We help IT Professionals succeed at work.

dladm show-link shows network card in unknown state but only fails for ssh

mark_667 asked
I'm using OpenSolaris 2009.06. After trying to add ciphers to my sshd_config file I'm getting a connection refused when I try to connect.

#svcs -d ssh
disabled Oct_17 svc:/network/physical:default
disabled Oct_17 svc:/network/ipfilter:default

all the others are online, svcadm enable ssh doesn't make any difference. For some reason the network adapter is supposedly in an unknown state

#dladm show-link
LINK      CLASS      MTU      STATE      OVER
dnet0      phys      1500      unknown      --

but ping, telnet, basically everything apart from ssh seem to work fine. What would cause the adapter to go into this state? What can I do about it? Could the adapter state be related to the SSH problem?
Watch Question

Have you tried enabling svc:/network/physical:default?
That's the physical network service, and has to be enabled for the system to plumb and configure the interfaces.  

Apart from that, have you tried manually plumbing the interface?  And have you made any other changes to the box since you last had networking working?

Are any services showing as failed?  Run svcs -x


svcadm enable svc:/network/physical:default
Made no difference.

ifconfig -a plumb gave
ifconfig: SIOCSLIFNAME for ip: dnet0: already exists

svcs -x gave:
svc:/network/ssh:default (SSH server)
 State: maintenance since Mon Oct 31 16:18:24 2011
 Reason: Start method failed repeatedly, last exited with status 255.
       See: http://sun.com/msg/SMF-8000-KS
       See: ssh(1M)
       See: /var/svc/log/network-ssh:default.log
 Impact: This service is not running

The log contains errors about bad SSH2 cipher spec but changing the Cipher line and enabling the ssh service doesn't write any new entries to the log and I stillget a connection refused.
When you changed the SSH config and re-enabled the service, did it start properly?  Or does it still show maintenance status?  Is there anything in /var/adm/messages or /var/log/syslog?

You can always try manually running the sshd daemon in debugging mode:  http://www.mattzone.com/sol10_ssh.html


Nothing in /var/adm/messages after enabling ssh
syslog only contains sendmail entries

#./sshd -dd
debug1: sshd version Sun_SSH_1.3
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEm private key done: type DSA
debug1: private host key: #1 type 2 DSA
Disabling protocol version 1. Could not load host key
debug1: Bind to port 22 on ::.
Server listening on :: port 22

Hangs there until I ctrl+c back out to command prompt.

When you run sshd in debug mode, it is supposed to hang there.  You then try to connect to the server from another host to see what is going on.  


I don't understand why but I wasn't able to redirect the output to a log file when running it in debug mode but it seemed to work OK. It also worked fine running normally. #dladm show-link still shows the same so this seems to be a red-herring, thanks for your help.

Yeah, when you're running in debug mode, you can't redirect to a log because it's writing to STDERR rather than STDOUT.  You can do it like this:

sshd -dd >/tmp/sshd.log 2>&1 &

That'd put it in the background and redirect the STDOUT and STDERR to the log file (the 2>&1 redirects the STDERR to the same file).

Keep in mind, you don't want to keep it running this way permanently.  You want the ssh service to start properly.  If svcs -x still shows ssh in maint state, you need to clear that with:  svcadm clear ssh

Then it should start properly if there are no more problems with the configuration.