Centos 7 & Azure: ssh_exchange_identification: read: Operation timed outssh authentication nfsCentos 5...
How to deny access to SQL Server to certain login over SSMS, but allow over .Net SqlClient Data Provider
Avoiding unpacking an array when altering its dimension
Is divide-by-zero a security vulnerability?
I can't die. Who am I?
Skis versus snow shoes - when to choose which for travelling the backcountry?
Did Amazon pay $0 in taxes last year?
What are these green text/line displays shown during the livestream of Crew Dragon's approach to dock with the ISS?
What is the difference between ashamed and shamed?
Can you use a beast's innate abilities while polymorphed?
Is the set of paths between any two points moving only in units on the plane countable or uncountable?
Why do members of Congress in committee hearings ask witnesses the same question multiple times?
What if I store 10TB on azure servers and then keep the vm powered off?
Replacement ford fiesta radiator has extra hose
How to approximate rolls for potions of healing using only d6's?
What is the difference between throw e and throw new Exception(e)?
How to mitigate "bandwagon attacking" from players?
Which aircraft had such a luxurious-looking navigator's station?
Is there a German word for “analytics”?
Equivalent to "source" in OpenBSD?
What type of postprocessing gives the effect of people standing out
Series pass transistor, LM7812
Second-rate spelling
Accessing something inside the object when you don't know the key
Where is this triangular-shaped space station from?
Centos 7 & Azure: ssh_exchange_identification: read: Operation timed out
ssh authentication nfsCentos 5 VPS: sshd freezesssh_exchange_identification: Connection closed by remote hostsshd on mac does no longer accept connections in inetd (-i) mode, but does in do not detach mode (-D), how to fix?SSH X11 not workingLoggin in ssh server: Permission denied, please try againOpenSSH disable ControlMaster for given hostnamessh_exchange_identification: read: Operation timed outIs it possible to ssh or rsync into a system whose file-system has remounted itself read-only?ssh connection : ssh_exchange_identification: read: Operation timed out
I'm trying to acces one of my recently deployed azure machines via SSH. When i try to do so i am getting the error: ssh_exchange_identification: read: Operation timed out. I have not been able to acces this server before using this way however i am able to connect to the server using the serial console so i can change configuration in this machine.
I have checked the ssh_config and the sshd_config and compared them to a working machine and these all seem to be correct. The hosts.allow and hosts.deny are empty but when i add sshd: All to hosts.Allow it has no effect.
The azure firewall allows for usage of port 22 and Firewalld and Selinux have been disabled. Iptables does not seem to be relevant in Centos 7 but has been disabled anyway.
Executing a azure redeploy, reset password, reset ssh public key or a reset configuration have no effect as does the creation of a new azure vdi.
using "tail -f /var/log/secure" or "tail -f /var/log/messages" produced no results.
results of ssh lstoep001@10.61.123.17 -v :
OpenSSH_7.8p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 10.61.123.17 [10.61.123.17] port 22.
debug1: Connection established.
debug1: identity file /Users/lstoep001/.ssh/id_rsa type 0
debug1: identity file /Users/lstoep001/.ssh/id_rsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_dsa type -1
debug1: identity file /Users/lstoep001/.ssh/id_dsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_ecdsa type -1
debug1: identity file /Users/lstoep001/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_ed25519 type -1
debug1: identity file /Users/lstoep001/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_xmss type -1
debug1: identity file /Users/lstoep001/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
After using command /usr/sbin/sshd -ddd -D -e:
[lstoep]@nl-zwescijelv001 ~]$ sudo /usr/sbin/sshd -ddd -D -e
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 737
debug2: parse_server_config: config /etc/ssh/sshd_config len 737
debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:25 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:26 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: /etc/ssh/sshd_config:33 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:48 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:66 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:70 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:80 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:81 setting GSSAPICleanupCredentials no
debug3: /etc/ssh/sshd_config:97 setting UsePAM yes
debug3: /etc/ssh/sshd_config:103 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:114 setting ClientAliveInterval 180
debug3: /etc/ssh/sshd_config:128 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:129 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:130 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:131 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:134 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:1+4l5FdG3yg7Z7rYhzkLh09GEd+1kpVKKMW6wC+9EGc
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:iqOcTP3JTv15EQ6rKGocP2jmP0Z0QQ4c/404sTXcTzI
debug1: private host key #2: ssh-ed25519 SHA256:hcEchCo/rbt56TVziD51gLls8vl2GOZxILy/xMldo8I
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-D'
debug1: rexec_argv[3]='-e'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
===========After trying to connect===============
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 737
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config: config rexec len 737
debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:25 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: rexec:26 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: rexec:33 setting SyslogFacility AUTHPRIV
debug3: rexec:48 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: rexec:66 setting PasswordAuthentication yes
debug3: rexec:70 setting ChallengeResponseAuthentication no
debug3: rexec:80 setting GSSAPIAuthentication yes
debug3: rexec:81 setting GSSAPICleanupCredentials no
debug3: rexec:97 setting UsePAM yes
debug3: rexec:103 setting X11Forwarding yes
debug3: rexec:114 setting ClientAliveInterval 180
debug3: rexec:128 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: rexec:129 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: rexec:130 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: rexec:131 setting AcceptEnv XMODIFIERS
debug3: rexec:134 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:1+4l5FdG3yg7Z7rYhzkLh09GEd+1kpVKKMW6wC+9EGc
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:iqOcTP3JTv15EQ6rKGocP2jmP0Z0QQ4c/404sTXcTzI
debug1: private host key #2: ssh-ed25519 SHA256:hcEchCo/rbt56TVziD51gLls8vl2GOZxILy/xMldo8I
debug1: inetd sockets after dupping: 3, 3
Connection from 10.35.4.54 port 63036 on 10.61.123.17 port 22
content of /var/log/secure:
Feb 26 06:41:50 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/systemctl stop sshd
Feb 26 06:41:50 nl-zwescijelv001 polkitd[532]: Registered Authentication Agent for unix-process:32054:5611464 (system bus name :1.2646 [/usr/bin/pkttyagent--notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Feb 26 06:41:50 nl-zwescijelv001 sshd[869]: Received signal 15; terminating.
Feb 26 06:41:50 nl-zwescijelv001 polkitd[532]: Unregistered Authentication Agent for unix-process:32054:5611464 (system bus name :1.2646, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Feb 26 06:42:18 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:44:59 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:45:17 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:47:39 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd -D -e
Feb 26 06:49:35 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd -D -e
Feb 26 06:50:22 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/systemctl start sshd
Feb 26 06:50:22 nl-zwescijelv001 polkitd[532]: Registered Authentication Agent for unix-process:32350:5662674 (system bus name :1.2675 [/usr/bin/pkttyagent--notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Feb 26 06:50:22 nl-zwescijelv001 sshd[32356]: Server listening on 0.0.0.0 port 22.
Feb 26 06:50:22 nl-zwescijelv001 sshd[32356]: Server listening on :: port 22.
Feb 26 06:50:22 nl-zwescijelv001 polkitd[532]: Unregistered Authentication Agent for unix-process:32350:5662674 (system bus name :1.2675, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Feb 26 06:51:08 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/tail -f /var/log/secure
Feb 26 06:51:37 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/tail -n 100 /var/log/secure
centos ssh security azure
|
show 1 more comment
I'm trying to acces one of my recently deployed azure machines via SSH. When i try to do so i am getting the error: ssh_exchange_identification: read: Operation timed out. I have not been able to acces this server before using this way however i am able to connect to the server using the serial console so i can change configuration in this machine.
I have checked the ssh_config and the sshd_config and compared them to a working machine and these all seem to be correct. The hosts.allow and hosts.deny are empty but when i add sshd: All to hosts.Allow it has no effect.
The azure firewall allows for usage of port 22 and Firewalld and Selinux have been disabled. Iptables does not seem to be relevant in Centos 7 but has been disabled anyway.
Executing a azure redeploy, reset password, reset ssh public key or a reset configuration have no effect as does the creation of a new azure vdi.
using "tail -f /var/log/secure" or "tail -f /var/log/messages" produced no results.
results of ssh lstoep001@10.61.123.17 -v :
OpenSSH_7.8p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 10.61.123.17 [10.61.123.17] port 22.
debug1: Connection established.
debug1: identity file /Users/lstoep001/.ssh/id_rsa type 0
debug1: identity file /Users/lstoep001/.ssh/id_rsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_dsa type -1
debug1: identity file /Users/lstoep001/.ssh/id_dsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_ecdsa type -1
debug1: identity file /Users/lstoep001/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_ed25519 type -1
debug1: identity file /Users/lstoep001/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_xmss type -1
debug1: identity file /Users/lstoep001/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
After using command /usr/sbin/sshd -ddd -D -e:
[lstoep]@nl-zwescijelv001 ~]$ sudo /usr/sbin/sshd -ddd -D -e
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 737
debug2: parse_server_config: config /etc/ssh/sshd_config len 737
debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:25 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:26 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: /etc/ssh/sshd_config:33 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:48 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:66 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:70 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:80 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:81 setting GSSAPICleanupCredentials no
debug3: /etc/ssh/sshd_config:97 setting UsePAM yes
debug3: /etc/ssh/sshd_config:103 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:114 setting ClientAliveInterval 180
debug3: /etc/ssh/sshd_config:128 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:129 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:130 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:131 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:134 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:1+4l5FdG3yg7Z7rYhzkLh09GEd+1kpVKKMW6wC+9EGc
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:iqOcTP3JTv15EQ6rKGocP2jmP0Z0QQ4c/404sTXcTzI
debug1: private host key #2: ssh-ed25519 SHA256:hcEchCo/rbt56TVziD51gLls8vl2GOZxILy/xMldo8I
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-D'
debug1: rexec_argv[3]='-e'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
===========After trying to connect===============
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 737
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config: config rexec len 737
debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:25 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: rexec:26 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: rexec:33 setting SyslogFacility AUTHPRIV
debug3: rexec:48 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: rexec:66 setting PasswordAuthentication yes
debug3: rexec:70 setting ChallengeResponseAuthentication no
debug3: rexec:80 setting GSSAPIAuthentication yes
debug3: rexec:81 setting GSSAPICleanupCredentials no
debug3: rexec:97 setting UsePAM yes
debug3: rexec:103 setting X11Forwarding yes
debug3: rexec:114 setting ClientAliveInterval 180
debug3: rexec:128 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: rexec:129 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: rexec:130 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: rexec:131 setting AcceptEnv XMODIFIERS
debug3: rexec:134 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:1+4l5FdG3yg7Z7rYhzkLh09GEd+1kpVKKMW6wC+9EGc
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:iqOcTP3JTv15EQ6rKGocP2jmP0Z0QQ4c/404sTXcTzI
debug1: private host key #2: ssh-ed25519 SHA256:hcEchCo/rbt56TVziD51gLls8vl2GOZxILy/xMldo8I
debug1: inetd sockets after dupping: 3, 3
Connection from 10.35.4.54 port 63036 on 10.61.123.17 port 22
content of /var/log/secure:
Feb 26 06:41:50 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/systemctl stop sshd
Feb 26 06:41:50 nl-zwescijelv001 polkitd[532]: Registered Authentication Agent for unix-process:32054:5611464 (system bus name :1.2646 [/usr/bin/pkttyagent--notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Feb 26 06:41:50 nl-zwescijelv001 sshd[869]: Received signal 15; terminating.
Feb 26 06:41:50 nl-zwescijelv001 polkitd[532]: Unregistered Authentication Agent for unix-process:32054:5611464 (system bus name :1.2646, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Feb 26 06:42:18 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:44:59 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:45:17 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:47:39 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd -D -e
Feb 26 06:49:35 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd -D -e
Feb 26 06:50:22 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/systemctl start sshd
Feb 26 06:50:22 nl-zwescijelv001 polkitd[532]: Registered Authentication Agent for unix-process:32350:5662674 (system bus name :1.2675 [/usr/bin/pkttyagent--notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Feb 26 06:50:22 nl-zwescijelv001 sshd[32356]: Server listening on 0.0.0.0 port 22.
Feb 26 06:50:22 nl-zwescijelv001 sshd[32356]: Server listening on :: port 22.
Feb 26 06:50:22 nl-zwescijelv001 polkitd[532]: Unregistered Authentication Agent for unix-process:32350:5662674 (system bus name :1.2675, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Feb 26 06:51:08 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/tail -f /var/log/secure
Feb 26 06:51:37 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/tail -n 100 /var/log/secure
centos ssh security azure
1
Check your Azure firewall again.
– Michael Hampton♦
Feb 25 at 18:28
Have done so a few times and port 22 is specifically allowed for all devices in this subnet. Also in the -v log it states: "Connection established" so i would assume that it got through the firewall. What do you think i missed?
– Laurens Van Der Stoep
Feb 25 at 18:34
I think I would run sshd in debugging mode to see if any more useful information comes out.
– Michael Hampton♦
Feb 25 at 18:55
contains liddle additional info. Option used: -vvv OpenSSH_7.8p1, LibreSSL 2.7.3 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 48: Applying options for * debug2: resolve_canonicalize: hostname 10.61.130.17 is address debug2: ssh_connect_direct debug1: Connecting to 10.61.130.17 [10.61.130.17] port 22. debug1: Connection established.
– Laurens Van Der Stoep
Feb 25 at 19:03
That's ssh, not sshd.
– Michael Hampton♦
Feb 25 at 19:21
|
show 1 more comment
I'm trying to acces one of my recently deployed azure machines via SSH. When i try to do so i am getting the error: ssh_exchange_identification: read: Operation timed out. I have not been able to acces this server before using this way however i am able to connect to the server using the serial console so i can change configuration in this machine.
I have checked the ssh_config and the sshd_config and compared them to a working machine and these all seem to be correct. The hosts.allow and hosts.deny are empty but when i add sshd: All to hosts.Allow it has no effect.
The azure firewall allows for usage of port 22 and Firewalld and Selinux have been disabled. Iptables does not seem to be relevant in Centos 7 but has been disabled anyway.
Executing a azure redeploy, reset password, reset ssh public key or a reset configuration have no effect as does the creation of a new azure vdi.
using "tail -f /var/log/secure" or "tail -f /var/log/messages" produced no results.
results of ssh lstoep001@10.61.123.17 -v :
OpenSSH_7.8p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 10.61.123.17 [10.61.123.17] port 22.
debug1: Connection established.
debug1: identity file /Users/lstoep001/.ssh/id_rsa type 0
debug1: identity file /Users/lstoep001/.ssh/id_rsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_dsa type -1
debug1: identity file /Users/lstoep001/.ssh/id_dsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_ecdsa type -1
debug1: identity file /Users/lstoep001/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_ed25519 type -1
debug1: identity file /Users/lstoep001/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_xmss type -1
debug1: identity file /Users/lstoep001/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
After using command /usr/sbin/sshd -ddd -D -e:
[lstoep]@nl-zwescijelv001 ~]$ sudo /usr/sbin/sshd -ddd -D -e
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 737
debug2: parse_server_config: config /etc/ssh/sshd_config len 737
debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:25 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:26 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: /etc/ssh/sshd_config:33 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:48 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:66 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:70 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:80 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:81 setting GSSAPICleanupCredentials no
debug3: /etc/ssh/sshd_config:97 setting UsePAM yes
debug3: /etc/ssh/sshd_config:103 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:114 setting ClientAliveInterval 180
debug3: /etc/ssh/sshd_config:128 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:129 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:130 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:131 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:134 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:1+4l5FdG3yg7Z7rYhzkLh09GEd+1kpVKKMW6wC+9EGc
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:iqOcTP3JTv15EQ6rKGocP2jmP0Z0QQ4c/404sTXcTzI
debug1: private host key #2: ssh-ed25519 SHA256:hcEchCo/rbt56TVziD51gLls8vl2GOZxILy/xMldo8I
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-D'
debug1: rexec_argv[3]='-e'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
===========After trying to connect===============
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 737
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config: config rexec len 737
debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:25 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: rexec:26 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: rexec:33 setting SyslogFacility AUTHPRIV
debug3: rexec:48 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: rexec:66 setting PasswordAuthentication yes
debug3: rexec:70 setting ChallengeResponseAuthentication no
debug3: rexec:80 setting GSSAPIAuthentication yes
debug3: rexec:81 setting GSSAPICleanupCredentials no
debug3: rexec:97 setting UsePAM yes
debug3: rexec:103 setting X11Forwarding yes
debug3: rexec:114 setting ClientAliveInterval 180
debug3: rexec:128 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: rexec:129 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: rexec:130 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: rexec:131 setting AcceptEnv XMODIFIERS
debug3: rexec:134 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:1+4l5FdG3yg7Z7rYhzkLh09GEd+1kpVKKMW6wC+9EGc
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:iqOcTP3JTv15EQ6rKGocP2jmP0Z0QQ4c/404sTXcTzI
debug1: private host key #2: ssh-ed25519 SHA256:hcEchCo/rbt56TVziD51gLls8vl2GOZxILy/xMldo8I
debug1: inetd sockets after dupping: 3, 3
Connection from 10.35.4.54 port 63036 on 10.61.123.17 port 22
content of /var/log/secure:
Feb 26 06:41:50 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/systemctl stop sshd
Feb 26 06:41:50 nl-zwescijelv001 polkitd[532]: Registered Authentication Agent for unix-process:32054:5611464 (system bus name :1.2646 [/usr/bin/pkttyagent--notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Feb 26 06:41:50 nl-zwescijelv001 sshd[869]: Received signal 15; terminating.
Feb 26 06:41:50 nl-zwescijelv001 polkitd[532]: Unregistered Authentication Agent for unix-process:32054:5611464 (system bus name :1.2646, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Feb 26 06:42:18 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:44:59 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:45:17 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:47:39 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd -D -e
Feb 26 06:49:35 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd -D -e
Feb 26 06:50:22 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/systemctl start sshd
Feb 26 06:50:22 nl-zwescijelv001 polkitd[532]: Registered Authentication Agent for unix-process:32350:5662674 (system bus name :1.2675 [/usr/bin/pkttyagent--notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Feb 26 06:50:22 nl-zwescijelv001 sshd[32356]: Server listening on 0.0.0.0 port 22.
Feb 26 06:50:22 nl-zwescijelv001 sshd[32356]: Server listening on :: port 22.
Feb 26 06:50:22 nl-zwescijelv001 polkitd[532]: Unregistered Authentication Agent for unix-process:32350:5662674 (system bus name :1.2675, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Feb 26 06:51:08 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/tail -f /var/log/secure
Feb 26 06:51:37 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/tail -n 100 /var/log/secure
centos ssh security azure
I'm trying to acces one of my recently deployed azure machines via SSH. When i try to do so i am getting the error: ssh_exchange_identification: read: Operation timed out. I have not been able to acces this server before using this way however i am able to connect to the server using the serial console so i can change configuration in this machine.
I have checked the ssh_config and the sshd_config and compared them to a working machine and these all seem to be correct. The hosts.allow and hosts.deny are empty but when i add sshd: All to hosts.Allow it has no effect.
The azure firewall allows for usage of port 22 and Firewalld and Selinux have been disabled. Iptables does not seem to be relevant in Centos 7 but has been disabled anyway.
Executing a azure redeploy, reset password, reset ssh public key or a reset configuration have no effect as does the creation of a new azure vdi.
using "tail -f /var/log/secure" or "tail -f /var/log/messages" produced no results.
results of ssh lstoep001@10.61.123.17 -v :
OpenSSH_7.8p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to 10.61.123.17 [10.61.123.17] port 22.
debug1: Connection established.
debug1: identity file /Users/lstoep001/.ssh/id_rsa type 0
debug1: identity file /Users/lstoep001/.ssh/id_rsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_dsa type -1
debug1: identity file /Users/lstoep001/.ssh/id_dsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_ecdsa type -1
debug1: identity file /Users/lstoep001/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_ed25519 type -1
debug1: identity file /Users/lstoep001/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/lstoep001/.ssh/id_xmss type -1
debug1: identity file /Users/lstoep001/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
After using command /usr/sbin/sshd -ddd -D -e:
[lstoep]@nl-zwescijelv001 ~]$ sudo /usr/sbin/sshd -ddd -D -e
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 737
debug2: parse_server_config: config /etc/ssh/sshd_config len 737
debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:25 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:26 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: /etc/ssh/sshd_config:33 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:48 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:66 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:70 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:80 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:81 setting GSSAPICleanupCredentials no
debug3: /etc/ssh/sshd_config:97 setting UsePAM yes
debug3: /etc/ssh/sshd_config:103 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:114 setting ClientAliveInterval 180
debug3: /etc/ssh/sshd_config:128 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:129 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:130 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:131 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:134 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:1+4l5FdG3yg7Z7rYhzkLh09GEd+1kpVKKMW6wC+9EGc
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:iqOcTP3JTv15EQ6rKGocP2jmP0Z0QQ4c/404sTXcTzI
debug1: private host key #2: ssh-ed25519 SHA256:hcEchCo/rbt56TVziD51gLls8vl2GOZxILy/xMldo8I
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-D'
debug1: rexec_argv[3]='-e'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
===========After trying to connect===============
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 737
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config: config rexec len 737
debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:25 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: rexec:26 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: rexec:33 setting SyslogFacility AUTHPRIV
debug3: rexec:48 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: rexec:66 setting PasswordAuthentication yes
debug3: rexec:70 setting ChallengeResponseAuthentication no
debug3: rexec:80 setting GSSAPIAuthentication yes
debug3: rexec:81 setting GSSAPICleanupCredentials no
debug3: rexec:97 setting UsePAM yes
debug3: rexec:103 setting X11Forwarding yes
debug3: rexec:114 setting ClientAliveInterval 180
debug3: rexec:128 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: rexec:129 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: rexec:130 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: rexec:131 setting AcceptEnv XMODIFIERS
debug3: rexec:134 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:1+4l5FdG3yg7Z7rYhzkLh09GEd+1kpVKKMW6wC+9EGc
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:iqOcTP3JTv15EQ6rKGocP2jmP0Z0QQ4c/404sTXcTzI
debug1: private host key #2: ssh-ed25519 SHA256:hcEchCo/rbt56TVziD51gLls8vl2GOZxILy/xMldo8I
debug1: inetd sockets after dupping: 3, 3
Connection from 10.35.4.54 port 63036 on 10.61.123.17 port 22
content of /var/log/secure:
Feb 26 06:41:50 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/systemctl stop sshd
Feb 26 06:41:50 nl-zwescijelv001 polkitd[532]: Registered Authentication Agent for unix-process:32054:5611464 (system bus name :1.2646 [/usr/bin/pkttyagent--notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Feb 26 06:41:50 nl-zwescijelv001 sshd[869]: Received signal 15; terminating.
Feb 26 06:41:50 nl-zwescijelv001 polkitd[532]: Unregistered Authentication Agent for unix-process:32054:5611464 (system bus name :1.2646, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Feb 26 06:42:18 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:44:59 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:45:17 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd
Feb 26 06:47:39 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd -D -e
Feb 26 06:49:35 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/usr/sbin/sshd -ddd -D -e
Feb 26 06:50:22 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/systemctl start sshd
Feb 26 06:50:22 nl-zwescijelv001 polkitd[532]: Registered Authentication Agent for unix-process:32350:5662674 (system bus name :1.2675 [/usr/bin/pkttyagent--notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Feb 26 06:50:22 nl-zwescijelv001 sshd[32356]: Server listening on 0.0.0.0 port 22.
Feb 26 06:50:22 nl-zwescijelv001 sshd[32356]: Server listening on :: port 22.
Feb 26 06:50:22 nl-zwescijelv001 polkitd[532]: Unregistered Authentication Agent for unix-process:32350:5662674 (system bus name :1.2675, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Feb 26 06:51:08 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/tail -f /var/log/secure
Feb 26 06:51:37 nl-zwescijelv001 sudo: lstoep : TTY=ttyS0 ; PWD=/home/lstoep ; USER=root ; COMMAND=/bin/tail -n 100 /var/log/secure
centos ssh security azure
centos ssh security azure
edited Feb 26 at 6:57
Laurens Van Der Stoep
asked Feb 25 at 17:12
Laurens Van Der StoepLaurens Van Der Stoep
11
11
1
Check your Azure firewall again.
– Michael Hampton♦
Feb 25 at 18:28
Have done so a few times and port 22 is specifically allowed for all devices in this subnet. Also in the -v log it states: "Connection established" so i would assume that it got through the firewall. What do you think i missed?
– Laurens Van Der Stoep
Feb 25 at 18:34
I think I would run sshd in debugging mode to see if any more useful information comes out.
– Michael Hampton♦
Feb 25 at 18:55
contains liddle additional info. Option used: -vvv OpenSSH_7.8p1, LibreSSL 2.7.3 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 48: Applying options for * debug2: resolve_canonicalize: hostname 10.61.130.17 is address debug2: ssh_connect_direct debug1: Connecting to 10.61.130.17 [10.61.130.17] port 22. debug1: Connection established.
– Laurens Van Der Stoep
Feb 25 at 19:03
That's ssh, not sshd.
– Michael Hampton♦
Feb 25 at 19:21
|
show 1 more comment
1
Check your Azure firewall again.
– Michael Hampton♦
Feb 25 at 18:28
Have done so a few times and port 22 is specifically allowed for all devices in this subnet. Also in the -v log it states: "Connection established" so i would assume that it got through the firewall. What do you think i missed?
– Laurens Van Der Stoep
Feb 25 at 18:34
I think I would run sshd in debugging mode to see if any more useful information comes out.
– Michael Hampton♦
Feb 25 at 18:55
contains liddle additional info. Option used: -vvv OpenSSH_7.8p1, LibreSSL 2.7.3 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 48: Applying options for * debug2: resolve_canonicalize: hostname 10.61.130.17 is address debug2: ssh_connect_direct debug1: Connecting to 10.61.130.17 [10.61.130.17] port 22. debug1: Connection established.
– Laurens Van Der Stoep
Feb 25 at 19:03
That's ssh, not sshd.
– Michael Hampton♦
Feb 25 at 19:21
1
1
Check your Azure firewall again.
– Michael Hampton♦
Feb 25 at 18:28
Check your Azure firewall again.
– Michael Hampton♦
Feb 25 at 18:28
Have done so a few times and port 22 is specifically allowed for all devices in this subnet. Also in the -v log it states: "Connection established" so i would assume that it got through the firewall. What do you think i missed?
– Laurens Van Der Stoep
Feb 25 at 18:34
Have done so a few times and port 22 is specifically allowed for all devices in this subnet. Also in the -v log it states: "Connection established" so i would assume that it got through the firewall. What do you think i missed?
– Laurens Van Der Stoep
Feb 25 at 18:34
I think I would run sshd in debugging mode to see if any more useful information comes out.
– Michael Hampton♦
Feb 25 at 18:55
I think I would run sshd in debugging mode to see if any more useful information comes out.
– Michael Hampton♦
Feb 25 at 18:55
contains liddle additional info. Option used: -vvv OpenSSH_7.8p1, LibreSSL 2.7.3 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 48: Applying options for * debug2: resolve_canonicalize: hostname 10.61.130.17 is address debug2: ssh_connect_direct debug1: Connecting to 10.61.130.17 [10.61.130.17] port 22. debug1: Connection established.
– Laurens Van Der Stoep
Feb 25 at 19:03
contains liddle additional info. Option used: -vvv OpenSSH_7.8p1, LibreSSL 2.7.3 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 48: Applying options for * debug2: resolve_canonicalize: hostname 10.61.130.17 is address debug2: ssh_connect_direct debug1: Connecting to 10.61.130.17 [10.61.130.17] port 22. debug1: Connection established.
– Laurens Van Der Stoep
Feb 25 at 19:03
That's ssh, not sshd.
– Michael Hampton♦
Feb 25 at 19:21
That's ssh, not sshd.
– Michael Hampton♦
Feb 25 at 19:21
|
show 1 more comment
1 Answer
1
active
oldest
votes
Well it appears that you cannot trust anyone. I talked to the firewall guys and they showed that the server dropped our requests and were adament that it concerned an issue on the machine which i continued to work on for a week.
After much insistence i got them to open the ssh port and the whole thing worked flawlessly.
You surely can't trust the firewall guys!
– Michael Hampton♦
2 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f955659%2fcentos-7-azure-ssh-exchange-identification-read-operation-timed-out%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Well it appears that you cannot trust anyone. I talked to the firewall guys and they showed that the server dropped our requests and were adament that it concerned an issue on the machine which i continued to work on for a week.
After much insistence i got them to open the ssh port and the whole thing worked flawlessly.
You surely can't trust the firewall guys!
– Michael Hampton♦
2 hours ago
add a comment |
Well it appears that you cannot trust anyone. I talked to the firewall guys and they showed that the server dropped our requests and were adament that it concerned an issue on the machine which i continued to work on for a week.
After much insistence i got them to open the ssh port and the whole thing worked flawlessly.
You surely can't trust the firewall guys!
– Michael Hampton♦
2 hours ago
add a comment |
Well it appears that you cannot trust anyone. I talked to the firewall guys and they showed that the server dropped our requests and were adament that it concerned an issue on the machine which i continued to work on for a week.
After much insistence i got them to open the ssh port and the whole thing worked flawlessly.
Well it appears that you cannot trust anyone. I talked to the firewall guys and they showed that the server dropped our requests and were adament that it concerned an issue on the machine which i continued to work on for a week.
After much insistence i got them to open the ssh port and the whole thing worked flawlessly.
answered 2 hours ago
Laurens Van Der StoepLaurens Van Der Stoep
11
11
You surely can't trust the firewall guys!
– Michael Hampton♦
2 hours ago
add a comment |
You surely can't trust the firewall guys!
– Michael Hampton♦
2 hours ago
You surely can't trust the firewall guys!
– Michael Hampton♦
2 hours ago
You surely can't trust the firewall guys!
– Michael Hampton♦
2 hours ago
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f955659%2fcentos-7-azure-ssh-exchange-identification-read-operation-timed-out%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Check your Azure firewall again.
– Michael Hampton♦
Feb 25 at 18:28
Have done so a few times and port 22 is specifically allowed for all devices in this subnet. Also in the -v log it states: "Connection established" so i would assume that it got through the firewall. What do you think i missed?
– Laurens Van Der Stoep
Feb 25 at 18:34
I think I would run sshd in debugging mode to see if any more useful information comes out.
– Michael Hampton♦
Feb 25 at 18:55
contains liddle additional info. Option used: -vvv OpenSSH_7.8p1, LibreSSL 2.7.3 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 48: Applying options for * debug2: resolve_canonicalize: hostname 10.61.130.17 is address debug2: ssh_connect_direct debug1: Connecting to 10.61.130.17 [10.61.130.17] port 22. debug1: Connection established.
– Laurens Van Der Stoep
Feb 25 at 19:03
That's ssh, not sshd.
– Michael Hampton♦
Feb 25 at 19:21