HPE Community
Operating System - HP-UX
1829578 Members
6088 Online
109992 Solutions
New Discussion

SSH problem between VLANS

 
patrick coutinho
Frequent Advisor

‎05-31-2004 07:39 AM

‎05-31-2004 07:39 AM

SSH problem between VLANS

I have a strange problem with ssh our here.

We have a particular HP UX 11.11 server called APPLE on a VLAN say 173.20.100.x We have other servers on say 172.20.200.x

I am able to ssh from servers on 172.20.100.x to APPLE (on the same VLAN). But i cannot ssh to APPLE from other VLAN's.

ANy idea what the problem could be. The network guys say they are not restricing access. Also i can telnet fine from other VLAN's to APPLE.

Am attaching the debug of server and client connections.

Thanks in advance.

Pat

P.S. I had posted this earlier today in the LINUX forum. My apologies.
0 Kudos
Reply
9 REPLIES 9
patrick coutinho
Frequent Advisor

‎05-31-2004 07:44 AM

‎05-31-2004 07:44 AM

Re: SSH problem between VLANS

I did a :

telnet apple 22

output
--------
trying..
connected to gentst1.
escape character is '^]'.
SSH-2.0-OpenSSH_3.5pl

protocol mismatch
connection closed by foreign host
---------------------

rgds

Pat
0 Kudos
Reply
Abdul Rahiman
Esteemed Contributor

‎05-31-2004 09:25 AM

‎05-31-2004 09:25 AM

Re: SSH problem between VLANS

Few things to troubleshoot SSH connectivity issues,

One of the things you want to check is the version of openSSH package you are using on both servers. If their versions are different, you may want to make some configuration changes in the sshd_config file to run sshd in comatibility mode.

Also, try to do ssh in verbose mode and capture the handshake messages so that we can nail it down.
ssh -vv target

Also check the key length supported on each machine. Some versions are configured for 1024 key length and may not support 2Kb keys.

Please post the debug message to understand the errors.
No unix, no fun
0 Kudos
Reply
Abdul Rahiman
Esteemed Contributor

‎05-31-2004 09:36 AM

‎05-31-2004 09:36 AM

Re: SSH problem between VLANS

One more thing, check SSH protocol version 1.0 vs 2.0 on both servers.
No unix, no fun
0 Kudos
Reply
Abdul Rahiman
Esteemed Contributor

‎05-31-2004 09:42 AM

‎05-31-2004 09:42 AM

Re: SSH problem between VLANS

oops, I didn't see the debug message you posted earlier, my apologies.. I just saw them and the versions seem to be same on both servers.
No unix, no fun
0 Kudos
Reply
Jonathan Baker
Advisor

‎05-31-2004 06:19 PM

‎05-31-2004 06:19 PM

Re: SSH problem between VLANS

It looks like you are trying to telnet to the ssh port. This will give you the protocol error. To use the ssh port, use the ssh command eg.
ssh APPLE
0 Kudos
Reply
patrick coutinho
Frequent Advisor

‎05-31-2004 06:30 PM

‎05-31-2004 06:30 PM

Re: SSH problem between VLANS

Hi Jon,

I just ran the telnet command because someone in the forum (i had posted this before wrongly within the Linux forum), had asked me to run this command. That's why. I thought to include it here, in case it may be relevant.

BTW, the guys out here are thinking that the problem may be with the switch. Their thoughts are on the ARP tables.

We have rebooted the server to clear that side. Now we plan to clear the ARP tables on the switch.

What do you'll think about this ?

Rgds
0 Kudos
Reply
Jonathan Baker
Advisor

‎05-31-2004 06:56 PM

‎05-31-2004 06:56 PM

Re: SSH problem between VLANS

It wouldn't hurt. It's probably not relevant, but we had huge performance problems with ssh on one of our servers because we had our network card set to auto negotiate the duplex and the negotiation didn't work correctly with the switch. It might be worth checking the settings on the switch and your NIC.
0 Kudos
Reply
Jeroen Peereboom
Honored Contributor

‎05-31-2004 07:53 PM

‎05-31-2004 07:53 PM

Re: SSH problem between VLANS

Pat,

Since you can telnet to the box, flushing the ARP cache should not help. But who knows?
ARP is involved in both telnetting and sshing to the server.

Your telnet to the ssh port suggest routing is OK, athough one cannot be sure which route is taken. If all is well only one router should be involved?! Use tracert / traceroute to check.

Did you try another server on 100.x?
Can you ssh from 200.x to it?
And the other way around? Can you ssh from 100.x to 200.x?
If you can, it suggests that the problem is on the APPLE.

What surprises me in your sshd debug file is that no incoming request is shown. (But I'm not experienced in debugging sshd, so I don't know what to expect. You can check using another server what is to be expected.

JP.
0 Kudos
Reply
patrick coutinho
Frequent Advisor

‎05-31-2004 07:57 PM

‎05-31-2004 07:57 PM

Re: SSH problem between VLANS

Thanks everyone. The problem was with the switch. a configuration problem at the switch, to do with port access control. All fine now.

Points assigned.

Thanks & Regards,

Pat
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.