problem of SSH

English Applications
1

Hello,

I have problems of SSH in Tumbeleweed. I cannot connect to a remote machine where Tumbeleweed was installed, if I don’t login to this machine physically. However, the ssh works if I login to it using any user physically.

I am just wondering how to solve this problem?

thanks a lot

Albert

2

Try “ssh -v”. Does the verbose output give any hints on what is going wrong?

3

here it is:

OpenSSH_7.9p1, OpenSSL 1.1.1b  26 Feb 2019

do you have any suggestions?

4

You took @nrickert’s instruction a little too literally and omitted the user and host, that’s just displaying the version info :slight_smile:

ssh -v user@host

5

Please copy/paste complete, that is including the prompt/command line and the new prompt line at the end.
Then we can all see what you typed and correct misuderstandings like this.

6

A couple of questions:

  • How was TW updated?
  • Any additional repos involved? Please show
zypper lr -d
  • Is the sshd.service enabled and running? Please show

sudo systemctl status sshd.service

This on the TW server.

7

The LEAP SSH documentation applies to Tumbleweed in this case

https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.ssh.html#sec.ssh.sshdserver

Both sections 15.4 and 15.5.
Question is whether you set up a certificate for authentication, or if you’re relying only on Username/password.
When your ssh fails connecting from the remote machine, post the exact command you used to connect and the error, it’ll probably tell you what the problem is… ie whether it’s a name resolution, bad password, bad routing or some other problem.
Also, when you connect from the machine itself, are you connecting to localhost/127.0.0.1? You shouldn’t use that to test, you should try connecting to the external IP address… the same address you should be using when connecting from another machine (eg 192.168.x.y).

If this was a new install and I’d expect to use SSH, this can be set up easily with zero pain by enabling SSH in the Installation summary (Default is not to set up SSH) and if you don’t want to enable immediately, then just leave the firewall port closed (also an Installation option).

TSU

8

Here is the output for command: ssh -v albert@hostname …

OpenSSH_7.9p1, OpenSSL 1.1.1b  26 Feb 2019 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: /etc/ssh/ssh_config line 20: Applying options for * 
debug1: Connecting to 192.20.124.144 [172.20.124.144] port 22. 
debug1: Connection established. 
debug1: identity file /home/alpha/.ssh/id_rsa type -1 
debug1: identity file /home/alpha/.ssh/id_rsa-cert type -1 
debug1: identity file /home/alpha/.ssh/id_dsa type -1 
debug1: identity file /home/alpha/.ssh/id_dsa-cert type -1 
debug1: identity file /home/alpha/.ssh/id_ecdsa type -1 
debug1: identity file /home/alpha/.ssh/id_ecdsa-cert type -1 
debug1: identity file /home/alpha/.ssh/id_ed25519 type -1 
debug1: identity file /home/alpha/.ssh/id_ed25519-cert type -1 
debug1: identity file /home/alpha/.ssh/id_xmss type -1 
debug1: identity file /home/alpha/.ssh/id_xmss-cert type -1 
debug1: Local version string SSH-2.0-OpenSSH_7.9 
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9 
debug1: match: OpenSSH_7.9 pat OpenSSH* compat 0x04000000 
debug1: Authenticating to 172.20.124.144:22 as 'albert' 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug1: kex: algorithm: curve25519-sha256 
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none 
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none 
debug1: kex: curve25519-sha256 need=64 dh_need=64 
debug1: kex: curve25519-sha256 need=64 dh_need=64 
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY 
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:zoW3iKudv+9pGj2P1lY1jdc66JKKKFdXn5OI6lBPt4w 
debug1: Host '192.20.124.144' is known and matches the ECDSA host key. 
debug1: Found key in /home/alpha/.ssh/known_hosts:12 
debug1: rekey after 134217728 blocks 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug1: SSH2_MSG_NEWKEYS received 
debug1: rekey after 134217728 blocks 
debug1: Will attempt key: /home/alpha/.ssh/id_rsa  
debug1: Will attempt key: /home/alpha/.ssh/id_dsa  
debug1: Will attempt key: /home/alpha/.ssh/id_ecdsa  
debug1: Will attempt key: /home/alpha/.ssh/id_ed25519  
debug1: Will attempt key: /home/alpha/.ssh/id_xmss  
debug1: SSH2_MSG_EXT_INFO received 
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa
-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,null> 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug1: Authentications that can continue: publickey,password,keyboard-interactive 
debug1: Next authentication method: publickey 
debug1: Trying private key: /home/alpha/.ssh/id_rsa 
debug1: Trying private key: /home/alpha/.ssh/id_dsa 
debug1: Trying private key: /home/alpha/.ssh/id_ecdsa 
debug1: Trying private key: /home/alpha/.ssh/id_ed25519 
debug1: Trying private key: /home/alpha/.ssh/id_xmss 
debug1: Next authentication method: keyboard-interactive 
Password:  
debug1: Authentication succeeded (keyboard-interactive). 
Authenticated to 192.20.124.144 ([192.20.124.144]:22). 
debug1: channel 0: new [client-session] 
debug1: Requesting no-more-sessions@openssh.com 
debug1: Entering interactive session. 
debug1: pledge: network 
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 
debug1: Sending environment. 
debug1: Sending env LANG = en_US.UTF-8 
debug1: Sending env LC_CTYPE = en_US.UTF-8 
Last login: Wed Jun 19 20:55:50 2019 from 172.20.126.218

here is output for command: zypper lr -d


# | Alias                           | Name                            | Enabled | GPG Check | Refresh | 
Priority | Type   | URI                                                                   | Service
--+---------------------------------+---------------------------------+---------+-----------+---------+-
---------+--------+-----------------------------------------------------------------------+--------
1 | cuda-10-1-local-10.1.168-418.67 | cuda-10-1-local-10.1.168-418.67 | Yes     | (r ) Yes  | No      | 
  99     | rpm-md | file:/var/cuda-repo-10-1-local-10.1.168-418.67                        |         
2 | openSUSE-20190612-0             | openSUSE-20190612-0             | No      | ----      | ----    | 
  99     | rpm-md | hd:/?device=/dev/disk/by-id/usb-Generic_Flash_Disk_73BB119C-0:0-part2 |         
3 | repo-debug                      | openSUSE-Tumbleweed-Debug       | No      | ----      | ----    | 
  99     | NONE   | http://download.opensuse.org/debug/tumbleweed/repo/oss/               |         
4 | repo-non-oss                    | openSUSE-Tumbleweed-Non-Oss     | Yes     | (r ) Yes  | Yes     | 
  99     | rpm-md | http://download.opensuse.org/tumbleweed/repo/non-oss/                 |         
5 | repo-oss                        | openSUSE-Tumbleweed-Oss         | Yes     | (r ) Yes  | Yes     | 
  99     | rpm-md | http://download.opensuse.org/tumbleweed/repo/oss/                     |         
6 | repo-source                     | openSUSE-Tumbleweed-Source      | No      | ----      | ----    | 
  99     | NONE   | http://download.opensuse.org/source/tumbleweed/repo/oss/              |         
7 | repo-update                     | openSUSE-Tumbleweed-Update      | Yes     | (r ) Yes  | Yes     | 
  99     | rpm-md | http://download.opensuse.org/update/tumbleweed/

here is output for command: sudo systemctl status sshd.service


**●** sshd.service - OpenSSH Daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled)
   Active: **active (running)** since Wed 2019-06-19 11:01:00 CST; 21h ago
 Main PID: 6329 (sshd)
    Tasks: 1
   Memory: 3.9M
   CGroup: /system.slice/sshd.service
           └─6329 /usr/sbin/sshd -D

Jun 19 19:53:45 cudaB sshd[60408]: pam_unix(sshd:session): session opened for user albert by (uid=0)
Jun 19 19:54:44 cudaB sshd[60454]: **gkr-pam: unable to locate daemon control file**
Jun 19 19:54:44 cudaB sshd[60452]: Accepted keyboard-interactive/pam for albert from 192.168.16.176 por>
Jun 19 19:54:44 cudaB sshd[60452]: pam_unix(sshd:session): session opened for user albert by (uid=0)
Jun 19 20:55:50 cudaB sshd[114967]: **gkr-pam: unable to locate daemon control file**
Jun 19 20:55:50 cudaB sshd[114965]: Accepted keyboard-interactive/pam for albert from 172.20.126.218 po>
Jun 19 20:55:50 cudaB sshd[114965]: pam_unix(sshd:session): session opened for user albert by (uid=0)
Jun 20 08:24:08 cudaB sshd[34490]: **gkr-pam: unable to locate daemon control file**
Jun 20 08:24:08 cudaB sshd[34488]: Accepted keyboard-interactive/pam for albert from 172.20.126.218 por>
Jun 20 08:24:08 cudaB sshd[34488]: pam_unix(sshd:session): session opened for user albert by (uid=0)

thanks a lot

9

There’s another thread that just started regarding gkr-pam about a “missing daemon control file,” don’t know if there is a TW problem running Gnome (GKR is supposed to be a subcomponent of GTK)

TSU

10

As a side note.
It is much easier for us, and I assume also for you, when you do include the line with the command in your copy/paste. One line more and you you can ommit the typing of

Here is the output for …

An example (that has nothing to do with your problem, but the ouput is short and I hope it shows what I mean):

henk@boven:~> uname -a
Linux boven 4.12.14-lp150.12.61-default #1 SMP Tue May 14 18:07:55 UTC 2019 (83c1242) x86_64 x86_64 x86_64 GNU/Linux
henk@boven:~>

Here you can see what command I used, what my working directory was, that I was a “nornal” user and what the complete output was. All for no more effort then copying two more lines.