Thursday, August 4, 2016

ssh - sshd on mac does no longer accept connections in inetd (-i) mode, but does in do not detach mode (-D), how to fix?

Some weeks ago ssh login was no longer possible to a remote Mac. Problem started occuring around upgrading Webmin to version 1.550 and/or changing settings using webmin.



Using:
* Mac OS X 10.6.5 + Webmin 1.550 + Virtualmin 3.66GPL



Expected Results:
No problems logging in using ssh.




Actual Results:
ssh: connect to host host.domain.tld port 22: Operation timed out



Regression:
After more investigation it appears that:




  1. sshd is correctly started when it is configured to not detach (-D), using $ sudo /usr/sbin/sshd -D -d -d -d -e




debug2: load_server_config: filename /etc/sshd_config
debug2: load_server_config: done config len = 493
debug2: parse_server_config: config /etc/sshd_config len 493
debug3: /etc/sshd_config:14 setting Protocol 2
debug3: /etc/sshd_config:30 setting SyslogFacility AUTHPRIV
debug3: /etc/sshd_config:32 setting LogLevel DEBUG3
debug3: /etc/sshd_config:39 setting MaxAuthTries 3
debug3: /etc/sshd_config:108 setting UseDNS no
debug3: /etc/sshd_config:111 setting MaxStartups 5
debug3: /etc/sshd_config:119 setting Subsystem sftp /usr/libexec/sftp-server

debug3: /etc/sshd_config:121 setting IgnoreRhosts yes
debug3: /etc/sshd_config:122 setting IgnoreUserKnownHosts no
debug3: /etc/sshd_config:123 setting PrintMotd yes
debug3: /etc/sshd_config:124 setting StrictModes yes
debug3: /etc/sshd_config:125 setting RSAAuthentication yes
debug3: /etc/sshd_config:126 setting PermitEmptyPasswords no
debug3: /etc/sshd_config:127 setting PasswordAuthentication yes
debug3: /etc/sshd_config:128 setting DenyGroups deniedssh
debug3: /etc/sshd_config:129 setting PubkeyAuthentication yes
debug3: /etc/sshd_config:130 setting GatewayPorts no

debug3: /etc/sshd_config:131 setting AllowTcpForwarding yes
debug3: /etc/sshd_config:132 setting KeepAlive yes
debug1: sshd version OpenSSH_5.2p1
debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'

debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-d'
debug1: rexec_argv[3]='-d'
debug1: rexec_argv[4]='-d'
debug1: rexec_argv[5]='-e'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.

Server listening on 0.0.0.0 port 22.
debug1: fd 5 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 493
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done

debug2: parse_server_config: config rexec len 493
debug3: rexec:14 setting Protocol 2
debug3: rexec:30 setting SyslogFacility AUTHPRIV
debug3: rexec:32 setting LogLevel DEBUG3
debug3: rexec:39 setting MaxAuthTries 3
debug3: rexec:108 setting UseDNS no
debug3: rexec:111 setting MaxStartups 5
debug3: rexec:119 setting Subsystem sftp    /usr/libexec/sftp-server
debug3: rexec:121 setting IgnoreRhosts yes
debug3: rexec:122 setting IgnoreUserKnownHosts no

debug3: rexec:123 setting PrintMotd yes
debug3: rexec:124 setting StrictModes yes
debug3: rexec:125 setting RSAAuthentication yes
debug3: rexec:126 setting PermitEmptyPasswords no
debug3: rexec:127 setting PasswordAuthentication yes
debug3: rexec:128 setting DenyGroups deniedssh
debug3: rexec:129 setting PubkeyAuthentication yes
debug3: rexec:130 setting GatewayPorts no
debug3: rexec:131 setting AllowTcpForwarding yes
debug3: rexec:132 setting KeepAlive yes

debug1: sshd version OpenSSH_5.2p1
debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: inetd sockets after dupping: 3, 3
debug3: BSM audit: connection from 1.1.1.247 port 53137
debug3: BSM audit: iptype 4 machine ID 010101d9 00000000 00000000 00000000

Connection from 1.1.1.247 port 53137


A successful connection follows...




  1. sshd does no longer start and accept inbound connections in inetd mode (-i), using $ sudo /usr/sbin/sshd -i -d -d -d -e





debug2: load_server_config: filename /etc/sshd_config
debug2: load_server_config: done config len = 493
debug2: parse_server_config: config /etc/sshd_config len 493
debug3: /etc/sshd_config:14 setting Protocol 2
debug3: /etc/sshd_config:30 setting SyslogFacility AUTHPRIV
debug3: /etc/sshd_config:32 setting LogLevel DEBUG3
debug3: /etc/sshd_config:39 setting MaxAuthTries 3
debug3: /etc/sshd_config:108 setting UseDNS no
debug3: /etc/sshd_config:111 setting MaxStartups 5
debug3: /etc/sshd_config:119 setting Subsystem sftp /usr/libexec/sftp-server

debug3: /etc/sshd_config:121 setting IgnoreRhosts yes
debug3: /etc/sshd_config:122 setting IgnoreUserKnownHosts no
debug3: /etc/sshd_config:123 setting PrintMotd yes
debug3: /etc/sshd_config:124 setting StrictModes yes
debug3: /etc/sshd_config:125 setting RSAAuthentication yes
debug3: /etc/sshd_config:126 setting PermitEmptyPasswords no
debug3: /etc/sshd_config:127 setting PasswordAuthentication yes
debug3: /etc/sshd_config:128 setting DenyGroups deniedssh
debug3: /etc/sshd_config:129 setting PubkeyAuthentication yes
debug3: /etc/sshd_config:130 setting GatewayPorts no

debug3: /etc/sshd_config:131 setting AllowTcpForwarding yes
debug3: /etc/sshd_config:132 setting KeepAlive yes
debug1: sshd version OpenSSH_5.2p1
debug3: Not a RSA1 key file /etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: inetd sockets after dupping: 3, 4

debug3: BSM audit: connection from UNKNOWN port 65535
BSM audit: getaddrinfo failed for UNKNOWN: nodename nor servname provided, or not known
debug3: BSM audit: iptype 0 machine ID 00000000 00000000 00000000 00000000
Connection from UNKNOWN port 65535
SSH-2.0-OpenSSH_5.2


No connection can be established.



Any suggestion in which direction to look for a fix?

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...