ssh trouble checklist

Dave Yost Dave at Yost.com
Sat Jun 6 10:03:25 EST 2009


At 7:24 PM -0400 2009-06-05, Jim Knoble wrote:
>On 2009-06-05 02:04, Dave Yost wrote:
>
>: There should be a checklist of everything that can go wrong with
>: making an ssh connection.
>:
>: Here's one entry for the list, which I didn't know before, and
>:  * I couldn't see the problem from the -ddd and -vvv output, and
>:  * there were no /var/log/* file entries to give hints.
>:
>: Here's what I did
>:   sudo kill <pid-of-sshd>
>:   /usr/sbin/sshd
>
>Surely that should at least be 'sudo /usr/sbin/sshd',

that's what I meant

>so that sshd has
>privileges to listen on low-numbered ports and change UID, but see
>below.
>
>: No good.
>:
>: Usually I did kill -HUP, but once I just killed sshd outright.
>:
>: Gotta start sshd this way:
>:   /etc/init.d/sshd start
>:
>: At least on Fedora 11.
>  [...]
>
>Recent Fedoras, as well as RHEL v5 and CentOS v5, often have SELinux
>enabled, which requires that security contexts are set up properly.  The
>initscript will do that, but merely running sshd from the command won't.

what I figured.

>Also, Fedora/RedHat and cousins have /sbin/service which does a little
>bit more to set up an environment for daemons to run in (e.g., 'cd /'
>and clearing some environment).  Best is (as root):
>
>    /sbin/service sshd start
>
>on those platforms.

Thanks! Hope to see all this wisdom on the openssh web site someday.

>
>--
>jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/
>(GnuPG key ID: C6F31FFA  >>>>>>  http://www.pobox.com/~jmknoble/keys/ )
>(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)



More information about the openssh-unix-dev mailing list