I have a problem I can not identify. Two firewalls with OpenBSD 2.8 sshd version OpenSSH_2.3.0 I do a ssh root at 195.84.181.91 -v SSH Version OpenSSH_2.3.0, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /etc/ssh_config debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to 195.84.181.91 [195.84.181.91] port 22. debug: Allocated local port 638. debug: connect: Connection timed out debug: Trying again... ... and on the Server side a tcpdump -ni rl0 host 195.84.105.112 and port 22 tcpdump: listening on rl0 09:07:00.534120 195.84.181.90.22 > 195.84.105.112.40066: . ack 3776275139 win 32120 <nop,nop,timestamp 831104794 74769850> (DF) 09:07:00.574027 195.84.181.90.22 > 195.84.105.112.40066: P 0:44(44) ack 1 win 32120 <nop,nop,timestamp 831104797 74769850> (DF) ... nothing else, no reply. The firewall rules on the server are pass in quick from any to any pass out quick from any to any The sshd_config is the default one. ssh root at localhost works fine. sshd -d does not show anything (exept the normal waiting..., can not do it from here!) The strange thing is: I can log into the box from other IPs by my own. Please check for yourself if it reacts to other remote OpenBSD Clients. I can not, I have only this one which is ignored.
does $ ssh -o UsePrivilegedPort=no root at 195.84.181.91 work? On Fri, Dec 08, 2000 at 03:36:48PM +0100, Andreas Schuldei wrote:> I have a problem I can not identify. > Two firewalls with OpenBSD 2.8 > > sshd version OpenSSH_2.3.0 > > I do a > > ssh root at 195.84.181.91 -v > SSH Version OpenSSH_2.3.0, protocol versions 1.5/2.0. > Compiled with SSL (0x0090581f). > debug: Reading configuration data /etc/ssh_config > debug: ssh_connect: getuid 0 geteuid 0 anon 0 > debug: Connecting to 195.84.181.91 [195.84.181.91] port 22. > debug: Allocated local port 638. > debug: connect: Connection timed out > debug: Trying again... > ... > > > and on the Server side a > tcpdump -ni rl0 host 195.84.105.112 and port 22 > tcpdump: listening on rl0 > 09:07:00.534120 195.84.181.90.22 > 195.84.105.112.40066: . ack 3776275139 win 32120 <nop,nop,timestamp 831104794 74769850> (DF) > 09:07:00.574027 195.84.181.90.22 > 195.84.105.112.40066: P 0:44(44) ack 1 win 32120 <nop,nop,timestamp 831104797 74769850> (DF) > ... > > nothing else, no reply. > > The firewall rules on the server are > > pass in quick from any to any > pass out quick from any to any > > The sshd_config is the default one. > > ssh root at localhost works fine. > > sshd -d does not show anything (exept the normal waiting..., can not do it > from here!) > > The strange thing is: I can log into the box from other IPs by my own. > > Please check for yourself if it reacts to other remote OpenBSD Clients. I can > not, I have only this one which is ignored. > > > >
* Markus Friedl (Markus.Friedl at informatik.uni-erlangen.de) [001208 17:16]:> does > $ ssh -o UsePrivilegedPort=no root at 195.84.181.91 > work?no, th?t does not change anything. Does it work from other OpenBSD 2.8 Boxes? Has anyone tried? Please cc me to andreas at schuldei.org, the mailinglist archive is really slow, it seems.
I've just installed openssh 2.3.0p1 on a number of Solaris 2.6 boxes. I've noticed that connect times can take up to 3 minutes when connecting from box a to box b with the new ssh client and daemon. When I connect using a pc client like f-secure or with an old ssh client on unix the connect times are wonderfully fast. Any idea why I would get slow connect times with the new client and new daemon? Thanks. ************************************************************************** * William Wilson - Northern AZ Univ * william.wilson at nau.edu *** http://jan.ucc.nau.edu/~wew
> Does it work from other OpenBSD 2.8 Boxes? Has anyone tried?openssh is developed on my openbsd 2.8 box.
On Fri, Dec 08, 2000 at 03:36:48PM +0100, Andreas Schuldei wrote:> I have a problem I can not identify. > Two firewalls with OpenBSD 2.8 > > sshd version OpenSSH_2.3.0 > > I do a > > ssh root at 195.84.181.91 -v > SSH Version OpenSSH_2.3.0, protocol versions 1.5/2.0. > Compiled with SSL (0x0090581f). > debug: Reading configuration data /etc/ssh_config > debug: ssh_connect: getuid 0 geteuid 0 anon 0 > debug: Connecting to 195.84.181.91 [195.84.181.91] port 22.here i see IP 195.84.181.91> debug: Allocated local port 638. > debug: connect: Connection timed out > debug: Trying again... > ... > > > and on the Server side a > tcpdump -ni rl0 host 195.84.105.112 and port 22 > tcpdump: listening on rl0 > 09:07:00.534120 195.84.181.90.22 > 195.84.105.112.40066: . ack 3776275139 win 32120 <nop,nop,timestamp 831104794 74769850> (DF) > 09:07:00.574027 195.84.181.90.22 > 195.84.105.112.40066: P 0:44(44) ack 1 win 32120 <nop,nop,timestamp 831104797 74769850> (DF)and here it's 195.84.181.90 apart from this i cannot see how your problems are related to openssh. does telnet work? what does telnet server 22 say? does ping work? what does tcpdump on the client say?
* Markus Friedl (markus.friedl at informatik.uni-erlangen.de) [001209 13:16]:> and all other connections between the 2 machines work fine? > ping? telnet? portscan?I traced the problem back to some kernel bug that is triggered by isakmpd when switching to encrypted traffic. I could reset isakmpd to allow traffic again but not ssh. I am not sure niklas at openbsd.org, whom I contacted about this has solved it allready, but Angelos suggested that the problem was known/solved. it seems to be a kernelbug. bummer.