-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-06-03 at 20:37 -0700, Joe Sloan wrote:

tcptraceroute could tell you where the packets are being dropped.

Do you mean this: /usr/share/zsh/4.3.4/functions/_tcptraceroute ? Or this? Results from http://download.opensuse.org/repositories/network:/utilities/openSUSE_10.3 tcptraceroute (1.5beta7) Traceroute Implementation using TCP Packets - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIRo0QtTMYHG2NR9URAm8eAJ9SBA3+BHoDxZhl1Q9gU8SmvR+qxACghqSs 4JD7iWjO3pSF3D6Aqe/aZTA= =aYOp -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2008-06-04 at 10:09 -0700, Sloan wrote:

Carlos E. R. wrote:

...

The Tuesday 2008-06-03 at 20:37 -0700, Joe Sloan wrote:

...

tcptraceroute could tell you where the packets are being dropped.

Do you mean this:

/usr/share/zsh/4.3.4/functions/_tcptraceroute

?

Or this?

Results from http://download.opensuse.org/repositories/network:/utilities/openSUSE_10.3 tcptraceroute (1.5beta7) Traceroute Implementation using TCP Packets

The latter - I wasn't aware of a zsh tcptraceroute function, or what it could actually do -

Me neither; I mean, I knew none of them, and I have wanted such a tool recently. After I posted I saw that factory has it: S | Name | Summary | Type - --+---------------+---------------------------------------------+-------- | tcptraceroute | Traceroute Implementation using TCP Packets | package So that's very nice. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIRukFtTMYHG2NR9URArMpAJ4gSQyMRsAZ/P1GX2teHTZK90wyjACdG2Va sAPR0XEwQ/qvGKAXOad6G64= =VThV -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

John Andersen wrote:

On Tue, Jun 3, 2008 at 8:37 PM, Joe Sloan wrote:

...

Rick Bilonick wrote:

...

I'm running SLED 10.1. sshd is running (I can ssh to localhost) and I've opened port 22 for ssh in the firewall. I can access web pages (which means I have access to the Internet) but I cannot access two other computers (even using their IP's). (I can access these computers from another laptop running Fedora 8 through the same wireless router.)

How can I determine what is going wrong? I've tried disabling the firewall completely (although it always seems to come on by itself) to see if it was blocking ssh. Any suggestions would be appreciated.

tcptraceroute could tell you where the packets are being dropped.

Joe --

Red herring. Packets are not being dropped. He said he could connect thru the same router with other machines.

That doesn't mean the packets aren't being dropped when coming from this particular machine. I could demonstrate selective packet dropping with iptables and a few test machines, but you get the point, right? At any rate, he later mentioned that he does get through, but that the other end is apparently unable to process the login attempt. I advised searching through the logs on the system that he can't reach from the SLED box. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On Wed, 2008-06-04 at 13:26 -0400, Rick Bilonick wrote:

On Wed, 2008-06-04 at 06:44 -0500, Michael Mientus wrote:

...

On Tue, Jun 3, 2008 at 10:32 PM, Rick Bilonick wrote:

...

I'm running SLED 10.1. sshd is running (I can ssh to localhost) and I've opened port 22 for ssh in the firewall. I can access web pages (which means I have access to the Internet) but I cannot access two other computers (even using their IP's). (I can access these computers from another laptop running Fedora 8 through the same wireless router.)

So there are four computers: comp1, comp2, Fedora8, SLED 10.1

And you can access comp1 and comp2 from Fedora8 but not from SLED 10.1, correct?

...

How can I determine what is going wrong? I've tried disabling the firewall completely (although it always seems to come on by itself) to see if it was blocking ssh. Any suggestions would be appreciated.

If my understanding is correct then what is the error message on SLED 10.1?

Mike

Your understanding is correct. There is no error message - it just times out. The F8 computer connects almost instantly.

What else is there to do? I'm not sure why it would be necessary to block out-going ssh.

Rick B.

If I deliberately type in the wrong password, it comes back instantly saying "permission denied, please try again." When and only when I type in the correct password, it just sits there. This suggests to me it is actually connecting to the remote computer but something is preventing communication after login. Rick B. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

2008/6/4 Rick Bilonick :

If I deliberately type in the wrong password, it comes back instantly saying "permission denied, please try again." When and only when I type in the correct password, it just sits there.

So, there is no need for traceroute or other network analysis tools (at least for now). Maybe I have missed it, but I believe, you have not yet told us what the sshd (on the machine you try to connect to) writes to syslog when you attempt to log in. I am pretty sure that this information will significantly help you/us solve the problem. Regards Ingolf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On Thu, 2008-06-05 at 16:09 +0200, Ingolf Steinbach wrote:

2008/6/4 Rick Bilonick :

...

If I deliberately type in the wrong password, it comes back instantly saying "permission denied, please try again." When and only when I type in the correct password, it just sits there.

So, there is no need for traceroute or other network analysis tools (at least for now). Maybe I have missed it, but I believe, you have not yet told us what the sshd (on the machine you try to connect to) writes to syslog when you attempt to log in. I am pretty sure that this information will significantly help you/us solve the problem.

Regards Ingolf

OK, I downloaded SLED SP2 (as suggested by someone on this list) and updated the HP 2133. This of course wiped out my wireless (apparently HP/Novell are using a kernel module that you can see in SP2 but cannot install) but I was able to install ndiswrapper and get the wireless back. I tried ssh and it worked right away. So I'm making a good bit of progress. Thanks to every one who responded. Rick B. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

* james Wright [06-06-08 10:06]:

Out of curiosity, can you now edit ssh_config and sshd_config as root?

root *is* root and can do all! -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

* james Wright [06-06-08 10:19]:

On Fri, Jun 6, 2008 at 10:14 AM, Patrick Shanahan wrote:

...

* james Wright [06-06-08 10:06]:

...

Out of curiosity, can you now edit ssh_config and sshd_config as root?

root *is* root and can do all!

Yes, but he was apparently unable to do it before.

perhaps *limited* in the access method, ie: visudo ??? -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On Fri, Jun 6, 2008 at 7:37 AM, Rick Bilonick wrote:

On Fri, 2008-06-06 at 10:05 -0400, james Wright wrote:

...

On Fri, Jun 6, 2008 at 1:42 AM, Rick Bilonick wrote:

...

OK, I downloaded SLED SP2 (as suggested by someone on this list) and updated the HP 2133. This of course wiped out my wireless (apparently HP/Novell are using a kernel module that you can see in SP2 but cannot install) but I was able to install ndiswrapper and get the wireless back.

I tried ssh and it worked right away. So I'm making a good bit of progress. Thanks to every one who responded.

Rick B.

Out of curiosity, can you now edit ssh_config and sshd_config as root?

I could get in before, but not through the shell using vi or cat, only using nautilus launched from a root shell. Now with SP2, I can view it from a shell window even as a user.

That's just wrong. Not being able to get there in a shell (without SP2) speaks to some horrible borken stuff. Do/Did you have SELinux options installed or something? -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On Fri, 2008-06-06 at 11:37 -0700, John Andersen wrote:

On Fri, Jun 6, 2008 at 7:37 AM, Rick Bilonick wrote:

...

On Fri, 2008-06-06 at 10:05 -0400, james Wright wrote:

...

On Fri, Jun 6, 2008 at 1:42 AM, Rick Bilonick wrote:

...

OK, I downloaded SLED SP2 (as suggested by someone on this list) and updated the HP 2133. This of course wiped out my wireless (apparently HP/Novell are using a kernel module that you can see in SP2 but cannot install) but I was able to install ndiswrapper and get the wireless back.

I tried ssh and it worked right away. So I'm making a good bit of progress. Thanks to every one who responded.

Rick B.

Out of curiosity, can you now edit ssh_config and sshd_config as root?

I could get in before, but not through the shell using vi or cat, only using nautilus launched from a root shell. Now with SP2, I can view it from a shell window even as a user.

That's just wrong.

Not being able to get there in a shell (without SP2) speaks to some horrible borken stuff.

Do/Did you have SELinux options installed or something?

I don't believe selinux was installed when I had SLED SP1 installed. HP is sending me a rescue disk which is SP1 (HP is not shipping SP2 with HP 2133's yet). Regardless, it all works fine with SP2 with the exception that it screwed up my wireless. The bcm4312 worked fine in SP1 - I could contact WEP and WPA systems very easily. Apparently there is some proprietary Broadcom kernel module. I can see it in the SP2 DVD using Yast but it won't let me install it or if it is installed it's not working under SP2. I can't tell - it has a strange name and I can't find it using "rpm -qv". Although the hardware listing seems to indicate that there was no driver installed for the 4312. I installed ndiswrapper which works OK except for wpa (it never connects). Not sure why updating from SP1 to SP2 would hose the wireless module. Apparently, when I called HP tech services, I was the first one to have updated from SP1 to SP2. (They have 5 or 6 people dedicated to Linux, at least for the HP 2133 mini-notebook.) I'm not sure if I'm going to go to the trouble of installing SP1 from the rescue disk. SP1 is not very functional except for the wireless. I have an extra 160gb hard drive that I'm going to install and try installing openSuse 11 and/or Fedora 9. Rick B. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On Wed, Jun 4, 2008 at 11:06 AM, John Andersen wrote:

On Tue, Jun 3, 2008 at 8:32 PM, Rick Bilonick wrote:

...

I'm running SLED 10.1. sshd is running (I can ssh to localhost) and I've opened port 22 for ssh in the firewall. I can access web pages (which means I have access to the Internet) but I cannot access two other computers (even using their IP's). (I can access these computers from another laptop running Fedora 8 through the same wireless router.)

How can I determine what is going wrong? I've tried disabling the firewall completely (although it always seems to come on by itself) to see if it was blocking ssh. Any suggestions would be appreciated.

Rick B.

--

First you never need to open a port for an outward connection. The firewall is not the issue here.

Check your /etc/ssh_config It should have the following lines uncommented ForwardX11 yes ForwardX11Trusted yes ----The above two are optional but if you trust the remote host its ok Protocol 2

You might also try Protocol 2,1 but 1 is deprecated. You may want to add these lines (they should be the default) RSAAuthentication yes PasswordAuthentication yes HostbasedAuthentication no GSSAPIAuthentication no -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On Wed, Jun 4, 2008 at 12:00 PM, Rick Bilonick wrote:

On Wed, 2008-06-04 at 11:06 -0700, John Andersen wrote:

...

On Tue, Jun 3, 2008 at 8:32 PM, Rick Bilonick wrote:

...

I'm running SLED 10.1. sshd is running (I can ssh to localhost) and I've opened port 22 for ssh in the firewall. I can access web pages (which means I have access to the Internet) but I cannot access two other computers (even using their IP's). (I can access these computers from another laptop running Fedora 8 through the same wireless router.)

How can I determine what is going wrong? I've tried disabling the firewall completely (although it always seems to come on by itself) to see if it was blocking ssh. Any suggestions would be appreciated.

Rick B.

--

First you never need to open a port for an outward connection. The firewall is not the issue here.

Check your /etc/ssh_config It should have the following lines uncommented ForwardX11 yes ForwardX11Trusted yes ----The above two are optional but if you trust the remote host its ok Protocol 2

Nothing else should be uncommented except some possible options that begine with SendEnv

I become root and go to /etc. I do an ls and see ssh_config and it has a non-zero size. It's also shown as rw. But I cannot cat it nor can I open it with a text editor. There is also an sshd_config file that I can't open or look at. Other files (key) are the same. When I try to access these files it says they don't exist.

Rick B.

/etc/ssh/ssh_config must be readable by all users, writeable only by root. sshd_config is only read/wirteable by root. If you are indeed root and you STILL can not cat those files then you have something seriously hozed and I would start diagnosing that problem rather than worrying about ssh. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On Wed, 2008-06-04 at 15:00 -0400, Rick Bilonick wrote:

On Wed, 2008-06-04 at 11:06 -0700, John Andersen wrote:

...

On Tue, Jun 3, 2008 at 8:32 PM, Rick Bilonick wrote:

...

I'm running SLED 10.1. sshd is running (I can ssh to localhost) and I've opened port 22 for ssh in the firewall. I can access web pages (which means I have access to the Internet) but I cannot access two other computers (even using their IP's). (I can access these computers from another laptop running Fedora 8 through the same wireless router.)

How can I determine what is going wrong? I've tried disabling the firewall completely (although it always seems to come on by itself) to see if it was blocking ssh. Any suggestions would be appreciated.

Rick B.

--

First you never need to open a port for an outward connection. The firewall is not the issue here.

Check your /etc/ssh_config It should have the following lines uncommented ForwardX11 yes ForwardX11Trusted yes ----The above two are optional but if you trust the remote host its ok Protocol 2

Nothing else should be uncommented except some possible options that begine with SendEnv

I become root and go to /etc. I do an ls and see ssh_config and it has a non-zero size. It's also shown as rw. But I cannot cat it nor can I open it with a text editor. There is also an sshd_config file that I can't open or look at. Other files (key) are the same. When I try to access these files it says they don't exist.

Rick B.

I am able to look at it through the Nautilus file manager. I changed ForwardX11 from no to yes and restarted sshd. But I still cannot connect. I just connected through the F8 computer with no problem. Rick B. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org