Can't ssh after clean install of 2006

[RVDowning]

My buddy and I used to quite happily ssh into each other's systems. He was on 2006 and I was on LE2005. However, I just did a clean install of Mandriva 2006 (and did full updates) and now it no longer works.

 

When he attempts to log into my machine, his password no longer works (permission denied). I can't connect to his machine at all (I just time out as though his machine wasn't there.), even though I think everything is set up correctly on both ends.

 

One thing different I notice on my machine is ssh-agent running. I don't know what starts it. It seems to come up at boot time. I didn't intentionally do anything to initiate any key authentication. I terminated the ssh-agent and see no difference.

 

However, when he attempts to log into my machine, I see two services fire up: sshd: root [net] and sshd: root [priv]

 

(Also, I am unable to ssh into localhost as a test.)

 

Any ideas?

Edited January 2, 2006 by RVDowning

[pmpatrick]

It might be your msec security settings. Try setting that to "Standard". The other thing would be your firewall config. Try running with everything open(no firewall) and see if that corrects the problem. If it does, you can work backwards from there to setup a proper firewall config that will let you ssh; you usually have to have port 22 open IIRC. Also, here's an article on ssh configuration which might help:

 

http://howtos.linux.com/guides/solrhe/Secu...p15sec121.shtml

[RVDowning]

Well, both systems were istalled with "Standard" security settings. We each went into our modem firewall and opened up port 22. We had this working before we reinstalled 2006 on his system (which somehow got clobbered doing an update with urpmi), and while I was still running LE2005. I just did a fresh install of 2006, keeping just my home directory. It wasn't with the tight security. We just each entered a password when we connected to the other system via ssh.

 

I checked out the article, but before I started using any of the secure key methodologies, I just wanted to get the basic ssh connectivity established (to reduce the number of unknowns I am dealing with.)

[pmpatrick]

Try running:

 

$ ssh -l <username on remote system> <ip of remote system>

 

and post your error messages. You say you saved your home directory when you upgraded to 2006 and your mate did a fresh install of 2006. That's probably your problem right there. Go into your /home/<username>/.ssh directory. You should see a file called "known_hosts". That file is generated when you connect to a host and associates a ssh-rsa key with your friend's ip address. That key corresponded to the rsa key that your friend's ssh daemon generated on his old 2005 system and your known_hosts file was generated in response to that key and carried over to your new 2006 install since you saved your /home. It's now out of date - your key no longer matches his new 2006 key. If you get an authentication failure when you run the above command, then I'm almost positive that's what's going on.

The solution is to delete your old known_hosts file in ~/.ssh and then run the above command again. You will be given some warnings and asked if you want to continue. Answer "yes"(not "y") and you will be prompted for the password for the username on the remote system. You are then in and a new known_hosts file will be automatically generated in your ~/.ssh directory that corresponds to your friend's new rsa key.

[RVDowning]

I think your solution is right as regards his coming into my machine, which just seems to be a passwored problem. We'll wipe out that /home/<username>/.ssh/known_hosts file and try again this evening.

 

However, I still have another problem when going from my machine to his. I'm getting a connection refused message. However, I'm getting the same connection refused message when doing ssh myid@localhost. So, there seems to be something else going on here. I was about to deinstall my sshd stuff, wipe out all associated files I could find, and then try again with a fresh installation.

[RVDowning]

Well, he can how ssh into my machine, but I can't ssh to localhost. I get the following when using verbose mode:

 

[rvd@localhost ~]$ ssh -vvv mike

OpenSSH_4.2p1, OpenSSL 0.9.7g 11 Apr 2005

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug2: ssh_connect: needpriv 0

debug1: Connecting to mike [66.156.109.99] port 22.

debug1: connect to address 66.156.109.99 port 22: Connection timed out

ssh: connect to host mike port 22: Connection timed out

 

 

Any further ideas?

[RVDowning]

That last message was misleading. That debug output was from my trying to access his machine. If I try to access my machine using localhost (or ip address) I just get a "Connection Refused." That however, is less important than my accessing his.

[pmpatrick]

Does he have sshd running? If so, the time out would be consistent with a firewall dropping the ssh packets. Ask him to double check sshd and the firewall. By the way, I tried sshing into localhost and my ip and got a connection refused error as well.

[RVDowning]

Well, I had found out that he had xinetd running and sshd running. So, I asked him to kill xinetd and sshd and then restart sshd. That was before the timeout I indicated. I don't know whether a reboot was necessary or not, but we didn't do it at the time.