Here's a puzzler
Rick Stevens
rstevens at vitalstream.com
Wed Oct 25 21:21:00 UTC 2006
On Wed, 2006-10-25 at 15:18 +0200, Andrew Kelly wrote:
> I wonder if anybody here has seen enough obscure, esoteric error
> conditions to be able to debug this oddity on first symptom. Rick maybe?
> Hope somebody has seen it before.
>
> My desktop is running FC4, iptables set to ACCEPT across the board.
> I'm in a LAN behind a Windows Proxy (sound of retching).
>
> I have several external servers that I maintain. They're running RH 7.3,
> RH 9.0, Debian Woody, Debian Sarge, and there's an oddball SuSE box. I
> connect to them all via ssh and have been doing so without problem for
> ages.
> At the moment I'm configuring 2 newly acquired hosts that have just been
> handed to me and having a bit of a baffle. They are running the current
> stable Debian (sarge) and doing everything I'd expect them too, UNLESS I
> try to reach them from my workstation. From any of my other servers, I
> get ping responses, can make ssh connections, the whole gamut.
> >From my workstation, pings return no response. An attempt to start an
> ssh session dies a timeout death. I get this far:
> OpenSSH_4.2p1, OpenSSL 0.9.7f 22 Mar 2005
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to chokma [84.214.xx.xxx] port 22.
>
> and no farther (the IP is correct, I've just added the x's because of
> local policy).
>
> I can verify that it is not a proxy problem, because if I boot my
> workstation into XP (repeat previous sound) I can connect just fine with
> PuTTY. Also, I can connect perfectly from another linux box within my
> LAN.
>
> So, it's only my workstation, only when I'm booted into FC4 and only
> when I try to contact the 2 newest servers. There are no firewalls in
> place on either end of the connection.
>
> What is going on?
Well, this is a Red Hat list, not a Debian list, but here are some
things to check:
1. Make ABSOLUTELY sure that iptables isn't running on the Debian boxes
("# iptables -L -n" and make sure no rules show up).
2. Check the /etc/hosts.allow and /etc/hosts.deny files and verify that
they're empty or that they allow your machine in.
3. Check the /etc/ssh/sshd_config file and verify that it allows your
authentication methods and does not depend on DNS lookups (in case
your DNS isn't working correctly).
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Change is inevitable, except from a vending machine. -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list