[Gllug] ssh problem doing my head in
Tom Schutzer-Weissmann
tom at schutzer-weissmann.net
Sat Feb 10 14:21:09 UTC 2007
On Thursday 01 February 2007 22:49, Tethys wrote:
> What does "ssh -v" say on the client? What does "sshd -d" say
> on the server? How does a tcpdump of a valid session using putty
> compare to one that fails using ssh from a Linux box?
In wireshark I can see that after authentication there's nothing but TCP
Retransmissions and Dup ACKs. I don't know enough to diagnose much more.
As far as I can understand, the client is trying to respond to the server's
last packet, but the response doesn't get through. The server just keeps
asking for the response. Why the response doesn't get there...
I've tried removing all the firewall rules except the nat masquerade one, but
it makes no difference.
What should I look at next?
Thanks for your help,
TomSW
---------------
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.2 XX.XX.XX.XX TCP 44894 >
ssh [SYN] Seq=0 Len=0 MSS=1460 TSV=87038247 TSER=0 WS=5
2 0.356858 XX.XX.XX.XX 192.168.1.2 TCP ssh >
44894 [SYN, ACK] Seq=0 Ack=1 Win=57344 Len=0 MSS=1360 WS=0 TSV=699447785
TSER=87038247
3 0.356901 192.168.1.2 XX.XX.XX.XX TCP 44894 >
ssh [ACK] Seq=1 Ack=1 Win=5856 Len=0 TSV=87038604 TSER=699447785
4 1.226342 XX.XX.XX.XX 192.168.1.2 SSHv2 Server
Protocol: SSH-2.0-OpenSSH_4.2
5 1.226434 192.168.1.2 XX.XX.XX.XX TCP 44894 >
ssh [ACK] Seq=1 Ack=21 Win=5856 Len=0 TSV=87039473 TSER=699447874
6 1.226680 192.168.1.2 XX.XX.XX.XX SSHv2 Client
Protocol: SSH-2.0-OpenSSH_4.3p2 Debian-5ubuntu1
7 1.556224 XX.XX.XX.XX 192.168.1.2 SSHv2 Server:
Key Exchange Init
8 1.556277 192.168.1.2 XX.XX.XX.XX SSHv2 Client:
Key Exchange Init
9 2.108055 XX.XX.XX.XX 192.168.1.2 TCP ssh >
44894 [ACK] Seq=733 Ack=751 Win=57964 Len=0 TSV=699447961 TSER=87039803
10 2.108095 192.168.1.2 XX.XX.XX.XX SSHv2 Client:
Diffie-Hellman GEX Request
11 2.369152 XX.XX.XX.XX 192.168.1.2 SSHv2 Server:
Diffie-Hellman Key Exchange Reply
12 2.378065 192.168.1.2 XX.XX.XX.XX SSHv2 Client:
Diffie-Hellman GEX Init
13 2.551637 XX.XX.XX.XX 192.168.1.2 SSHv2 Server:
Diffie-Hellman GEX Reply
14 2.591521 192.168.1.2 XX.XX.XX.XX TCP 44894 >
ssh [ACK] Seq=919 Ack=1349 Win=10112 Len=0 TSV=87040839 TSER=699448006
15 2.634557 192.168.1.2 XX.XX.XX.XX SSHv2 Client:
New Keys
16 3.008151 XX.XX.XX.XX 192.168.1.2 TCP ssh >
44894 [ACK] Seq=1349 Ack=935 Win=57964 Len=0 TSV=699448051 TSER=87040882
17 3.008190 192.168.1.2 XX.XX.XX.XX SSHv2 Encrypted
request packet len=48
18 3.376348 XX.XX.XX.XX 192.168.1.2 SSHv2 Encrypted
response packet len=48
19 3.376459 192.168.1.2 XX.XX.XX.XX TCP 44894 >
ssh [ACK] Seq=983 Ack=1397 Win=10112 Len=0 TSV=87041624 TSER=699448088
20 3.417030 192.168.1.2 XX.XX.XX.XX SSHv2 Encrypted
request packet len=64
21 3.912674 XX.XX.XX.XX 192.168.1.2 SSHv2 Encrypted
response packet len=80
22 3.912795 192.168.1.2 XX.XX.XX.XX TCP 44894 >
ssh [ACK] Seq=1047 Ack=1477 Win=10112 Len=0 TSV=87042160 TSER=699448142
23 3.913031 192.168.1.2 XX.XX.XX.XX SSHv2 Encrypted
request packet len=96
24 4.291207 XX.XX.XX.XX 192.168.1.2 SSHv2 Encrypted
response packet len=80
25 4.331250 192.168.1.2 XX.XX.XX.XX TCP 44894 >
ssh [ACK] Seq=1143 Ack=1557 Win=10112 Len=0 TSV=87042579 TSER=699448175
26 8.397065 192.168.1.2 XX.XX.XX.XX SSHv2 Encrypted
request packet len=144
27 8.730497 XX.XX.XX.XX 192.168.1.2 SSHv2 Encrypted
response packet len=32
28 8.730576 192.168.1.2 XX.XX.XX.XX TCP 44894 >
ssh [ACK] Seq=1287 Ack=1589 Win=10112 Len=0 TSV=87046978 TSER=699448624
29 8.731061 192.168.1.2 XX.XX.XX.XX SSHv2 Encrypted
request packet len=64
30 8.996848 XX.XX.XX.XX 192.168.1.2 SSHv2 Encrypted
response packet len=48
31 8.997324 192.168.1.2 XX.XX.XX.XX SSHv2 Encrypted
request packet len=448
32 9.743428 192.168.1.2 XX.XX.XX.XX SSHv2 [TCP
Retransmission] Encrypted request packet len=448
33 10.207503 XX.XX.XX.XX 192.168.1.2 SSHv2 [TCP
Retransmission] Encrypted response packet len=48
34 10.207542 192.168.1.2 XX.XX.XX.XX TCP [TCP Dup
ACK 32#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87048456
TSER=699448771
35 11.237198 192.168.1.2 XX.XX.XX.XX SSHv2 [TCP
Retransmission] Encrypted request packet len=448
36 12.397019 XX.XX.XX.XX 192.168.1.2 SSHv2 [TCP
Retransmission] Encrypted response packet len=48
37 12.397054 192.168.1.2 XX.XX.XX.XX TCP [TCP Dup
ACK 35#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87050646
TSER=699448991
38 14.224744 192.168.1.2 XX.XX.XX.XX SSHv2 [TCP
Retransmission] Encrypted request packet len=448
39 16.591690 XX.XX.XX.XX 192.168.1.2 SSHv2 [TCP
Retransmission] Encrypted response packet len=48
40 16.591733 192.168.1.2 XX.XX.XX.XX TCP [TCP Dup
ACK 38#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87054841
TSER=699449411
41 20.199837 192.168.1.2 XX.XX.XX.XX SSHv2 [TCP
Retransmission] Encrypted request packet len=448
42 24.789993 XX.XX.XX.XX 192.168.1.2 SSHv2 [TCP
Retransmission] Encrypted response packet len=48
43 24.790047 192.168.1.2 XX.XX.XX.XX TCP [TCP Dup
ACK 41#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87063040
TSER=699450231
44 32.150011 192.168.1.2 XX.XX.XX.XX SSHv2 [TCP
Retransmission] Encrypted request packet len=448
45 40.995800 XX.XX.XX.XX 192.168.1.2 SSHv2 [TCP
Retransmission] Encrypted response packet len=48
46 40.995847 192.168.1.2 XX.XX.XX.XX TCP [TCP Dup
ACK 44#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87079249
TSER=699451851
47 56.050372 192.168.1.2 XX.XX.XX.XX SSHv2 [TCP
Retransmission] Encrypted request packet len=448
48 73.209089 XX.XX.XX.XX 192.168.1.2 SSHv2 [TCP
Retransmission] Encrypted response packet len=48
49 73.209136 192.168.1.2 XX.XX.XX.XX TCP [TCP Dup
ACK 47#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87111467
TSER=699455071
50 103.851075 192.168.1.2 XX.XX.XX.XX SSHv2 [TCP
Retransmission] Encrypted request packet len=448
51 137.214277 XX.XX.XX.XX 192.168.1.2 SSHv2 [TCP
Retransmission] Encrypted response packet len=48
52 137.214316 192.168.1.2 XX.XX.XX.XX TCP [TCP Dup
ACK 50#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87175482
TSER=699461471
53 199.452509 192.168.1.2 XX.XX.XX.XX SSHv2 [TCP
Retransmission] Encrypted request packet len=448
54 201.234866 XX.XX.XX.XX 192.168.1.2 SSHv2 [TCP
Retransmission] Encrypted response packet len=48
55 201.234933 192.168.1.2 XX.XX.XX.XX TCP [TCP Dup
ACK 53#1] 44894 > ssh [ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87239512
TSER=699467871
56 221.838838 192.168.1.2 XX.XX.XX.XX TCP 44894 >
ssh [FIN, ACK] Seq=1799 Ack=1637 Win=10112 Len=0 TSV=87260119 TSER=699467871
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list