RE: OpenSSH strange behaviour



Mike,

I have seen this sort of thing happen with a mismatch in network
settings -- the switch and the server "auto" negotiated and one ended up
100MB FD and one 100MB HD.

HTH,

Richard Wilson

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of No Spam
Sent: Tuesday, June 05, 2007 10:46 AM
To: secureshell@xxxxxxxxxxxxxxxxx
Subject: OpenSSH strange behaviour

Hello everyone, I seem to be having some strange behavior with OpenSSH
and was hoping someone can offer me some insight.

Dell Poweredge 2950 Rack Mount Server
Red Hat Linux Enterprise AS 4.0
All updates, kernel and security patches have been applied
I have about 50 Red Hat machines on my network, all are configured the
same and this machine is the only one with an issue.

In a nutshell, if you SSH to the machine sometimes it works, and
sometimes it doesn't.
Usually, if you can't SSH to the machine you just keep trying and
eventually it seems to allow you to connect and once it does it will
allow others to connect, for a while, before it dies again. Here is
an example of what I mean:

amanda@backup6 90 % ssh thera df -lk
ssh_exchange_identification: read: Connection reset by peer
amanda@backup6 91 % ssh thera df -lk
ssh: connect to host thera port 22: Connection refused
amanda@backup6 92 % ssh thera df -lk
ssh: connect to host thera port 22: Connection refused
amanda@backup6 93 % ssh thera df -lk
ssh: connect to host thera port 22: Connection refused
amanda@backup6 94 % ssh thera df -lk
ssh: connect to host thera port 22: Connection refused
amanda@backup6 95 % ssh thera df -lk
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda1 20641788 7711284 11881864 40% /
none 2020772 0 2020772 0% /dev/shm
/dev/sda3 113534884 32996808 74770744 31% /export/home0
/dev/sda2 113534884 44551504 63216048 42% /export/home1
/dev/sda5 103210940 33640452 64327680 35% /export/home2
/dev/sda8 10317828 146812 9646900 2% /opt
/dev/sda7 20641788 78760 19514388 1% /tmp
/dev/sda6 20641788 174688 19418460 1% /usr/local
/dev/sda9 10317828 299140 9494572 4% var


As you can see, it failed 5 times, then it allowed the connection.
I've changed network cables and ports and that didn't help, I ran
"mtr" but it didn't report any packet loss to the machine. I changed
the logging level to DEBUG3 but nothhing is being reported other than
"Connection Closed" and "Failed none" messages.

Does anyone have any ideas? If you need further information just let me
know.

Thank you in advance,

mike



Relevant Pages

  • OpenSSH strange behaviour
    ... if you can't SSH to the machine you just keep trying and ... ssh: connect to host thera port 22: Connection refused ... I've changed network cables and ports and that didn't help, ... "mtr" but it didn't report any packet loss to the machine. ...
    (SSH)
  • Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?
    ... >> I start by not giving logins and SSH access to users I don't trust. ... a network topology which goes around the ... >> firewall and thus is a serious hole to network security. ... >> have access via UPnP to, well, anything that device might happen to ...
    (Firewall-Wizards)
  • Re: Security Breached
    ... I have a typical home network that looks like this: ... on both the DMZ and port forward questions. ... I have the vnc port blocked at the router so I presumed it was safe to ... they done it port forwarding over SSH (if your assumption of only SSH ...
    (alt.computer.security)
  • Re: Questions on some wierd /var/log entries
    ... How do I find out if I'm on an ipv6 network? ... That is because I prefer using iptables directly. ... then you should start learning about its firewall ... Another important restriction for ssh is to authenticate by certificate ...
    (comp.os.linux.misc)
  • Re: use ipchains to block all ports > 60,000
    ... Now what version of ssh is ... Put the suggested hub between the box and the internet, ... >> By temporarily breaking the network connection and inserting a hub ... evidence of users you know not of appearing on ...
    (comp.os.linux.security)