBDq0UkQJ50Rmjc4c1 wtlIBitlyhAQ3T
6rh5ILBxAN5mBZyFLAJzq506K3IQ18fvF2f5yv7UqyQI1nZYuJ BolgLAiESfd61H
pTjSyVQLPGEo1btqxx3bVb5/0wSFPi/Z8elkbdnFEDp9fPtxgj4CubDEJTaSa6FS
FOl0sEhO4vQtWo9OFf/gWsTzG+wT/CqVhB+gjEaufrRUhbZR6jLwU5O4FEJxot2B
mQ5LL2NQLg1yx9hILoUZX0lKQoy906sM8mxG5mtdH3BSRx1zlY SRKMZiM/0zWYOd
/Z34KS3JVI5uUkzeb438I2E/+KvsSo2dOpHKExPgYzHRA+llbMSPLH8LdcKAYmEp
c0MpwL4niJeH1w23aL63pRruMRmLhmf5sQl9xlDyiTm6jaqRpI K59vO8AbcgiEYN
5LjGE/URugsNHiazkrFY
=LNq2
-----END PGP SIGNATURE-----

ncoppersmith
09-Dec-2011, 16:36
It appears to have been a configuration issue with Platespin and a hung
workload with the same IP address of the servers being protected.
Strangely enough it only affected the Platespin server and not other
machines, but powering down the failover workloads fixed the problem.


--
ncoppersmith
------------------------------------------------------------------------
ncoppersmith's Profile: http://forums.novell.com/member.php?userid=10383
View this thread: http://forums.novell.com/showthread.php?t=449338

wazzit
19-Jan-2015, 21:56
having installed several thousand systems over decades, from os2, windows, mainframes and power servers, redhat, fedora, ubuntu etec... I've rarely seen an install so inherently mind numbing as one in which the install completes and the system is completely isolated from outside access, no telnet, no ssh, nothing, nada. As of today I will never, ever, for the rest of my life suggest anyone install such a mindless configuration outside of a top secret military installation! Why are there hundreds of "can't ssh to suse" server questions on the web and why isn't there an explanation and a way to fix this idiotic operating system?
these and dozens more don't provide an answer:
https://forums.opensuse.org/showthread.php/454587-ssh-connection-refused
https://en.opensuse.org/SDB:Configure_openSSH
http://www.bing.com/search?q=can%27t+ssh+to+suse&qs=n&form=QBLH&pq=can%27t+ssh+to+suse&sc=0-14&sp=-1&sk=&cvid=9b65366a5c1f4dff9296f1a9f3a4fbd6

malcolmlewis
19-Jan-2015, 23:17
having installed several thousand systems over decades, from os2, windows, mainframes and power servers, redhat, fedora, ubuntu etec... I've rarely seen an install so inherently mind numbing as one in which the install completes and the system is completely isolated from outside access, no telnet, no ssh, nothing, nada. As of today I will never, ever, for the rest of my life suggest anyone install such a mindless configuration outside of a top secret military installation! Why are there hundreds of "can't ssh to suse" server questions on the web and why isn't there an explanation and a way to fix this idiotic operating system?
these and dozens more don't provide an answer:
https://forums.opensuse.org/showthread.php/454587-ssh-connection-refused

https://en.opensuse.org/SDB:Configure_openSSH
http://www.bing.com/search?q=can%27t+ssh+to+suse&qs=n&form=QBLH&pq=can%27t+ssh+to+suse&sc=0-14&sp=-1&sk=&cvid=9b65366a5c1f4dff9296f1a9f3a4fbd6
Hi
First, you post to a ~4 year old thread. Enabling SSH is very simple during the install, there is an option to enable ssh and open the firewall. By default these are both disabled for security and configuration as the end user requirements.

Plus you point to openSUSE, whereas these are the SUSE forums, if you really want to rant then the openSUSE forums have a soapbox subforum. These forums are for support, if your not wanting it then suggest you find another venue for blowing off steam ;)