Re: Problems connecting to servers through tunnel



Thanks a lot for the link, Richard. I've run ssh -v and this is what I
got:
-------
debug1: Host 'tunnel' is known and matches the RSA host key.
debug1: Found key in /home/philpem/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: An invalid name was supplied
Hostname cannot be canonicalized

debug1: An invalid name was supplied
Hostname cannot be canonicalized

debug1: Next authentication method: publickey
debug1: Offering public key: /home/philpem/.ssh/executor
Write failed: Broken pipe
-------

So it looks like GSSAPI is failing, and by the time SSH gets around to
passing the public key to the server, the proxy has terminated the
connection due to inactivity (hence the broken pipe).
Appending "-o GSSAPIAuthentication=no" to the SSH command line (which
gives "ssh -v -o GSSAPIAuthentication=no tunnel_server") seems to fix
the problem. I've added the relevant lines to my ssh_config and all's
well once more.

Final question: I'm not using Kerberos authentication on the server
(just passwords, PAM and public keys) - is it worth switching GSSAPI
off completely on the server side? This does only seem to affect Linux
clients and only from certain IP ranges. Evidently PuTTY doesn't
support Kerberos.

Thanks,
Phil.

.



Relevant Pages

  • Re: SSH cant connect
    ... I can ssh to any of my laptops on my local lan but not across the internet. ... Starting sshd: debug1: sshd version OpenSSH_5.4p1 ... Server listening on 0.0.0.0 port 22. ...
    (Fedora)
  • Re: SSH cant connect
    ... I can ssh to any of my laptops on my local lan but not across the internet. ... Starting sshd: debug1: sshd version OpenSSH_5.4p1 ... Server listening on 0.0.0.0 port 22. ...
    (Fedora)
  • RE: RE : RE : X11Forwarding problem on Solaris.
    ... The program is using the display environment variable. ... First i use ssh to connect from node2 to node4 and then I start the PROGRAM ... debug1: Connection established. ... Subject: RE: RE: X11Forwarding problem on Solaris. ...
    (SSH)
  • ssh connect problems (ubuntu feisty client, ubuntu dapper server)
    ... After feisty-upgrade the ssh connect to a dapper server is becoming ... Connection to server closed. ... debug1: Connecting to server port 22. ... debug2: fd 3 setting O_NONBLOCK ...
    (SSH)
  • Re: Using/Configuring SSH on Solaris 9 08/03
    ... >>Is there someplace where I can find info on getting SSH to work on a Solaris ... debug1: sshd version Sun_SSH_1.0 ... debug1: load_private_key_autodetect: type 2 DSA ... Server listening on:: port 22. ...
    (comp.unix.solaris)