New S10 system does not accept ssh from other hosts

unix

    Sponsored Links

    Next

  • 1. Solaris 11 or express or whatever it's called: has patches?
    Just wondering. Do both solari have similar frequency of patch releases? (Clearly, am looking for downsides to switching from to 11 or express or whatever it's called.) THANKS! David
  • 2. SIGTERM from zsched?
    A daemon process running in a non-global zone keeps dying, with the parent watchdog claiming that the child was sent a SIGTERM. To verify, I ran a truss on the child and saw this: 25741/1: Received signal #15, SIGTERM, in pollsys() [caught] 25741/1: siginfo: SIGTERM pid=2731 uid=0 pid 2731 is zsched: # ps -ef | grep 2731 ... root 2731 2731 0 Apr 06 ? 0:00 zsched I thought zsched was a dummy process that acts as "init" for the zone and spawns everything. Why would it be sending a SIGTERM to a daemon process? I'm a bit stumped on this one; it's preventing a monitoring daemon from running. Any suggestions are appreciated.
  • 3. zfs on a pc: can xp run atop it, still benefit from disk zpools, etc?
    Subj: zfs on a pc: can xp run atop it, still benefit from disk zpools, etc? Say some fancy server implemented in xp or 7 or whatever M$ system. But disks can crash, say, giving big problem to non-technical there in the office. Seems like zfs would be a pretty cool solution -- keeping server etc in same xp code as before: Install solaris 10 or 11 on the x86 machines, setting disk mirrors, etc, via zfs and zpools. Now, that server software still expects to run under xp or whatever M$ OS. So, could you then via solaris 10 magic install an xp or whatever ON TOP OF solaris 10, and have server etc run in THAT xp? And now, if cheap disk crashes, and there's a 5-disk mirror or pool or whatever, it'd all be handled automatically -- and can wait to get fixed three days later when the guru comes in. Until then, no one even knows there's been a problem. ---- I guess it depends on xp not knowing about the zpool stuff n-layers down, and thinking it's writing directly to its own disk -- or something like that. Possible? Thanks! David
  • 4. Installboot
    In article < XXXX@XXXXX.COM >, < XXXX@XXXXX.COM > wrote: >I have installed a dump of file systems for Solaris 9 on a hard disk >so that my hard disk will be able to boot Solaris 9 in machine A. I >need to add a bootblock. Can I do this from Solaris 10 running in >machine B? I have heard that there may be a problem because the >bootblocks are larger for Solaris 10 than 9 so that larger disk sizes >can be accommodated. I am also not sure whether installboot is >architecture dependent or not. The Solaris 10 machine B is a SPARC so >is my Solaris 9 machine A, however they are different SPARC >processors. mount machine A's root filesystem and run that installboot(1M) with that bootblk and against machine A's disk. John XXXX@XXXXX.COM
  • 5. boot from a LSI HBA in a Ultra 45
    Hi, Can a Ultra 45 boot from a LSI SAS HBA? /Michael

New S10 system does not accept ssh from other hosts

Postby INVALID_SEE_SIG » Sun, 11 Mar 2007 09:14:59 GMT


I can't figure this one out.  I have a newly installed S10 system (see
my complaint about patch behavior elsewhere), and I can't ssh into it
from other hosts.  The only change to sshd_config I have tried is to
set ListenAddress explicitly to 0.0.0.0.  (That change made no
difference.)

If I shut down sshd with svcadm and invoke

    # /usr/lib/ssh/sshd -ddd

I get:

    debug1: sshd version Sun_SSH_1.1
    debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
    debug1: read PEM private key done: type RSA
    debug1: private host key: #0 type 1 RSA
    debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
    debug1: read PEM private key done: type DSA
    debug1: private host key: #1 type 2 DSA
    debug1: Bind to port 22 on 0.0.0.0.
    Server listening on 0.0.0.0 port 22.

And that's it.  When I try to ssh in, or even telnet to port 22, from
another host, sshd doesn't make a noise.  If I 'ssh 0' from the same
host, I get a full and successful session.

???
-- 
  _+_ From the catapult of |If anyone disagrees with any statement I make, I
_|70|___:)=}- J.D. Baldwin |am quite prepared not only to retract it, but also
\      /   XXXX@XXXXX.COM |to deny under oath that I ever made it. -T. Lehrer
***~~~~-----------------------------------------------------------------------

Similar Threads:

1.ssh not accepting password ( solaris 10 )

When testing ssh by sshing to localhost normally the prompt is like below :
root@localhost's password:

We a problem server which is not accepting the users password. I have 
verified the password, but when sshing to localhost and from another server 
the password is rejected :

# ssh localhost
Password Authentication
Password:

I just keeps giving me the password prompt .
Also the /etc/issue which is specified in sshd_config as the Banner is not 
being displayed.
On all of our servers this is normally displayed. I have looked at the 
sshd_config and can see no problem. Root access is allowed , password 
authentication is enabled etc

PermitRootLogin yes
Banner /etc/issue

George


2.ssh not accepting password ( solaris 10 )

On 31 Jul., 12:32, "george2" < XXXX@XXXXX.COM > wrote:
> When testing ssh by sshing to localhost normally the prompt is like below :
> root@localhost's password:
>
> We a problem server which is not accepting the users password. I have
> verified the password, but when sshing to localhost and from another server
> the password is rejected :
>
> # ssh localhost
> Password Authentication
> Password:
>
> I just keeps giving me the password prompt .
> Also the /etc/issue which is specified in sshd_config as the Banner is not
> being displayed.
> On all of our servers this is normally displayed. I have looked at the
> sshd_config and can see no problem. Root access is allowed , password
> authentication is enabled etc

Does su - user work?

3.OpenVPN works on one host on subnet, not others

Hello!

I am trying to get OpenVPN going so that roaming users can do
administrative things on a bunch of subnets.  I currently have my
laptop connecting to the router via OpenVPN.  I am configured to
connect to the shop subnet only right now.

Shop subnet: 10.10.1.0/24
VPN subnet: 10.10.41.0/24
Router on shop subnet: de1: 10.10.1.63

I successfully connect to the router and can ping 10.10.1.171
(accounting).  However I can't ping any other host on the subnet.  The
weird thing is that the first time I had this going I could ping
10.10.1.1 and no other host.

----------------------------------------------------------------------------------------------------------
Dumping on router while pinging 10.10.1.171 from laptop

root@serenity:~# tcpdump -i de1 icmp
tcpdump: listening on de1
18:08:19.759632 10.10.41.6 > tms-accounting: icmp: echo request
18:08:19.759702 tms-accounting > 10.10.41.6: icmp: echo reply
18:08:20.763361 10.10.41.6 > tms-accounting: icmp: echo request
18:08:20.763415 tms-accounting > 10.10.41.6: icmp: echo reply
^C

root@serenity:~# tcpdump -i tun1 icmp
tcpdump: listening on tun1
18:08:35.819795 10.10.41.6 > 10.10.1.171: icmp: echo request (DF)
18:08:35.820169 10.10.1.171 > 10.10.41.6: icmp: echo reply
18:08:36.823524 10.10.41.6 > 10.10.1.171: icmp: echo request (DF)
^C

----------------------------------------------------------------------------------------------------------
The same dumping while failing to ping 10.10.1.61 from laptop:

root@serenity:~# tcpdump -i de1 icmp
tcpdump: listening on de1
18:11:06.516736 10.10.41.6 > 10.10.1.1: icmp: echo request
18:11:07.325990 10.10.41.6 > 10.10.1.1: icmp: echo request
18:11:07.326154 10.10.1.1 > 10.10.41.6: icmp: echo reply
18:11:08.332830 10.10.41.6 > 10.10.1.1: icmp: echo request
18:11:08.332993 10.10.1.1 > 10.10.41.6: icmp: echo reply
18:11:09.337078 10.10.41.6 > 10.10.1.1: icmp: echo request
18:11:09.337236 10.10.1.1 > 10.10.41.6: icmp: echo reply
18:11:10.337649 10.10.41.6 > 10.10.1.1: icmp: echo request
18:11:10.337817 10.10.1.1 > 10.10.41.6: icmp: echo reply
18:11:11.341990 10.10.41.6 > 10.10.1.1: icmp: echo request
18:11:11.342149 10.10.1.1 > 10.10.41.6: icmp: echo reply
18:11:12.348857 10.10.41.6 > 10.10.1.1: icmp: echo request
18:11:12.349019 10.10.1.1 > 10.10.41.6: icmp: echo reply
^C
78 packets received by filter
0 packets dropped by kernel

root@serenity:~# tcpdump -i tun1 icmp
tcpdump: listening on tun1
18:11:25.400481 10.10.41.6 > 10.10.1.1: icmp: echo request (DF)
18:11:26.404246 10.10.41.6 > 10.10.1.1: icmp: echo request (DF)
18:11:27.408403 10.10.41.6 > 10.10.1.1: icmp: echo request (DF)
18:11:28.416900 10.10.41.6 > 10.10.1.1: icmp: echo request (DF)
18:11:29.416263 10.10.41.6 > 10.10.1.1: icmp: echo request (DF)
^C
5 packets received by filter
0 packets dropped by kernel


----------------------------------------------------------------------------------------------------------

I have static routes on all the hosts on the subnet I am trying to talk
to (10.10.42.0/24 gw 10.10.1.63).  When I ping hosts and do a tcpdump
on de1 I can see echo requests going to the host I am trying to ping
and replies coming back again.  When I dump on tun1 I see the requests,
but no responses.  I have logs going on all of my pf rules but "tcpdump
-l -a -e -ttt -i pflog0 icmp" only returns:

Jan 31 17:47:20.038317 rule 38/0(match): pass in on tun1: 10.10.41.6 >
hoover: icmp: echo request
Jan 31 17:47:20.038388 rule 41/0(match): pass out on de1: 10.10.41.6 >
hoover: icmp: echo request
Jan 31 17:47:21.038964 rule 38/0(match): pass in on tun1: 10.10.41.6 >
hoover: icmp: echo request
Jan 31 17:47:21.039028 rule 41/0(match): pass out on de1: 10.10.41.6 >
hoover: icmp: echo request

(hoover is 10.10.1.66)

Here's what it looks like when I ping 10.10.1.171:

Jan 31 17:48:18.554295 rule 38/0(match): pass in on tun1: 10.10.41.6 >
accounting: icmp: echo request
Jan 31 17:48:18.554375 rule 41/0(match): pass out on de1: 10.10.41.6 >
accounting: icmp: echo request
Jan 31 17:48:18.554526 rule 40/0(match): pass in on de1: accounting >
10.10.41.6: icmp: echo reply
Jan 31 17:48:18.554580 rule 39/0(match): pass out on tun1: accounting >
10.10.41.6: icmp: echo reply

I still got nowhere after a "pfctl -F rules"

Here's my client openvpn.conf file (running on Debian):
---------------------------------------------------------------------------------------------------------------------
client

;dev tap
dev tun

;dev-node MyTap

;proto tcp
proto udp

remote 216.123.222.67 1194
;remote my-server-2 1194

;remote-random

resolv-retry infinite

nobind

user nobody
group nogroup

persist-key
persist-tun

ca /etc/ssl/certs/CA_cert.pem
cert /etc/ssl/certs/Cfuchsia.pem
key /etc/ssl/keys/Kfuchsia.pem

ns-cert-type server

tls-auth /usr/local/openvpn-2.0/ta.key 1
verb 3
----------------------------------------------------------------------------------------------------------

Here's server config:

----------------------------------------------------------------------------------------------------------
daemon openvpn

chroot /usr/local/openvpn-2.0/jail

#port 443
dev tun1

server 10.10.41.0 255.255.255.0

dh /etc/ssl/dh2048.pem
ca /etc/ssl/CA_cert.pem
cert /etc/ssl/certs/Cserv.pem
key /etc/ssl/keys/Kserv.pem
crl-verify crl.pem

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

keepalive 15 120

user nobody
group nobody

persist-key
persist-tun

push "route 10.10.1.0 255.255.255.0"

status /var/log/openvpn-status.log
log-append /var/log/openvpn.log

tls-auth /usr/local/openvpn-2.0/ta.key 0

verb 4
mute 20

----------------------------------------------------------------------------------------------------------

The responses are coming back to the router.  It's like the kernel is
dumping them before they get to pf(4).

Anyone know what's going on here?  This is a very, very serious
situation as I have no booze in the house at all, only raw ether.  And
I don't want to get into that rotten stuff.

Thanks in advance

4.How is S10 doing?


I'm sure hard numbers are confidential, but can someone with at least
a pipeline to inside knowledge share some indications of response to
the Solaris 10 release?  Does the installed base compare favorably to
that what you saw for S9 a few months after its release?  Is there a
big response to the training / certification offerings?

Whatever you can tell me, I would appreciate.

One side question:  will ZFS be part of Open Solaris?
-- 
  _+_ From the catapult of |If anyone disagrees with any statement I make, I
_|70|___:)=}- J.D. Baldwin |am quite prepared not only to retract it, but also
\      /   XXXX@XXXXX.COM |to deny under oath that I ever made it. -T. Lehrer
***~~~~-----------------------------------------------------------------------

5.Ext2 not accepted by new kernel compilation

Hi folks,

I am using 2.4.26, and I thought I'd just download+recompile the
kernel as I always have to make a better 2.4.26 boot kernel.
So I did that using menuconfig, and I told it to include
support for Ext2. My boot partition is Ext2. When I booted
with the new kernel I got an error message saying the
partition was severely damaged and I needed to either
reboot immediately or I could log in as root. Well needless
to say when I switched back to my original this bizarre
problem went away. I also tried downloading the latest 2.6
and got the same problem. 

Anybody know what's going on?

Thanks.

6. USB device not accepting new address=2 (error=-19)

7. ssh, hosts.allow, hosts.deny, and dyndns names



Return to unix

 

Who is online

Users browsing this forum: No registered users and 31 guest