6 Replies Latest reply: Jul 4, 2012 9:35 PM by Robert Cohen RSS

    Solaris SSH issue.

    923484
      hi,

      just finished with 2 T5440 with Solaris-10 Installation. the only issue is that these both hosts are able to SSH between each other but I can't ssh them from any other client specially from RHEL Linux system. Before installation ( with previous solaris-10 ) both boxes were connecting easily but after Installation this is getting worsened.

      logs from client:
      # ssh -v 10.13.7.34
      OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
      debug1: Reading configuration data /etc/ssh/ssh_config
      debug1: Applying options for *
      debug1: Connecting to 10.13.7.34 [10.13.7.34] port 22.
      debug1: Connection established.
      debug1: permanently_set_uid: 0/0
      debug1: identity file /root/.ssh/identity type -1
      debug1: identity file /root/.ssh/id_rsa type 1
      debug1: identity file /root/.ssh/id_dsa type -1
      debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.4
      debug1: no match: Sun_SSH_1.1.4
      debug1: Enabling compatibility mode for protocol 2.0
      debug1: Local version string SSH-2.0-OpenSSH_3.9p1
      debug1: SSH2_MSG_KEXINIT sent
      Read from socket failed: Connection reset by peer

      and Logs from Server:

      # /usr/lib/ssh/sshd -ddd
      debug1: sshd version Sun_SSH_1.1.4
      debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
      debug1: read PEM private key done: type RSA
      debug1: private host key: #0 type 1 RSA
      debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
      debug1: read PEM private key done: type DSA
      debug1: private host key: #1 type 2 DSA
      debug1: Bind to port 22 on ::.
      Server listening on :: port 22.
      debug1: Server will not fork when running in debugging mode.
      Connection from 10.231.11.249 port 57938
      debug1: Client protocol version 2.0; client software version OpenSSH_3.9p1
      debug1: match: OpenSSH_3.9p1 pat OpenSSH*
      debug1: Enabling compatibility mode for protocol 2.0
      debug1: Local version string SSH-2.0-Sun_SSH_1.1.4
      monitor debug2: Monitor pid 2932, unprivileged child pid 2933
      monitor debug1: list_hostkey_types: ssh-rsa,ssh-dss
      debug2: Waiting for monitor
      monitor debug2: Monitor pid 2932, unprivileged child pid 2933
      debug2: Monitor signalled readiness
      monitor debug1: reading the context from the child
      debug1: use_engine is 'yes'
      debug1: pkcs11 engine initialized, now setting it as default for RSA, DSA, and symmetric ciphers
      debug1: pkcs11 engine initialization complete
      debug1: list_hostkey_types: ssh-rsa,ssh-dss
      debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
      debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
      debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
      debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
      debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
      debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
      debug2: kex_parse_kexinit: none,zlib
      debug2: kex_parse_kexinit: none,zlib
      debug2: kex_parse_kexinit: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ,en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN,ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,ca,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default
      debug2: kex_parse_kexinit: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ,en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN,ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,ca,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default
      debug2: kex_parse_kexinit: first_kex_follows 0
      debug2: kex_parse_kexinit: reserved 0
      debug2: GSS-API Mechanism encoded as toWM5Slw5Ew8Mqkay+al2g==
      debug1: SSH2_MSG_KEXINIT sent
      debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
      debug1: SSH2_MSG_KEXINIT received
      debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
      debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
      debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
      debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc,aes192-ctr,aes192-cbc,aes256-ctr,aes256-cbc
      debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
      debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
      debug2: kex_parse_kexinit: none,zlib
      debug2: kex_parse_kexinit: none,zlib
      debug2: kex_parse_kexinit: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ,en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN,ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,ca,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default
      debug2: kex_parse_kexinit: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ,en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN,ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,ca,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default
      debug2: kex_parse_kexinit: first_kex_follows 0
      debug2: kex_parse_kexinit: reserved 0
      debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
      debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
      debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
      debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
      debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
      debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
      debug2: kex_parse_kexinit: none,zlib
      debug2: kex_parse_kexinit: none,zlib
      debug2: kex_parse_kexinit:
      debug2: kex_parse_kexinit:
      debug2: kex_parse_kexinit: first_kex_follows 0
      debug2: kex_parse_kexinit: reserved 0
      debug2: mac_init: found hmac-md5
      debug1: kex: client->server aes128-cbc hmac-md5 none
      debug2: mac_init: found hmac-md5
      debug1: kex: server->client aes128-cbc hmac-md5 none
      debug1: Peer sent proposed langtags, ctos:
      debug1: Peer sent proposed langtags, stoc:
      debug1: We proposed langtags, ctos: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ,en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN,ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,ca,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default
      debug1: We proposed langtags, stoc: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ,en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN,ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-SK,sl-SI,sq-AL,sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,ca,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default
      Read from socket failed: Connection reset by peer
      debug1: Calling cleanup 0x43308(0x0)
      monitor debug1: child closed the communication pipe before user auth was finished
      monitor debug1: Calling cleanup 0x43308(0x0)
      monitor debug1: Calling cleanup 0x43308(0x0)
        • 1. Re: Solaris SSH issue.
          927067
          My experience with this type of issue is not an ssh issue per se, but rather a networking misconfiguration. Check your netmask and default route on the recently installed Solaris servers.
          • 2. Re: Solaris SSH issue.
            923484
            Hi,

            I can telnet to these systems from my Linux client, if this was something relating to network or netmask or even the route issue, how I can reach my system using telnet...

            there is something wrong on the SSH side in particular.

            Regards,
            Nasir
            • 3. Re: Solaris SSH issue.
              800381
              user13570919 wrote:
              Hi,

              I can telnet to these systems from my Linux client, if this was something relating to network or netmask or even the route issue, how I can reach my system using telnet...

              there is something wrong on the SSH side in particular.

              Regards,
              Nasir
              Try updating your client:
              OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
              That's almost a decade old.
              • 4. Re: Solaris SSH issue.
                923484
                this is again not a problem here..

                If I start the SSH Server on a non-standard port ( other than 22 ) and try to connect from the same linux client, I am able to connect. there is nothing wrong with the SSH client.


                Regards,
                Nasir
                • 5. Re: Solaris SSH issue.
                  argo74-Oracle
                  What if you try to connect from a different client on port 22, are you still not able to connect?
                  If you can connect, then it may be your client blocking port 22, you should be able to narrow down the issue pretty quickly from there since SSH seems to be working using other ports.
                  • 6. Re: Solaris SSH issue.
                    Robert Cohen
                    check your tcp wrappers settings in /etc/hosts.allow/deny.

                    Thats exactly the symptom you get it its blocked.