Weird ssh problem

To: debian-laptop@lists.debian.org
Subject: Weird ssh problem
From: Jo Geraerts <geraerts.jo@skynet.be>
Date: Sun, 16 Jun 2002 18:35:55 +0200
Message-id: <[🔎] 20020616163554.GA8070@ernie.lan.net>
--- Begin Message ---
To: secureshell@securityfocus.com
Subject: Weird ssh problem
Date: Sun, 16 Jun 2002 17:47:50 +0200
Message-id: <20020616154750.GA7157@ernie.lan.net>
Hello everybody,

I've got a weird ssh problem here.

i can't login with ssh on jgeraert@host1. (host1=D577FF3DDF.kabel.telenet.be or kcnet.dnsalias.org) ssh doesn't ask for a password.

note: sshd on host1 is running on port 2222 because the provider blocks
all ports <1024

This is the output from ssh -v:

debug1: Connecting to kcnet.dnsalias.com [213.119.61.223] port 2222.
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/ernie/.ssh/identity type -1
debug1: identity file /home/ernie/.ssh/id_rsa type -1
debug1: identity file /home/ernie/.ssh/id_dsa type -1
debug1: Remote protocol version 1.5, remote software version OpenSSH-1.2.3
debug1: match: OpenSSH-1.2.3 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'kcnet.dnsalias.com' is known and matches the RSA1 host key.
debug1: Found key in /home/ernie/.ssh/known_hosts:1
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
Connection closed by 213.119.61.223
debug1: Calling cleanup 0x80633cc(0x0)


Now, when i do
ssh root@host1 everything works ok, so does
ssh tester@host1

At this point one should think there is something wrong with the user jgeraert.
But when i ssh from another server (i used the server at school) 
ssh jgeraert@host1 works just fine like it should.

I have analyzed the packets with tcpdump.
(i ran sshd also on port 2223 so i could filter the right packets out)
server(host1) output:

10:45:26.514948 adsl-96904.turboline.skynet.be.33097 > D5773DDF.kabel.telenet.be.2223: S 129751899:129751899(0) win 5808 <mss 1412,sackOK,timestamp 352560[|tcp]> (DF)10:45:26.515205 D5773DDF.kabel.telenet.be.2223 > adsl-96904.turboline.skynet.be.33097: S 209357499:209357499(0) ack 129751900 win 32476 <mss 1412,sackOK,timestamp
+67008701[|tcp]> (DF)
10:45:26.551866 adsl-96904.turboline.skynet.be.33097 > D5773DDF.kabel.telenet.be.2223: . ack 1 win 5808 <nop,nop,timestamp 352564 67008701> (DF)
10:45:26.574521 D5773DDF.kabel.telenet.be.2223 > adsl-96904.turboline.skynet.be.33097: P 1:23(22) ack 1 win 32476 <nop,nop,timestamp 67008707 352564> (DF)
10:45:26.603836 adsl-96904.turboline.skynet.be.33097 > D5773DDF.kabel.telenet.be.2223: . ack 23 win 5808 <nop,nop,timestamp 352569 67008707> (DF)
10:45:26.616885 adsl-96904.turboline.skynet.be.33097 > D5773DDF.kabel.telenet.be.2223: P 1:44(43) ack 23 win 5808 <nop,nop,timestamp 352569 67008707> (DF)
10:45:26.617093 D5773DDF.kabel.telenet.be.2223 > adsl-96904.turboline.skynet.be.33097: . ack 44 win 32476 <nop,nop,timestamp 67008711 352569> (DF)
10:45:26.620282 D5773DDF.kabel.telenet.be.2223 > adsl-96904.turboline.skynet.be.33097: P 23:299(276) ack 44 win 32476 <nop,nop,timestamp 67008711 352569> (DF)
10:45:26.679140 adsl-96904.turboline.skynet.be.33097 > D5773DDF.kabel.telenet.be.2223: P 44:200(156) ack 299 win 6432 <nop,nop,timestamp 352575 67008711> (DF)
10:45:26.692550 D5773DDF.kabel.telenet.be.2223 > adsl-96904.turboline.skynet.be.33097: . ack 200 win 32476 <nop,nop,timestamp 67008719 352575> (DF)
10:45:26.862471 D5773DDF.kabel.telenet.be.2223 > adsl-96904.turboline.skynet.be.33097: P 299:311(12) ack 200 win 32476 <nop,nop,timestamp 67008735 352575> (DF)
10:45:27.162585 D5773DDF.kabel.telenet.be.2223 > adsl-96904.turboline.skynet.be.33097: P 299:311(12) ack 200 win 32476 <nop,nop,timestamp 67008766 352575> (DF)
10:45:27.204176 adsl-96904.turboline.skynet.be.33097 > D5773DDF.kabel.telenet.be.2223: . ack 311 win 6432 <nop,nop,timestamp 352628 67008766,nop,nop,[|tcp]> (DF)

on the client side:
Client:

tcpdump: listening on ppp0
10:44:24.598679 217.136.250.136.33097 > 213.119.61.223.2223: S 129751899:129751899(0) win 5808 <mss 1452,sackOK,timestamp 352560 0,nop,wscale 0> (DF)
10:44:24.636795 213.119.61.223.2223 > 217.136.250.136.33097: S 209357499:209357499(0) ack 129751900 win 32476 <mss 1412,sackOK,timestamp 67008701 352560,nop,wscale 0>+(DF)   
10:44:24.636906 217.136.250.136.33097 > 213.119.61.223.2223: . ack 1 win 5808 <nop,nop,timestamp 352564 67008701> (DF)
10:44:24.689743 213.119.61.223.2223 > 217.136.250.136.33097: P 1:23(22) ack 1 win 32476 <nop,nop,timestamp 67008707 352564> (DF)
10:44:24.689962 217.136.250.136.33097 > 213.119.61.223.2223: . ack 23 win 5808 <nop,nop,timestamp 352569 67008707> (DF)
10:44:24.690375 217.136.250.136.33097 > 213.119.61.223.2223: P 1:44(43) ack 23 win 5808 <nop,nop,timestamp 352569 67008707> (DF)
10:44:24.734732 213.119.61.223.2223 > 217.136.250.136.33097: . ack 44 win 32476 <nop,nop,timestamp 67008711 352569> (DF)
10:44:24.747159 213.119.61.223.2223 > 217.136.250.136.33097: P 23:299(276) ack 44 win 32476 <nop,nop,timestamp 67008711 352569> (DF)
10:44:24.748814 217.136.250.136.33097 > 213.119.61.223.2223: P 44:200(156) ack 299 win 6432 <nop,nop,timestamp 352575 67008711> (DF)
10:44:24.836105 213.119.61.223.2223 > 217.136.250.136.33097: . ack 200 win 32476 <nop,nop,timestamp 67008719 352575> (DF)
10:44:24.982496 213.119.61.223.2223 > 217.136.250.136.33097: P 299:311(12) ack 200 win 32476 <nop,nop,timestamp 67008735 352575> (DF)
10:44:24.982922 217.136.250.136.33097 > 213.119.61.223.2223: P 200:228(28) ack 311 win 6432 <nop,nop,timestamp 352598 67008735> (DF)
10:44:25.216285 217.136.250.136.33097 > 213.119.61.223.2223: P 200:228(28) ack 311 win 6432 <nop,nop,timestamp 352622 67008735> (DF)
10:44:25.286102 213.119.61.223.2223 > 217.136.250.136.33097: P 299:311(12) ack 200 win 32476 <nop,nop,timestamp 67008766 352575> (DF)
10:44:25.286209 217.136.250.136.33097 > 213.119.61.223.2223: . ack 311 win 6432 <nop,nop,timestamp 352628 67008766,nop,nop,sack sack 1 {299:311} > (DF)
-------------------------------------------------------------------------------------------------------------------------------------------------------
10:44:25.696378 217.136.250.136.33097 > 213.119.61.223.2223: P 200:228(28) ack 311 win 6432 <nop,nop,timestamp 352670 67008766> (DF)
10:44:26.656569 217.136.250.136.33097 > 213.119.61.223.2223: P 200:228(28) ack 311 win 6432 <nop,nop,timestamp 352766 67008766> (DF)
10:44:28.576938 217.136.250.136.33097 > 213.119.61.223.2223: P 200:228(28) ack 311 win 6432 <nop,nop,timestamp 352958 67008766> (DF)
10:44:32.417685 217.136.250.136.33097 > 213.119.61.223.2223: P 200:228(28) ack 311 win 6432 <nop,nop,timestamp 353342 67008766> (DF)
10:44:40.099148 217.136.250.136.33097 > 213.119.61.223.2223: P 200:228(28) ack 311 win 6432 <nop,nop,timestamp 354110 67008766> (DF)
10:44:55.462009 217.136.250.136.33097 > 213.119.61.223.2223: P 200:228(28) ack 311 win 6432 <nop,nop,timestamp 355646 67008766> (DF)
10:45:26.187481 217.136.250.136.33097 > 213.119.61.223.2223: P 200:228(28) ack 311 win 6432 <nop,nop,timestamp 358718 67008766> (DF)
10:46:27.637542 217.136.250.136.33097 > 213.119.61.223.2223: P 200:228(28) ack 311 win 6432 <nop,nop,timestamp 364862 67008766> (DF)
10:48:27.654180 217.136.250.136.33097 > 213.119.61.223.2223: P 200:228(28) ack 311 win 6432 <nop,nop,timestamp 376862 67008766> (DF)

As you can see, the packets below the line never arrive at the server? 
You can see the 28 bytes the client is trying to send also in the send-q culumn
of netstat:
tcp        0     28 adsl-96904.turbol:33097 D5773DDF.kabel.tel:2223 ESTABLISHED

 So at this point you'll think it's a tcp/ip problem? But why 
do root@host1 and tester@host1 work alright then? I also have flushed my firewall rules
to be sure that nothing gets blocked, but i don't think that's the problem because other
packets arrived at the server.

The server (host1) is running debian potato which  with ssh:
SSH Version OpenSSH-1.2.3, protocol version 1.5.
Compiled with SSL.

The client (my home pc) is running debian sid with ssh: 
OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9, SSH protocols 1.5/2.0, OpenSSL 0x0090604 

Is there anyone out there in the big big world who can help me?


Greets,


Jo
--- End Message ---
Reply to:
Follow-Ups:
- Re: Weird ssh problem
  - From: Walter Hofmann <walterh@gmx.de>
- Re: Weird ssh problem
  - From: Walter Hofmann <walterh@gmx.de>
- Re: Weird ssh problem
  - From: star@starshine.org (Heather Stern)
Prev by Date: Re: Toshiba 2805-S302 Woody
Next by Date: Re: Weird ssh problem
Previous by thread: Re: Toshiba 2805-S302 Woody
Next by thread: Re: Weird ssh problem
Index(es):
- Date
- Thread