Differences

This shows you the differences between two versions of the page.

--- ssh:troubleshooting_ssh [2016/12/05 14:44] – created peter
+++ ssh:troubleshooting_ssh [2019/12/04 21:35] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== SSH - Troubleshooting SSH ======
-First, check that the SSH daemon is running:
-<code bash>
-sudo ps -A | grep sshd
-</code>
-This command should produce a line(s) like this:
-<code>
-<some number> ?   00:00:00   sshd
-</code>
-If there is no line, your SSH daemon is not running.  If it is, you should next check that it's listening for incoming connections:
-<code bash>
-sudo netstat --inet -lpn | grep sshd
-</code>
-This command should produce a line that looks like this:
-<code>
-tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN <same number>/sshd
-</code>
-If there is more than one line, then your SSH daemon is listening on more than one port - you might want to go back and delete some Port lines in your sshd_config file.
-If there are no lines, your SSH daemon isn't listening on any ports, so you need to add at least one Port line.  If the line specifies something other than "0.0.0.0:22", then your SSH daemon is listening on a non-standard port or address, which you might want to fix.
-Next, try logging in from your own computer:
-<code bash>
-sudo ssh -v localhost
-</code>
-...which should show something like:
-<code>
-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013
-debug1: Reading configuration data /etc/ssh/ssh_config
-debug1: /etc/ssh/ssh_config line 19: Applying options for *
-debug1: Connecting to localhost [127.0.0.1] port 22.
-debug1: connect to address 127.0.0.1 port 22: Connection refused
-ssh: connect to host localhost port 22: Connection refused
-</code>
-Notice that the connection was refused.  This is due to the earlier config that limited access only from 192.168.0.11.  In this case, that allowed IP address was not used, and an attempt was made to login using localhost instead.
-Lets retry logging in using an allowed IP address:
-<code bash>
-sudo ssh -v 192.168.0.11
-</code>
-...which should show something like:
-<code>
-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013
-debug1: Reading configuration data /etc/ssh/ssh_config
-debug1: /etc/ssh/ssh_config line 19: Applying options for *
-debug1: Connecting to 192.168.0.11 [192.168.0.11] port 22.
-debug1: Connection established.
-debug1: permanently_set_uid: 0/0
-debug1: SELinux support disabled
-debug1: identity file /root/.ssh/id_rsa type -1
-debug1: identity file /root/.ssh/id_rsa-cert type -1
-debug1: identity file /root/.ssh/id_dsa type -1
-debug1: identity file /root/.ssh/id_dsa-cert type -1
-debug1: identity file /root/.ssh/id_ecdsa type -1
-debug1: identity file /root/.ssh/id_ecdsa-cert type -1
-debug1: Enabling compatibility mode for protocol 2.0
-debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
-debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2p2 Ubuntu-6ubuntu0.1
-debug1: match: OpenSSH_6.2p2 Ubuntu-6ubuntu0.1 pat OpenSSH*
-debug1: SSH2_MSG_KEXINIT sent
-debug1: SSH2_MSG_KEXINIT received
-debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
-debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
-debug1: sending SSH2_MSG_KEX_ECDH_INIT
-debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
-debug1: Server host key: ECDSA b7:60:9d:55:7e:43:6a:33:f8:b1:57:54:93:4a:b7:b3
-The authenticity of host '192.168.0.11 (192.168.0.11)' can't be established.
-ECDSA key fingerprint is b7:60:9d:55:7e:43:6a:33:f8:b1:57:54:93:4a:b7:b3.
-Are you sure you want to continue connecting (yes/no)?
-</code>
-This will print a lot of debugging information, and will then prompt whether you want to connect.
-Enter **yes**.
-...which should show some additional lines:
-<code>
-Are you sure you want to continue connecting (yes/no)? yes
-Warning: Permanently added '192.168.0.11' (ECDSA) to the list of known hosts.
-debug1: ssh_ecdsa_verify: signature correct
-debug1: SSH2_MSG_NEWKEYS sent
-debug1: expecting SSH2_MSG_NEWKEYS
-debug1: SSH2_MSG_NEWKEYS received
-debug1: Roaming not allowed by server
-debug1: SSH2_MSG_SERVICE_REQUEST sent
-Write failed: Broken pipe
-</code>
-The **Write failed: Broken pipe** message is caused by a timeout issue.  You may recall that the login time was limited in the earlier config.
-**NOTE**:  This has however added our WAN IP address into the list of known hosts.
-Simply rerun by issuing the following command again.
-<code bash>
-sudo ssh -v 192.168.0.11
-</code>
-...which should show something like:
-<code>
-debug1: Server host key: ECDSA b7:60:9d:55:7e:43:6a:33:f8:b1:57:54:93:4a:b7:b3
-debug1: Host '192.168.1.11' is known and matches the ECDSA host key.
-debug1: Found key in /root/.ssh/known_hosts:1
-debug1: ssh_ecdsa_verify: signature correct
-debug1: SSH2_MSG_NEWKEYS sent
-debug1: expecting SSH2_MSG_NEWKEYS
-debug1: SSH2_MSG_NEWKEYS received
-debug1: Roaming not allowed by server
-debug1: SSH2_MSG_SERVICE_REQUEST sent
-debug1: SSH2_MSG_SERVICE_ACCEPT received
-debug1: Authentications that can continue: publickey,password
-debug1: Next authentication method: publickey
-debug1: Trying private key: /root/.ssh/id_rsa
-debug1: Trying private key: /root/.ssh/id_dsa
-debug1: Trying private key: /root/.ssh/id_ecdsa
-debug1: Next authentication method: password
-root@192.168.1.11's password:
-</code>
-Remember that the password will only be accepted if the corresponding user is allowed access in by SSH.
-In this case this would not work, as root was not an allowed user.
-Try logging in from a valid user's account. For instance to login using john as the username use:
-<code bash>
-sudo ssh -v 192.168.0.11 -l john
-</code>
-...which should show something like:
-<code>
-...
-john@192.168.1.11's password:
-debug1: Authentication succeeded (password).
-Authenticated to 192.168.1.11 ([192.168.1.11]:22).
-debug1: channel 0: new [client-session]
-debug1: Requesting no-more-sessions@openssh.com
-debug1: Entering interactive session.
-debug1: Sending environment.
-debug1: Sending env LC_PAPER = en_GB.UTF-8
-debug1: Sending env LC_ADDRESS = en_GB.UTF-8
-debug1: Sending env LC_MONETARY = en_GB.UTF-8
-debug1: Sending env LC_NUMERIC = en_GB.UTF-8
-debug1: Sending env LC_TELEPHONE = en_GB.UTF-8
-debug1: Sending env LC_IDENTIFICATION = en_GB.UTF-8
-debug1: Sending env LANG = en_GB.UTF-8
-debug1: Sending env LC_MEASUREMENT = en_GB.UTF-8
-debug1: Sending env LC_TIME = en_GB.UTF-8
-debug1: Sending env LC_NAME = en_GB.UTF-8
-Welcome to Ubuntu 13.10 (GNU/Linux 3.11.0-18-generic x86_64)
- * Documentation:  https://help.ubuntu.com/
-  System information as of Mon Mar 24 21:38:35 GMT 2014
-  System load:    0.08            Processes:           117
-  Usage of /home: 0.4% of 452MB   Users logged in:     0
-  Memory usage:   3%              IP address for eth0: 192.168.1.11
-  Swap usage:     0%              IP address for eth1: 192.168.2.1
-  Graph this data and manage this system at:
-    https://landscape.canonical.com/
-Last login: Mon Mar 24 21:38:41 2014 from 192.168.1.184
-</code>
-If nothing happens, you might need to tell your computer's firewall to allow connections on port 22 (See the FireWall Security section).
-Once logged in, to leave the SSH command-line, type:
-<code bash>
-exit
-</code>