[Schomer]

I can't even begin to explain how frustrated I am.

I had a G4 with a clean install of Tiger setup. I turned on Remote Login (SSH) and I can SSH into the machine perfectly. Connections are quick. Everything works. Folks I work with are able to get into CVS just fine outside my router.

So, I buy a Mac Mini. Clean Tiger install. I turn on SSH. Change the router to point to that machine instead of the G4 (which is no longer on the network). No go.

ssh xx.xx.xx.xx just hangs until it eventually times out.

ssh -1 xx.xx.xx.xx comes back immediately, with "password:" and "response:". Entering a password then gives me "Connection closed by xx.xx.xx.xx." I can't use ssh -1 though, because I have guys using CVS and they need ssh 2.

I can FTP to the machine just fine. I can use the machine to get out to the net, anywhere, just fine. Everything is quick too. At one point, I even had Filemaker on the machine and clients were able to connect to it just fine.

So, I'm back at the beginning. Clean install. Nothing on the machine at all. Remote Login enabled. One user account. Still having problems.

I cannot for the life of me figure out how a clean install on the G4 works fine, but a clean install on the Mini doesn't.

So frustrated...

I have no firewall turned on anywhere. I cannot even ssh the Mini from the Mini.

I upgraded to 10.4.2. No difference.

In the Console, I see ""sshd[408]: fatal: timeout before authentication for 192.168.15.102" - the IP address being the machine I'm trying to ssh from. This is an internal machine. I have also tried machines external from my network, with the routing coming via the router in terms of how people outside the network reach my machine.

Any help, ideas, etc. would be most appreciated. I've been working on this, on and off, for two weeks.

Thanks!

Schomer

[P]

I've heard of problems with SSH in Tiger. Some people say the latest security update helped.

Could you try connecting with the verbose option, -v, and post the result here? You can add more "v"s to get even more verbose, so "ssh -vvv user@host" writes a good portion of Moby Dick every time you connect.

[Schomer]

Originally Posted by P

I've heard of problems with SSH in Tiger. Some people say the latest security update helped.

Could you try connecting with the verbose option, -v, and post the result here? You can add more "v"s to get even more verbose, so "ssh -vvv user@host" writes a good portion of Moby Dick every time you connect.

Thanks for showing an interest in helping. I really appreciate it. I will gladly repay the favor if you are able to assist in getting this working. (Do you have a handheld device? I make handheld software and could send you some free software)

I installed fresh copies of Tiger on my G4 and the Mini. The G4 worked fine. The mini doesn't. I ran the system update on it to get all the new 10.4.2 stuff also. The G4 is no longer with me, which is why I say "worked fine" instead of "works fine." I had to take it to the mac shop to trade it for the mini. :-)

I tried logging in with -vvv. You are right - lots of feedback! Here we go...

(BTW, I changed the IP/hostname in these notes to xx.xx.xx.xx. I'm not sure I want my hostname out there right now.)

I was watching the terminal while it was going and it hung on "Trying to reverse map address xx.xx.xx.xx." for a long time. Sounds like a possible DNS issue, maybe?

SchomerPowerBook:~ Schomer$ ssh -vvv xx.xx.xx.xx
OpenSSH_3.8.1p1, OpenSSL 0.9.7b 10 Apr 2003
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to xx.xx.xx.xx [xx.xx.xx.xx] port 22.
debug1: Connection established.
debug1: identity file /Users/Schomer/.ssh/identity type -1
debug1: identity file /Users/Schomer/.ssh/id_rsa type -1
debug1: identity file /Users/Schomer/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.8.1p1
debug1: match: OpenSSH_3.8.1p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug3: Trying to reverse map address xx.xx.xx.xx.
debug1: Miscellaneous failure
No credentials cache found

debug1: Miscellaneous failure
No credentials cache found

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[email protected],aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Write failed: Broken pipe

[schwaz80]

Looks as if it is looking for a trusted relationship. I am no ssh guru, but I'll look and see what I can find.

[Detrius]

If nothing else is working out, you can use fink to install a different version of the openssh software:

http://fink.sourceforge.net

[legacyb4]

Try this:

In /etc/sshd_config on your Mac mini, try changing the following line:

Code:
#UseDNS yes

to:

Code:
UseDNS no

and restart the sshd server (Remote Login).

From man sshd_config:

UseDNS
Specifies whether sshd should lookup the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address. The default is ``yes''.

[P]

I agree with the post above. DNS is handled by the daemon "lookupd" on Mac OS X, and that daemon has (IME) been extremely flakey lately. Make the change suggested to avoid the DNS lookup and see if that helps.

[mousehouse]

Agreed as well... This error usually appears because the system tries to match the forward and reverse DNS of the machine trying to connect. You could also try adding the IP of the machine(s) that is/are connecting to your /etc/hosts file, although I don't know if it's used in Tiger and only exists for legacy purposes...

[Gavin]

Are you using RSA keys? If so, try generating fresh ones.

Is it really a fresh install? Are you copying user data to the new machine? (As in your Home folder)
You may have brought something foreword that is machine dependent. Maybe try zapping the /Users/Schomer/.ssh folder.

Can you try logging in as another user? Add a brand new user and try to log in to that account.

[Schomer]

Wow. I swear I did this at least a couple times. Changing it to "UseDNS no" seems to have worked!!!

You guys have pulled me out of a two week headache! I can't thank you enough. Thanks, to all of you, who jumped in to help - much appreciated.