sslug-teknik team mailing list archive
-
sslug-teknik team
-
Mailing list archive
-
Message #101413
Re: Ssh problemer
Jeg er desvaere ikke here over netvaerket, men har svaert ved at tro
det skulle goere den helt store forskel da det funger fint med HTTP,
og det fungere ogsaa fint med SSH ved brug af en anden computer.
/Allan
2011/3/4 Anders Aspegren Søndergaard <andersas@xxxxxxxxx>:
> Hvad med at fjerne din router fra billedet og køre PC1 direkte på det
> store stygge internet?
>
> Anders A. Søndergaard
>
> 2011/3/4 Allan Nielsen <a@xxxxxx>:
>> Hej
>>
>> Jeg er løbet ind i nogle problemer med en ny installeret gentoo (min
>> foretrukken dist igennem mange år) maskine og dens ssh client.
>> Maskinen som problemet optræder på, er installeret i et lokal netværk
>> med 1+ andre linux maskiner. I min beskrivelse af problemet anvender
>> jeg 3 maskiner, PC1 som er den der har problemet, Laptop som er en
>> anden (gammel) gentoo maskine der ikke har problemet, og så Server1
>> der findes på internettet.
>>
>> PC1: Maskinen hvor jeg oplever ssh problemer.
>> IP: 10.0.0.4/24
>>
>> Laptop: En anden vel fungerende maskine
>> IP: 10.0.0.3
>>
>> Server: en ubuntu server som er tilgængelig via internettet
>> IP: 88.198.116.73
>>
>> Her er problemet:
>>
>> TEST1: ssh fra PC1 til Laptop virker fint.
>> TEST2: ssh fra Laptop til PC1 virker fint.
>> TEST3: ssh fra Laptop til Server virker fint.
>> http get requerst fra PC1 til Server virker fint (så der er hul
>> igennem på IP level)
>>
>> Hvad der ikke virker er ssh fra PC1 til Server. (da jeg er bag NAT som
>> jeg ikke selv administrer kan jeg ikke forsøge Server til PC1)
>>
>> Her er hvad der sker når jeg forsøger:
>> awn@pc1 ~ $ ssh -vvv 88.198.116.73
>> OpenSSH_5.8p1-hpn13v10, OpenSSL 1.0.0d 8 Feb 2011
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug2: ssh_connect: needpriv 0
>> debug1: Connecting to 88.198.116.73 [88.198.116.73] port 22.
>> debug1: Connection established.
>> debug1: identity file /home/awn/.ssh/id_rsa type -1
>> debug1: identity file /home/awn/.ssh/id_rsa-cert type -1
>> debug1: identity file /home/awn/.ssh/id_dsa type -1
>> debug1: identity file /home/awn/.ssh/id_dsa-cert type -1
>> debug1: identity file /home/awn/.ssh/id_ecdsa type -1
>> debug1: identity file /home/awn/.ssh/id_ecdsa-cert type -1
>>
>> << HER HÆNGER DEN SÅ INDTIL JEG AFBRYDER >>
>>
>> Da det i ssh protocollen (så vidt jeg ved) er serveren som indleder
>> samtalen med en host string efter connection af en client, har jeg
>> anvendet netcat til at debugge problemet. Netcat er blevet anvendet
>> til at reproducere de 3 fungerende tests, samt efter forske den ikke
>> fungerende:
>>
>> TEST1:
>> awn@pc1 ~ $ netcat 10.0.0.3 22
>> SSH-2.0-OpenSSH_5.8p1-hpn13v10
>>
>> TEST2:
>> awn@laptop ~ $ netcat 10.0.0.4 22
>> SSH-2.0-OpenSSH_5.8p1-hpn13v10
>>
>> TEST3:
>> awn@laptop ~ $ netcat 88.198.116.73 22
>> SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu5
>>
>>
>> PC1 til server:
>> awn@pc1 ~ $ netcat 88.198.116.73 22
>> << HER HÆNGER DEN SÅ INDTIL JEG AFBRYDER >>
>>
>> PC1 til ander externe server:
>> awn@pc1 ~ $ netcat erlang.gbar.dtu.dk 22
>> SSH-2.0-Sun_SSH_1.1.3
>> awn@pc1 ~ $ netcat kernel.org 22
>> SSH-2.0-OpenSSH_5.4p1
>>
>> Så ingen problemer her...
>>
>> Dobbelt tjek af at der er hul igennem fra PC1 til Server:
>> awn@pc1 ~ $ netcat 88.198.116.73 80
>> asdf
>> <html>
>> <head><title>400 Bad Request</title></head>
>> <body bgcolor="white">
>> <center><h1>400 Bad Request</h1></center>
>> <hr><center>nginx/0.7.65</center>
>> </body>
>> </html>
>>
>> Dette ser ud til at fungere som det skal...
>>
>>
>> Ingen hints som jeg fangede her, jeg har derfor forsat med strace, for
>> at sammenligne hvad er sker i TEST1, TEST3 samt PC1->Server, den del
>> af output som jeg fandt relevant kommer her:
>>
>> TEST1:
>> execve("/usr/bin/netcat", ["netcat", "10.0.0.3", "22"], [/* 55 vars */]) = 0
>> socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
>> setsockopt(3, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
>> setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
>> fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
>> fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
>> connect(3, {sa_family=AF_INET, sin_port=htons(22),
>> sin_addr=inet_addr("10.0.0.3")}, 16) = -1 EINPROGRESS (Operation now
>> in progress)
>> select(4, NULL, [3], NULL, NULL) = 1 (out [3])
>> getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
>> open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) =
>> -1 ENOENT (No such file or directory)
>> open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1
>> ENOENT (No such file or directory)
>> open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1
>> ENOENT (No such file or directory)
>> open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT
>> (No such file or directory)
>> select(4, [0 3], [], NULL, NULL) = 1 (in [3])
>> read(3, "SSH-2.0-OpenSSH_5.8p1-hpn13v10\r\n", 1024) = 32
>> write(1, "SSH-2.0-OpenSSH_5.8p1-hpn13v10\r\n", 32) = 32
>> select(4, [0 3], [], NULL, NULL) = ? ERESTARTNOHAND (To be restarted)
>> --- SIGINT (Interrupt) @ 0 (0) ---
>> rt_sigreturn(0x7fff83d9826b) = -1 EINTR (Interrupted system call)
>> shutdown(3, 2 /* send and receive */) = 0
>> close(3) = 0
>> exit_group(0) = ?
>>
>>
>> TEST2:
>> execve("/usr/bin/netcat", ["netcat", "10.0.0.4", "22"], [/* 55 vars */]) = 0
>> brk(0) = 0x1081000
>> socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
>> setsockopt(3, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
>> setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
>> fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
>> fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
>> connect(3, {sa_family=AF_INET, sin_port=htons(22),
>> sin_addr=inet_addr("10.0.0.4")}, 16) = -1 EINPROGRESS (Operation now
>> in progress)
>> select(4, NULL, [3], NULL, NULL) = 1 (out [3])
>> getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
>> select(4, [0 3], [], NULL, NULL) = 1 (in [3])
>> read(3, "SSH-2.0-OpenSSH_5.8p1-hpn13v10\r\n", 1024) = 32
>> write(1, "SSH-2.0-OpenSSH_5.8p1-hpn13v10\r\n", 32) = 32
>> select(4, [0 3], [], NULL, NULL) = ? ERESTARTNOHAND (To be restarted)
>> --- SIGINT (Interrupt) @ 0 (0) ---
>> rt_sigreturn(0x7fff663861ab) = -1 EINTR (Interrupted system call)
>> shutdown(3, 2 /* send and receive */) = 0
>> close(3) = 0
>> exit_group(0) = ?
>>
>>
>> TEST3:
>> execve("/usr/bin/netcat", ["netcat", "88.198.116.73", "22"], [/* 54
>> vars */]) = 0
>> brk(0) = 0x955b000
>> socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
>> setsockopt(3, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
>> setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
>> fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
>> fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
>> connect(3, {sa_family=AF_INET, sin_port=htons(22),
>> sin_addr=inet_addr("88.198.116.73")}, 16) = -1 EINPROGRESS (Operation
>> now in progress)
>> select(4, NULL, [3], NULL, NULL) = 1 (out [3])
>> getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
>> open("/usr/share/locale/locale.alias", O_RDONLY) = 4
>> fstat64(4, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0
>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
>> 0) = 0xb77d1000
>> read(4, "# Locale name alias data base.\n#"..., 4096) = 2570
>> read(4, "", 4096) = 0
>> close(4) = 0
>> munmap(0xb77d1000, 4096) = 0
>> select(4, [0 3], [], NULL, NULL) = 1 (in [3])
>> read(3, "SSH-2.0-OpenSSH_5.3p1 Debian-3ub"..., 1024) = 39
>> write(1, "SSH-2.0-OpenSSH_5.3p1 Debian-3ub"..., 39) = 39
>> select(4, [0 3], [], NULL, NULL) = ? ERESTARTNOHAND (To be restarted)
>> --- SIGINT (Interrupt) @ 0 (0) ---
>> sigreturn() = ? (mask now [])
>> shutdown(3, 2 /* send and receive */) = 0
>> close(3) = 0
>> exit_group(0) = ?
>>
>>
>> TEST PC1->Server
>> execve("/usr/bin/netcat", ["netcat", "88.198.116.73", "22"], [/* 55
>> vars */]) = 0
>> brk(0) = 0x10fe000
>> socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
>> setsockopt(3, SOL_SOCKET, SO_LINGER, {onoff=1, linger=0}, 8) = 0
>> setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
>> fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
>> fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
>> connect(3, {sa_family=AF_INET, sin_port=htons(22),
>> sin_addr=inet_addr("88.198.116.73")}, 16) = -1 EINPROGRESS (Operation
>> now in progress)
>> select(4, NULL, [3], NULL, NULL) = 1 (out [3])
>> getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
>> open("/usr/share/locale/locale.alias", O_RDONLY) = 4
>> fstat(4, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0
>> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
>> 0) = 0x7fc6c7a0a000
>> read(4, "# Locale name alias data base.\n#"..., 4096) = 2570
>> read(4, "", 4096) = 0
>> close(4) = 0
>> munmap(0x7fc6c7a0a000, 4096) = 0
>> select(4, [0 3], [], NULL, NULL) = ? ERESTARTNOHAND (To be restarted)
>> --- SIGINT (Interrupt) @ 0 (0) ---
>> rt_sigreturn(0x7fff13de56ab) = -1 EINTR (Interrupted system call)
>> shutdown(3, 2 /* send and receive */) = 0
>> close(3) = 0
>> exit_group(0) = ?
>>
>> Alt i alt, syntes jeg det ser meget fornuftig ud. Der er ingen system
>> kald som fejler, og den gør nogen lunde det samme i de 4 situationer,
>> så det blev jeg desvære heller ikke meget kloger af.
>>
>> Jeg har naturligvis de rå strace's, men er ikke sikekr på at det vil hjælpe.
>>
>> Mit problem her er nu at jeg stadig ikke har fået nogle hints, og jeg
>> har stadig ikke fået min ssh forbindelse til serveren op og køre.
>>
>> Så hvis der er nogen som ahr en god mave fornæmelse af hvad der er
>> galt, eller gode ideer til hvordan man debugger dette så er det meget
>> velkommen
>>
>> MVH
>> Allan W. Nielsen
>>
>>
>>
>
>
>
References
