On 27 January 2011 08:02, Christian Robottom Reis <k...@linaro.org> wrote:
> On Wed, Jan 26, 2011 at 09:02:02AM +0100, Mattias Backman wrote:
>> >> :~> ssh -v 91.189.90.11
>> >> OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
>> >> debug1: Reading configuration data /home/ebacmat/.ssh/config
>> >> debug1: Reading configuration data /etc/ssh/ssh_config
>> >> debug1: Applying options for *
>> >> debug1: Connecting to 91.189.90.11 [91.189.90.11] port 22.
>> >> debug1: connect to address 91.189.90.11 port 22: Connection timed out
>> >> ssh: connect to host 91.189.90.11 port 22: Connection timed out
>> >>
>> >> :~> ssh -v bazaar.launchpad.net
>> >> OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
>> >> debug1: Reading configuration data /home/ebacmat/.ssh/config
>> >> debug1: Applying options for *.launchpad.net
>> >> debug1: Reading configuration data /etc/ssh/ssh_config
>> >> debug1: Applying options for *
>> >> debug1: Executing proxy command: exec corkscrew proxy.mydomain.com
>> >> 8080 bazaar.launchpad.net 22 ~/.auth
>> >> debug1: permanently_drop_suid: 71419
>> >> debug1: identity file /home/ebacmat/.ssh/identity type -1
>> >> debug1: identity file /home/ebacmat/.ssh/id_rsa type -1
>> >> debug1: identity file /home/ebacmat/.ssh/id_dsa type -1
>> >> ssh_exchange_identification: Connection closed by remote host
>
> One thing that I don't quite understand: why did you actually manage to
> connect in the second session? It points to a configuration problem..
> but maybe this paste just isn't accurate.
>
Just tried to mask some network internals, but perhaps that's silly.
Here's what it looks like with strace:
steludxu1184:~> strace -f -econnect ssh -v bazaar.launchpad.net
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /home/ebacmat/.ssh/config
debug1: Applying options for *.launchpad.net
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1
ENOENT (No such file or directory)
debug1: Executing proxy command: exec corkscrew
lps1.lud.stericsson.com 8080 bazaar.launchpad.net 22 ~/.auth
Process 3250 attached
debug1: permanently_drop_suid: 71419
Process 3251 attached
Process 3251 detached
[pid 3250] --- SIGCHLD (Child exited) @ 0 (0) ---
[pid 3250] connect(4, {sa_family=AF_FILE,
path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or
directory)
[pid 3250] connect(4, {sa_family=AF_FILE,
path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or
directory)
[pid 3250] connect(4, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("10.211.0.100")}, 16) = 0
[pid 3250] connect(3, {sa_family=AF_INET, sin_port=htons(8080),
sin_addr=inet_addr("10.211.0.9")}, 16debug1: identity file
/home/ebacmat/.ssh/identity type -1
) = 0
debug1: identity file /home/ebacmat/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/ebacmat/.ssh/id_dsa type -1
Process 3250 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
ssh_exchange_identification: Connection closed by remote host
Something hangs forever just after the connect to the proxy
(10.211.0.9) until the session returns and I get the error. The same
happens to a server which responds to port 21, a long wait but then I
get the ssh login prompt.
>> I added the entire subnet which didn't help. The strace did tell me
>> that nothing happens after the call to the proxy. After quite a few
>> different attempts, I have tried to connect to a different server
>> which I happen to know has ssh servers on nearly every port. The
>> corkscrew solution works if I try to ssh to port 21 or 80, it does not
>> work for 22 or anything else. Seems that our proxy will only let
>> traffic out if it's bound for ftp or http ports.
>
> What division do you work within, and who is your manager? If you mail
> me privately, I'm happy to take this up and get this sorted for you.
Thank you very much. I'll send you an email right away.
> --
> Christian Robottom Reis | [+55] 16 9112 6430 | http://launchpad.net/~kiko
> Linaro Engineering VP | [ +1] 612 216 4935 | http://async.com.br/~kiko
>
_______________________________________________
linaro-dev mailing list
linaro-dev@lists.linaro.org
http://lists.linaro.org/mailman/listinfo/linaro-dev
