SSH funktioniert nicht mehr!

[toxict]

Hallo Gemeinde,

in meiner Verzweifelung wende ich mich mal an euch:
Ich habe mein Macbook zum Gravis-Händler gebracht (wegen eines Akku-Problems) und nu geht kein ssh mehr auf meine Firewall:

ssh user@192.168.3.1

Connection to 192.168.3.1 closed by remote host.
Connection to 192.168.3.1 closed.

von jedem anderen pc funzt es...
ich habe schon den eintrag in der known_hosts gelöscht, danach werde ich gefragt, ob ich den neuen key speichern möchte, ich antworte brav mit yes und die fehlermeldung bleibt die gleiche.
habe auch schon den wireshark angeschmissen zum mitsniffen, die firewall schickt tatsächlich nen fin-ack. was soll der scheiss?
was haben die jungs da wohl mit meinem macbook getrieben???
für sachdienliche hinweise jeder art bin ich dankbar...

gute n8 derweil

toxic

 

[oneOeight]

ist das key only oder auch mit passwort?

 

[toxict]

login ist via username/passwort

 

[oneOeight]

wenn man im router kein log einsehen kann, dann probier mal ein ssh -vvv damit du siehst, woran es scheitert...

 

[toxict]

hi 1o8,

ich kann aus diesem debug-output keine erkenntnisse über die ursache des problems gewinnen...du vielleicht?
das problem triit NUR zwischen meinem macbook und dieser firewall auf, ssh verbindungen zu anderen geräten funktionieren einwandfrei und die firewall kann andererseits auch per ssh von anderen rechnern (sowohl pc als auch mac) erreicht werden.

OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.3.1 [192.168.3.1] port 22.
debug1: Connection established.
debug1: identity file /Users/admin/.ssh/identity type -1
debug1: identity file /Users/admin/.ssh/id_rsa type -1
debug1: identity file /Users/admin/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version NetScreen
debug1: no match: NetScreen
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit: 3des-cbc
debug2: kex_parse_kexinit: 3des-cbc
debug2: kex_parse_kexinit: hmac-sha1
debug2: kex_parse_kexinit: hmac-sha1
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client 3des-cbc hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server 3des-cbc hmac-sha1 none
debug2: dh_gen_key: priv key bits set: 187/384
debug2: bits set: 490/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug3: check_host_in_hostfile: filename /Users/admin/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 17
debug1: Host '192.168.3.1' is known and matches the DSA host key.
debug1: Found key in /Users/admin/.ssh/known_hosts:17
debug2: bits set: 531/1024
debug1: ssh_dss_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/admin/.ssh/identity (0x0)
debug2: key: /Users/admin/.ssh/id_rsa (0x0)
debug2: key: /Users/admin/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
xxx@192.168.3.1's password:
debug3: packet_send2: adding 56 (len 61 padlen 11 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: tty_make_modes: ospeed 38400
debug3: tty_make_modes: ispeed 38400
debug2: channel 0: request shell confirm 1
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 2048 rmax 1024
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r3 i0/0 o0/0 fd 4/5 cfd -1)

debug3: channel 0: close_fds r 4 w 5 e 6 c -1
Connection to 192.168.3.1 closed by remote host.
Connection to 192.168.3.1 closed.
Transferred: sent 1584, received 912 bytes, in 0.0 seconds
Bytes per second: sent 97327.6, received 56037.1

 

[undercover]

Hast du den sshd auf dem Zielsystem mal neu gestartet?
Sind da zu viele Sitzungen offen? (Tote?)

 

[oneOeight]

* Added a no-more-sessions@openssh.com global request extension that is
sent from ssh(1) to sshd(8) when the client knows that it will never
request another session (i.e. when session multiplexing is disabled).
This allows a server to disallow further session requests and
terminate the session in cases where the client has been hijacked.

scheinst wohl noch sessions auf zu haben und wegen dem feature cancelt der wohl die neue...

 

[nschum]

Ich glaube nicht. Die no-more-sessions@openssh.com Meldung hab ich auch bei erfolgreichen Verbindungen. Das ist normal.

 

[toxict]

ich habe die fw bereits mehrmals durchgebootet...das sollte ja wohl ausreichen.

ich habe nochmal den debug auf der firewall angeschmissen....ich sehe da kein problem.....
da ich nur 10000 zeichen posten darf, fehlt der anfang...




## 2009-01-07 08:31:35 : SSH: >>> process_binary_frame()
## 2009-01-07 08:31:35 : SSH: --- process_binary_frame() : buf_len=336 : packet_len=788
## 2009-01-07 08:31:35 : SSH: <<< process_binary_frame() = 0
## 2009-01-07 08:31:35 : SSH netio: After extend In_enc_buffer# alloc 336, end 336,offset 0
## 2009-01-07 08:31:35 : extending recv() buffer
## 2009-01-07 08:31:35 : SSH netio: After extend In_enc_buffer# alloc 472, end 336,offset 0
## 2009-01-07 08:31:35 : SSH netio: before Recv In_enc_buffer# alloc 472, end 336,offset 0
## 2009-01-07 08:31:35 : SSH netio: after Recv In_enc_buffer# alloc 472, end 472,offset 0
## 2009-01-07 08:31:35 : SSH netio: recv(s=17, l=136) = 136
## 2009-01-07 08:31:35 : SSH: >>> process_binary_frame()
## 2009-01-07 08:31:35 : SSH: --- process_binary_frame() : buf_len=472 : packet_len=788
## 2009-01-07 08:31:35 : SSH: <<< process_binary_frame() = 0
## 2009-01-07 08:31:35 : SSH netio: After extend In_enc_buffer# alloc 472, end 472,offset 0
## 2009-01-07 08:31:35 : extending recv() buffer
## 2009-01-07 08:31:35 : SSH netio: After extend In_enc_buffer# alloc 608, end 472,offset 0
## 2009-01-07 08:31:35 : SSH netio: before Recv In_enc_buffer# alloc 608, end 472,offset 0
## 2009-01-07 08:31:35 : SSH netio: after Recv In_enc_buffer# alloc 608, end 608,offset 0
## 2009-01-07 08:31:35 : SSH netio: recv(s=17, l=136) = 136
## 2009-01-07 08:31:35 : SSH: >>> process_binary_frame()
## 2009-01-07 08:31:35 : SSH: --- process_binary_frame() : buf_len=608 : packet_len=788
## 2009-01-07 08:31:35 : SSH: <<< process_binary_frame() = 0
## 2009-01-07 08:31:35 : SSH netio: After extend In_enc_buffer# alloc 608, end 608,offset 0
## 2009-01-07 08:31:35 : extending recv() buffer
## 2009-01-07 08:31:35 : SSH netio: After extend In_enc_buffer# alloc 744, end 608,offset 0
## 2009-01-07 08:31:35 : SSH netio: before Recv In_enc_buffer# alloc 744, end 608,offset 0
## 2009-01-07 08:31:35 : SSH netio: after Recv In_enc_buffer# alloc 744, end 744,offset 0
## 2009-01-07 08:31:35 : SSH netio: recv(s=17, l=136) = 136
## 2009-01-07 08:31:35 : SSH: >>> process_binary_frame()
## 2009-01-07 08:31:35 : SSH: --- process_binary_frame() : buf_len=744 : packet_len=788
## 2009-01-07 08:31:35 : SSH: <<< process_binary_frame() = 0
## 2009-01-07 08:31:35 : SSH netio: After extend In_enc_buffer# alloc 744, end 744,offset 0
## 2009-01-07 08:31:35 : extending recv() buffer
## 2009-01-07 08:31:35 : SSH netio: After extend In_enc_buffer# alloc 880, end 744,offset 0
## 2009-01-07 08:31:35 : SSH netio: before Recv In_enc_buffer# alloc 880, end 744,offset 0
## 2009-01-07 08:31:35 : SSH netio: after Recv In_enc_buffer# alloc 880, end 792,offset 0
## 2009-01-07 08:31:35 : SSH netio: recv(s=17, l=136) = 48
## 2009-01-07 08:31:35 : SSH: >>> process_binary_frame()
## 2009-01-07 08:31:35 : SSH: --- process_binary_frame() : buf_len=792 : packet_len=788
## 2009-01-07 08:31:35 : SSH: --- process_binary_frame() : padding_len =8 : message_type=20
## 2009-01-07 08:31:35 : SSH message: IN - SSH_MSG_KEXINIT(20)
## 2009-01-07 08:31:35 : SSH: <<< process_binary_frame() = 1
## 2009-01-07 08:31:35 : --- process_kex_neg()
## 2009-01-07 08:31:35 : SSH state trans: SSH_STATE_RECV_NEG(3) -> SSH_STATE_RECV_DH_KEX(5)
## 2009-01-07 08:31:35 : SSH netio: before Recv In_enc_buffer# alloc 880, end 0,offset 0
## 2009-01-07 08:31:35 : SSH netio: after Recv In_enc_buffer# alloc 880, end 144,offset 0
## 2009-01-07 08:31:35 : SSH netio: recv(s=17, l=880) = 144
## 2009-01-07 08:31:35 : SSH: >>> process_binary_frame()
## 2009-01-07 08:31:35 : SSH: --- process_binary_frame() : buf_len=144 : packet_len=140
## 2009-01-07 08:31:35 : SSH: --- process_binary_frame() : padding_len =5 : message_type=30
## 2009-01-07 08:31:35 : SSH message: IN - SSH_MSG_KEXDH_INIT(30)
## 2009-01-07 08:31:35 : SSH: <<< process_binary_frame() = 1
## 2009-01-07 08:31:35 : SSH message: OUT - SSH_MSG_KEXDH_REPLY(31)
## 2009-01-07 08:31:35 : SSH state trans: SSH_STATE_RECV_DH_KEX(5) -> SSH_STATE_SEND_DH_KEX(4)
## 2009-01-07 08:31:35 : SSH netio: send(s=17, l=640) = 640
## 2009-01-07 08:31:35 : SSH netio: send(17,,640,) = 640
## 2009-01-07 08:31:35 : SSH state trans: SSH_STATE_SEND_DH_KEX(4) -> SSH_STATE_SEND_NEW_KEYS(7)
## 2009-01-07 08:31:35 : SSH netio: before Recv In_enc_buffer# alloc 880, end 0,offset 0
## 2009-01-07 08:31:35 : SSH netio: after Recv In_enc_buffer# alloc 880, end 16,offset 0
## 2009-01-07 08:31:35 : SSH netio: recv(s=17, l=880) = 16
## 2009-01-07 08:31:35 : SSH message: OUT - SSH_MSG_NEWKEYS(21)
## 2009-01-07 08:31:35 : SSH netio: send(s=17, l=16) = 16
## 2009-01-07 08:31:35 : SSH netio: send(17,,16,) = 16
## 2009-01-07 08:31:35 : SSH state trans: SSH_STATE_SEND_NEW_KEYS(7) -> SSH_STATE_RECV_NEW_KEYS(6)
## 2009-01-07 08:31:35 : SSH netio: before Recv In_enc_buffer# alloc 880, end 16,offset 0
## 2009-01-07 08:31:35 : SSH netio: after Recv In_enc_buffer# alloc 880, end 68,offset 0
## 2009-01-07 08:31:35 : SSH netio: recv(s=17, l=864) = 52
## 2009-01-07 08:31:35 : SSH: >>> process_binary_frame()
## 2009-01-07 08:31:35 : SSH: --- process_binary_frame() : buf_len=68 : packet_len=12
## 2009-01-07 08:31:35 : SSH: --- process_binary_frame() : padding_len =10 : message_type=21
## 2009-01-07 08:31:35 : SSH message: IN - SSH_MSG_NEWKEYS(21)
## 2009-01-07 08:31:35 : SSH: <<< process_binary_frame() = 1
## 2009-01-07 08:31:35 : SSH state trans: SSH_STATE_RECV_NEW_KEYS(6) -> SSH_STATE_BANNER(8)
## 2009-01-07 08:31:35 : SSH state trans: SSH_STATE_BANNER(8) -> SSH_STATE_CONNECTING(9)
## 2009-01-07 08:31:35 : decrypted message length 28
## 2009-01-07 08:31:35 : SSH netio: packet decrypted..In_enc_buffer# alloc 880, end 68,offset 48
## 2009-01-07 08:31:35 : SSH message: IN - SSH_MSG_SERVICE_REQUEST(5)
## 2009-01-07 08:31:35 : SSH message: OUT - SSH_MSG_SERVICE_ACCEPT(6)
## 2009-01-07 08:31:35 : SSH netio: send(s=17, l=52) = 52
## 2009-01-07 08:31:35 : SSH netio: send(17,,52,) = 52
## 2009-01-07 08:31:35 : SSH netio: before Recv In_enc_buffer# alloc 880, end 0,offset 0
## 2009-01-07 08:31:35 : SSH netio: after Recv In_enc_buffer# alloc 880, end 68,offset 0
## 2009-01-07 08:31:35 : SSH netio: recv(s=17, l=880) = 68
## 2009-01-07 08:31:35 : decrypted message length 44
## 2009-01-07 08:31:35 : SSH netio: packet decrypted..In_enc_buffer# alloc 880, end 68,offset 48
## 2009-01-07 08:31:35 : SSH message: IN - SSH_MSG_USERAUTH_REQUEST(50)
## 2009-01-07 08:31:35 : SSH auth: >>> process_auth_request(ip=1.130.81.42, port=50642)
## 2009-01-07 08:31:35 : SSH auth: --- process_auth_request() : admin=xxx service=ssh-connection method=none
## 2009-01-07 08:31:35 : SSH message: OUT - SSH_MSG_USERAUTH_FAILURE(51)
## 2009-01-07 08:31:35 : SSH auth: --- ssh_build_auth_fail() : auth_types=password
## 2009-01-07 08:31:35 : SSH netio: send(s=17, l=44) = 44
## 2009-01-07 08:31:35 : SSH netio: send(17,,44,) = 44
## 2009-01-07 08:31:35 : SSH auth: <<< process_auth_request(aaid=0) = 0
## 2009-01-07 08:31:39 : SSH netio: before Recv In_enc_buffer# alloc 880, end 0,offset 0
## 2009-01-07 08:31:39 : SSH netio: after Recv In_enc_buffer# alloc 880, end 148,offset 0
## 2009-01-07 08:31:39 : SSH netio: recv(s=17, l=880) = 148
## 2009-01-07 08:31:39 : decrypted message length 124
## 2009-01-07 08:31:39 : SSH netio: packet decrypted..In_enc_buffer# alloc 880, end 148,offset 128
## 2009-01-07 08:31:39 : SSH message: IN - SSH_MSG_USERAUTH_REQUEST(50)
## 2009-01-07 08:31:39 : SSH auth: >>> process_auth_request(ip=1.130.81.42, port=50642)
## 2009-01-07 08:31:39 : SSH auth: --- process_auth_request() : admin=xxx service=ssh-connection method=password
## 2009-01-07 08:31:39 : SSH auth: --- password auth: password = 04ba1240 : length=10 : failure=0
## 2009-01-07 08:31:39 : SSH auth: >>> sshv2_auth(name=xxx)
## 2009-01-07 08:31:39 : SSH auth: <<< sshv2_auth(aaid=7) = 1
## 2009-01-07 08:31:39 : SSH message: OUT - SSH_MSG_USERAUTH_SUCCESS(52)
## 2009-01-07 08:31:39 : SSH netio: send(s=17, l=36) = 36
## 2009-01-07 08:31:39 : SSH netio: send(17,,36,) = 36
## 2009-01-07 08:31:39 : SSH auth: <<< process_auth_request(aaid=7) = 1
## 2009-01-07 08:31:39 : SSH netio: before Recv In_enc_buffer# alloc 880, end 0,offset 0
## 2009-01-07 08:31:39 : SSH netio: after Recv In_enc_buffer# alloc 880, end 128,offset 0
## 2009-01-07 08:31:39 : SSH netio: recv(s=17, l=880) = 128
## 2009-01-07 08:31:39 : decrypted message length 36
## 2009-01-07 08:31:39 : SSH netio: packet decrypted..In_enc_buffer# alloc 880, end 128,offset 40
## 2009-01-07 08:31:39 : SSH message: IN - SSH_MSG_CHANNEL_OPEN(90)
## 2009-01-07 08:31:39 : --- process_channel_open()
## 2009-01-07 08:31:39 : SSH message: OUT - SSH_MSG_CHANNEL_OPEN_CONFIRMATION(91)
## 2009-01-07 08:31:39 : SSH netio: send(s=17, l=52) = 52
## 2009-01-07 08:31:39 : SSH netio: send(17,,52,) = 52
## 2009-01-07 08:31:39 : SSH netio: Another message,In_enc_buffer# alloc 880, end 128,offset 60
## 2009-01-07 08:31:39 : decrypted message length 44
## 2009-01-07 08:31:39 : SSH netio: packet decrypted..In_enc_buffer# alloc 880, end 128,offset 108
## 2009-01-07 08:31:39 : SSH message: IN - unknown message type(80)
## 2009-01-07 08:31:39 : SSH state trans: SSH_STATE_CONNECTING(9) -> SSH_STATE_CLOSE(99)
## 2009-01-07 08:31:39 : SSH netio: before Recv In_enc_buffer# alloc 880, end 0,offset 0
## 2009-01-07 08:31:39 : SSH netio: after Recv In_enc_buffer# alloc 880, end 376,offset 0
## 2009-01-07 08:31:39 : SSH netio: recv(s=17, l=880) = 376
## 2009-01-07 08:31:39 : SSH conn: >>> ssh_free_shell()
## 2009-01-07 08:31:39 : SSH conn: <<< ssh_free_shell()
## 2009-01-07 08:31:39 : SSH state trans: SSH_STATE_FREE(0) -> SSH_STATE_FREE(0)

 

[oneOeight]

## 2009-01-07 08:31:39 : SSH message: IN - unknown message type(80)
## 2009-01-07 08:31:39 : SSH state trans: SSH_STATE_CONNECTING(9) -> SSH_STATE_CLOSE(99)

da kriegt der halt wohl eine falsche message und schliesst...
welche openssh version läuft auf der firewall und welche auf den anderen rechnern?

 

[toxict]

openssh auf ner netscreen 5gt? lol....
das ist eine firewall appliance und keine softwarefirewall oder linux-büchse....

 

[toxict]

lösung gefunden

schuld ist das update auf macos 10.5.5 gewesen....
im herstellerforum gabs zum glück leidgenossen:
http://www.juniperforum.com/index.php?action=printpage;topic=7235.0


lösung: ControlMaster auto ins ssh_config file
oder s
ssh -oControlMaster=auto