I have a number of different SLES 10 machines in production, all with
SSH enabled. From any machine on the network I can SSH in just fine.
From one particular server, when I try to SSH I instantly get a Network:
connection refused. This only occurs when I try to SSH into my two OES
boxes, one is file/print, the other runs Groupwise 8. I can SSH into
those two servers from other machines just fine (and have frequently).
However, the one server that DOESN’T work, we’re using as a Platespin
Protect server, so it needs to be able to SSH into the two OES boxes,
which we want to protect.
Platespin Server (SSH client)
Server 2008R2
No firewall enabled on any profile
On same subnet
Can SSH into other Linux machines on network
Cannot SSH into SLES 10 servers running OES (connection refused)
SLES 10 / OES Server(s) (SSH Server)
SLES 10 / No apparmor profiles (not installed)
Firewall disabled
hosts.allow set to allow all local hosts
hosts.deny is empty
DNS is configured and working properly
I’ve tried running /usr/sbin/sshd -d -d -d to increase debugging
output, but nothing registers when I try to connect from the Platespin
server. If I connect from a different machine I do get debugging
output. I don’t see anything under /var/log/messages either.
Anyone have any suggestions to test/try/troubleshoot? I’m using putty
as my ssh client and I’ve never had issues with this before. I think
it’s on the SLES side as the Platespin server can ssh just fine to other
hosts on the network, just not the two that it needs to.
Tried getting a LAN trace from both sides to see what happens? Anything
interesting in /var/log/firewall on the server? A connection refused
makes me think that the firewall on the server hates you.
Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
On 12/08/2011 06:36 AM, ncoppersmith wrote:[color=blue]
I have a number of different SLES 10 machines in production, all with
SSH enabled. From any machine on the network I can SSH in just fine.
From one particular server, when I try to SSH I instantly get a Network:
connection refused. This only occurs when I try to SSH into my two OES
boxes, one is file/print, the other runs Groupwise 8. I can SSH into
those two servers from other machines just fine (and have frequently).
However, the one server that DOESN’T work, we’re using as a Platespin
Protect server, so it needs to be able to SSH into the two OES boxes,
which we want to protect.
Platespin Server (SSH client)
Server 2008R2
No firewall enabled on any profile
On same subnet
Can SSH into other Linux machines on network
Cannot SSH into SLES 10 servers running OES (connection refused)
SLES 10 / OES Server(s) (SSH Server)
SLES 10 / No apparmor profiles (not installed)
Firewall disabled
hosts.allow set to allow all local hosts
hosts.deny is empty
DNS is configured and working properly
I’ve tried running /usr/sbin/sshd -d -d -d to increase debugging
output, but nothing registers when I try to connect from the Platespin
server. If I connect from a different machine I do get debugging
output. I don’t see anything under /var/log/messages either.
Anyone have any suggestions to test/try/troubleshoot? I’m using putty
as my ssh client and I’ve never had issues with this before. I think
it’s on the SLES side as the Platespin server can ssh just fine to other
hosts on the network, just not the two that it needs to. :P[/color]
Are you using inetd to start ssh? Perhaps something in the hosts.allow
or hosts.deny files?
What user are you coming in as? IIRC using ssh as root is disallowed by
default. Come in as a regular user and su to root when you get there.
Perhaps it’s the ssh version? Check that your using version 2 in all
the conf files.
Just some random thoughts…
–
Kevin Miller
Juneau, Alaska http://www.alaska.net/~atftb
“In the history of the world, no one has ever washed a rented car.”
hosts.allow is set to sshd : ALL : Allow
hosts.deny is empty
The connection is denied before a login is attempted, I would say
during session initiation.
This only happens when trying to connect from a specific client, so I
know that my configuration and what not is all good, just something
about this particular machine neither of the OES servers like. My
non-OES SLES servers allow connections from this particular client.
SSHD starts on boot, so I don’t know if that’s inetd or not. (not
really good on Linux under the hood, just basic administration)
The LAN traces are inconclusive, it shows putty.exe traffic going to and
from the source and destination.
Firewall is disabled on the client (all profiles), as well as the SLES
server itself. The connection refused makes me think it’s a firewall as
well, but since it only denies connections to these two servers it can’t
be on the client side, and I disable the firewall during the install of
the SLES servers. (to avoid these types of problems) (/var/log/firewall
doesn’t exist, due to the firewall not starting)
Not having a firewall is a bad idea; the firewall is simple and reliable
and at worst a minor inconvenience unless you go crazy with the
configuration. You should enable it and define exceptions as applicable
(at least SSH). In this case having the firewall enabled would at least
give you a message if the firewall was involved in blocking.
Post the LAN trace somewhere, even on Novell’s FTP server if needed.
It appears to have been a configuration issue with Platespin and a hung
workload with the same IP address of the servers being protected.
Strangely enough it only affected the Platespin server and not other
machines, but powering down the failover workloads fixed the problem.
[QUOTE=wazzit;25886]having installed several thousand systems over decades, from os2, windows, mainframes and power servers, redhat, fedora, ubuntu etec… I’ve rarely seen an install so inherently mind numbing as one in which the install completes and the system is completely isolated from outside access, no telnet, no ssh, nothing, nada. As of today I will never, ever, for the rest of my life suggest anyone install such a mindless configuration outside of a top secret military installation! Why are there hundreds of “can’t ssh to suse” server questions on the web and why isn’t there an explanation and a way to fix this idiotic operating system?
these and dozens more don’t provide an answer: https://forums.opensuse.org/showthread.php/454587-ssh-connection-refused
Plus you point to openSUSE, whereas these are the SUSE forums, if you really want to rant then the openSUSE forums have a soapbox subforum. These forums are for support, if your not wanting it then suggest you find another venue for blowing off steam
