Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1348
  • Last Modified:

Solaris 10 SSH issues

Experts,

I'm having an issue where I can successfully SSH inside our LAN, but can't SSH from the WAN to Solaris servers. These are new vanilla installs of Solaris 10 v5.10 with 10_Recommended patch cluster 144488-17 installed. From what I can tell SSH installed with no problems as I can SSH to and from Windows, Linux and other Solaris servers, yet when I try to come in from the WAN I get a "connection timed out" error from Putty. Also I must mention that this error is intermittent in that sometimes a connection will work on box A and B, but Box C won't connect and vice versa. I can also successfully ping each server from the WAN with no problems. Where should I start troubleshooting?

Thanks
0
drei22
Asked:
drei22
  • 2
  • 2
2 Solutions
 
arnoldCommented:
Did you setup port forwarding on the external router to allow port 22 traffic to hit the solaris 10 server?


check /etc/hosts.allow and see whether you have sshd:LAN_IP_range

try telnet <solaris_server> 22
and see whether the connection is in syn_sent or whether the TCP session is actually established.
0
 
drei22Author Commented:
@arnold

The firewall has been configured to allow a range of the correct IP's. The weird thing is that certain boxes will allow ssh for a short time, then disconnect for no reason at all. I have no /etc/hosts.allow files on these boxes, are they necessary?
0
 
arnoldCommented:
the /etc/hosts.allow and /etc/hosts.deny are a pair that one can use to restrict access to the system based on the where they are comming from.

The disconnect could be by the firewall (idle timeout).

Unfortunately, there is not enough information beyond the suggestions I made.

Check /var/adm/messages for events from sshd unless you altered sshd_config to other facility/authority for syslog options..
0
 
AnacreoCommented:
Can you reach out to the WAN from the Sun servers?

Check your defaults such as:

Default Route:
# netstat -rn (although if you are intermittently successful, less likely to be the culprit)

Subnetmask and Broadcast address:
# ifconfig -a

Check the system log to see if any errors line up:
# dmesg

Stop SSHD and run it manually in debug mode:
# svcadm disable sshd
# /usr/lib/ssh/sshd -d
(when done)
ctrl-c
# svcadm enable sshd

Lastly try taking a snoop and loading that into your favorite network genius tool (Wireshark)
# snoop -d <nic> -o sshlog.snoop port 22
1 attempt connection
2 ctrl-c after your SSH connection dies..
3 FTP that over to your machine with Wireshark and see what it says...

On the client side you could also try running ssh client in debug mode and see if the failure helps diagnose this.

Basics first I always say...
0
 
drei22Author Commented:
The problem ended up being that routing wasn't setup correctly on each server.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now