[TCLUG] Total system breakage

Wed Sep 24 12:15:03 CDT 2003

Start up sshd on a different port in debug mode. Then ssh to that port
and see what the server debug displays. Maybe that will give you a
clue.

I run a few testing boxes and haven't had any problems. Although I
haven't upgraded in a few days either. I'll give it a try and let you
know if I experience the same problem.

On Tue, 23 Sep 2003, Callum Lerwick wrote:

> Okay, last night two of my boxes, both running debian testing went down
> in an interesting manner. They've stopped authenticating remotely. I can
> log in on console, but I can't ssh nor FTP in. (Running proftp) Email
> seems to work though, one's running wu-imap and the other courier-imap.
> 
> The only thing significant I've done is doing an apt-get update
> yesterday on one, and a few days ago on another. Trying to update it now
> doesn't find anything new.
> 
> Am I the only one getting this? It would seem to point at PAM, I'm not
> getting anything in the logs, nor is sshd -ddd telling me anything's
> wrong. It just hangs. Probably a package broke in testing, but I'm
> concerned I got nailed by some worm. ;P
> 
> Its a pain in the ass to work on because I have to stand around in the
> living room for one box, and the other is 100 miles away. :P I'll have
> to try reverting packages to woody versions by hand or something.
> 
> This is what I get with -vvv, though after a while it seems to start
> just refusing connections, though sshd hasn't crashed or complained
> about anything.
> 
> $ ssh -vvv marvin
> OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Rhosts Authentication disabled, originating port will not be
> trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to marvin [192.168.0.1] port 22.
> debug1: Connection established.
> debug1: identity file /home/seg/.ssh/identity type -1
> debug1: identity file /home/seg/.ssh/id_rsa type -1
> debug1: identity file /home/seg/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.6.1p2 Debian 1:3.6.1p2-3
> debug1: match: OpenSSH_3.6.1p2 Debian 1:3.6.1p2-3 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.5p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit:
> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 129/256
> debug1: bits set: 1618/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug3: check_host_in_hostfile: filename /home/seg/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 1
> debug3: check_host_in_hostfile: filename /home/seg/.ssh/known_hosts
> debug3: check_host_in_hostfile: match line 1
> debug1: Host 'marvin' is known and matches the RSA host key.
> debug1: Found key in /home/seg/.ssh/known_hosts:1
> debug1: bits set: 1629/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> 
> It just hangs forever here.

-- 
Clay Fandre				email: clay at fandre.com
					PGP Key ID: 0x50DBBB60

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list