ssh to your box which is being installed / Re: Creating a network boot.img myself
On Sat, Jan 21, 2017 at 07:04:31PM +0100, Frans van Berckel wrote: > > > Does the installer support ssh? So being able to save the debug screen. Last time I checked it did. IIRC you'd have to select the expert level somewhere, so that you get offered to enable extra modules for the installer. Bye, Joost
Re: Headless Ultra1, SSH and X11-forwarding
Tib wrote: > > > On the target host (the one you're ssh'ing to) be sure that sshd_config is > set to enable: > > X11Forwarding yes > > On the source host (the one you're ssh'ing from) you can either do a > manual -X, or change the global ssh_config file to be as follows: > > ForwardX11 yes > > Not sure if the wording is different for various versions of ssh, just > search through the config files for X11 and probably uncomment the lines > and change the options from 'no' to 'yes'. Then bounce sshd on the target > host. > > Test it by ssh'ing to that host again and type 'env|grep display', you > should see something like the following: > > DISPLAY=localhost:10.0 > > If it's there - you're all done. Just start using x programs and you're > done :] Thank you to all who replied. I changed "ForwardX11 no" to "ForwardX11 yes" in the "/etc/ssh/sshd_config" file of "Ultra-headless" and I could open a "xclock" on my "Ultra-desktop" with the commad "ssh -X -v -l Ultra-headless xclock". The ".Xauthority"-file of the X-server was automatically generated in my home-directory. But there is one nasty thing: When I close the "xclock"-application the window on my "Ultra1-desktop" is not released. Instead I get the message: debug1: channel_free: channel 1: status: The following connections are open: #1 x11 (t4 r2 i8/0 o128/0 fd 9/9) Of course, I can close the connection manually, but I am convinced there is a better solution for this. Any ideas? Thnk you all Friedhelm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Headless Ultra1, SSH and X11-forwarding
On Tue, 19 Jul 2005, F. Kappen wrote: > Hi all, > > I installed Sarge (kernel 2.4.27) on my "Ultra1-headless". The machine > has no console attached. I communicate with it via the serial port and > over the net via SSH. From my desktop computer "Ultra1-desktop"- > another Ultra1 running Solaris9 - I can connect to the headless machine > and establish a X11-connection by manually setting the "DISPLAY" > environment on the "Ultra1-headless" and allowing access with "+xhost" > on my "Ultra1-desktop". But when I try to establish a secure > X-connection via SSH > > desktop> ssh -X -v Ultra1-headless > > I always get the error message "Can't open Display". If you are connecting via ssh and forwarding X packets, then don't use +xhost (it's unneccessary) and DO NOT do a manual 'export display=XXX' command - you're only interfering with ssh's ability to set things up. > My question is, am I doing something wrong or is it impossible to > establish a X-connection via SSH to a headless machine? I would like to > hear from you. On the target host (the one you're ssh'ing to) be sure that sshd_config is set to enable: X11Forwarding yes On the source host (the one you're ssh'ing from) you can either do a manual -X, or change the global ssh_config file to be as follows: ForwardX11 yes Not sure if the wording is different for various versions of ssh, just search through the config files for X11 and probably uncomment the lines and change the options from 'no' to 'yes'. Then bounce sshd on the target host. Test it by ssh'ing to that host again and type 'env|grep display', you should see something like the following: DISPLAY=localhost:10.0 If it's there - you're all done. Just start using x programs and you're done :] Tib -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Headless Ultra1, SSH and X11-forwarding
On Tue, 19 Jul 2005 08:31:52 +0200 "F. Kappen" <[EMAIL PROTECTED]> wrote: > But when I try to establish a secure > X-connection via SSH > > desktop> ssh -X -v Ultra1-headless > > I always get the error message "Can't open Display". > > My question is, am I doing something wrong or is it impossible to > establish a X-connection via SSH to a headless machine? I would like > to hear from you. Verify that xauth (on sarge in xbase-clients) is installed and "X11Forwarding" is set to "yes" in /etc/ssh/sshd_config. Hanno -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Headless Ultra1, SSH and X11-forwarding
> But when I try to establish a secure > X-connection via SSH > > desktop> ssh -X -v Ultra1-headless > > I always get the error message "Can't open Display". > > My question is, am I doing something wrong or is it impossible to > establish a X-connection via SSH to a headless machine? I would like to > hear from you. It can be done - in fact that's how this mail is being written. Can you post the values of X11DisplayOffset and X11Forwarding (also X11UseLocalhost, XAuthLocation if they are set) in /etc/ssh/sshd_config on the headless machine and ForwardX11 (and ForwardX11Trusted if set) in /etc/ssh/ssh_config on the client. Then check that the display string set on the client machine works, ssh to the headless machine and echo $DISPLAY. Cheers, - Martin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Headless Ultra1, SSH and X11-forwarding
On Tue, 2005-07-19 08:31:52 +0200, F. Kappen <[EMAIL PROTECTED]> wrote: > I installed Sarge (kernel 2.4.27) on my "Ultra1-headless". The machine > has no console attached. I communicate with it via the serial port and > over the net via SSH. From my desktop computer "Ultra1-desktop"- > another Ultra1 running Solaris9 - I can connect to the headless machine > and establish a X11-connection by manually setting the "DISPLAY" > environment on the "Ultra1-headless" and allowing access with "+xhost" > on my "Ultra1-desktop". But when I try to establish a secure Better do it via ssh... > X-connection via SSH > > desktop> ssh -X -v Ultra1-headless > > I always get the error message "Can't open Display". First of all, 'set | grep DISPLAY' to see if the DISPLAY variable has been set. If not, most probably you forgot to allow X11 forwarding (look at /etc/ssh/sshd_config) or the xauth program isn't installed. It's in the xbase-clients package. If both is given, look at the output of 'ssh -v -v -v -X Ultra1-headless' for failures. Another problem that just comes to mind is that sshd usually knots network connections to machine names. So if your local name resover is configured wrongly, the name may point to incorrect addresses... > My question is, am I doing something wrong or is it impossible to > establish a X-connection via SSH to a headless machine? I would like to > hear from you. No, your ssh -X call is quite correct. Most probably, something of the stuff around isn't configured properly. Starting X11 clients on a headless machine is perfectly fine. MfG, JBG -- Jan-Benedict Glaw [EMAIL PROTECTED]. +49-172-7608481 _ O _ "Eine Freie Meinung in einem Freien Kopf| Gegen Zensur | Gegen Krieg _ _ O fuer einen Freien Staat voll Freier Bürger" | im Internet! | im Irak! O O O ret = do_actions((curr | FREE_SPEECH) & ~(NEW_COPYRIGHT_LAW | DRM | TCPA)); signature.asc Description: Digital signature
Headless Ultra1, SSH and X11-forwarding
Hi all, I installed Sarge (kernel 2.4.27) on my "Ultra1-headless". The machine has no console attached. I communicate with it via the serial port and over the net via SSH. From my desktop computer "Ultra1-desktop"- another Ultra1 running Solaris9 - I can connect to the headless machine and establish a X11-connection by manually setting the "DISPLAY" environment on the "Ultra1-headless" and allowing access with "+xhost" on my "Ultra1-desktop". But when I try to establish a secure X-connection via SSH desktop> ssh -X -v Ultra1-headless I always get the error message "Can't open Display". My question is, am I doing something wrong or is it impossible to establish a X-connection via SSH to a headless machine? I would like to hear from you. Cheers Friedhelm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ssh pause on ultra 2
Thanks to all who responded. Indeed, the fix for my problem was to re-compile libssl with the -mv8 switch. To save the next newbie a bit of the learning curve I went through these are the steps I took to apply this fix:. 1) Installed the source for openssl (apt-get source openssl). This put the source tree in /usr/local/src/openssl-0.9.6c. 2) edited the Configure file in the source tree to add the -mv8 entry. I opened the Configure file in vi, did a search for debian-sparc and added the -mv8 entry directly after the "gcc:" part of the line. 3) installed some packages I was missing (fakeroot, dpkg-dev, debhelper). I don't know if I really needed all these, but this is what I did. 4) ran "/usr/local/src/openssl-0.9.6c/debian/rules binary" to rebuild a .deb file 5) installed the new libssl package (dpkg --install /usr/local/src/libssl0.9.6_0.9.6c-2.woody.4_sparc.deb) 6) restarted openssh Viola! Speedy connections to my ultra2. Thanks again for the assistance everybody! JJ Streicher-Bremer Nate Campi wrote: On Mon, Dec 22, 2003 at 11:33:39AM -0600, JJ Streicher-Bremer wrote: I have woody installed on my ultra2 and have had this problem from the beginning. When I'm sshing to my system my clients (every one I have tried) pauses for approx 15 sec before coming back with a prompt (or connecting in the case of key-based auth). I do have forward _and_ reverse name lookups working on this host. I even tried compiling my own openssh with the same problem. When I run sshd in debug mode this is what I get. It's because openssh as compiled for woody doesn't have the gcc -mv8 optimizations compiled in: http://lists.debian.org/debian-sparc/2002/debian-sparc-200212/msg00025.html I ended up maintaining my own openssl and openssh debs with the optimizations compiled in, made all the difference in the world.
Re: ssh pause on ultra 2
It's not an OpenSSH problem, per se -- it's OpenSSL that's causing the slowdown. There's been quite a bit of discussion about it on this list (though I think it's been a while since the subject last came up). I believe rebuilding OpenSSL from the source package, so that it adds the UltraSparc optimiztions, would speed things up. JJ Streicher-Bremer wrote: > I have woody installed on my ultra2 and have had this problem from the > beginning. When I'm sshing to my system my clients (every one I have > tried) pauses for approx 15 sec before coming back with a prompt (or > connecting in the case of key-based auth). I do have forward _and_ > reverse name lookups working on this host. I even tried compiling my > own openssh with the same problem. When I run sshd in debug mode this > is what I get.
Re: ssh pause on ultra 2
On Mon, Dec 22, 2003 at 11:33:39AM -0600, JJ Streicher-Bremer wrote: > I have woody installed on my ultra2 and have had this problem from the > beginning. When I'm sshing to my system my clients (every one I have > tried) pauses for approx 15 sec before coming back with a prompt (or > connecting in the case of key-based auth). I do have forward _and_ > reverse name lookups working on this host. I even tried compiling my > own openssh with the same problem. When I run sshd in debug mode this > is what I get. ... > This is one of the last little niggles I have with my install of debian > (now that I have RAID1 working) and I'd love to figure out what is going > on. When I tried gentoo on this host, there was no pause at all > connecting via ssh so I don't think it's hardware. If you're using testing or unstable, add /usr/lib/v9/ to /etc/ld.so.conf and run ldconfig and /etc/init.d/ssh restart. (for sun4m people, add /usr/lib/v8/ and run the same commands) Regards, Rob Radez
Re: ssh pause on ultra 2
On Mon, Dec 22, 2003 at 11:33:39AM -0600, JJ Streicher-Bremer wrote: > I have woody installed on my ultra2 and have had this problem from the > beginning. When I'm sshing to my system my clients (every one I have > tried) pauses for approx 15 sec before coming back with a prompt (or > connecting in the case of key-based auth). I do have forward _and_ > reverse name lookups working on this host. I even tried compiling my > own openssh with the same problem. When I run sshd in debug mode this > is what I get. It's because openssh as compiled for woody doesn't have the gcc -mv8 optimizations compiled in: http://lists.debian.org/debian-sparc/2002/debian-sparc-200212/msg00025.html I ended up maintaining my own openssl and openssh debs with the optimizations compiled in, made all the difference in the world. -- Nate "My suggestion for an Official Usenet Motto: 'If you have nothing to say, then come on in, this is the place for you, tell us all about it!'" - Fosseng, Hevard [quotation collector]
ssh pause on ultra 2
I have woody installed on my ultra2 and have had this problem from the beginning. When I'm sshing to my system my clients (every one I have tried) pauses for approx 15 sec before coming back with a prompt (or connecting in the case of key-based auth). I do have forward _and_ reverse name lookups working on this host. I even tried compiling my own openssh with the same problem. When I run sshd in debug mode this is what I get. ultra2:~# /usr/sbin/sshd -d debug1: sshd version OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from 192.168.1.4 port 3371 debug1: Client protocol version 2.0; client software version PuTTY-Snapshot-2003-06-24 debug1: no match: PuTTY-Snapshot-2003-06-24 Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server 3des-cbc hmac-sha1 none debug1: kex: server->client 3des-cbc hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent --- 6 sec pause debug1: dh_gen_key: priv key bits set: 201/384 debug1: bits set: 1583/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1594/3191 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent 6 sec pause debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done This is one of the last little niggles I have with my install of debian (now that I have RAID1 working) and I'd love to figure out what is going on. When I tried gentoo on this host, there was no pause at all connecting via ssh so I don't think it's hardware. Thanks in advance JJ Streicher-Bremer
Re: Ultra 5 SSH/Ethernet Lockup
> Since the only difference between your U5 and mine is that your physical > hardware is not mine (meaning maybe you have memory errors, or cpu/fpu > is too hot and is producing problems) and you are behind a firewire, I'd > go with one of those problems. Of course I means "a firewall". -- Debian - http://www.debian.org/ Linux 1394 - http://www.linux1394.org/ Subversion - http://subversion.tigris.org/ Deqo - http://www.deqo.com/
Re: Ultra 5 SSH/Ethernet Lockup
Francis Devereux <[EMAIL PROTECTED]> writes: > No, I'm not sure. If it is using /dev/urandom then the lockups can't > be being caused by the entropy pool becoming empty, because /dev/urandom > won't block in this case like /dev/random would, right? The symptoms didn't look consistent with ssh not getting entropy anyway. For what it's worth, it uses /dev/urandom (via the openssl library). $ strings /usr/lib/v9/libcrypto.so.0.9.6 | egrep /dev/u?random /dev/urandom $ It would also be clear from strace.
Re: Ultra 5 SSH/Ethernet Lockup
On Wed, Apr 16, 2003 at 08:14:49AM +0100, Francis Devereux wrote: > On Tue, 15 Apr 2003 17:33:11 -0400 > Tom Vier <[EMAIL PROTECTED]> wrote: > > > On Tue, Apr 15, 2003 at 06:50:24AM +0100, Francis Devereux wrote: > > > ssh needs a source of randomness to operate (/dev/random), which in > > > turn needs a pool of entropy which is fed from things like the > > > keyboard interrupt. Your lockups could be caused by sshd stalling > > > because the entropy pool is empty - can you try the following: > > > > are you sure it uses /dev/random? except for key generation, it should > > use/dev/urandom. > > No, I'm not sure. If it is using /dev/urandom then the lockups can't > be being caused by the entropy pool becoming empty, because /dev/urandom > won't block in this case like /dev/random would, right? Look, I have a U5 with nothing running except ssh so I can login and do kernel builds. It has never locked up like this. Since the only difference between your U5 and mine is that your physical hardware is not mine (meaning maybe you have memory errors, or cpu/fpu is too hot and is producing problems) and you are behind a firewire, I'd go with one of those problems. -- Debian - http://www.debian.org/ Linux 1394 - http://www.linux1394.org/ Subversion - http://subversion.tigris.org/ Deqo - http://www.deqo.com/
Re: Ultra 5 SSH/Ethernet Lockup
On Tue, 15 Apr 2003 17:33:11 -0400 Tom Vier <[EMAIL PROTECTED]> wrote: > On Tue, Apr 15, 2003 at 06:50:24AM +0100, Francis Devereux wrote: > > ssh needs a source of randomness to operate (/dev/random), which in > > turn needs a pool of entropy which is fed from things like the > > keyboard interrupt. Your lockups could be caused by sshd stalling > > because the entropy pool is empty - can you try the following: > > are you sure it uses /dev/random? except for key generation, it should > use/dev/urandom. No, I'm not sure. If it is using /dev/urandom then the lockups can't be being caused by the entropy pool becoming empty, because /dev/urandom won't block in this case like /dev/random would, right? Francis
Re: Ultra 5 SSH/Ethernet Lockup
Kristjan Onu <[EMAIL PROTECTED]> writes: > I'm glad to hear others are successfully using U5s. Not conclusive of anything, of course. > I mentioned my problem in an OpenSSH bug report > (http://bugzilla.mindrot.org/show_bug.cgi?id=538), and one person > asked if my server uses ssh-rand-helper. I don't know if Debian does > or not, could one of you please tell me. It doesn't, since Linux has /dev/urandom. This is the Kerberized version, but the vanilla one should be the same: $ dpkg -L ssh-krb5|grep rand-help $
Re: Ultra 5 SSH/Ethernet Lockup
Ben Collins <[EMAIL PROTECTED]> writes: > You need the v8/v9 optimized libssl. They are in unstable, or check this > list's archives for pre-built ones for woody. For what it's worth, it's in testing and just requires a libc upgrade to install. (If you install unofficial debs, check that they're up-to-date, with security holes fixed.)
Re: Ultra 5 SSH/Ethernet Lockup
On Tue, Apr 15, 2003 at 06:50:24AM +0100, Francis Devereux wrote: > ssh needs a source of randomness to operate (/dev/random), which in turn > needs a pool of entropy which is fed from things like the keyboard > interrupt. Your lockups could be caused by sshd stalling because the > entropy pool is empty - can you try the following: are you sure it uses /dev/random? except for key generation, it should use /dev/urandom. -- Tom Vier <[EMAIL PROTECTED]> DSA Key ID 0xE6CB97DA
Re: Ultra 5 SSH/Ethernet Lockup
fwiw, i haven't had any lockups, but ssh'ing from my 270mhz ultra5, it takes much longer for the passwd prompt to appear than it does from even an old 166mhz pentium. Same here, my Debian Ultra 60 has the slowest ssh-login on all the machines I can login to. I've had a look at the logfiles and made a verbose login but couldn't find anything. But the thing about not enough entropy is an interesting thought. The installation is very much stripped down with only the most necessary things running. No X, no mouse, no unnecessary daemons... Got to dig a bit deeper into that. Arthur
Re: Ultra 5 SSH/Ethernet Lockup
On Tue, 15 Apr 2003 00:46:37 + (UTC) Kristjan Onu <[EMAIL PROTECTED]> wrote: > > Also for what it's worth, I haven't seen such problems into a U5, > > either with the Woody libssl or later 0.9.6 ones with v9 > > optimization. > > I'm glad to hear others are successfully using U5s. I'm leaning toward > saying there's a hardware problem, but it must not be with the network > card since I've tried the built-in network card as well as a 3Com. > > Can anyone suggest where else to look? (I think I've heard compiling a > kernel is a good way to test memory.) Any log files that might point > to faulty hardware? > > One point I forgot to mention in my original post is that connecting > from the server back to itself (ie. ssh localhost) seems to work > without fail. ssh needs a source of randomness to operate (/dev/random), which in turn needs a pool of entropy which is fed from things like the keyboard interrupt. Your lockups could be caused by sshd stalling because the entropy pool is empty - can you try the following: 1) ssh to the U5 remotely 2) use the ssh connection until it locks up 3) go over and press some keys on the U5's keyboard and see if the hang is (temporarily) resolved. If so you could try allowing entropy to be gathered from more sources, I can't remember how to do this but googling should give you the answer... Francis
Re: Ultra 5 SSH/Ethernet Lockup
Have you checked the duplex settings on the card? I saw similar things with my Ultra 5's connecting to Cisco switches because autonegotiation wasn't working properly, and the U5's were setting themselves to half-duplex. If I pushed enough traffic across the line when the duplexes didn't match, they'd lock up. I don't know if it's a problem with just the build-in ethernet or with U5's in general. If you've got the ethtool package installed (apt-get install ethtool), try running "ethtool eth0" and check to see if everything looks right. I had to use ethtool to turn off autonegotiation and force full duplex at boot. Kristjan Onu wrote: Also for what it's worth, I haven't seen such problems into a U5, either with the Woody libssl or later 0.9.6 ones with v9 optimization. I'm glad to hear others are successfully using U5s. I'm leaning toward saying there's a hardware problem, but it must not be with the network card since I've tried the built-in network card as well as a 3Com. Can anyone suggest where else to look? (I think I've heard compiling a kernel is a good way to test memory.) Any log files that might point to faulty hardware? One point I forgot to mention in my original post is that connecting from the server back to itself (ie. ssh localhost) seems to work without fail. I mentioned my problem in an OpenSSH bug report (http://bugzilla.mindrot.org/show_bug.cgi?id=538), and one person asked if my server uses ssh-rand-helper. I don't know if Debian does or not, could one of you please tell me.
Re: Ultra 5 SSH/Ethernet Lockup
> Also for what it's worth, I haven't seen such problems into a U5, > either with the Woody libssl or later 0.9.6 ones with v9 optimization. I'm glad to hear others are successfully using U5s. I'm leaning toward saying there's a hardware problem, but it must not be with the network card since I've tried the built-in network card as well as a 3Com. Can anyone suggest where else to look? (I think I've heard compiling a kernel is a good way to test memory.) Any log files that might point to faulty hardware? One point I forgot to mention in my original post is that connecting from the server back to itself (ie. ssh localhost) seems to work without fail. I mentioned my problem in an OpenSSH bug report (http://bugzilla.mindrot.org/show_bug.cgi?id=538), and one person asked if my server uses ssh-rand-helper. I don't know if Debian does or not, could one of you please tell me.
Re: Ultra 5 SSH/Ethernet Lockup
On Mon, Apr 14, 2003 at 05:32:48PM -0400, Tom Vier wrote: > fwiw, i haven't had any lockups, but ssh'ing from my 270mhz ultra5, it takes > much longer for the passwd prompt to appear than it does from even an old > 166mhz pentium. You need the v8/v9 optimized libssl. They are in unstable, or check this list's archives for pre-built ones for woody. -- Debian - http://www.debian.org/ Linux 1394 - http://www.linux1394.org/ Subversion - http://subversion.tigris.org/ Deqo - http://www.deqo.com/
Re: Ultra 5 SSH/Ethernet Lockup
Kristjan Onu <[EMAIL PROTECTED]> writes: > With my Woody installation, the directories you mention did not > exist. Installing libssl0.9.7 (and ssh 3.6.1p1-1) did put files into > /usr/lib/v9. Moving them out of the way as you suggest seems to help > at least a little, For what it's worth, the major effect of removing the v9 libraries is probably to slow down certain crypto operations significantly, so perhaps that affects some timing issue somewhere. Also for what it's worth, I haven't seen such problems into a U5, either with the Woody libssl or later 0.9.6 ones with v9 optimization.
Re: Ultra 5 SSH/Ethernet Lockup
fwiw, i haven't had any lockups, but ssh'ing from my 270mhz ultra5, it takes much longer for the passwd prompt to appear than it does from even an old 166mhz pentium. -- Tom Vier <[EMAIL PROTECTED]> DSA Key ID 0xE6CB97DA
Re: Ultra 5 SSH/Ethernet Lockup
In article <[EMAIL PROTECTED]>, Ben Collins wrote: > On Sun, Apr 13, 2003 at 07:36:31AM +, Kristjan Onu wrote: >> I have Woody installed on an Ultra 5. Frequently SSH sessions to this >> machine seem to "lockup". Specifically, I have observed the following: > > I would blame ssh or libssl. You can also try disabling the v9 > optimized ssl libraries by moving /lib/v9 and /usr/lib/v9 out of the way > to some temporary place (libssl has v9 optimized libs), then rerun > ldconfig and restart sshd. > With my Woody installation, the directories you mention did not exist. Installing libssl0.9.7 (and ssh 3.6.1p1-1) did put files into /usr/lib/v9. Moving them out of the way as you suggest seems to help at least a little, though I can still make the connection hang if I produce a lot of output to the screen, for example with: sudo tcpdump -i eth0 When the connection fails, it hangs in different places, for example: (client)debug1: SSH2_MSG_KEXINIT sent (server)debug1: kex: server->client aes128-cbc hmac-md5 none debug3: preauth child monitor started debug3: mm_request_receive entering or (client)debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY (server)debug1: expecting SSH2_MSG_NEWKEYS I can't seem to find much on the web on why this might be happening.
Re: Ultra 5 SSH/Ethernet Lockup
On Sun, Apr 13, 2003 at 07:36:31AM +, Kristjan Onu wrote: > I have Woody installed on an Ultra 5. Frequently SSH sessions to this > machine seem to "lockup". Specifically, I have observed the following: I would blame ssh or libssl. You can also try disabling the v9 optimized ssl libraries by moving /lib/v9 and /usr/lib/v9 out of the way to some temporary place (libssl has v9 optimized libs), then rerun ldconfig and restart sshd. -- Debian - http://www.debian.org/ Linux 1394 - http://www.linux1394.org/ Subversion - http://subversion.tigris.org/ Deqo - http://www.deqo.com/
Re: Ultra 5 SSH/Ethernet Lockup
It looks to me like you are ssh'ing from behind a firewall (using ipv4) that has a very short timeout for tcp connections. does this happen between local machines as well??? If this is the case than it is not related to which ethernet card you use or which protocol... but just to the firewall setup. Fabio On Sun, 13 Apr 2003, Kristjan Onu wrote: > I have Woody installed on an Ultra 5. Frequently SSH sessions to this > machine seem to "lockup". Specifically, I have observed the following: > > SSH connections to the U5 box using SSH Protocol 2 almost always fail > before the key exchange can complete. > > With SSH Protocol 1 I can login and work for a few minutes, but the > connection still freezes after a little while. > > Using a 3Com NIC rather than the built-in NIC, the problem does not go > away. > > I tried to connect to my network using a different network jack, but > the problem persisted. > > Although one SSH session may freeze, I can successfully open new SSH > sessions (ie. without having to reboot.) > > As best I can tell, no error messages are produced in the log files > when the SSH session freezes. > > Using kernel-image-2.2.20-sun4u instead of kernel-image-2.4.19-sun4u > does not seem to help. > > I would be grateful if anyone could tell me what might be the source > of my problems. > > Thank you, > > Kristjan Onu > > > > > > > -- Our mission: make IPv6 the default IP protocol "We are on a mission from God" - Elwood Blues http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp4.html
Ultra 5 SSH/Ethernet Lockup
I have Woody installed on an Ultra 5. Frequently SSH sessions to this machine seem to "lockup". Specifically, I have observed the following: SSH connections to the U5 box using SSH Protocol 2 almost always fail before the key exchange can complete. With SSH Protocol 1 I can login and work for a few minutes, but the connection still freezes after a little while. Using a 3Com NIC rather than the built-in NIC, the problem does not go away. I tried to connect to my network using a different network jack, but the problem persisted. Although one SSH session may freeze, I can successfully open new SSH sessions (ie. without having to reboot.) As best I can tell, no error messages are produced in the log files when the SSH session freezes. Using kernel-image-2.2.20-sun4u instead of kernel-image-2.4.19-sun4u does not seem to help. I would be grateful if anyone could tell me what might be the source of my problems. Thank you, Kristjan Onu
Re: Compile libssl or make ssh not slow
On Tue, Sep 10, 2002 at 07:05:59AM -0600, Mark Zimmerman wrote: > In addition to the other suggestions that were made in this thread, it > is useful to specify the blowfish cipher to speed things up on slower > machines. Here is a sample .ssh/config entry that helps: I will consider that. Btw the new deb is now installed and I notice a considerable speed improvement. Thanks to all who jumped in and helped. Bob
Re: Compile libssl or make ssh not slow
In addition to the other suggestions that were made in this thread, it is useful to specify the blowfish cipher to speed things up on slower machines. Here is a sample .ssh/config entry that helps: Host dog-slow Cipher blowfish Compression no I have found that the initial connection time is cut in half by using these settings. -- Mark
Re: Compile libssl or make ssh not slow
* Roger Burton West <[EMAIL PROTECTED]> [020910 02:39]: > http://lists.debian.org/debian-sparc/2002/debian-sparc-200203/msg00189.html > > gives the details and a pre-built unofficial package. An official change > will mean cutting off support for those older machines... And in case anyone needs it, I'm keeping the stuff also at http://sparclinux.net/pub/debian/ these days...
Re: Compile libssl or make ssh not slow
On Tue, Sep 10, 2002 at 10:39:19AM +0100, Roger Burton West wrote: > Read the archives! Robert was entirely correct in his initial diagnosis: > libssl is slower than it needs to be, through retaining compability with > older architectures. > > http://lists.debian.org/debian-sparc/2002/debian-sparc-200203/msg00189.html Thanks, that is just what I needed. In fact I had gotten as far as finding the debian-sparc stanza in Configure myself. However that line looked rather evil to me, with all the different gcc options. Since I wasn't sure if it mattered where exactly on the line I'd put the -mv8 flag, I turned to the lists. I'll apt-get a new source tree and compile it later today. By the way, I did search the archives but I never manage to find information quickly in them. The search engine or its interface is just not very friendly. Unfortunately using Google, the message you refer to didn't come up in the first couple of hundred results. Bob
Re: Compile libssl or make ssh not slow
Zitiere Bert Lindner <[EMAIL PROTECTED]>: > Hi Robert, > > On Tue, 10 Sep 2002, Robert Ian Smit wrote: > > > > > What is the easy solution to make ssh a bit faster on sun4m? > > > > > > Use the -C when opening an ssh session. > > > ssh -C -l user host. > > > > The -C option deals with compression if I am not mistaken. Perhaps I > > wasn't clear in my original message, but once the session is > > established I have no problem at all. It's the process of logging in > > that takes 10 seconds or so. > > This is probably a DNS resolve-issue: sshd cannot find a hostname for > the > IP address you connect from. The resolving process slows your > inititial > connection. Try adding the IP-address and some (bogus) hostname for > the > machine you connect /from/ (client) to /etc/hosts on the machine you > connect /to/ (server). Or have reverse DNS fixed. This could be a reason, too. But it is true that that connecting to/from a sparc machine tooks very long with ssh. To get it faster it is possible to recompile some packages with v8 or v9 flags. The exact details are somewhere on this list. I tried it and had improvements about 5x - 10x faster. Bye > I thought it was also possible to disable reverse name lookups for > sshd > but can't find it quickly in the man pages. > > Regards, > > -Bert > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- Hakan Kuecuekyilmaz, University of Applied Sciences Esslingen Germany <[EMAIL PROTECTED]> - This mail sent through IMP: webmail.fht-esslingen.de
Re: Compile libssl or make ssh not slow
On or about Tue, Sep 10, 2002 at 11:33:37AM +0200, Bert Lindner typed: >This is probably a DNS resolve-issue: sshd cannot find a hostname for the >IP address you connect from. The resolving process slows your inititial >connection. Try adding the IP-address and some (bogus) hostname for the >machine you connect /from/ (client) to /etc/hosts on the machine you >connect /to/ (server). Or have reverse DNS fixed. Read the archives! Robert was entirely correct in his initial diagnosis: libssl is slower than it needs to be, through retaining compability with older architectures. http://lists.debian.org/debian-sparc/2002/debian-sparc-200203/msg00189.html gives the details and a pre-built unofficial package. An official change will mean cutting off support for those older machines... Roger
Re: Compile libssl or make ssh not slow
Hi Robert, On Tue, 10 Sep 2002, Robert Ian Smit wrote: > > > What is the easy solution to make ssh a bit faster on sun4m? > > > > Use the -C when opening an ssh session. > > ssh -C -l user host. > > The -C option deals with compression if I am not mistaken. Perhaps I > wasn't clear in my original message, but once the session is > established I have no problem at all. It's the process of logging in > that takes 10 seconds or so. This is probably a DNS resolve-issue: sshd cannot find a hostname for the IP address you connect from. The resolving process slows your inititial connection. Try adding the IP-address and some (bogus) hostname for the machine you connect /from/ (client) to /etc/hosts on the machine you connect /to/ (server). Or have reverse DNS fixed. I thought it was also possible to disable reverse name lookups for sshd but can't find it quickly in the man pages. Regards, -Bert
Re: Compile libssl or make ssh not slow
On Tue, Sep 10, 2002 at 09:59:35AM +0200, Daniel K. Gebhart wrote: > > Using ssh to login to my Sun SS4 is really slow. I have found some > > information here and there that makes me want to recompile libssl. > > I've also got a SS4. But there is NetBSD running on it. (SSH runs quit > fast on it.) I tried OpenBSD and although I liked it, the SS4 is too slow for me having to deal with source distribution for everything. Besides since I use the Sparc as a gateway, I like to use Debian for it's easier and hence in my case safer and more secure admininstration. > > What is the easy solution to make ssh a bit faster on sun4m? > > Use the -C when opening an ssh session. > ssh -C -l user host. The -C option deals with compression if I am not mistaken. Perhaps I wasn't clear in my original message, but once the session is established I have no problem at all. It's the process of logging in that takes 10 seconds or so. As I understand it, Debian compiles ssl to work on very old hardware as well. This disables support for some features on newer hardware. Crypto seems to suffer from that. I did compile libssl but I believe I have basically the same binary because of not supplying the right parms (or in the right place). Ofcourse I forgot to exactly time before and after installing a new version of libssl, so I can't be sure. Maybe this is the best possible performance I can get. How long does it take to establish a session on a local network using ssh? I compare to i386 systems and there is a world of difference. Bob
Re: Compile libssl or make ssh not slow
Robert Ian Smit <[EMAIL PROTECTED]> schrieb am Tue, Sep 10, 2002 at 09:48:09AM +0200: > Using ssh to login to my Sun SS4 is really slow. I have found some > information here and there that makes me want to recompile libssl. I've also got a SS4. But there is NetBSD running on it. (SSH runs quit fast on it.) > What is the easy solution to make ssh a bit faster on sun4m? Use the -C when opening an ssh session. ssh -C -l user host hth, #dkg -- # Schwanzlaengenvergleich ;) echo `uptime|grep days|sed 's/.*up \([0-9]*\) day.*/\1\/10+/'; \ cat /proc/cpuinfo|grep MHz|awk '{print $4"/30 +";}'; free|grep '^Mem' \ |awk '{print $3"/1024/3+"}'; df -P -k -x nfs | grep -v 1k \ | awk '{if ($1 ~ "/dev/(scsi|sd)"){ s+= $2} s+= $2;} END \ {print s/1024/50"/15+70";}'`|bc|sed 's/\(.$\)/.\1cm/'
Compile libssl or make ssh not slow
Using ssh to login to my Sun SS4 is really slow. I have found some information here and there that makes me want to recompile libssl. I gave it a try and asked some questions, as documented in debian-user. Alas, nobody there seemed to be able to help me. What is the easy solution to make ssh a bit faster on sun4m? I have found some unofficial debs but I'd rather stick to official sources. Grepping the source package has given me some clues, but most of it is above me. I believe adding an -mv8 flag to gcc would help me a lot, but I am not sure where to put it to have all "layers of magic" work. I'd be happy to repost my original questions here if someone is willing to lend a hand. Bob
Re: strange ssh problem with dns...
:-> "Pierfrancesco" == Pierfrancesco Caci <[EMAIL PROTECTED]> writes: :-> "Ben" == Ben Collins <[EMAIL PROTECTED]> writes: >> I just tried this on my Ultra10, and I don't see the message (same >> versions of programs you have, except I have a newer libc6). > I'll try an apt-get dselect-upgrade on monday... I wish to close this issue I've upgraded yesterday and it seems to work correctly. No need to disable ipv6 or recompile the kernel. An apt-get dselect-upgrade cured the problem (*) Thanks Pf (*) but it broke fetchmail :-( ...had to manually downgrade to fetchmail_5.9.3-1, but this is another story. -- --- Pierfrancesco Caci | ik5pvx | mailto:[EMAIL PROTECTED] - http://gusp.dyndns.org Firenze - Italia | Office for the Complication of Otherwise Simple Affairs Linux penny 2.4.7 #1 Thu Jul 26 14:48:56 CEST 2001 i686 unknown
Re: strange ssh problem with dns...
:-> "Michael" == Michael Hicks <[EMAIL PROTECTED]> writes: > Unless you're giving us a fake address, that system is on a > private network > and probably behind a firewall or NAT gateway. yes, it's my office lan, and it's (hopefully) accurately firewalled... > Make sure your network's internal DNS is working properly. Run `host > 172.16.1.9' and `dig -x 172.16.1.9' on the host that is giving those > errors. The commands should return the remote hostname to you. It indeed works, otherwise also the other machines on the lan would give that error. I'll try Ben's suggestions about ipv6 before doing other more invasive tests. Pf -- --- Pierfrancesco Caci | ik5pvx | mailto:[EMAIL PROTECTED] - http://gusp.dyndns.org Firenze - Italia | Office for the Complication of Otherwise Simple Affairs Linux penny 2.4.7 #1 Thu Jul 26 14:48:56 CEST 2001 i686 unknown
Re: strange ssh problem with dns...
:-> "Jonathan" == Jonathan Amery <[EMAIL PROTECTED]> writes: > what is the output of `host 172.16.1.9` and `host ` where > is the fqdn that the first host command gave you as the > output. (The output of host should the first time be something like: > 13.100.168.192.IN-ADDR.ARPA domain name pointer vermont.petrologic.co.uk > in which case is vermont.petrologic.co.uk) Uh, I won't be in the office till monday, but the host (and dig too) commands correctly report the proper translation, in both directions. Pf -- --- Pierfrancesco Caci | ik5pvx | mailto:[EMAIL PROTECTED] - http://gusp.dyndns.org Firenze - Italia | Office for the Complication of Otherwise Simple Affairs Linux penny 2.4.7 #1 Thu Jul 26 14:48:56 CEST 2001 i686 unknown
Re: strange ssh problem with dns...
:-> "Ben" == Ben Collins <[EMAIL PROTECTED]> writes: > I just tried this on my Ultra10, and I don't see the message (same > versions of programs you have, except I have a newer libc6). I'll try an apt-get dselect-upgrade on monday... > Are you using different DNS servers for the Ultra10? You could try yes the DNS server runs on 2 intel based linux boxes... never had problems with the other machines. > upgrading the libc6, and possible the kernel (very old kernel). Does the uh... the latest kernels are one worst than the other do you recommend any particular version ? > Ultra10 have ipv6 in the kernel? You could also try disabling that, > since I know ssh has some funkiness with ipv6. that could be I'll first try disabling all ipv6 in the sshd server In any case, all the other machines have ipv6 too yet only the U10 fails. Thanks Pf -- --- Pierfrancesco Caci | ik5pvx | mailto:[EMAIL PROTECTED] - http://gusp.dyndns.org Firenze - Italia | Office for the Complication of Otherwise Simple Affairs Linux penny 2.4.7 #1 Thu Jul 26 14:48:56 CEST 2001 i686 unknown
Re: strange ssh problem with dns...
Pierfrancesco Caci <[EMAIL PROTECTED]> wrote: > > Hello, I receive these messages whenever someone connects to an > ultra10 running linux 2.4.10-pre2 > > Nov 9 12:06:36 etabeta sshd[766]: Could not reverse map address > 172.16.1.9. > Nov 9 12:06:41 etabeta sshd[766]: packet_set_maxsize: setting to 4096 > > If I try to do a dns query on that machine, it works, and as far as I > can tell, it is configured exactly the same as some other intel-based > machines which do not have this problem. Unless you're giving us a fake address, that system is on a private network and probably behind a firewall or NAT gateway. Make sure your network's internal DNS is working properly. Run `host 172.16.1.9' and `dig -x 172.16.1.9' on the host that is giving those errors. The commands should return the remote hostname to you. -- Mike Hicks [mailto:[EMAIL PROTECTED] Unix Support Assistant| Carlson School of Management Office: 1-160 Phone: 6-7909 | University of Minnesota pgpt5xas9a8bg.pgp Description: PGP signature
Re: strange ssh problem with dns...
On Fri, Nov 09, 2001 at 01:30:38PM +0100, Pierfrancesco Caci wrote: > > Hello, I receive these messages whenever someone connects to an > ultra10 running linux 2.4.10-pre2 > > Nov 9 12:06:36 etabeta sshd[766]: Could not reverse map address 172.16.1.9. > Nov 9 12:06:41 etabeta sshd[766]: packet_set_maxsize: setting to 4096 I just tried this on my Ultra10, and I don't see the message (same versions of programs you have, except I have a newer libc6). Are you using different DNS servers for the Ultra10? You could try upgrading the libc6, and possible the kernel (very old kernel). Does the Ultra10 have ipv6 in the kernel? You could also try disabling that, since I know ssh has some funkiness with ipv6. Ben -- .--===-=-==-=---==-=-. / Ben Collins--Debian GNU/Linux \ ` [EMAIL PROTECTED] -- [EMAIL PROTECTED] -- [EMAIL PROTECTED] ' `---=--===-=-=-=-===-==---=--=---'
Re: strange ssh problem with dns...
In article <[EMAIL PROTECTED]>, Pierfrancesco Caci <[EMAIL PROTECTED]> wrote: > >Hello, I receive these messages whenever someone connects to an >ultra10 running linux 2.4.10-pre2 > >Nov 9 12:06:36 etabeta sshd[766]: Could not reverse map address 172.16.1.9. >Nov 9 12:06:41 etabeta sshd[766]: packet_set_maxsize: setting to 4096 > what is the output of `host 172.16.1.9` and `host ` where is the fqdn that the first host command gave you as the output. (The output of host should the first time be something like: 13.100.168.192.IN-ADDR.ARPA domain name pointer vermont.petrologic.co.uk in which case is vermont.petrologic.co.uk) -- Jonathan Amery. #The world is collapsing around our ears ###__oI turned up the radio, but I can't hear it. ###'/ - REM, Radio Song
strange ssh problem with dns...
Hello, I receive these messages whenever someone connects to an ultra10 running linux 2.4.10-pre2 Nov 9 12:06:36 etabeta sshd[766]: Could not reverse map address 172.16.1.9. Nov 9 12:06:41 etabeta sshd[766]: packet_set_maxsize: setting to 4096 If I try to do a dns query on that machine, it works, and as far as I can tell, it is configured exactly the same as some other intel-based machines which do not have this problem. The relevant versions are: ii ssh2.9p2-6Secure rlogin/rsh/rcp replacement (OpenSSH) ii dnsutils 9.1.3-1Clients provided with BIND ii libdns49.1.3-1Shared Library used by BIND ii libc6 2.2.4-3GNU C Library: Shared libraries and Timezone ii libc6-dev 2.2.4-3GNU C Library: Development Libraries and Hea ii libc6-dev-spar 2.2.4-3GNU C Library: 64bit Development Libraries f ii libc6-pic 2.2.4-3GNU C Library: PIC archive library ii libc6-sparc64 2.2.4-3GNU C Library: 64bit Shared libraries for Ul I really don't understand why it complains about not being able to reverse map... Concerning the second message (packet_set_maxsize), it look like an informative message I shouldn't worry about, but again, only the ultra10 spits it... Any clue? Pf -- --- Pierfrancesco Caci | ik5pvx | mailto:[EMAIL PROTECTED] - http://gusp.dyndns.org Firenze - Italia | Office for the Complication of Otherwise Simple Affairs Linux penny 2.4.7 #1 Thu Jul 26 14:48:56 CEST 2001 i686 unknown
kde/konsole - ssh problem on sparc
Hi, I'm got a curious error on my Ultra sparc machine. I running debian testing/woody on Ultra sparc 10. I'm experiencing a kde konsole crash when I'm opening/changing into a console int the same konsole terminal . I used ssh from the console to an Intel machine (double Pentium 3) cluster running Linux 2.4.7 SMP kernel. I'm running the same debian testing/woody on an AMD Athlon with the same kde/konsole version and logging to the same Intel machine didn't experience this problem. I get a message (on sparc) from the KDE Crash Handler stating that the application Konsole crashed and caused the signal 11 (SIGSEV). I tried several times and got the same backtrace: (no debugging symbols found)...Cannot access memory at address 0x70029e48. #0 0x70f47798 in ?? () #1 0x705d5510 in ?? () #2 0x71198c58 in ?? () #3 0x70ecd30c in ?? () #4 0x70f1597c in ?? () #5 0x712f253c in ?? () #6 0x712f0a9c in ?? () #7 0x712f4d78 in ?? () #8 0x712f4cdc in ?? () #9 0x712f07f0 in ?? () #10 0x712e72d4 in ?? () #11 0x712b9fc4 in ?? () #12 0x712b9e4c in ?? () #13 0x708718c8 in ?? () #14 0x70413af8 in ?? () #15 0x70410eb4 in ?? () #16 0x708718c8 in ?? () #17 0x7099458c in ?? () #18 0x708db998 in ?? () #19 0x708be7dc in ?? () #20 0x70817ad0 in ?? () #21 0x70575914 in ?? () #22 0x707e078c in ?? () #23 0x707dd894 in ?? () #24 0x707dc418 in ?? () #25 0x70819778 in ?? () #26 0x707e5224 in ?? () #27 0x712b2064 in ?? () #28 0x121e4 in _init () #29 0x12ae0 in _init () #30 0x12f88 in _init () #31 0x13d44 in _init () #32 0x70eb97e8 in ?? () Konsole version is: ii konsole2.1.1.0-10 X terminal emulation for KDE ssh version: ii ssh-nonfree1.2.27-8 a secure replacement for rlogin, rsh, and rc I'm updated the available packages to latest testing except xserver-xfree86 which is: hi xserver-xfree8 4.0.3-4.1 the XFree86 X server Gabor PS. I tried to run konsole from another one: bash-2.05$ konsole Xlib: extension "RENDER" missing on display ":0.0". QObject::connect: Cannot connect KAction::activated() to Konsole::(null) Bus error PPS. On the AMD machine I get the same message: QObject::connect: Cannot connect KAction::activated() to Konsole::(null)
Re: port forwarding with ssh/woody
Hello, > > > Mar 21 00:51:59 home kernel: neighbour table overflow > > In my experience, it usually means the loopback interface is not > configured. Great ! One "ifconfig lo up" correct the problem ! Thanks a lot. No, I can use my S10 with Debian for _real_ usage. Thanks. Olivier -- Olivier Bornet | fran?ais : http://puck.ch/f Swiss Ice Hockey Results | english : http://puck.ch/e http://puck.ch/| deutsch : http://puck.ch/g [EMAIL PROTECTED] | italiano : http://puck.ch/i Get my PGP-key at http://puck.ch/pgp or at http://wwwkeys.pgp.net
Re: port forwarding with ssh/woody
Branden Robinson <[EMAIL PROTECTED]> wrote: > > > > > > Mar 21 00:51:59 home kernel: neighbour table overflow > > > > This is a bad kernel/network driver problem. > > Last I saw these it was a long time ago. > > Perhaps a search on the list archives might help ? > > In my experience, it usually means the loopback interface is not > configured. Duh! You're right... Must've confused these error messages... (or Linux and NetBSD.. >8^) Think I'll hide in the closet for a while... -- Ragga
Re: port forwarding with ssh/woody
On Wed, Mar 21, 2001 at 10:49:47AM +0900, Ragga Muffin wrote: > Olivier Bornet <[EMAIL PROTECTED]> wrote: > > home:obornet 596% telnet localhost smtp > > Trying 127.0.0.1... > > > > This last command hang undefinitly... [...] > > And in /var/log/kern.log (and messages and syslog), I have > > messages like : > > > > Mar 21 00:51:59 home kernel: neighbour table overflow > > This is a bad kernel/network driver problem. > Last I saw these it was a long time ago. > Perhaps a search on the list archives might help ? In my experience, it usually means the loopback interface is not configured. -- G. Branden Robinson | A great work of art has never caused any Debian GNU/Linux| social problems. Social problems are [EMAIL PROTECTED] | caused by those trying to protect http://www.debian.org/~branden/ | society from great works of art. pgpiWJUoK1sHF.pgp Description: PGP signature
Re: port forwarding with ssh/woody
Olivier Bornet <[EMAIL PROTECTED]> wrote: > > Seem a lot of problem with the network. For example : > > home:obornet 595% telnet home smtp > Trying 10.44.0.20... > telnet: Unable to connect to remote host: No buffer space available > home:obornet 596% > home:obornet 596% telnet localhost smtp > Trying 127.0.0.1... > > This last command hang undefinitly... > > Also, I'm not sure : when I do a lsmod, no module are loaded. > Strange... > > And in /var/log/kern.log (and messages and syslog), I have > messages like : > > Mar 21 00:51:59 home kernel: neighbour table overflow This is a bad kernel/network driver problem. Last I saw these it was a long time ago. Perhaps a search on the list archives might help ? If this is a new problem with recent sparc kernels, then just ignore me and forget this post... -- Ragga
Re: port forwarding with ssh/woody
> Now, using another fetchmail feature (plugin "ssh..."), I can have access to > the email server with IMAP. But I'm blocked in the fetch of the new emails. > I suspect it's a problem of exim delivring localy. If I look at netstat, > I find among other things : > > Proto Recv-Q Send-Q Local Address Foreign Address State > > tcp0 1 home:1069 localhost:smtp SYN_SENT > > > And this stay until I kill my fetchmail (or until it reach the timeout). Seem a lot of problem with the network. For example : home:obornet 595% telnet home smtp Trying 10.44.0.20... telnet: Unable to connect to remote host: No buffer space available home:obornet 596% home:obornet 596% telnet localhost smtp Trying 127.0.0.1... This last command hang undefinitly... Also, I'm not sure : when I do a lsmod, no module are loaded. Strange... And in /var/log/kern.log (and messages and syslog), I have messages like : Mar 21 00:51:59 home kernel: neighbour table overflow So, enough test for today. I will go to sleep... Good night. Olivier -- Olivier Bornet | français : http://puck.ch/f Swiss Ice Hockey Results | english : http://puck.ch/e http://puck.ch/| deutsch : http://puck.ch/g [EMAIL PROTECTED] | italiano : http://puck.ch/i Get my PGP-key at http://puck.ch/pgp or at http://wwwkeys.pgp.net
Re: port forwarding with ssh/woody
Hello Aaron, > Next guess would be that it's too high of a port, but that is OS dependent, > not > hardware (or hardware port), I'm pretty sure. > > Does it work for lower port numbers? After some tests, it seems working on root, but not on a regular user. My opinion is it's a network problem, and not a fetchmail or ssh problem. Here is an small section of the /var/log/message : Mar 20 18:58:18 home kernel: Unimplemented SPARC system call 155 Mar 20 18:58:18 home kernel: Unimplemented SPARC system call 44 Mar 20 18:58:18 home kernel: Unimplemented SPARC system call 155 Mar 20 18:58:18 home kernel: Unimplemented SPARC system call 154 Mar 20 18:58:18 home kernel: Unimplemented SPARC system call 155 Mar 20 18:58:18 home kernel: Unimplemented SPARC system call 44 Mar 20 18:58:18 home kernel: Adding Swap: 131024k swap-space (priority -1) Mar 20 18:58:19 home kernel: eth0: Link is up using internal transceiver at 10Mb/s, Half Duplex. Mar 20 18:58:25 home kernel: Unknown Keyboard ioctl: 40245408 Mar 20 19:08:46 home kernel: sys32_ioctl: Unknown cmd fd(1) cmd(000d) arg(efffb930) Mar 20 19:38:18 home -- MARK -- Mar 20 19:58:18 home -- MARK -- Mar 20 20:18:18 home -- MARK -- Mar 20 20:38:18 home -- MARK -- Mar 20 20:58:18 home -- MARK -- Mar 20 21:18:18 home -- MARK -- Mar 20 21:38:18 home -- MARK -- Mar 20 21:58:18 home -- MARK -- Mar 20 22:18:18 home -- MARK -- Mar 20 22:38:18 home -- MARK -- Mar 20 22:58:18 home -- MARK -- Mar 20 23:18:18 home -- MARK -- Mar 20 23:19:50 home kernel: neighbour table overflow Mar 20 23:38:18 home -- MARK -- Mar 20 23:58:18 home -- MARK -- Now, using another fetchmail feature (plugin "ssh..."), I can have access to the email server with IMAP. But I'm blocked in the fetch of the new emails. I suspect it's a problem of exim delivring localy. If I look at netstat, I find among other things : Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 1 home:1069 localhost:smtp SYN_SENT And this stay until I kill my fetchmail (or until it reach the timeout). Any help ? I _really_ want to move on the Ultra10/Debian instead of using my Pentium/Debian. But, without email, it's a problem... Thanks in advance. Olivier -- Olivier Bornet | français : http://puck.ch/f Swiss Ice Hockey Results | english : http://puck.ch/e http://puck.ch/| deutsch : http://puck.ch/g [EMAIL PROTECTED] | italiano : http://puck.ch/i Get my PGP-key at http://puck.ch/pgp or at http://wwwkeys.pgp.net
Re: port forwarding with ssh/woody
Next guess would be that it's too high of a port, but that is OS dependent, not hardware (or hardware port), I'm pretty sure. Does it work for lower port numbers? Aaron On Mon, 19 Mar 2001, Olivier Bornet wrote: > Hi Aaron, > > > Are you sure one of your previous attempts isn't still listening on port > > 0? > > Sure. port 0 is free : > > home:bornet 520% netstat -an | grep > home:bornet 521% > > Olivier > > -- > Olivier Bornet | fran?ais : http://puck.ch/f > Swiss Ice Hockey Results | english : http://puck.ch/e > http://puck.ch/| deutsch : http://puck.ch/g > [EMAIL PROTECTED] | italiano : http://puck.ch/i > Get my PGP-key at http://puck.ch/pgp or at http://wwwkeys.pgp.net
Re: port forwarding with ssh/woody
Hi Aaron, > Are you sure one of your previous attempts isn't still listening on port > 0? Sure. port 0 is free : home:bornet 520% netstat -an | grep home:bornet 521% Olivier -- Olivier Bornet | français : http://puck.ch/f Swiss Ice Hockey Results | english : http://puck.ch/e http://puck.ch/| deutsch : http://puck.ch/g [EMAIL PROTECTED] | italiano : http://puck.ch/i Get my PGP-key at http://puck.ch/pgp or at http://wwwkeys.pgp.net
Re: port forwarding with ssh/woody
On Mon, Mar 19, 2001 at 09:28:44PM +0100, Olivier Bornet wrote: > I'm trying to setup a POP-over-ssh connection on my Ultra 10 running > woody. Unfortunatly, the forwarding has error : > > home:bornet 529% ssh -C -f mypop.host.ch -L 0:mypop.host.ch:110 sleep 5 > [EMAIL PROTECTED]'s password: > bind: Cannot assign requested address > Disconnecting: cannot listen port: 0 > home:bornet 530% > [stuff deleted] I'm just seeing other problems : home:bornet 506% telnet home Trying 10.44.0.20... telnet: Unable to connect to remote host: No buffer space available home:bornet 507% ping home PING home (10.44.0.20): 56 data bytes ping: sendto: No buffer space available ping: wrote home 64 chars, ret=-1 ping: sendto: No buffer space available ping: wrote home 64 chars, ret=-1 --- home ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss home:bornet 508% Is this a known network problem ? Thanks in advance. Olivier -- Olivier Bornet | fran?ais : http://puck.ch/f Swiss Ice Hockey Results | english : http://puck.ch/e http://puck.ch/| deutsch : http://puck.ch/g [EMAIL PROTECTED] | italiano : http://puck.ch/i Get my PGP-key at http://puck.ch/pgp or at http://wwwkeys.pgp.net
Re: port forwarding with ssh/woody
Are you sure one of your previous attempts isn't still listening on port 0? telnet localhost 0 -or- ps auxw | grep 0 -or- netstat -an | grep 0 On Mon, 19 Mar 2001, Olivier Bornet wrote: > Hello, > > I'm trying to setup a POP-over-ssh connection on my Ultra 10 running > woody. Unfortunatly, the forwarding has error : > > home:bornet 529% ssh -C -f mypop.host.ch -L 0:mypop.host.ch:110 sleep 5 > [EMAIL PROTECTED]'s password: > bind: Cannot assign requested address > Disconnecting: cannot listen port: 0 > home:bornet 530% > > (home is the Ultra 10 running woody, and mypop.host.ch is the pop > server I want to use, also running sshd). > > Making the same connection with a Pentium II and debian/potato work > without problems. > > Any hints ? > > Thanks in advance. > > Olivier
port forwarding with ssh/woody
Hello, I'm trying to setup a POP-over-ssh connection on my Ultra 10 running woody. Unfortunatly, the forwarding has error : home:bornet 529% ssh -C -f mypop.host.ch -L 0:mypop.host.ch:110 sleep 5 [EMAIL PROTECTED]'s password: bind: Cannot assign requested address Disconnecting: cannot listen port: 0 home:bornet 530% (home is the Ultra 10 running woody, and mypop.host.ch is the pop server I want to use, also running sshd). Making the same connection with a Pentium II and debian/potato work without problems. Any hints ? Thanks in advance. Olivier -- Olivier Bornet | fran?ais : http://puck.ch/f Swiss Ice Hockey Results | english : http://puck.ch/e http://puck.ch/| deutsch : http://puck.ch/g [EMAIL PROTECTED] | italiano : http://puck.ch/i Get my PGP-key at http://puck.ch/pgp or at http://wwwkeys.pgp.net
Re: ssh-login on sparc
On Thu, Jan 25, 2001 at 08:06:40AM -0500, Jonathan D. Proulx wrote: > > Figured someone had, but didn't see it in the thread and can't see > what could be different between the systems that work and those that > don't... > So has anyone got a diff of the changes from 1.2.3-8.0.1 -> -9.1 That should at least give us a good starting point. Stuart
Re: ssh-login on sparc
On Thu, Jan 25, 2001 at 08:40:31AM +0100, Joerg Braukhoff wrote: :On Wed, Jan 24, 2001 at 11:37:51PM -0500, Jonathan D. Proulx wrote: :> :> Has anyone verified that: :> PasswordAuthentication yes :> is set in this file? :> : :Sure i did that! : :Joerg Figured someone had, but didn't see it in the thread and can't see what could be different between the systems that work and those that don't... -Jon
Re: ssh-login on sparc
On Wed, Jan 24, 2001 at 11:37:51PM -0500, Jonathan D. Proulx wrote: > > Has anyone verified that: > PasswordAuthentication yes > is set in this file? > Sure i did that! Joerg -- - Joerg Braukhoff email: <[EMAIL PROTECTED]> -
Re: ssh-login on sparc
Hi, Obviously this is biting alot of people, but not others (ie. not me) I have 9 sun4m machines all recently installed (2.2v2 CDROM), after first hearing about this issue, I upgraded my ssh to try and replicate/debug the problem. All are working well with md5 passwords, kernel 2.2.18pre21, both password and RSA authenticzation. The only idea that I have is that I did edit the /etc/ssh/sshd_config file *before* upgrading. If the lossage is due to a buggy line (like disallowing password authentication), I wouldn't have gotten it as I kept my file not the package version. Has anyone verified that: PasswordAuthentication yes is set in this file? -jon
Re: ssh-login on sparc
- Original Message - From: "Ivan E. Moore II" <[EMAIL PROTECTED]> To: Sent: Wednesday, January 24, 2001 12:09 PM > > could i have turned off verification via PAM (i certainly didn't do it on > > purpose, if it's possible)? if so, how could i check that? > > are you using RSA keys? i installed it out-of-the-box on a basic potato system apt-get install ssh (it was the latest potato version from security.debian.org) and accepted the default values, so that is without RSA or whatever ... and it doenst work for me either (view client and server debug logs i posted earlier) so i think that it is something more basic that is wrong bruno
Re: ssh-login on sparc
On Wed, Jan 24, 2001 at 04:09:43 -0700, "Ivan E. Moore II" <[EMAIL PROTECTED]> wrote: [...] > are you using RSA keys? nope. -- Thomas 'Mike' Michlmayr | ignorami: n: The BOFH art of folding problem <[EMAIL PROTECTED]> | lusers into representational shapes. pgpuPwD2Gdkxq.pgp Description: PGP signature
Re: ssh-login on sparc
> > libnsl.so.1 => /lib/libnsl.so.1 (0x5002a000) > > libz.so.1 => /usr/lib/libz.so.1 (0x50053000) > > libutil.so.1 => /lib/libutil.so.1 (0x50072000) > > libcrypto.so.0 => /usr/lib/libcrypto.so.0 (0x50084000) > > libc.so.6 => /lib/libc.so.6 (0x50145000) > > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x5000) > > i have exactly the same output, yet login works for me. i thought that > PAM was the default? > > could i have turned off verification via PAM (i certainly didn't do it on > purpose, if it's possible)? if so, how could i check that? are you using RSA keys? -- Ivan E. Moore II [EMAIL PROTECTED] http://snowcrash.tdyc.com GPG KeyID=90BCE0DD GPG Fingerprint=F2FC 69FD 0DA0 4FB8 225E 27B6 7645 8141 90BC E0DD
Re: ssh-login on sparc
On Wed, Jan 24, 2001 at 08:57:52 +, Stuart Auchterlonie <[EMAIL PROTECTED]> wrote: > gateway:/tmp/usr/sbin# ldd sshd > libnsl.so.1 => /lib/libnsl.so.1 (0x5002a000) > libz.so.1 => /usr/lib/libz.so.1 (0x50053000) > libutil.so.1 => /lib/libutil.so.1 (0x50072000) > libcrypto.so.0 => /usr/lib/libcrypto.so.0 (0x50084000) > libc.so.6 => /lib/libc.so.6 (0x50145000) > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x5000) i have exactly the same output, yet login works for me. i thought that PAM was the default? could i have turned off verification via PAM (i certainly didn't do it on purpose, if it's possible)? if so, how could i check that? -- Thomas 'Mike' Michlmayr | ignorami: n: The BOFH art of folding problem <[EMAIL PROTECTED]> | lusers into representational shapes. pgp7m7Ld94Bsr.pgp Description: PGP signature
Re: ssh-login on sparc
On Tue, Jan 23, 2001 at 12:56:17PM -0700, Ivan E. Moore II wrote: > > > > > > > > ln -s ssh /etc/pam.d/sshd > > > > > > Sorry Ben, This doesn't work. > > I still say it is because it was not linked to PAM...we've seen this problem > with the autobuilders lately since ssh had funky pam build-depends which > the autobuilders skipped out on...*and* the fact that a ldd /usr/sbin/sshd > did not show libpam.so.0 listed. > This seems to confirm that. gateway:/tmp/usr/sbin# ldd sshd libnsl.so.1 => /lib/libnsl.so.1 (0x5002a000) libz.so.1 => /usr/lib/libz.so.1 (0x50053000) libutil.so.1 => /lib/libutil.so.1 (0x50072000) libcrypto.so.0 => /usr/lib/libcrypto.so.0 (0x50084000) libc.so.6 => /lib/libc.so.6 (0x50145000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x5000) Note: This is 1.2.3-9.1 extracted into /tmp to check it. I've just checked 2.3.0p1-1.7 that I built myself and it also has not pulled in libpam.so.0 Stuart
Re: ssh-login on sparc
On Mon, Jan 22, 2001 at 04:40:23PM -0500, Ben Collins wrote: > On Mon, Jan 22, 2001 at 09:35:45PM +0100, Joerg Braukhoff wrote: > > i've a SPARCstation 10, i can use this machine to login via ssh > > on every other host (all i386) in the LAN. If i try to login via ssh > > on this machine sshd always returns 'password failure'. I've tried every > > it from every host on the net, even 'ssh 127.0.0.1', always with the > > same result. '/etc/ssh/sshd_config' is the same as on the Intel-machines. > > Is this a known problem, if so, is there a fix ? > > ln -s ssh /etc/pam.d/sshd > Tried it, but the problem still exists. Joerg -- - Joerg Braukhoff email: <[EMAIL PROTECTED]> -
Re: ssh-login on sparc
On Tue, Jan 23, 2001 at 12:56:17PM -0700, Ivan E. Moore II wrote: > > > > > i've a SPARCstation 10, i can use this machine to login via ssh > > > > > on every other host (all i386) in the LAN. If i try to login via ssh > > > > > on this machine sshd always returns 'password failure'. I've tried > > > > > every it from every host on the net, even 'ssh 127.0.0.1', always with > > > > > the same result. '/etc/ssh/sshd_config' is the same as on the > > > > > Intel-machines. Is this a known problem, if so, is there a fix ? > > > > > > > > ln -s ssh /etc/pam.d/sshd > > > > > > Sorry Ben, This doesn't work. > > I still say it is because it was not linked to PAM...we've seen this problem > with the autobuilders lately since ssh had funky pam build-depends which > the autobuilders skipped out on...*and* the fact that a ldd /usr/sbin/sshd > did not show libpam.so.0 listed. > > Ivan > The package needs to be recompiled. I've filed a bug-report (#83302) although #79106 has been verified by shorty. Joerg -- - Joerg Braukhoff email: <[EMAIL PROTECTED]> -
Re: ssh-login on sparc
> > > > i've a SPARCstation 10, i can use this machine to login via ssh > > > > on every other host (all i386) in the LAN. If i try to login via ssh > > > > on this machine sshd always returns 'password failure'. I've tried > > > > every it from every host on the net, even 'ssh 127.0.0.1', always with > > > > the same result. '/etc/ssh/sshd_config' is the same as on the > > > > Intel-machines. Is this a known problem, if so, is there a fix ? > > > > > > ln -s ssh /etc/pam.d/sshd > > > > Sorry Ben, This doesn't work. I still say it is because it was not linked to PAM...we've seen this problem with the autobuilders lately since ssh had funky pam build-depends which the autobuilders skipped out on...*and* the fact that a ldd /usr/sbin/sshd did not show libpam.so.0 listed. Ivan -- Ivan E. Moore II [EMAIL PROTECTED] http://snowcrash.tdyc.com GPG KeyID=90BCE0DD GPG Fingerprint=F2FC 69FD 0DA0 4FB8 225E 27B6 7645 8141 90BC E0DD
Re: ssh-login on sparc
On Tuesday 23 January 2001 06:16, Stuart Auchterlonie wrote: > On Mon, Jan 22, 2001 at 04:40:23PM -0500, Ben Collins wrote: > > On Mon, Jan 22, 2001 at 09:35:45PM +0100, Joerg Braukhoff wrote: > > > Hi, > > > > > > i've a SPARCstation 10, i can use this machine to login via ssh > > > on every other host (all i386) in the LAN. If i try to login via ssh > > > on this machine sshd always returns 'password failure'. I've tried > > > every it from every host on the net, even 'ssh 127.0.0.1', always with > > > the same result. '/etc/ssh/sshd_config' is the same as on the > > > Intel-machines. Is this a known problem, if so, is there a fix ? > > > > ln -s ssh /etc/pam.d/sshd > > Sorry Ben, This doesn't work. > > I'm quite willing to help debug this but clues on where to start are > welcome. I've also tried ssh 2.3.0p1-1.[27] but with no luck. > > This is in the BTS as bug #79106 and seems to bite anyone who is > using passwd authentication with ssh 1.2.3-9.1 that the security team > released for potato. Hello If U use md5 password in sparc-linux (Debian or RedHat) and use ssh2.X there is no way to connect to the machine using ssh2. It works when U dont use md5 password. I dont know why but i it was a real problem to us. So here in the lab where i work we changed to the last version of openssh+openssl and it works with md5 password. The last openssh is compatible with the ssh1 and ssh2 protocols. Hope this helps u. Alejandro Arrieta Rios [EMAIL PROTECTED]
Re: ssh-login on sparc
On Tue, Jan 23, 2001 at 12:02:57PM +0100, Thomas 'Mike' Michlmayr wrote: > > > This machine has very little installed on it as I'm using it as a > > firewall/gateway. It's currently running 2.2.18pre21. > > i'm running 2.2.17. my machine is also very minimal, though it's running a > small number of services. > > did you strace your sshd to see what system calls are failing? another > difference is that you first try to authenticate via your RSA key. maybe > this is broken and confuses the passwd check afterwards? Yep. I'll include the relevant bit. There is no system call failing but seeing that is goes looking at /etc/shadow and I'm using md5 passwd's I've also tried changing /etc/pam.d/sshd to use the md5 pam auth line rather than the basic passwd line. It might try the RSA check but I don't have any RSA keys for use with SSH, it is just the default configuration tries RSA first. So what do you have in your ~/.ssh/config that stops it from trying RSA auth first ? Strace output (exerpt) --- open("/etc/shadow", O_RDONLY) = 3 fcntl(3, F_GETFD) = 0 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 fstat(3, {st_mode=S_IFREG|0640, st_size=744, ...}) = 0 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x50019000 _llseek(0x3, 0, 0, 0xefffd428, 0x1) = 0 read(3, "root:X"..., 4096) = 744 close(3)= 0 munmap(0x50019000, 8192)= 0 getpeername(4, {sin_family=AF_INET, sin_port=htons(4819), sin_addr=inet_addr("10.44.32.68")}}, [16]) = 0 write(2, "Failed password for sauchter fro"..., 56) = 56 --- The other thing that is not pleasant is this -- gateway:~# strace -o /tmp/sshd sshd -d debug: sshd version OpenSSH-1.2.3 ptrace: umoven: Input/output error ptrace: umoven: Input/output error ptrace: umoven: Input/output error ptrace: umoven: Input/output error debug: Bind to port 22 on 0.0.0.0. ptrace: umoven: Input/output error Server listening on 0.0.0.0 port 22. Segmentation fault -- I managed to grab the strace output by starting sshd first and then attaching strace to it. But it still issued 2 ptrace:umoven errors on exit. Stuart
Re: ssh-login on sparc
On Tue, Jan 23, 2001 at 08:01:46PM +0900, Ragga Muffin wrote: > > I was bitten by this too. I purged the ssh from security.debian.org > and installed the one from testing. (had to upgrade quite a few other > packages on the way..) > > ii ssh1.2.3-8.0.1Secure rlogin/rsh/rcp replacement (OpenSSH) erp, ssh from unstable is 2.3.0p1-1.7 (last one I built) 1.2.3-8.0.1 is from potato before the security update... Stuart ps. 1.2.3-8.0.1 is the only version that does work.
Re: ssh-login on sparc
On Tue, Jan 23, 2001 at 12:02:57 +0100, Thomas 'Mike' Michlmayr <[EMAIL PROTECTED]> wrote: to follow up to myself: > i'm running 2.2.17. my machine is also very minimal, though it's running a > small number of services. i'm actually running the 2.2.17-smp kernel image. the machine has two CPUs. but normally SMP is supposed to create problems otherwise not present. -- Thomas 'Mike' Michlmayr | ignorami: n: The BOFH art of folding problem <[EMAIL PROTECTED]> | lusers into representational shapes. pgpQMtUSmI2CA.pgp Description: PGP signature
Re: ssh-login on sparc
Stuart Auchterlonie <[EMAIL PROTECTED]> wrote: clip...clipp.. > > > : [EMAIL PROTECTED]:~$ dpkg -l ssh > > : Desired=Unknown/Install/Remove/Purge/Hold > > : | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed > > : |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: ...) > > : ||/ Name VersionDescription > > : > > +++-==-==-==== > > : ii ssh1.2.3-9.1 Secure rlogin/rsh/rcp replacement > > (OpenSSH) > > : [EMAIL PROTECTED]:~$ > > Same here for ssh. The only difference is I've build an installed > openssl-0.9.6-1 in order to build and test ssh-2.3.0p1. But I was > seeing exactly the same behaviour with openssl-0.9.4-5. > > > This machine has very little installed on it as I'm using it as a > firewall/gateway. It's currently running 2.2.18pre21. > > Clues anyone ??? I was bitten by this too. I purged the ssh from security.debian.org and installed the one from testing. (had to upgrade quite a few other packages on the way..) dpkg -l Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii ssh1.2.3-8.0.1Secure rlogin/rsh/rcp replacement (OpenSSH) HTH, Ragga
Re: ssh-login on sparc
On Tue, Jan 23, 2001 at 10:34:30 +, Stuart Auchterlonie <[EMAIL PROTECTED]> wrote: [...] > debug: checking for shadow entry > debug: shadow entry found, verifying > debug: completed shadow checks > debug: Attempting authentication for sauchter. > Failed rsa for sauchter from 10.44.32.68 port 4740 > Failed password for sauchter from 10.44.32.68 port 4740 debug: checking for shadow entry debug: shadow entry found, verifying debug: completed shadow checks debug: Attempting authentication for mike. Accepted password for mike from XXX.XXX.XXX.XXX port 2986 debug: Allocating pty. debug: Forking shell. [...] > seeing exactly the same behaviour with openssl-0.9.4-5. which is what i'm using. > This machine has very little installed on it as I'm using it as a > firewall/gateway. It's currently running 2.2.18pre21. i'm running 2.2.17. my machine is also very minimal, though it's running a small number of services. did you strace your sshd to see what system calls are failing? another difference is that you first try to authenticate via your RSA key. maybe this is broken and confuses the passwd check afterwards? -- Thomas 'Mike' Michlmayr | ignorami: n: The BOFH art of folding problem <[EMAIL PROTECTED]> | lusers into representational shapes. pgpCsiPwhvd20.pgp Description: PGP signature
Re: ssh-login on sparc
i have similar problems, i just apt-get installed ssh on a clean potato install on an ultra1 accepting the default configurations ... bruno ## client debug: [EMAIL PROTECTED]:~$ ssh -v localhost SSH Version OpenSSH-1.2.3, protocol version 1.5. Compiled with SSL. debug: Reading configuration data /etc/ssh/ssh_config debug: Applying options for localhost debug: Applying options for * debug: ssh_connect: getuid 1000 geteuid 1000 anon 1 debug: Connecting to localhost [127.0.0.1] port 22. debug: Connection established. debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.3 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). debug: Forcing accepting of host key for loopback/localhost. debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Doing password authentication. [EMAIL PROTECTED]'s password: Permission denied, please try again. [EMAIL PROTECTED]'s password: Permission denied, please try again. [EMAIL PROTECTED]'s password: Permission denied. ## server debug: [EMAIL PROTECTED]:~$ sudo sshd -d debug: sshd version OpenSSH-1.2.3 debug: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug: Server will not fork when running in debugging mode. Connection from 127.0.0.1 port 3028 debug: Client protocol version 1.5; client software version OpenSSH-1.2.3 debug: Sent 768 bit public key and 1024 bit host key. debug: Encryption type: 3des debug: Received session key; encryption turned on. debug: Installing crc compensation attack detector. debug: checking for shadow entry debug: shadow entry found, verifying debug: completed shadow checks debug: Attempting authentication for waesb. Failed password for waesb from 127.0.0.1 port 3028 Failed password for waesb from 127.0.0.1 port 3028 Failed password for waesb from 127.0.0.1 port 3028 Connection closed by 127.0.0.1
Re: ssh-login on sparc
On Tue, Jan 23, 2001 at 10:38:58AM +0100, Thomas 'Mike' Michlmayr wrote: > On Tue, Jan 23, 2001 at 09:16:33 +, Well lets compare logs. > > : 12 [EMAIL PROTECTED]:->ssh -v [EMAIL PROTECTED] > : SSH Version OpenSSH-1.2.3, protocol version 1.5. > : Compiled with SSL. > : debug: Reading configuration data /home/adm/mike/.ssh/config > : debug: Reading configuration data /etc/ssh/ssh_config > : debug: Applying options for * > : debug: ssh_connect: getuid 1000 geteuid 1000 anon 1 > : debug: Connecting to lust.cluon.priv.at [193.83.27.126] port 22. > : debug: Connection established. > : debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.3 > : debug: Waiting for server public key. > : debug: Received server public key (768 bits) and host key (1024 bits). > : debug: Host 'lust.cluon.priv.at' is known and matches the host key. > : debug: Encryption type: 3des > : debug: Sent encrypted session key. > : debug: Installing crc compensation attack detector. > : debug: Received encrypted confirmation. > : debug: Doing password authentication. > : [EMAIL PROTECTED]'s password: > : debug: Requesting pty. > : debug: Requesting shell. > : debug: Entering interactive session. Client log: --- [EMAIL PROTECTED]:~$ ssh -v gateway SSH Version OpenSSH-1.2.3, protocol version 1.5. Compiled with SSL. debug: Reading configuration data /etc/ssh/ssh_config debug: Applying options for * debug: ssh_connect: getuid 1000 geteuid 1000 anon 1 debug: Connecting to gateway [10.44.32.201] port 22. debug: Connection established. debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.3 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). debug: Host 'gateway' is known and matches the host key. debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: RSA authentication using agent refused. debug: Trying RSA authentication with key '[EMAIL PROTECTED]' debug: Server refused our key. debug: Doing password authentication. [EMAIL PROTECTED]'s password: Permission denied, please try again. --- Server log: --- gateway:~# sshd -d debug: sshd version OpenSSH-1.2.3 debug: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug: Server will not fork when running in debugging mode. Connection from 10.44.32.68 port 4740 debug: Client protocol version 1.5; client software version OpenSSH-1.2.3 debug: Sent 768 bit public key and 1024 bit host key. debug: Encryption type: 3des debug: Received session key; encryption turned on. debug: Installing crc compensation attack detector. debug: checking for shadow entry debug: shadow entry found, verifying debug: completed shadow checks debug: Attempting authentication for sauchter. Failed rsa for sauchter from 10.44.32.68 port 4740 Failed password for sauchter from 10.44.32.68 port 4740 Connection closed by 10.44.32.68 debug: Calling cleanup 0x208f0(0x0) --- > : [EMAIL PROTECTED]:~$ dpkg -l ssh > : Desired=Unknown/Install/Remove/Purge/Hold > : | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed > : |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: ...) > : ||/ Name VersionDescription > : > +++-==-==-==== > : ii ssh1.2.3-9.1 Secure rlogin/rsh/rcp replacement > (OpenSSH) > : [EMAIL PROTECTED]:~$ Same here for ssh. The only difference is I've build an installed openssl-0.9.6-1 in order to build and test ssh-2.3.0p1. But I was seeing exactly the same behaviour with openssl-0.9.4-5. This machine has very little installed on it as I'm using it as a firewall/gateway. It's currently running 2.2.18pre21. Clues anyone ??? Stuart
Re: ssh-login on sparc
On Tue, Jan 23, 2001 at 09:16:33 +, Stuart Auchterlonie <[EMAIL PROTECTED]> wrote: [...] > This is in the BTS as bug #79106 and seems to bite anyone who is > using passwd authentication with ssh 1.2.3-9.1 that the security team > released for potato. IBTD. lust.cluon.priv.at is a SS10 running potato+security fixes with pam_unix (= passwd?) authentication: : 12 [EMAIL PROTECTED]:->ssh -v [EMAIL PROTECTED] : SSH Version OpenSSH-1.2.3, protocol version 1.5. : Compiled with SSL. : debug: Reading configuration data /home/adm/mike/.ssh/config : debug: Reading configuration data /etc/ssh/ssh_config : debug: Applying options for * : debug: ssh_connect: getuid 1000 geteuid 1000 anon 1 : debug: Connecting to lust.cluon.priv.at [193.83.27.126] port 22. : debug: Connection established. : debug: Remote protocol version 1.5, remote software version OpenSSH-1.2.3 : debug: Waiting for server public key. : debug: Received server public key (768 bits) and host key (1024 bits). : debug: Host 'lust.cluon.priv.at' is known and matches the host key. : debug: Encryption type: 3des : debug: Sent encrypted session key. : debug: Installing crc compensation attack detector. : debug: Received encrypted confirmation. : debug: Doing password authentication. : [EMAIL PROTECTED]'s password: : debug: Requesting pty. : debug: Requesting shell. : debug: Entering interactive session. : [EMAIL PROTECTED]:~$ dpkg -l ssh : Desired=Unknown/Install/Remove/Purge/Hold : | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed : |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: ...) : ||/ Name VersionDescription : +++-==-==-======== : ii ssh1.2.3-9.1 Secure rlogin/rsh/rcp replacement (OpenSSH) : [EMAIL PROTECTED]:~$ we could compare lust.cluon.priv.at to your machine to see what is different between our systems. -- Thomas 'Mike' Michlmayr | ignorami: n: The BOFH art of folding problem <[EMAIL PROTECTED]> | lusers into representational shapes. pgpX7QDacnTuN.pgp Description: PGP signature
Re: ssh-login on sparc
On Mon, Jan 22, 2001 at 04:40:23PM -0500, Ben Collins wrote: > On Mon, Jan 22, 2001 at 09:35:45PM +0100, Joerg Braukhoff wrote: > > Hi, > > > > i've a SPARCstation 10, i can use this machine to login via ssh > > on every other host (all i386) in the LAN. If i try to login via ssh > > on this machine sshd always returns 'password failure'. I've tried every > > it from every host on the net, even 'ssh 127.0.0.1', always with the > > same result. '/etc/ssh/sshd_config' is the same as on the Intel-machines. > > Is this a known problem, if so, is there a fix ? > > ln -s ssh /etc/pam.d/sshd > Sorry Ben, This doesn't work. I'm quite willing to help debug this but clues on where to start are welcome. I've also tried ssh 2.3.0p1-1.[27] but with no luck. This is in the BTS as bug #79106 and seems to bite anyone who is using passwd authentication with ssh 1.2.3-9.1 that the security team released for potato.
Re: ssh-login on sparc
On Mon, Jan 22, 2001 at 09:35:45PM +0100, Joerg Braukhoff wrote: > Hi, > > i've a SPARCstation 10, i can use this machine to login via ssh > on every other host (all i386) in the LAN. If i try to login via ssh > on this machine sshd always returns 'password failure'. I've tried every > it from every host on the net, even 'ssh 127.0.0.1', always with the > same result. '/etc/ssh/sshd_config' is the same as on the Intel-machines. > Is this a known problem, if so, is there a fix ? ln -s ssh /etc/pam.d/sshd -- ---===-=-==-=---==-=-- / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \ ` [EMAIL PROTECTED] -- [EMAIL PROTECTED] -- [EMAIL PROTECTED] ' `---=--===-=-=-=-===-==---=--=---'
Re: ssh-login on sparc
> > > It's a potato system with ssh 1.2.3-9.1 . '/etc/pam.d/ssh' is the > > > maintainer's > > There is no libpam.so.0 when doing 'ldd /usr/sbin/sshd' . 'ldconfig -v' says > libpam.so.0.72 is installed. ok...did you get your ssh from security.debian.org or stock ftp.debian.org? if not from security..go grab it from there (it should be there)..if not then you need to file a bug against ssh as it needs rebuilt with pam support... I dont' know if the one from security was built properly or not as I'm a unstable user... Thus the reason for Build-Depends. :) Ivan -- Ivan E. Moore II [EMAIL PROTECTED] http://snowcrash.tdyc.com GPG KeyID=90BCE0DD GPG Fingerprint=F2FC 69FD 0DA0 4FB8 225E 27B6 7645 8141 90BC E0DD
Re: ssh-login on sparc
On Mon, Jan 22, 2001 at 02:13:45PM -0700, Ivan E. Moore II wrote: > > > What version of ssh is it? What version of Debian? Have you looked at > > > /etc/pam.d/ssh? > > > > > > > It's a potato system with ssh 1.2.3-9.1 . '/etc/pam.d/ssh' is the > > maintainer's > > version of the file. > > hmm...well I didn't build that one. :) > > do a > > ldd /usr/sbin/sshd > > and look for libpam.so.0 > > libdl.so.2 => /lib/i686/libdl.so.2 (0x4002a000) > [...] > libpam.so.0 => /lib/libpam.so.0 (0x40056000) >like ^^^ > > if it doesn't have one that's your problem...if it does, then I'm not sure. > There is no libpam.so.0 when doing 'ldd /usr/sbin/sshd' . 'ldconfig -v' says libpam.so.0.72 is installed. Joerg -- - Joerg Braukhoff email: <[EMAIL PROTECTED]> -
Re: ssh-login on sparc
> i've a SPARCstation 10, i can use this machine to login via ssh > on every other host (all i386) in the LAN. If i try to login via ssh > on this machine sshd always returns 'password failure'. I've tried every > it from every host on the net, even 'ssh 127.0.0.1', always with the > same result. '/etc/ssh/sshd_config' is the same as on the Intel-machines. > Is this a known problem, if so, is there a fix ? What version of ssh is it? What version of Debian? Have you looked at /etc/pam.d/ssh? Ivan -- Ivan E. Moore II [EMAIL PROTECTED] http://snowcrash.tdyc.com GPG KeyID=90BCE0DD GPG Fingerprint=F2FC 69FD 0DA0 4FB8 225E 27B6 7645 8141 90BC E0DD
ssh-login on sparc
Hi, i've a SPARCstation 10, i can use this machine to login via ssh on every other host (all i386) in the LAN. If i try to login via ssh on this machine sshd always returns 'password failure'. I've tried every it from every host on the net, even 'ssh 127.0.0.1', always with the same result. '/etc/ssh/sshd_config' is the same as on the Intel-machines. Is this a known problem, if so, is there a fix ? Regards Joerg -- - Joerg Braukhoff email: <[EMAIL PROTECTED]> -
ssh xauth path on sparc with 1:1.2.3-4
In bug#64424 to the ssh package, "C.M. Connelly" <[EMAIL PROTECTED]> wrote: > When starting an ssh session with X forwarding, ssh tries to run > an xauth from /usr/openwin/bin. Needless to say, this attempt > fails (since xauth really lives in /usr/bin/X11/). The same problem occurs on sparc with 1:1.2.3-4, but not with 1:1.2.3-3. > When I downloaded the source and built my own packages, the > location of xauth was set properly and things appear to work as > they did prior to my installing the upgrade. Rebuilding also solves the problem on sparc. -Hein
Re: Trouble to use SSH 1.2 with SPARC
On Thu, Dec 23, 1999 at 01:58:27AM +0100, Alain & Estelle BARBET wrote: > I recently install ssh on a Linux Intel box and all will be ok. > With Sparc, I try (and succes) to compile version from ssh.org or Why did you take the difficult way? I installed ssh on a SunClassic quite a while ago using ssh from www.debian.org. I don't remember whether I used apt-get or by downloading the package manually (then running dpkg). Oki
Trouble to use SSH 1.2 with SPARC
Hi all, I recently install ssh on a Linux Intel box and all will be ok. With Sparc, I try (and succes) to compile version from ssh.org or install the package non-us/ssh ... and same result : Daemon run fine, but at first client connection the machine crash !!! :((( There a 100% process like a while () fork; !!! I'm run this with Debian 6.2 . If somebody can help me ... thank you ! -- Alain & Estelle BARBET - Collines d'Estanove [EMAIL PROTECTED] - http://www.citeweb.net/alian
Re: ssh between Linux Sparc and PC
On Sun, 26 Sep 1999, Ben Collins wrote: > On Sun, Sep 26, 1999 at 11:50:47AM -0700, Walter Keeler wrote: > > > > In looking into /var/log/syslog, I'm finding the following error messages > > repeated a lot: > > > > janus init: Id "1" respawning too fast: disabled for 5 minutes > > (repeated for Id "2" through Id "6") > > > > janus modprobe: can't locate module char-major-4 > > > > If I had to guess, I'd say that the respawning messages are likely related > > to my ssh problem, while the modprobe probably isn't. > > Actually the modprobe problem may be realted to your getty's respawning, > which in > turn may be causing your ssh problem. Sounds like you have a headless machine > that is running getty's or you didn't configure one of the console type > supports. > > If you are running a headless system, I suggest commenting them out of > /etc/inittab > and running "init q" as root. > > Ben > I commented the gettys out of inittab and ran init q, which took care of the respawn messages, but left this occurring when I ssh to janus: janus modprobe: can't locate module char-major-5 --Walter Keeler [EMAIL PROTECTED]*** Walter Keeler * If my words did glow...* San Francisco, CA ***
Re: ssh between Linux Sparc and PC
On Sun, Sep 26, 1999 at 01:11:11PM -0700, Walter Keeler wrote: > > > On Sun, 26 Sep 1999, Ben Collins wrote: > > > > > Actually the modprobe problem may be realted to your getty's respawning, > > which in > > turn may be causing your ssh problem. Sounds like you have a headless > > machine > > that is running getty's or you didn't configure one of the console type > > supports. > > > > If you are running a headless system, I suggest commenting them out of > > /etc/inittab > > and running "init q" as root. > > > > Ben > > > > I am in fact running janus headless (mostly), not for any good reason but > because I haven't yet gotten around to buying a Sun-compatible kvm switch. > > When I need to do admin work on it, I move my monitor connection over from > the PC and attach a Sun keyboard/mouse. Should I uncomment the gettys from > inittab and rerun init q before re-heading? Yeah, and most likely you only need to uncomment the first one unless you really need more than one virtual console when you hook up the monitor. Ben
Re: ssh between Linux Sparc and PC
On Sun, 26 Sep 1999, Ben Collins wrote: > > Actually the modprobe problem may be realted to your getty's respawning, > which in > turn may be causing your ssh problem. Sounds like you have a headless machine > that is running getty's or you didn't configure one of the console type > supports. > > If you are running a headless system, I suggest commenting them out of > /etc/inittab > and running "init q" as root. > > Ben > I am in fact running janus headless (mostly), not for any good reason but because I haven't yet gotten around to buying a Sun-compatible kvm switch. When I need to do admin work on it, I move my monitor connection over from the PC and attach a Sun keyboard/mouse. Should I uncomment the gettys from inittab and rerun init q before re-heading? --Walter [EMAIL PROTECTED]*** Walter Keeler * If my words did glow...* San Francisco, CA ***
Re: ssh between Linux Sparc and PC
On Sun, Sep 26, 1999 at 11:50:47AM -0700, Walter Keeler wrote: > > In looking into /var/log/syslog, I'm finding the following error messages > repeated a lot: > > janus init: Id "1" respawning too fast: disabled for 5 minutes > (repeated for Id "2" through Id "6") > > janus modprobe: can't locate module char-major-4 > > If I had to guess, I'd say that the respawning messages are likely related > to my ssh problem, while the modprobe probably isn't. Actually the modprobe problem may be realted to your getty's respawning, which in turn may be causing your ssh problem. Sounds like you have a headless machine that is running getty's or you didn't configure one of the console type supports. If you are running a headless system, I suggest commenting them out of /etc/inittab and running "init q" as root. Ben
Re: ssh between Linux Sparc and PC
In looking into /var/log/syslog, I'm finding the following error messages repeated a lot: janus init: Id "1" respawning too fast: disabled for 5 minutes (repeated for Id "2" through Id "6") janus modprobe: can't locate module char-major-4 If I had to guess, I'd say that the respawning messages are likely related to my ssh problem, while the modprobe probably isn't. [EMAIL PROTECTED]*** Walter Keeler * If my words did glow...* San Francisco, CA ***
ssh between Linux Sparc and PC
I'm using a Sparc 5 with two NICs to firewall/IP masquerade for a PC and a Mac. The PC (named dazed) is a multiboot machine with a SCSI Travan tape drive, running (among other things) Slink with kernel version 2.2.12; the Sparc, janus, is running Slink with kernel 2.2.9. I'm trying to establish a procedure to back up janus to dazed's tape drive. To do this, I need to have either rsh or ssh working both directions between machines. I can ssh without password from janus to dazed, but when I try to ssh from dazed to janus, after a short pause I'm prompted for janus's password. When I look at /var/log/auth.log on janus, I see six repetitions of the following message: /dev/tty1: cannot open as standard input: No such device This is repeated for tty2 - tty6. I had some pty problems earlier that I resolved by deselecting UNIX98-style pty support when building the kernel. My understanding is that ssh should use pseudo pty-tty pairs, not the physical ttys. What am I doing wrong? Thanks in advance. --Walter Keeler [EMAIL PROTECTED]*** Walter Keeler * If my words did glow...* San Francisco, CA ***
Re: ssh
Hi... > Ive installed ssh on them but the problem is that when I try to ssh > into a machine I get the message: > "Cannot allocate pseudotty" Did you set up the "new" (kernel 2.2.x) pseudo ttys correctly? I had to include the following line in /etc/fstab the get rid of the error msg: (It appeared if I wanted to start X, for example...) devpts /dev/pts devpts mode=0622 0 0 The "/dev/pts" mount point has the following permissions here: drwxr-xr-x 2 01 512 Aug 4 22:15 /dev/pts And please be sure that you've got the pseudo ttys themselves: crw-rw-rw- 1 05 2,176 Feb 21 1999 /dev/ptya0 ... ... . (Directory output was created using "ls -ldn ...", to ensure you get the numeric values for ownership UID and GID.) This way, I think, you can compile in the Unix98 pty support *and* get ssh running. Good luck! ANDI :-)
Re: ssh
I had this same problem. I fixed it by recompiling the kernel WITHOUT UNIX98 pty support. Hope this helps. --Walter Keeler [EMAIL PROTECTED]*** Walter Keeler * If my words did glow...* San Francisco, CA *** On Tue, 21 Sep 1999 [EMAIL PROTECTED] wrote: > I have Debian 2.1 running on Sparcstations 2 and a Sparcstation 10. > Ive installed ssh on them but the problem is that when I try to ssh > into a machine I get the message: > "Cannot allocate pseudotty" > > I can ssh out from the machine. > Im running kernels 2.2.x and ssh version 1.2 > Does anyone have any ideas on curing this problem? > Thanks, > > > > > Shashi Kanbur [EMAIL PROTECTED] > Five College Astronomy Department, > University of Massachusetts, > Amherst, > MA 01003 > USA > (413) 577 0470 (413) 545 4223 (Fax) > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
ssh
I have Debian 2.1 running on Sparcstations 2 and a Sparcstation 10. Ive installed ssh on them but the problem is that when I try to ssh into a machine I get the message: "Cannot allocate pseudotty" I can ssh out from the machine. Im running kernels 2.2.x and ssh version 1.2 Does anyone have any ideas on curing this problem? Thanks, Shashi Kanbur [EMAIL PROTECTED] Five College Astronomy Department, University of Massachusetts, Amherst, MA 01003 USA (413) 577 0470 (413) 545 4223 (Fax)
Re: SSH key generation
> I had ssh going a few months ago. Has anyone else seen this problem? Any > hints on how to debug it? The problem has been mentioned a number of times on debian-sparc; if you look in the archives, you should find a URL for an expiremental replacement libgmp2 that isn't broken. My recollection is that it fixed the key-generation problem, but still had trouble in normal usage; pending other updates, I just rolled enough things back to stable for it to work again.