Previous 1 2 Next 25 Replies Latest reply: Mar 10, 2013 8:47 AM by Linc Davis
matfish2 Level 1 Level 1 (0 points)

I'm trying to login to a remote machine with SSH or SFTP.

 

 

when I try `ssh u-indgo@ssh1.eu1.frbit.com` the CLI just won't respond. I get an empty new line, in which I can type characters, but nothing more.

 

 

When I try to connect with `SFTP` using the same credentials (I use `Transmit` as my SFTP client) it just hangs forever and doesn't connect.

 

 

No errors. No response.

The problem isn't specific to `frbit.com` and persists with other IP's as well.

 

 

running with the -vv flag I got the following output:

 

 

    debug1: Reading configuration data /Users/matanya/.ssh/config

    debug1: Reading configuration data /usr/local/Cellar/openssh/6.1p1/etc/ssh_config

    debug2: ssh_connect: needpriv 0

    debug1: Connecting to ssh1.eu1.frbit.com [46.137.57.195] port 22.

    debug2: fd 3 setting O_NONBLOCK

    debug1: fd 3 clearing O_NONBLOCK

    debug1: Connection established.

    debug1: identity file /Users/matanya/.ssh/id_rsa type 1

    debug1: identity file /Users/matanya/.ssh/id_rsa-cert type -1

    debug1: identity file /Users/matanya/.ssh/id_dsa type 2

    debug1: identity file /Users/matanya/.ssh/id_dsa-cert type -1

    debug1: identity file /Users/matanya/.ssh/id_ecdsa type -1

    debug1: identity file /Users/matanya/.ssh/id_ecdsa-cert type -1

    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1

    debug1: match: OpenSSH_5.5p1 pat OpenSSH_5*

    debug1: Enabling compatibility mode for protocol 2.0

    debug1: Local version string SSH-2.0-OpenSSH_6.1

    debug2: fd 3 setting O_NONBLOCK

    debug1: SSH2_MSG_KEXINIT sent

    debug1: SSH2_MSG_KEXINIT received

    debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-e xchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,di ffie-hellman-group1-sha1

    debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit: first_kex_follows 0

    debug2: kex_parse_kexinit: reserved 0

    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie- hellman-group14-sha1,diffie-hellman-group1-sha1

    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blow fish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: none,zlib@openssh.com

    debug2: kex_parse_kexinit: none,zlib@openssh.com

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit: first_kex_follows 0

    debug2: kex_parse_kexinit: reserved 0

    debug2: mac_setup: found hmac-md5

    debug1: kex: server->client aes128-ctr hmac-md5 none

    debug2: mac_setup: found hmac-md5

    debug1: kex: client->server aes128-ctr hmac-md5 none

    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

    debug2: dh_gen_key: priv key bits set: 140/256

    debug2: bits set: 543/1024

    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

    debug1: Server host key: RSA 31:4c:71:e0:56:14:04:0d:c7:b2:6c:fc:8a:42:33:2e

    debug1: Host 'ssh1.eu1.frbit.com' is known and matches the RSA host key.

    debug1: Found key in /Users/matanya/.ssh/known_hosts:2

    debug2: bits set: 513/1024

    debug1: ssh_rsa_verify: signature correct

    debug2: kex_derive_keys

    debug2: set_newkeys: mode 1

    debug1: SSH2_MSG_NEWKEYS sent

    debug1: expecting SSH2_MSG_NEWKEYS

    debug2: set_newkeys: mode 0

    debug1: SSH2_MSG_NEWKEYS received

    debug1: Roaming not allowed by server

    debug1: SSH2_MSG_SERVICE_REQUEST sent

    debug2: service_accept: ssh-userauth

    debug1: SSH2_MSG_SERVICE_ACCEPT received

 

 

UPDATE: going through `system.log` I found the following:

 

 

 

 

    Mar  6 10:28:17 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent[574]): Exited with code: 1

    Mar  6 10:28:17 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent): Throttling respawn: Will start in 10 seconds

    Mar  6 10:28:27 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent[575]): Exited with code: 1

    Mar  6 10:28:27 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent): Throttling respawn: Will start in 10 seconds

 

 

What does `Code 1` stand for?

 

 

UPDATE: Following @Eir Nym advice, I found the file that `launchd` has problems with at `System/Library/LaunchAgents/org.openbsd.ssh-agent.plist`:

 

 

 

 

    <?xml version="1.0" encoding="UTF-8"?>

    <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

    <plist version="1.0">

    <dict>

              <key>Label</key>

              <string>org.openbsd.ssh-agent</string>

              <key>ProgramArguments</key>

              <array>

                        <string>/usr/bin/ssh-agent</string>

                        <string>-l</string>

              </array>

              <key>ServiceIPC</key>

              <true/>

              <key>Sockets</key>

              <dict>

                        <key>Listeners</key>

                        <dict>

                                  <key>SecureSocketWithKey</key>

                                  <string>SSH_AUTH_SOCK</string>

                        </dict>

              </dict>

            <key>EnableTransactions</key>

            <true/>

    </dict>

    </plist>

 

 

When I run `/usr/bin/ssh-agent` I get:

 

 

 

 

    SSH_AUTH_SOCK=/var/folders/pg/1g6_hnwx47bgqv5vcm1lq18h0000gn/T//ssh-01WuaHF32Sl V/agent.2145; export SSH_AUTH_SOCK;

    SSH_AGENT_PID=2146; export SSH_AGENT_PID;

    echo Agent pid 2146;

 

 

as for the `-l` flag (`<string>-l</string>`) there is no such flag on my version of `ssh-agent`. Outputs:

 

 

 

 

    ssh-agent: illegal option -- l

 

 

SSH version: OpenSSH_5.8p2, OpenSSL 0.9.8r 8 Feb 2011


iMac, OS X Mountain Lion (10.8.2)
  • etresoft Level 7 Level 7 (25,620 points)

    Your key files are probably corrupted. Move them aside and try again.

  • Linc Davis Level 10 Level 10 (146,980 points)

    What do you get from this:

     

    ls -Oaeln .ssh

  • matfish2 Level 1 Level 1 (0 points)

    ls -Oaeln .ssh:

     

    total 64

    drwxrwxrwx  10 501  20  -  340 Mar  7 18:50 .

    drwxr-xr-x+ 51 501  20  - 1734 Mar  8 20:49 ..

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -rw-------   1 501  20  - 1766 Jan 27 14:34 github_rsa

    -rw-r--r--   1 501  20  -  397 Jan 27 14:34 github_rsa.pub

    -rw-r--r--   1 501  20  -  611 Feb 23 15:07 id_dsa.pub

    -rw-------   1 501  20  - 1675 Mar  1 17:24 id_rsa

    -rw-r--r--   1 501  20  -  403 Mar  1 17:24 id_rsa.pub

    -rwxrwxrwx   1 501  20  - 1692 Mar  6 08:09 indgo.pem

    -rw-r--r--   1 501  20  - 1681 Mar  6 08:20 known_hosts

    -rw-r--r--   1 501  20  -  415 Feb 23 12:03 known_hosts.back

     

    It may be worthwhile mentioning that ssh does work in the following scenarios:

     

    a. if i switch user to root (su -) or even su matanya

    b. if i run `unset SSH_AUTH_SOCK`

  • matfish2 Level 1 Level 1 (0 points)

    @etresoft, I've tried this already. renamed the existing .ssh folder, and created a fresh one. Didn't work

  • BobHarris Level 6 Level 6 (14,670 points)

    I think Linc has figured out your problem.

     

    There are a handful of files and directories that must have restrictive permissions or ssh will not allow a connection.

     

    The ssh man page lists all the files and required permissions.

     

    Looking at your ls output I see the .ssh directory is too permissive. If that is wrong, even after recreating, then chances are other critical ssh files or directories are wrong. Read the ssh man page, find every file and directory mentioned and make sure there permissions are correct. Make sure to use the ls options Linc gave you.

  • BobHarris Level 6 Level 6 (14,670 points)

    Also keep in mind that both local AND remote ssh files must have correct permissions to make a secure connection. Check both systems.

  • matfish2 Level 1 Level 1 (0 points)

    @BobHarris, I'm pretty sure the problem is with my local ssh. When I try to ssh as root user, or even If I explicity change to my own user (su matanya) it does work.

     

    I've also reset my permission on both .ssh folder and the home folder, to deny write permission from others and group (chmod go-w) but the problem persists

     

    I think the key to the mystery lies in the system log

     

    Mar  6 10:28:27 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent[575]): Exited with code: 1

        Mar  6 10:28:27 matanyas-imac com.apple.launchd.peruser.501[235] (org.openbsd.ssh-agent): Throttling respawn: Will start in 10 seconds

     

    The same message would repeat itself infinitely until I reboot

  • Linc Davis Level 10 Level 10 (146,980 points)

    I'll take your word for it that you've fixed the permissions. Is ssh-agent in fact running?

  • etresoft Level 7 Level 7 (25,620 points)

    If it works with another user, but not your own, and not with your own user via non-traditional means, then it is probably your shell startup scripts.

     

    Open a few terminal windows. Move aside your shell startup scripts. Open a new terminal window and try it again. Then find out what from your old startup scripts is causing the problem.

  • matfish2 Level 1 Level 1 (0 points)

    here is the new output for ls -Oaeln .ssh:

     

    total 72

    drwxr-xr-x  11 501  20  -  374 Mar  9 15:34 .

    drwxr-xr-x+ 51 501  20  - 1734 Mar  8 20:49 ..

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -rw-r--r--   1 0    20  -   60 Mar  9 15:34 config

    -rw-------   1 501  20  - 1766 Jan 27 14:34 github_rsa

    -rw-r--r--   1 501  20  -  397 Jan 27 14:34 github_rsa.pub

    -rw-r--r--   1 501  20  -  611 Feb 23 15:07 id_dsa.pub

    -rw-------   1 501  20  - 1675 Mar  1 17:24 id_rsa

    -rw-r--r--   1 501  20  -  403 Mar  1 17:24 id_rsa.pub

    -rwxr-xr-x   1 501  20  - 1692 Mar  6 08:09 indgo.pem

    -rw-r--r--   1 501  20  - 1681 Mar  6 08:20 known_hosts

    -rw-r--r--   1 501  20  -  415 Feb 23 12:03 known_hosts.back

     

    How do I check if ssh-agent is running?

  • matfish2 Level 1 Level 1 (0 points)

    etresoft wrote:

     

    If it works with another user, but not your own, and not with your own user via non-traditional means, then it is probably your shell startup scripts.

    This isn't the case: It doesn't work with any user (root or matanya) until I explicitly switch user using `su -` or `su matanya`. Then it works for the account I switched too - be it root or matanya. Any transition works (i.e. root-root, root-matanya, matanya-root, matanya-matanya)

     

    That is: the problem doesn't seem to be account-specific

  • etresoft Level 7 Level 7 (25,620 points)

    Then perhaps you should review what system modifications you have made and undo them. If that fails, reinstall the operating system.

  • Linc Davis Level 10 Level 10 (146,980 points)

    How do I check if ssh-agent is running?

     

    Activity Monitor.

  • matfish2 Level 1 Level 1 (0 points)

    Linc Davis wrote:

     

    Is ssh-agent in fact running?

    No. It is not running even when I do manage to connect the remote host after using 'su'

Previous 1 2 Next