On 2024-08-06, George at Clug wrote:
> # nano /etc/nftables.conf
/etc/nftables.conf is used to load rules at boot by systemd
nftables.service. It's safer to edit another file, test it with nft -f,
then if it's correct to copy it to /etc/nftables.conf. If something goes
wrong a reboot could restor
; > that I have been using (e.g. ssh, http, ntp, https).
>
> My /etc/services uses the term "domain" rather than "dns" for 53.
Thanks David,
Using 'domain' does work.
# nano /etc/nftables.conf
...
oifname "enp1s0" ct state new udp d
On Tue 06 Aug 2024 at 14:25:45 (+1000), George at Clug wrote:
> However I have one issue, my nftables is not recognising the label
> 'dns' for port 53, although it is recognising labels for other ports
> that I have been using (e.g. ssh, http, ntp, https).
My /etc/services us
Hi,
I have my simple nftables firewall working (thanks to people who have
posted).
However I have one issue, my nftables is not recognising the label
'dns' for port 53, although it is recognising labels for other ports
that I have been using (e.g. ssh, http, ntp, https).
When I
Steffen Dettmer wrote:
> I encountered multiple times that debian based containers use fail2ban by
> default with a max attempt value of 5, even for SSH logins using strong
> asymmetric keys.
There is no "debian based container" standard. Talk to whoever
built your container.
Hi,
I encountered multiple times that debian based containers use fail2ban by
default with a max attempt value of 5, even for SSH logins using strong
asymmetric keys.
(Again I just got locked out for 1h (fortunately a container, so I can
access anyway). Do you know what happened? My SSH key
> > > works just fine, and so does networking. Bluetooth is normally disabled.
> > > However, when I have Bluetooth turned on (and after I turn it off), SSH
> > > is *slow*.
> > > Is there some sort of cross-talk issue?
> >
> > Sometimes Bluetooth
normally disabled.
However, when I have Bluetooth turned on (and after I turn it off), SSH
is *slow*.
Is there some sort of cross-talk issue?
Sometimes Bluetooth and Wi-Fi share the same radio. Are you running ssh over
Wi-Fi? Try running ssh over Ethernet while using Bluetooth. Is ssh still slow
t; > However, when I have Bluetooth turned on (and after I turn it off), SSH
> > is *slow*.
> > Is there some sort of cross-talk issue?
>
> Sometimes Bluetooth and Wi-Fi share the same radio. Are you running ssh over
> Wi-Fi? Try running ssh over Ethernet while using Blue
On Sun, Jun 16, 2024 at 02:30:32PM -0600, Charles Curley wrote:
> On one of my machines, I have some interesting interference. Bluetooth
> works just fine, and so does networking. Bluetooth is normally disabled.
> However, when I have Bluetooth turned on (and after I turn it off), SSH
&
On one of my machines, I have some interesting interference. Bluetooth
works just fine, and so does networking. Bluetooth is normally disabled.
However, when I have Bluetooth turned on (and after I turn it off), SSH
is *slow*.
I gather that the network controller is also the Bluetooth controller
> >
> > (I wonder what the string "Debian-5" may mean. The Debian 12 machine has
> > debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
> > So "-5" is not the Debian version.
>
> Package version in bookworm: 1:9.2p1-2+deb12u2
>
>
On 01/06/2024 16:42, Thomas Schmitt wrote:
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1
Debian-5
(I wonder what the string "Debian-5" may mean. The Debian 12 machine has
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
So &
Hi,
Jeffrey Walton wrote:
> If I am not mistaken, the problem you are experiencing is due to using
> RSA/SHA-1 on the old machine.
Max Nikulin wrote:
> My reading of /usr/share/doc/openssh-client/NEWS.Debian.gz is that ssh-rsa
> means SHA1 while clients offers SHA256 for the sam
On 01/06/2024 01:52, Thomas Schmitt wrote:
debug1: Offering public key:/home/.../.ssh/id_rsa RSA SHA256:...
[...]
The Debian 12 ssh client is obviously willing to try ssh-rsa.
My reading of /usr/share/doc/openssh-client/NEWS.Debian.gz is that
ssh-rsa means SHA1 while clients offers
On Fri, May 31, 2024 at 7:08 PM Thomas Schmitt wrote:
>
> i still have network access to a Debian 8 system, to which i logged in
> from Debian 11 via ssh and a ssh-rsa key. After the upgrade to Debian 12
> ssh fails with this public key authentication.
> The probably relevant mess
Hi,
the following line in ~/.ssh/config did the trick:
PubkeyAcceptedAlgorithms +ssh-rsa
This lets ssh -v report:
debug1: Offering public key: /home/.../.ssh/id_rsa RSA SHA256:...
debug1: Server accepts key: /home/.../.ssh/id_rsa RSA SHA256:...
Authenticated to ... ([...]:22) using
On 31 May 2024 20:52 +0200, from scdbac...@gmx.net (Thomas Schmitt):
> The ssh-rsa key was generated by Debian 10. man ssh-keygen of buster
> says the default of option -b with RSA was 2048.
> (Does anybody know how to analyze a key file in regard to such
> parameters ?)
$ ssh-
Hi,
i still have network access to a Debian 8 system, to which i logged in
from Debian 11 via ssh and a ssh-rsa key. After the upgrade to Debian 12
ssh fails with this public key authentication.
The probably relevant messages from a run of ssh -vvv are:
debug1: Offering public key: /home
allan wrote on 18/04/2024 13:37:
Bug report submitted. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069236
Hi,
may I ask how you disabled IPv6 on these machines?
Regards,
Jörg.
Hi Allan,
On 18/04/24 at 12:38, allan wrote:
Have four Sid machines here and ssh -X has worked fine on all of them
for years. For the last several days I haven't been able to run
graphical applications over ssh from any of these machines.
Error says "cannot open display" and if
Bug report submitted. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069236
On Thu, Apr 18, 2024 at 6:18 AM allan wrote:
>
> I just fixed it. in /etc/ssh/sshd_config I changed
>
> #AddressFamily any
>
> to
>
> AddressFamily inet
>
> Reading the host's
I just fixed it. in /etc/ssh/sshd_config I changed
#AddressFamily any
to
AddressFamily inet
Reading the host's journal got me pointed in the right direction.
Thank you for the suggestion :)
On Thu, Apr 18, 2024 at 6:10 AM allan wrote:
>
> > In the context of these SSH sessi
> In the context of these SSH sessions, are those clients or servers?
Both. I've run all four machines as both host and guest when testing.
> Do the logs on the host ip.add.re.ss provide any further details?
journalctl -t sshd gives this -
Apr 18 05:29:03 server sshd[2052]: error
On 18 Apr 2024 05:38 -0500, from wizard10...@gmail.com (allan):
> Have four Sid machines here
In the context of these SSH sessions, are those clients or servers?
> ssh -vv -Y u...@ip.add.re.ss just gives "X11 forwarding request failed
> on channel 0"
Do the logs on th
Have four Sid machines here and ssh -X has worked fine on all of them
for years. For the last several days I haven't been able to run
graphical applications over ssh from any of these machines.
Error says "cannot open display" and if I ssh into the machine
$DISPLAY is indeed b
Hi,
On Sat, Mar 30, 2024 at 08:57:14PM +, fxkl4...@protonmail.com wrote:
> so is this a threat to us normal debian users
If you have to ask, i.e. you do not know how to check that your
Debian install is secured against extremely well known recent
exploits that have been plastered across the e
On 2024-03-30, fxkl4...@protonmail.com wrote:
> so is this a threat to us normal debian users
> if so how do we fix it
Debian stable is not affected, Debian testing, unstable and
experimental must be updated.
https://lists.debian.org/debian-security-announce/2024/msg00057.html
alton wrote:
>>
>> Seems relevant since Debian adopted xz about 10 years ago.
>>
>> -- Forwarded message -
>> From: Andres Freund
>> Date: Fri, Mar 29, 2024 at 12:10 PM
>> Subject: [oss-security] backdoor in upstream xz/liblzma leading to s
eund
> Date: Fri, Mar 29, 2024 at 12:10 PM
> Subject: [oss-security] backdoor in upstream xz/liblzma leading to ssh
> server compromise
> To:
>
> Hi,
>
> After observing a few odd symptoms around liblzma (part of the xz package) on
> Debian sid installations over the l
Hello,
On Fri, Mar 29, 2024 at 01:52:18PM -0400, Jeffrey Walton wrote:
> Seems relevant since Debian adopted xz about 10 years ago.
Though we do not know how or why this developer has come to recently
put apparent exploits in it, so we can't yet draw much of a
conclusion beyond "sometimes people
On Fri, Mar 29, 2024 at 01:52:18PM -0400, Jeffrey Walton wrote:
> Seems relevant since Debian adopted xz about 10 years ago.
>
Also note that this has been addressed in Debian:
https://lists.debian.org/debian-security-announce/2024/msg00057.html
Provided here for the benefit those who are not sub
Well, it appears like most things in life this one was self inflicted.
🤬
Yesterday I was working on another project and to verify something was
occurring the 'strace' utility was recommended. It dawned on me that
this could help me get a clue as to what was happening to the
gnome-keyring-daemon.
at errors might have occurred the last time you updated,
> or whether you have a locally installed version of "ssh" in your PATH
> before /usr/bin/ssh, or... anything. Anything at all.
>
> When asking for help, it's best to give all of the relevant details up
> front.
st" version of something
is unhelpful. This goes double when you're on a testing or unstable
system. We don't know how long ago you updated, or what mirrors you're
using, or what errors might have occurred the last time you updated,
or whether you have a locally installed ve
can't help you more on this topic.
The given information is not enough to debug, and I'd never seen any other
connection failure cases.
My advice is, even it's annoying to see a lot of verbose output on your
terminal, that you can use options "-vvv" in your ssh call, l
x.x.x.x port 22
>
> This sounds most likely that your SSH client (program at your local
> machine) has an outdated SSH implementation. Try to update this
> program first.
I have the latest version!!! I recall that this is a Debian/unstable
machine, which I upgrade regularly. So, every
Vincent Lefevre wrote:
> Since 2 years (from early 2022 to 2023-11-26), I've got recurrent
> errors like
>
> kex_exchange_identification: read: Connection reset by peer
> Connection reset by x.x.x.x port 22
This sounds most likely that your SSH client (program at your lo
Since 2 years (from early 2022 to 2023-11-26), I've got recurrent
errors like
kex_exchange_identification: read: Connection reset by peer
Connection reset by x.x.x.x port 22
or
kex_exchange_identification: Connection closed by remote host
Connection closed by x.x.x.x port 22
But yesterday, the
On Mon, Nov 13, 2023 at 11:10:17AM +0100, Vincent Lefevre wrote:
[...]
> This is what I've done for my old laptop, but the dropbear package
> is *not* needed for that! You just need the dropbear-initramfs
> package [...]
Aha -- now I know the full story. Thanks, Vincent (and all the other
smart
On 2023-11-10 15:32:53 +, fxkl4...@protonmail.com wrote:
> On Fri, 10 Nov 2023, Vincent Lefevre wrote:
>
> > On 2023-11-10 10:57:21 +0100, Michael wrote:
> >> On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
> >>> No, this is not a normal phenomenon for bookworm upgrades. I've
On Fri, Nov 10, 2023 at 01:01:28PM -0500, Dan Ritter wrote:
> to...@tuxteam.de wrote:
[...]
> > Wait a minute: dropbear is supposed to run in the initramfs, while
> > sshd will be active afterwards, after pivot-root and all that, right?
> >
> > Then I don't quite get why they should collide at
to...@tuxteam.de wrote:
> On Fri, Nov 10, 2023 at 03:32:53PM +, fxkl4...@protonmail.com wrote:
> > On Fri, 10 Nov 2023, Vincent Lefevre wrote:
> >
> > > On 2023-11-10 10:57:21 +0100, Michael wrote:
> > >> On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
> > >>> No, this is not
On Fri, Nov 10, 2023 at 03:32:53PM +, fxkl4...@protonmail.com wrote:
> On Fri, 10 Nov 2023, Vincent Lefevre wrote:
>
> > On 2023-11-10 10:57:21 +0100, Michael wrote:
> >> On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
> >>> No, this is not a normal phenomenon for bookworm upgr
On Fri 10 Nov 2023 at 15:32:53 (+), fxkl4...@protonmail.com wrote:
> On Fri, 10 Nov 2023, Vincent Lefevre wrote:
>
> > On 2023-11-10 10:57:21 +0100, Michael wrote:
> >> On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
> >>> No, this is not a normal phenomenon for bookworm upgrad
On Fri, 10 Nov 2023, Vincent Lefevre wrote:
> On 2023-11-10 10:57:21 +0100, Michael wrote:
>> On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
>>> No, this is not a normal phenomenon for bookworm upgrades. I've never
>>> heard of it happening to anyone before.
>>
>> i disagree. i h
On 2023-11-10 10:57:21 +0100, Michael wrote:
> On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
> > No, this is not a normal phenomenon for bookworm upgrades. I've never
> > heard of it happening to anyone before.
>
> i disagree. i had the same problem b/c i also had dropbear insta
On Thursday, 9 November 2023 19:08:25 CET, Greg Wooledge wrote:
No, this is not a normal phenomenon for bookworm upgrades. I've never
heard of it happening to anyone before.
i disagree. i had the same problem b/c i also had dropbear installed. for
some reason the dropbear daemon is started f
lseye to bookworm with no problems
> >>> when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails
> >>>
> >>> debug1: Requesting X11 forwarding with authentication spoofing.
> >>> debug1: Sending environment.
> >>> debug1: S
On Thu, 9 Nov 2023, Jeffrey Walton wrote:
> On Thu, Nov 9, 2023 at 11:43 AM Greg Wooledge wrote:
>>
>> On Thu, Nov 09, 2023 at 03:01:29PM +, fxkl4...@protonmail.com wrote:
>>> i upgraded from bullseye to bookworm with no problems
>>> when i try ssh with
On Thu, 9 Nov 2023, Greg Wooledge wrote:
> On Thu, Nov 09, 2023 at 04:59:32PM +, fxkl4...@protonmail.com wrote:
>> now it makes a bit more sense
>> sshd isn't running
>> for some reason the upgrade switched to dropbear
>> is this a new thing for bookworm
>> is there a reason i shouldn't disabl
On Thu, Nov 9, 2023 at 11:43 AM Greg Wooledge wrote:
>
> On Thu, Nov 09, 2023 at 03:01:29PM +, fxkl4...@protonmail.com wrote:
> > i upgraded from bullseye to bookworm with no problems
> > when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails
> >
&g
On Thu, Nov 09, 2023 at 04:59:32PM +, fxkl4...@protonmail.com wrote:
> now it makes a bit more sense
> sshd isn't running
> for some reason the upgrade switched to dropbear
> is this a new thing for bookworm
> is there a reason i shouldn't disable dropbear and use sshd
No, this is not a normal
On Thu, 9 Nov 2023, fxkl4...@protonmail.com wrote:
> On Thu, 9 Nov 2023, Greg Wooledge wrote:
>
>> On Thu, Nov 09, 2023 at 03:01:29PM +, fxkl4...@protonmail.com wrote:
>>> i upgraded from bullseye to bookworm with no problems
>>> when i try ssh with -X/
On Thu, 9 Nov 2023, Greg Wooledge wrote:
> On Thu, Nov 09, 2023 at 03:01:29PM +, fxkl4...@protonmail.com wrote:
>> i upgraded from bullseye to bookworm with no problems
>> when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails
>>
>> debug1: Req
On Thu, Nov 09, 2023 at 03:01:29PM +, fxkl4...@protonmail.com wrote:
> i upgraded from bullseye to bookworm with no problems
> when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails
>
> debug1: Requesting X11 forwarding with authentication spoofing.
>
i upgraded from bullseye to bookworm with no problems
when i try ssh with -X/-Y to the bookworm machine x11 forwarding fails
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_ALL = en_US.UTF-8
authenticator
combo
edit /etc/pam.d/sshd and comment out comon-auth
|# @include common-auth in /etc/ssh/sshd_config UsePAM yes ||ChallengeResponseAuthentication yes ||PasswordAuthentication no AuthenticationMethods
publickey,keyboard-interactive |
On Wed, Oct 04 2023 at 10:08:14 AM, jeremy ardley
wrote:
> I have set up a server with sshd allowing public key access. I also
> set up google authenticator in pam by putting this line at the head of
> /etc/pam.d/sshd
>
> auth required pam_google_authenticator.so
>
> If I connect to the server wi
I have set up a server with sshd allowing public key access. I also set
up google authenticator in pam by putting this line at the head of
/etc/pam.d/sshd
auth required pam_google_authenticator.so
If I connect to the server without a public key I get the authenticator
prompt and then password
dbus.service
/run/user/1000/gcr/ssh gcr-ssh-agent.socket
gcr-ssh-agent.service
/run/user/1000/gnupg/S.dirmngr dirmngr.socket
dirmngr.service
/run/user/1000/gnupg/S.gpg-agent gpg-agent.socket
gpg-agent.service
/run/use
On 14/08/2023 07:30, Nate Bargmann wrote:
I have been using the GNOME keyring applet to manage the SSH public key
passwords I use as it prompts to save passwords and then lets me SSH to
other hosts without out a password prompt.
I do not know how it is arranged in Gnome, but I hope my
I now have two desktop systems running Bookworm with GNOME. The laptop
was upgraded last month and I upgraded the desktop this afternoon. I
have been using the GNOME keyring applet to manage the SSH public key
passwords I use as it prompts to save passwords and then lets me SSH to
other hosts
On Montag, 7. August 2023 16:33:26 CEST you wrote:
> On Montag, 7. August 2023 15:19:49 CEST you wrote:
> > Dear all,
> >
> > I just dist-upgraded my Raspberry Pi from buster to bookworm, and while
> >
> > ssh -Y...
> >
> > worked like a charm in before
gene heskett wrote:
> On 8/7/23 10:51, B.M. wrote:
>>> ssh -Y -C -l myUser otherHostname.local -v
>>>
> Is the @ sign between myUser and otherhostname now optional?
He uses option -l login_name, which can be used alternatively to
login_name@destination.
On 8/7/23 10:51, B.M. wrote:
On Montag, 7. August 2023 15:19:49 CEST you wrote:
Dear all,
I just dist-upgraded my Raspberry Pi from buster to bookworm, and while
ssh -Y...
worked like a charm in before the update and I could start any X11 program
over ssh, it doesn't work anymore since
On Montag, 7. August 2023 15:19:49 CEST you wrote:
> Dear all,
>
> I just dist-upgraded my Raspberry Pi from buster to bookworm, and while
>
> ssh -Y...
>
> worked like a charm in before the update and I could start any X11 program
> over ssh, it doesn't work anymore
Hi Bernd
B.M. wrote:
I just dist-upgraded my Raspberry Pi from buster to bookworm, and while
This might very well be the reason for your problems. You should never
skip a release, bullseye in this case. Upgrading directly from
oldoldstable to stable will get you unpredictable results.
BTW,
Dear all,
I just dist-upgraded my Raspberry Pi from buster to bookworm, and while
ssh -Y...
worked like a charm in before the update and I could start any X11 program
over ssh, it doesn't work anymore since then. Executing
ssh -Y -C -l myUser otherHostname.local -v
I get
...
d
On 1 Aug 2023 21:30 +0200, from pipat...@gmail.com (Anders Andersson):
> Does anyone know the "correct" solution to this?
Might https://wiki.debian.org/Suspend#Systemd_timeouts be useful?
--
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobod
I just installed a plain debian 12.1 on my good old Thinkpad X200, my
first debian 12 install since I'm waiting for things to settle down
before I upgrade my other computers.
Going smooth so far and my first snag (after bug #1037304) is that it
just kicked me out of all my ssh sessions. Ex
On Mon, 17 Jul 2023, to...@tuxteam.de wrote:
On Sun, Jul 16, 2023 at 03:21:06PM -0400, Timothy M Butterworth wrote:
Do you have TCP wrappers installed and running? Please post the output
of: `less /etc/hosts.allow` `less /etc/hosts.deny`
tcpwrappers would lead to a connection refused, not a
On Sun, Jul 16, 2023 at 03:21:06PM -0400, Timothy M Butterworth wrote:
[...]
> Do you have TCP wrappers installed and running? Please post the output
> of: `less
> /etc/hosts.allow` `less /etc/hosts.deny`
tcpwrappers would lead to a connection refused, not a timeout.
Cheers
--
t
signature.as
; probable,but hey) it's sshd config.
>
> Here is netstat -antp on one of the Debian 9 machines where I am currently
> logged in locally as root via ssh.
>
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local AddressForeign Address St
rget.wants/SuSEfirewall2_init.service.
root@kananga ~ systemctl stop SuSEfirewall2
root@kananga ~ systemctl is-enabled SuSEfirewall2
disabled
I then recycled the machine, power off, power on, and I can now ssh into this
Debian 9 machine from Debian 11 :-) , so I have a permanent solution.
My tha
Roger Price writes:
> Does the style of comment give a clue to the tool used ?
Earlier you posted a list of firewall rules like this:
iptables -L -n --line-numbers reports
Chain INPUT (policy ACCEPT)
num targetprot opt source destination
1ufw-before-logging-
Roger Price wrote:
> After the restart, I tried to ssh from Debian 11 to that Debian 9 machine
>
> rprice@titan ~ ssh -v rprice@kananga
> ssh: connect to host kananga port 22: Connection timed out
>
> So it's something else? Roger
Sorry, but I didn't follow the
mick.crane (12023-07-16):
> I'd compare the public key of you at 11 to what's in the authorized_keys on
> 9.
> and what's in known_hosts.
> and what's in the sshd config file on 9 about "Listen"
> after that I dunno.
Oh, please stop. The symptoms do not point to issues with the key AT ALL
and the
On 2023-07-16 10:53, Roger Price wrote:
On Sun, 16 Jul 2023, mick.crane wrote:
did you try to ssh to the ip address?
I vaguely remember something to do with the keys where I could ssh by
number but not name.
I ssh from Debian 11 to Debian 9 :
rprice@titan ~ ssh rprice@192.168.1.13
ssh
On Sun, 16 Jul 2023, mick.crane wrote:
did you try to ssh to the ip address?
I vaguely remember something to do with the keys where I could ssh by number
but not name.
I ssh from Debian 11 to Debian 9 :
rprice@titan ~ ssh rprice@192.168.1.13
ssh: connect to host 192.168.1.13 port 22
kananga (192.168.1.16): icmp_seq=2 ttl=64 time=1.37 ms
Roger
did you try to ssh to the ip address?
I vaguely remember something to do with the keys where I could ssh by
number but not name.
mick
On Sun, Jul 16, 2023 at 11:03:52AM +0200, Roger Price wrote:
[...]
> On a Debian 9 machine I typed the commands
>
> iptables -F
> iptables -X
> iptables -P INPUT ACCEPT
> iptables -P FORWARD ACCEPT
> iptables -P OUTPUT ACCEPT
>
> and then _immediately_ atte
On Sun, 16 Jul 2023, to...@tuxteam.de wrote:
On Sun, Jul 16, 2023 at 09:39:35AM +0200, Roger Price wrote:
I tried to clear out the existing firewall on a Debian 9 machine with the
commands
This would be a good time to try ssh :-)
But before chasing that culprit it'd be nice to kn
On Sun, 16 Jul 2023, mick.crane wrote:
Can you ping the problem machine by name?
rprice@titan ~ ping -c2 kananga
PING kananga (192.168.1.16) 56(84) bytes of data.
64 bytes from kananga (192.168.1.16): icmp_seq=1 ttl=64 time=1.38 ms
64 bytes from kananga (192.168.1.16): icmp_seq=2 ttl=64 ti
On Sun, Jul 16, 2023 at 09:07:03AM +0100, mick.crane wrote:
[...]
> Can you ping the problem machine by name?
> mick
No, it isn't a name resolution issue. The original "ssh -v" output,
which I re-quote here shows that clearly:
| rprice@kananga:~$ ssh -v rprice@maria
| Op
On 2023-07-16 07:26, Roger Price wrote:
On Sun, 16 Jul 2023, Intense Red wrote:
Are you trying to ssh into the box as the root user?
I do not ssh into remote boxes as root; I use ssh to root only within
the box.
If so, remember Debian's ssh configuration stops root from loggi
On Sun, Jul 16, 2023 at 03:46:06PM +0800, jeremy ardley wrote:
>
> On 16/7/23 15:39, Roger Price wrote:
> > So it's something else? Roger
>
>
> Have you checked /etc/ssh/sshd_config on the target to see if it is actually
> listening on port 22? You can also use n
On Sun, Jul 16, 2023 at 09:39:35AM +0200, Roger Price wrote:
> On Sat, 15 Jul 2023, Greg Wooledge wrote:
> > On Sat, Jul 15, 2023 at 11:59:33AM +0200, Roger Price wrote:
> > > rprice@kananga:~$ ssh -v rprice@maria
> > > ssh: connect to host maria port 22: Connection time
On 16/7/23 15:39, Roger Price wrote:
So it's something else? Roger
Have you checked /etc/ssh/sshd_config on the target to see if it is
actually listening on port 22? You can also use netstat to see listening
ports and processes
Second is to check the /etc/ssh/ssh_config o
On Sat, 15 Jul 2023, Greg Wooledge wrote:
On Sat, Jul 15, 2023 at 11:59:33AM +0200, Roger Price wrote:
rprice@kananga:~$ ssh -v rprice@maria
ssh: connect to host maria port 22: Connection timed out
A timeout is an ENTIRELY different symptom, and when combined with
"but I can ping the r
On Sun, Jul 16, 2023 at 2:27 AM Roger Price wrote:
>
> On Sun, 16 Jul 2023, Intense Red wrote:
>
> > Are you trying to ssh into the box as the root user?
>
> I do not ssh into remote boxes as root; I use ssh to root only within the box.
>
> > If so, remember De
On Sun, 16 Jul 2023, Intense Red wrote:
Are you trying to ssh into the box as the root user?
I do not ssh into remote boxes as root; I use ssh to root only within the box.
If so, remember Debian's ssh configuration stops root from logging in.
In my Debian 9 and 11 boxes I see in
On Sun, Jul 16, 2023 at 12:47:43AM -0500, Intense Red wrote:
>Are you trying to ssh into the box as the root user? If so, remember
> Debian's ssh configuration stops root from logging in.
The ssh -v tells another story: the port isn't even open. If this
were root being re
very
> > probable,but hey) it's sshd config.
>
> Here is netstat -antp on one of the Debian 9 machines where I am currently
> logged in locally as root via ssh.
>
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local AddressForeign Add
machines where I am currently
logged in locally as root via ssh.
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local AddressForeign Address State PID/Program
name
tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 521/sshd
tcp0
On Sat, Jul 15, 2023 at 11:12:23AM -0400, Greg Wooledge wrote:
> On Sat, Jul 15, 2023 at 11:59:33AM +0200, Roger Price wrote:
> > rprice@kananga:~$ ssh -v rprice@maria
> > OpenSSH_7.4p1 Debian-10+deb9u2, OpenSSL 1.0.2l 25 May 2017
> > debug1: Reading configuration dat
> > > The two debian 9 machines can ssh to themselves.
> > >
> > > Can you SSH from one Debian 9 to the other Debian 9?
> >
> > No. I can ping, but I cannot ssh. The ssh hangs after "Connecting to
> > maria
> > [192.168.1.13] port 22&
Greg Wooledge (12023-07-15):
> A timeout is an ENTIRELY different symptom, and when combined with
> "but I can ping the remote", it means a firewall is involved. Every
> time.
It can on occasion be a MTU black hole. But I am nitpicking and you are
almost certainly right here.
Regards,
--
Nic
On Sat, Jul 15, 2023 at 11:59:33AM +0200, Roger Price wrote:
> rprice@kananga:~$ ssh -v rprice@maria
> OpenSSH_7.4p1 Debian-10+deb9u2, OpenSSL 1.0.2l 25 May 2017
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options fo
On Sat, Jul 15, 2023 at 7:23 AM Roger Price wrote:
> On Sat, 15 Jul 2023, Timothy M Butterworth wrote:
>
> > On Sat, Jul 15, 2023 at 7:12 AM Roger Price
> wrote:
> >
> > The two debian 9 machines can ssh to themselves.
> >
> > Can you SSH from one De
1 - 100 of 3265 matches
Mail list logo
