Solved

Solaris 10 SSH issues

Posted on 2011-09-21
5
1,233 Views
Last Modified: 2012-05-12
Experts,

I'm having an issue where I can successfully SSH inside our LAN, but can't SSH from the WAN to Solaris servers. These are new vanilla installs of Solaris 10 v5.10 with 10_Recommended patch cluster 144488-17 installed. From what I can tell SSH installed with no problems as I can SSH to and from Windows, Linux and other Solaris servers, yet when I try to come in from the WAN I get a "connection timed out" error from Putty. Also I must mention that this error is intermittent in that sometimes a connection will work on box A and B, but Box C won't connect and vice versa. I can also successfully ping each server from the WAN with no problems. Where should I start troubleshooting?

Thanks
0
Comment
Question by:drei22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 36575175
Did you setup port forwarding on the external router to allow port 22 traffic to hit the solaris 10 server?


check /etc/hosts.allow and see whether you have sshd:LAN_IP_range

try telnet <solaris_server> 22
and see whether the connection is in syn_sent or whether the TCP session is actually established.
0
 

Author Comment

by:drei22
ID: 36581692
@arnold

The firewall has been configured to allow a range of the correct IP's. The weird thing is that certain boxes will allow ssh for a short time, then disconnect for no reason at all. I have no /etc/hosts.allow files on these boxes, are they necessary?
0
 
LVL 78

Accepted Solution

by:
arnold earned 250 total points
ID: 36581728
the /etc/hosts.allow and /etc/hosts.deny are a pair that one can use to restrict access to the system based on the where they are comming from.

The disconnect could be by the firewall (idle timeout).

Unfortunately, there is not enough information beyond the suggestions I made.

Check /var/adm/messages for events from sshd unless you altered sshd_config to other facility/authority for syslog options..
0
 
LVL 4

Assisted Solution

by:Anacreo
Anacreo earned 250 total points
ID: 36713127
Can you reach out to the WAN from the Sun servers?

Check your defaults such as:

Default Route:
# netstat -rn (although if you are intermittently successful, less likely to be the culprit)

Subnetmask and Broadcast address:
# ifconfig -a

Check the system log to see if any errors line up:
# dmesg

Stop SSHD and run it manually in debug mode:
# svcadm disable sshd
# /usr/lib/ssh/sshd -d
(when done)
ctrl-c
# svcadm enable sshd

Lastly try taking a snoop and loading that into your favorite network genius tool (Wireshark)
# snoop -d <nic> -o sshlog.snoop port 22
1 attempt connection
2 ctrl-c after your SSH connection dies..
3 FTP that over to your machine with Wireshark and see what it says...

On the client side you could also try running ssh client in debug mode and see if the failure helps diagnose this.

Basics first I always say...
0
 

Author Closing Comment

by:drei22
ID: 36924027
The problem ended up being that routing wasn't setup correctly on each server.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CPU monthly average? 12 138
auto mounter on hp-ux 2 32
Unix Question 19 53
Solaris 4.1.3 cloning and booting 13 87
Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question