| All Forums |
Register |
Login |
Search |
Subscriptions |
My Profile |
Inbox |
| Tool Warehouse |
FAQs |
Resources |
Help |
Member List |
Address Book |
Logout |
|
|
connection closed using ssh from UNIX host
|
Logged in as: Guest |
| Users viewing this topic: none |
|
Login  |
|
|
 connection closed using ssh from UNIX host - Jun. 20, '05, 7:51:27 PM
|
|
|
mlanctot
Posts: 6
Joined: Jun. 8, '05,
Status: offline
|
I've setup OpenSSH on a Windows 2003 box. If I use Putty or SecureCRT to connect, it works fine. If I try to ssh from a Sun Solaris box, the ssh client says "Connection closed by servername" and /var/adm/log/messages shows this:
Jun 20 16:46:01 servername sshd[1357]: sshd started version OpenSSH_4.0
Jun 20 16:46:01 servername sshd[1357]: fatal: seteuid 1050639: Network is down
|
|
|
|
 RE: connection closed using ssh from UNIX host - Jun. 20, '05, 10:04:43 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
When you installed SFU do you select for SETUID to be one?
Verify with the registry setting (set to 1 is on):
HKLM\SOFTWARE\Microsoft\Services for UNIX\EnableSetuidBinaries
On the machine servername what do you get if you run
id -D 1050639
This is to confirm the user is known. Now for whatever the username
is that matches 1050639, do finger -l username.
What is the home directory listing for this user?
Have you set up a passwordless login with a key exchange with the Solaris box?
|
|
|
|
|
RE: connection closed using ssh from UNIX host - Jun. 21, '05, 12:07:51 PM
|
|
|
mlanctot
Posts: 6
Joined: Jun. 8, '05,
Status: offline
|
I verified that EnableSetuidBinaries is set to 1.
Home directory is reported as / from finger
If I "echo $HOME" it shows as /dev/fs/C/SFU/home/username
Passwordless logins have not been configured.
|
|
|
|
|
RE: connection closed using ssh from UNIX host - Jun. 21, '05, 12:43:04 PM
|
|
|
mlanctot
Posts: 6
Joined: Jun. 8, '05,
Status: offline
|
Just another note--ssh from the Windows box to the Solaris box works as expected. Only from the Solaris box to the Windows fails.
|
|
|
|
|
RE: connection closed using ssh from UNIX host - Jun. 21, '05, 12:50:05 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
From the Solaris box what is the command line you are giving?
If you add the '-v' option to the client, what does it tell you?
|
|
|
|
|
RE: connection closed using ssh from UNIX host - Jun. 21, '05, 2:54:07 PM
|
|
|
mlanctot
Posts: 6
Joined: Jun. 8, '05,
Status: offline
|
Ok, so an update on things so far...turns out that the sfu box was getting passed a key that it didn't like and it would close the connection before moving on to password authentication. After further investigation it looks more like a permissions issue (the user is not an administrator). Administrative accounts work ok. I've verified that the account is able to log on locally and through terminal services, but ssh fails. Here is the output from the ssh -v:
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to servername [192.168.2.35] port 22.
debug1: Connection established.
debug1: identity file /export/home/vobadm/.ssh/identity type 1
debug1: identity file /export/home/vobadm/.ssh/id_rsa type 1
debug1: identity file /export/home/vobadm/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.0
debug1: match: OpenSSH_4.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'servername' is known and matches the RSA host key.
debug1: Found key in /export/home/username/.ssh/known_hosts:24
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: password,keyboard-interactive
debug1: Next authentication method: password
username@servername's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to servername closed.
debug1: Transferred: stdin 0, stdout 0, stderr 36 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 306.1
debug1: Exit status 255
|
|
|
|
|
RE: connection closed using ssh from UNIX host - Jun. 21, '05, 3:07:45 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
If you ssh from the Interix box to the Interix box
are you able to successfully connect?
I recall that we had someone else having difficulties with Solaris'
OpenSSH 3.8 connecting a while back. But I can't recall if it was
solved. I'll go see if can find that information.
|
|
|
|
|
RE: connection closed using ssh from UNIX host - Jun. 21, '05, 3:12:33 PM
|
|
|
mlanctot
Posts: 6
Joined: Jun. 8, '05,
Status: offline
|
Negatory good buddy. I thought it was just the Solaris box, but when I actually TESTED it from sfu with the non-administrative account it fails there too. Also it seems that the $HOME is correct if I logon locally, but is set to / when I connect over ssh.
|
|
|
|
|
RE: connection closed using ssh from UNIX host - Jun. 21, '05, 3:22:41 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
> but is set to / when I connect over ssh
ah-ha, then this is your problem (or at one that needs to be solved).
You need to set the users' home directory in the user database (e.g. AD).
Consult the handy FAQ entry 3.09 – How do I properly set a user's home directory?
for setting this up. Make sure the user own the directory and directory
permissions are not permissive.
|
|
|
|
|
RE: connection closed using ssh from UNIX host - Jun. 21, '05, 3:40:23 PM
|
|
|
mlanctot
Posts: 6
Joined: Jun. 8, '05,
Status: offline
|
We're using a NT 4 domain, and the user's home directory is set to c:\sfu\home\username.
When I open a shell locally $HOME is /dev/fs/C/sfu/home/username
Only when I connect with ssh is it /
|
|
|
|
|
RE: connection closed using ssh from UNIX host - Jun. 21, '05, 7:57:05 PM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
It doesn't matter what $HOME is set to.
It's what is in the user database. The easiest thing is to do the
command "finger -l username" and see what it says
for home directory.
|
|
|
|
|
Having the same problem, inconsistently! - Jan. 24, '06, 11:01:51 AM
|
|
|
resuna
Posts: 9
Joined: Sep. 15, '04,
Status: offline
|
Sorry to resurrect a dead topic, but I'm having this same problem with a nasty little twist.
The symptoms and logfile contents are almost the same, except that the operation works when connecting from one server, but fails from another. The servers are both running Tru64 with HP's standard SSH.FI version of SSH, but are on different subnets.
|
|
|
|
|
Fixed one problem, still got the other... - Jan. 24, '06, 3:36:02 PM
|
|
|
resuna
Posts: 9
Joined: Sep. 15, '04,
Status: offline
|
OK, the first problem seemed to be due to a broken public key. That's fixed. Now I'm getting the same "home directory is root" problem that you get if you don't have a profile set for the account.
But I looked, I have a profile set up for the account.
When I log in to Interix, even locally without OpenSSH being involved, and "echo ~username" I get / and not /dev/fs/C/Documents and Settings/username.
What else could it be?
|
|
|
|
|
RE: Fixed one problem, still got the other... - Jan. 25, '06, 6:34:33 AM
|
|
|
Rodney
Posts: 3728
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
|
Read the FAQ 3.09 (as stated earlier in the thread).
If you get "/" as the home directory from running finger then you don't have
a home directory set. There's a specific box to fill in as 3.09 states.
|
|
|
|
|
Interix versus service packs? Got a FAQ for that? - Jan. 25, '06, 7:21:14 AM
|
|
|
resuna
Posts: 9
Joined: Sep. 15, '04,
Status: offline
|
I already read 3.09. The profile was set up. Correctly. Interix on another box in the same domain with the same user works just fine.
The actual problem seems to be a conflict between Interix and some service pack or security patch, unfortunately the project engineer went in and reinstalled the flakey box (following the checklist - apparently whoever set it up the first time didn't) before I could diagnose it further.
|
|
|
|
|
RE: Interix versus service packs? Got a FAQ for that? - Feb. 9, '06, 8:37:46 AM
|
|
|
MarkyT
Posts: 1
Joined: Feb. 9, '06,
Status: offline
|
This is not a profile problem. I have serveral machines with the same Doamin User account. Some work and some doesn't.
The erratic behavior of the interix closing connection is caused by a timing issue when the server is booting. This could be due to a combination of Auto negotiation + NicTeaming is causing the network services to available too late on the boot sequence and it causes the Interix subsystem to not be correctly initialized.
The fingerprint of this issue can be easily identified by looking at the "Application log" on the Event Viewer and look for the following event.:
Event ID: 1054
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted). Group Policy processing aborted.
Hardcoding your speed and duplex on your NIC should resolve this problem.
|
|
|
|
|
RE: Interix versus service packs? Got a FAQ for that? - Feb. 9, '06, 10:43:43 AM
|
|
|
resuna
Posts: 9
Joined: Sep. 15, '04,
Status: offline
|
Guess who, Mark? Nice work tracking that down, BTW.
Remember how I said we should have used Macs for the consoles? We wouldn't have this problem then. And it's not just Interix that has this problem... we even get it upstairs on people's desktops when DHCP takes too long, and people come up without their login scripts running, home directories not available, and so on...
Windows really needs a more flexible boot manager, like LaunchServices or the /sbin/rc* directories in traditional UNIX.
I wonder if it'd be possible to create a wrapper around the services that depend on the network to delay them until the network is ready?
< Message edited by resuna -- Feb. 9, '06, 10:47:02 AM >
|
|
|
|
|
RE: Interix versus service packs? Got a FAQ for that? - Feb. 9, '06, 10:57:44 AM
|
|
|
steveh
Posts: 195
Joined: Jan. 23, '04,
Status: offline
|
Dependencies on services are possible on windows, if you add this does it fix the problem?
|
|
|
|
|
RE: Interix versus service packs? Got a FAQ for that? - Feb. 9, '06, 11:38:55 AM
|
|
|
resuna
Posts: 9
Joined: Sep. 15, '04,
Status: offline
|
Oh, gosh, isn't this a yummy foot?
It does beg the question, though... why aren't the dependencies actually used to prevent this kind of problem from happening? For example, why does a Windows XP or 2000 desktop with a local LAN connection bring up a login prompt (or, attempt an automatic login, if you have that turned on) before the network has finished initialising?
|
|
|
|
|
RE: Interix versus service packs? Got a FAQ for that? - Feb. 9, '06, 11:51:45 AM
|
|
|
steveh
Posts: 195
Joined: Jan. 23, '04,
Status: offline
|
That I cant answer :P
It also does assume the service is written correctly. Quite a number of them arent e.g. oracle will report its started very quickly when its actually still booting up and hence dependencies fail to work in this case.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
|
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
|
Printable Version
