Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian ISP (http://www.linux-archive.org/debian-isp/)
-   -   AW: AW: SSH did not work on every IP on debian x64 (http://www.linux-archive.org/debian-isp/393192-aw-aw-ssh-did-not-work-every-ip-debian-x64.html)

Robert Menger 06-30-2010 05:45 PM
AW: AW: SSH did not work on every IP on debian x64
 
Hello,

it is a clean standard installation like many other.
So there is nothing in /etc/hosts.* and no special DNS config.


maybe it could be easier, if some expert could look directly on the machine?

I have setup a testserver with the IP 87.118.90.150
And there is a KVM connected. Would someone want to try it? I would send the logins via direct mail-answer. This shall be much faster then exchanging tons of email-explantions.

regards




-----Ursprüngliche Nachricht-----
Von: Bjørn Mork [mailto:bjorn@mork.no]
Gesendet: Mittwoch, 30. Juni 2010 19:25
An: debian-isp@lists.debian.org
Betreff: Re: AW: SSH did not work on every IP on debian x64

Robert Menger <rm@keyweb.de> writes:

> ssh_exchange_identification: Connection closed by remote host

That looks like tcp wrappers kicking in.

Take a look at /etc/hosts.{allow,deny}, tcpd(8) and the PARANOID setting
in particular. I suspect that there is something wrong with the DNS
config for the addresses you have problems with.




Bjørn


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/87hbkk77qw.fsf@nemi.mork.no

Bjørn Mork 06-30-2010 05:56 PM
AW: AW: SSH did not work on every IP on debian x64
 
Robert Menger <rm@keyweb.de> writes:

> it is a clean standard installation like many other.
> So there is nothing in /etc/hosts.*

There doesn't need to be. Quoting from the man page since reading it
obviously was too difficult for you:

PARANOID
Matches any host whose name does not match its address. When
tcpd is built with -DPARANOID (default mode), it drops requests
from such clients even before looking at the access control
tables.


> and no special DNS config.

Oh, I beg to differ. You have a very, very, very weird DNS config
(tried looking at 87.118.90.150 and the neighbouring address
87.118.90.151). And if you didn't know that, then I do suggest that you
get someone to fix it for you.



Bjørn


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87d3v876b6.fsf@nemi.mork.no">http://lists.debian.org/87d3v876b6.fsf@nemi.mork.no

"Ross Halliday" 06-30-2010 06:56 PM
AW: AW: SSH did not work on every IP on debian x64
 
Your reverse DNS is broken, which while may not be the cause of your problem, is probably going to create an issue at some point. From dig:

;; QUESTION SECTION:
;150.90.118.87.in-addr.arpa. IN PTR

;; ANSWER SECTION:
150.90.118.87.in-addr.arpa. 86092 IN PTR ns.km37111.keymachine.de.

;; QUESTION SECTION:
;ns.km37111.keymachine.de. IN A

;; ANSWER SECTION:
ns.km37111.keymachine.de. 84301 IN A 87.118.90.200


---
Ross Halliday
Network Operations
WTC Communications

Office: 613-547-6939 x203
Helpdesk: 866-547-6939 option 2
http://www.wtccommunications.ca

> -----Original Message-----
> From: Robert Menger [mailto:rm@keyweb.de]
> Sent: Wednesday, June 30, 2010 2:12 PM
> To: debian-isp@lists.debian.org
> Subject: AW: AW: AW: SSH did not work on every IP on debian x64
>
> so give me please a hint, what shall be "weird" on this DNS config and
> what shall it have to do with this problem?
> show me ANY other ISP that have kind of "better" DNS config, do it,
> please. Every ISP I know (and thats a lot) do it on the same way.
>
>
> and when hosts.deny may the problem, why is it dropping your ssh
> attempt too? Is your own DNS weird too?
>
>
> -----Ursprüngliche Nachricht-----
> Von: Bjørn Mork [mailto:bjorn@mork.no]
> Gesendet: Mittwoch, 30. Juni 2010 19:56
> An: debian-isp@lists.debian.org
> Betreff: Re: AW: AW: SSH did not work on every IP on debian x64
>
> Robert Menger <rm@keyweb.de> writes:
>
> > it is a clean standard installation like many other.
> > So there is nothing in /etc/hosts.*
>
> There doesn't need to be. Quoting from the man page since reading it
> obviously was too difficult for you:
>
> PARANOID
> Matches any host whose name does not match its
> address. When
> tcpd is built with -DPARANOID (default mode), it drops
> requests
> from such clients even before looking at the access
> control
> tables.
>
>
> > and no special DNS config.
>
> Oh, I beg to differ. You have a very, very, very weird DNS config
> (tried looking at 87.118.90.150 and the neighbouring address
> 87.118.90.151). And if you didn't know that, then I do suggest that
> you
> get someone to fix it for you.
>
>
>
> Bjørn
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: http://lists.debian.org/87d3v876b6.fsf@nemi.mork.no

Robert Menger 07-01-2010 12:28 PM
AW: AW: SSH did not work on every IP on debian x64
 
Hello,


wow, we have found out a fact that we wouldnt believe in.

This IP wasnt in usage for more than 1 year. So there shall be no reason to think that anybody is still interested in this IP.
But the netstat shows up a very unbelievable thing.


netstat -n | grep -c :22
-> 475

so the server has nearly 500 open SSH connections. WTF...
seems to be that there is a bot net that bruteforces the IP since over one year and didnt recognize that it is unavailable most the time.



Thank for you very nice help. I appreciate that :)
this result was extremly unexpected, because it worked on a CentOS 5.5 Installation, so maybe on CentOS the sshd have more available slots?


kind regards
Robert Menger

-----Ursprüngliche Nachricht-----
Von: Andrew Miehs [mailto:andrew@2sheds.de]
Gesendet: Mittwoch, 30. Juni 2010 23:49
An: Robert Menger
Cc: debian-isp@lists.debian.org
Betreff: Re: AW: SSH did not work on every IP on debian x64

Hi Robert,

How have you configured sshd? Bind and Listen config in sshd_config?

could you please provide a
netstat -anp
with and without sshd running on the 'broken' IP/port combination

could you please provide a
ifconfig -a

Have you had a look at /var/log - are there any error entries?

have you tried connecting from the local machine to itself on that port - does that work?

What is in /etc/hosts ?

have you tried looking at a tcpdump of packets coming in and out of your interface on the sshd server?

Regards

Andrew


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CE7FEEDEBABA234A80731C10C268B83311D0A0EF81@mAiLsTa R.keyweb.org">http://lists.debian.org/CE7FEEDEBABA234A80731C10C268B83311D0A0EF81@mAiLsTa R.keyweb.org


All times are GMT. The time now is 03:02 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.