Welcome to WebmasterWorld Guest from 54.163.168.15

Forum Moderators: bakedjake

ssh from RH server to RH server

can't ssh from RH to RH

   
7:08 pm on Apr 27, 2011 (gmt 0)



Set up new RH6 server and am trying to ssh to it from another RH server and not getting a login prompt.

- serverA (old): uname -a returns "Linux <servername> 2.4.21-63.ELsmp #1 SMP <date & time> i686 i686 i386 GNU/Linux"
- serverB (new): uname -a returns "Linux <servername> 2.6.32-71.24.1.el6.x86_64 #1 SMP <date & time> x86_64 x86_64 x86_64 GNU/Linux)
- can ssh to both servers using Putty from a windows PC successfully
- can ssh from serverB to serverA
- cannot get a login prompt from serverB when attempting to ssh to it from serverA (times out)

have tried:
- turned firewall off on serverB
- ran "/etc/rc.d/init.d/iptables stop"
- added serverA to /etc/hosts file
- from serverA have used
- ssh serverA
- ssh <username>@serverA
- ssh -p 22 <username>@serverA
- ssh <serverB ip address>
- can successfully ssh back to serverA from serverA
- ssh <username>@localhost
- can successfully ssh back to serverB from serverB
- ssh <username>@localhost

What am I missing that would allow serverA to ssh to serverB? Obviously ssh is working on both servers as I can ssh into both of them with putty from a windows PC. They are obviously "talking" since I can ssh FROM server B to serverA. I just can't ssh from serverA to serverB (the new server).

Thank you for whatever advice/suggestions you might have. It's been a number of years since I've worked with Linux/Unix and I know I'm missing something.

Regards,
RonD
3:20 am on Apr 28, 2011 (gmt 0)

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Hi RonD, first of all Welcome to WebmasterWorld!

SSH has different authentication methods with username/password, certificates and keyboard interactive. It could be that the SSH client of server A is trying an authentication method which is not enabled on server B.

A second option could be the /etc/hosts.allow file on server B. There could be some rules affecting SSH requests from remote servers.
8:18 pm on Apr 28, 2011 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Or a different port?

I tried ssh a while ago on a brand new windows server and got hundreds of hack attempts. I turned it off after an hour. If I ran it again I would change the port to obscure it. Could that be what's happened here?
8:39 pm on Apr 28, 2011 (gmt 0)



lammert - thank you for the welcome and information. I've checked the /etc/hosts.allow file on serverB & added serverA (didn't help). I have discovered (keep in mind, I've only been here 2 months and inherited this infrastructure) that serverA has both "authorizedkeys" and "known-hosts" files under ~/.ssh/. The "known-hosts" file has several entries in it, all indicating "ssh-rsa" and the key. It's been over 10 years since I've done hands-on work with Unix/Linux, so I'm looking for some guidance on what to do. It's a bit confusing, at least to me, that the authorizedkeys would impact SSH as I'm able to ssh INTO the server from other systems not listed in the "known-hosts" file. The problem appears to be doing an ssh FROM serverA to another system. I've used scp from serverB to copy the 2 files from serverA - still no success.

dstiles - thank you for the suggestion, but I don't think that's the problem as I can ssh into both servers using Putty from my desktop just fine. The problem continues to be using ssh FROM serverA to another machine - almost like ssh isn't making it out.
2:45 am on Apr 29, 2011 (gmt 0)

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



that serverA has both "authorizedkeys" and "known-hosts" files under ~/.ssh/. The "known-hosts" file has several entries in it, all indicating "ssh-rsa" and the key.

The known-hosts entries are those servers which you have had contact with SSH-ing from serverA to the outside world. You should check if the serverB is listed in the known-hosts file. If that is the case, both servers were able to talk with each other, they only couldn't agree on the authentication type.

Most important are differences in the /etc/ssh/sshd_config files on the two servers. That file configures the SSH daemon which accepts incoming requests.
12:35 pm on Apr 29, 2011 (gmt 0)



Issue has been resolved. After thinking about what did work and what didn't work, I had our network monitoring team look at our firewall and it was blocking ssh requests coming from serverA. They put a rule in to allow ssh from serverA to serverB only and it's working now.

Thank you all for your suggestions and recommendations.
12:46 pm on Apr 29, 2011 (gmt 0)

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Glad to hear the issue is resolved!
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month