Here's a puzzler

Rick Stevens rstevens at vitalstream.com
Wed Oct 25 21:21:00 UTC 2006 

On Wed, 2006-10-25 at 15:18 +0200, Andrew Kelly wrote:
> I wonder if anybody here has seen enough obscure, esoteric error
> conditions to be able to debug this oddity on first symptom. Rick maybe?
> Hope somebody has seen it before.
> 
> My desktop is running FC4, iptables set to ACCEPT across the board.
> I'm in a LAN behind a Windows Proxy (sound of retching).
> 
> I have several external servers that I maintain. They're running RH 7.3,
> RH 9.0, Debian Woody, Debian Sarge, and there's an oddball SuSE box. I
> connect to them all via ssh and have been doing so without problem for
> ages. 
> At the moment I'm configuring 2 newly acquired hosts that have just been
> handed to me and having a bit of a baffle. They are running the current
> stable Debian (sarge) and doing everything I'd expect them too, UNLESS I
> try to reach them from my workstation. From any of my other servers, I
> get ping responses, can make ssh connections, the whole gamut.
> >From my workstation, pings return no response. An attempt to start an
> ssh session dies a timeout death. I get this far:
> OpenSSH_4.2p1, OpenSSL 0.9.7f 22 Mar 2005
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to chokma [84.214.xx.xxx] port 22. 
>  
> and no farther (the IP is correct, I've just added the x's because of
> local policy).
> 
> I can verify that it is not a proxy problem, because if I boot my
> workstation into XP (repeat previous sound) I can connect just fine with
> PuTTY. Also, I can connect perfectly from another linux box within my
> LAN. 
> 
> So, it's only my workstation, only when I'm booted into FC4 and only
> when I try to contact the 2 newest servers. There are no firewalls in
> place on either end of the connection.
> 
> What is going on?

Well, this is a Red Hat list, not a Debian list, but here are some
things to check:

1. Make ABSOLUTELY sure that iptables isn't running on the Debian boxes
("# iptables -L -n" and make sure no rules show up).

2. Check the /etc/hosts.allow and /etc/hosts.deny files and verify that
they're empty or that they allow your machine in.

3. Check the /etc/ssh/sshd_config file and verify that it allows your
authentication methods and does not depend on DNS lookups (in case
your DNS isn't working correctly).

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-        Change is inevitable, except from a vending machine.        -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list