5

I'm having troubles ssh-ing to a server (ubuntu 16.04) I have root access to from my machine (macOS 10.12). The situation is weird: I checked that sshd is running on the server and that the port 22 is open (sudo netstat -anp | grep sshd) and traffic isn't blocked (sudo iptables -L | grep ssh and sudo ufw verbose); hosts.deny does not have my IP address either.

Weirdest thing - I can login from another machine with no problem. When I run nmap <server-ip> on my machine it shows only port 80 is open; running the same command on another machine gives only one open port - 22. I tried logging in from third machine - no luck again. Not sure of what's going on.

I need some way (tail -f logs, probably) where I can see what is actually happening on the server when I try to connect from different machines. Maybe this will help me to troubleshoot. Any advices on how shall I debug this problem?

peetonn
  • 173

4 Answers4

13

Command man 5 sshd_config will give you plenty of options.

Setting LogLevel VERBOSE in file /etc/ssh/sshd_config is probably what you need, although there are higher levels.

The messages will end ip in /var/log/auth.log by default, so you will have to tail -f /var/log/auth.log in a separate terminal to see what is going on.

sмurf
  • 4,750
  • 1
  • 26
  • 30
2

The problem turned out to be other machine with same IP address as the server. Very trivial but not obvious (sigh). Thanks for the input for those who answered.

I was desperate to start using Wireshark, when I checked arp tables on clients and noticed that clients that have intermittent problems sometimes get different mac addresses for the same server IP address. This made me think that there might be a different machine in the network. That was the problem.

peetonn
  • 173
0

Had an interesting case

Authentication refused: bad ownership or modes for directory /home/user On client side (ssh ---v) noticed that the rsa is just not accepted. Had to actually debug the sshd side:

$ tail -f /var/log/auth.log Found the error from above. Checked the premissions of the home folder itself - 777 for some reason (the ~/.ssh 700 and authorized_keys2 640 were okay). So chmod 750 /home/renard/ helped. So it has requirements for the home folder itself as well.

renard
  • 1
0

I guess the network from where you are using nmap does not have the firewall permission to reach the port 22 on the server. On the other machine from where you can see only port 22 on the server, but not the port 80, the firewall rule allow connection to port 22 but not on port 80 from that machine to the server.

Check the firewall settings for the rule allowing ssh and http access to the server from your machine and the other machine.

If that does not solve, you can check the log as mentioned in the above answer.

Bidyut
  • 789
  • 7
  • 14