From nobody@FreeBSD.org  Tue May 31 02:38:57 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F009016A41C
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 31 May 2005 02:38:56 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D0ABB43D49
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 31 May 2005 02:38:56 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j4V2cuRP091916
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 31 May 2005 02:38:56 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j4V2cu2F091915;
	Tue, 31 May 2005 02:38:56 GMT
	(envelope-from nobody)
Message-Id: <200505310238.j4V2cu2F091915@www.freebsd.org>
Date: Tue, 31 May 2005 02:38:56 GMT
From: Eric Pretorious <eric@pretorious.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Unable to connect via SSH using protocol v2
X-Send-Pr-Version: www-2.3

>Number:         81689
>Category:       bin
>Synopsis:       Unable to connect via SSH using protocol v2
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 31 02:40:01 GMT 2005
>Closed-Date:    Mon Jul 16 13:00:22 GMT 2007
>Last-Modified:  Mon Jul 16 13:00:22 GMT 2007
>Originator:     Eric Pretorious
>Release:        RELENG_4_11_0_RELEASE
>Organization:
>Environment:
FreeBSD truckee.leaguehost.net 4.11-RELEASE FreeBSD 4.11-RELEASE #0: Fri Jan 21 17:21:22 GMT 2005  
>Description:
Attempting to connect to server via SSH using protocol v2 (default) fails. SSHD complains...
sshd[PID]: fatal: Timeout before authentication for [CLIENT_ADDR]
>How-To-Repeat:
1. Install FreeBSD 4.11.
2. Configure SSHD to run at start-up (manually via /etc/rc.conf or using /stand/sysinstall).
3. Complete the installation (i.e., shutdown and restart).
3. Login at console.
4. Verify that the interface has been assigned an IP address and that SSH has started (using `ifconfig` & `netstat -f inet -an`)
5. Attempt to SSH to the machine locally (i.e., using the machine's own IP address). e.g.,  `ssh me@172.16.0.2`
6. Attempt to SSH to the machine remotely (i.e., from a client on the LAN). e.g., `ssh me@172.16.0.2`

Both methods result in this error (on the console):
sshd[PID]: fatal: Timeout before authentication for [CLIENT_ADDR]

Specifying protocol v1 (i.e., `ssh -1 me@172.16.0.2`) allows a connection BUT is EXTREMELY slow to negotiate the connection/session.
>Fix:

>Release-Note:
>Audit-Trail:

From: Eric Pretorious <eric@pretorious.net>
To: bug-followup@freebsd.org, eric@pretorious.net
Cc:  
Subject: Re: gnu/81689: Unable to connect via SSH using protocol v2
Date: Mon, 30 May 2005 20:12:11 -0700

 I forgot to mention that attempting to SSH to the machine locally 
 _using_the_loopback_address_instead_of_the_interface_address_ (i.e., using 
 127.0.0.1) is successful. e.g.,  `ssh me@localhost`

From: Xin LI <delphij@frontfree.net>
To: Eric Pretorious <eric@pretorious.net>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: gnu/81689: Unable to connect via SSH using protocol v2
Date: Tue, 31 May 2005 11:57:45 +0800

 --=-WaHjeTHOK38D/dPOAnIb
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: quoted-printable
 
 Hi, Eric,
 
 =E5=9C=A8 2005-05-31=E4=BA=8C=E7=9A=84 02:38 +0000=EF=BC=8CEric Pretorious=
 =E5=86=99=E9=81=93=EF=BC=9A
 > >Description:
 > Attempting to connect to server via SSH using protocol v2 (default) fails=
 . SSHD complains...
 > sshd[PID]: fatal: Timeout before authentication for [CLIENT_ADDR]
 > >How-To-Repeat:
 > 1. Install FreeBSD 4.11.
 > 2. Configure SSHD to run at start-up (manually via /etc/rc.conf or using =
 /stand/sysinstall).
 > 3. Complete the installation (i.e., shutdown and restart).
 > 3. Login at console.
 > 4. Verify that the interface has been assigned an IP address and that SSH=
  has started (using `ifconfig` & `netstat -f inet -an`)
 > 5. Attempt to SSH to the machine locally (i.e., using the machine's own I=
 P address). e.g.,  `ssh me@172.16.0.2`
 > 6. Attempt to SSH to the machine remotely (i.e., from a client on the LAN=
 ). e.g., `ssh me@172.16.0.2`
 >=20
 > Both methods result in this error (on the console):
 > sshd[PID]: fatal: Timeout before authentication for [CLIENT_ADDR]
 >=20
 > Specifying protocol v1 (i.e., `ssh -1 me@172.16.0.2`) allows a connection=
  BUT is EXTREMELY slow to negotiate the connection/session.
 
 I bet that this is because some misconfiguration.  You may want to check
 your DNS server which should provide resolve/reverse resolve record for
 172.16.0.2, and its connection; a workaround for this issue is to add
 "UseDNS no" in your sshd configuration (i.e. /etc/ssh/sshd_config).
 
 Please consult sshd_config(5) for more information.
 
 Cheers,
 --=20
 Xin LI <delphij delphij net>  http://www.delphij.net/
 
 --=-WaHjeTHOK38D/dPOAnIb
 Content-Type: application/pgp-signature; name=signature.asc
 Content-Description: This is a digitally signed message part
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.1 (FreeBSD)
 
 iD8DBQBCm+C5/cVsHxFZiIoRAoX3AJsEQRh2R1ES9w03EAKIAc4WYbXKxQCfRigO
 29qgqteMHXAwIJ1WS/MIWtE=
 =X6YH
 -----END PGP SIGNATURE-----
 
 --=-WaHjeTHOK38D/dPOAnIb--
 

From: Maxim Konovalov <maxim@macomnet.ru>
To: Eric Pretorious <eric@pretorious.net>
Cc: bug-followup@freebsd.org
Subject: Re: gnu/81689: Unable to connect via SSH using protocol v2
Date: Tue, 31 May 2005 08:58:26 +0400 (MSD)

 Reverse resolving problem.  Set
 
 UseDNS no
 
 in /etc/ssh/sshd_config, restart sshd and try again.
 
 -- 
 Maxim Konovalov

From: Eric Pretorious <eric@pretorious.net>
To: bug-followup@freebsd.org
Cc: Maxim Konovalov <maxim@macomnet.ru>,
	Xin LI <delphij@frontfree.net>
Subject: Re: gnu/81689: Unable to connect via SSH using protocol v2
Date: Mon, 30 May 2005 22:30:00 -0700

 Thanks, Maxim. Thanks, Xin.
 
 One thought, though: This problem didn't seem to exist with RELENG_4_10_RELEASE. Has there been a change in /etc/ssh/sshd_config?
 
 -- 
 Eric P.,
 Truckee, CA

From: Eric Pretorious <eric@pretorious.net>
To: bug-followup@freebsd.org
Cc: Maxim Konovalov <maxim@macomnet.ru>,
	Xin LI <delphij@frontfree.net>
Subject: Re: gnu/81689: Unable to connect via SSH using protocol v2
Date: Mon, 30 May 2005 22:36:51 -0700

 On Monday 30 May 2005 10:30 pm, Eric Pretorious wrote:
 >One thought, though: This problem didn't seem to exist with RELENG_4_10_RELEASE. Has there been a change in /etc/ssh/sshd_config?
 
 Maxim, Xin:
 
 There does NOT appear to be a 'UseDNS' directive in either the stock sshd_config file *or* in the sshd_config man page (5).
 
 -- 
 Eric P.,
 Truckee, CA

From: Xin LI <delphij@frontfree.net>
To: eric@pretorious.net
Cc: bug-followup@freebsd.org, Maxim Konovalov <maxim@macomnet.ru>
Subject: Re: gnu/81689: Unable to connect via SSH using protocol v2
Date: Tue, 31 May 2005 13:50:07 +0800

 --=-zIuZ6l61EqZAAVQnGYzF
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: quoted-printable
 
 Hi, Eric,
 
 =E5=9C=A8 2005-05-30=E4=B8=80=E7=9A=84 22:36 -0700=EF=BC=8CEric Pretorious=
 =E5=86=99=E9=81=93=EF=BC=9A
 > On Monday 30 May 2005 10:30 pm, Eric Pretorious wrote:
 > >One thought, though: This problem didn't seem to exist with RELENG_4_10_=
 RELEASE. Has there been a change in /etc/ssh/sshd_config?
 >=20
 > Maxim, Xin:
 >=20
 > There does NOT appear to be a 'UseDNS' directive in either the stock sshd=
 _config file *or* in the sshd_config man page (5).
 
 It appears in my sshd_config(5):
 
 %%% %%%
      UseDNS  Specifies whether sshd should lookup the remote host name=20
              and check that the resolved host name for the remote IP=20
              address maps back to the very same IP address.  The default
              is ``yes''.
 %%% %%%
 
 And also the source code of sshd(8):
 
 %%% %%%
 [delphij@spirit] /usr/src/crypto/openssh# grep UseDNS sshd_config
 #UseDNS yes
 %%% %%%
 
 So let's give the option a try :-)  In addition, what OpenSSH version
 are you running?  (try "telnet localhost 22")
 
 Cheers,
 --=20
 Xin LI <delphij delphij net>  http://www.delphij.net/
 
 --=-zIuZ6l61EqZAAVQnGYzF
 Content-Type: application/pgp-signature; name=signature.asc
 Content-Description: This is a digitally signed message part
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.1 (FreeBSD)
 
 iD8DBQBCm/sP/cVsHxFZiIoRAr53AJ9pSISrJjBDcMzmoFt5FLrdj1kh6ACfTTh2
 W1dclGSgmr8cVGryL3/p90o=
 =Gtt8
 -----END PGP SIGNATURE-----
 
 --=-zIuZ6l61EqZAAVQnGYzF--
 

From: Eric Pretorious <eric@pretorious.net>
To: delphij@delphij.net
Cc: bug-followup@freebsd.org, Maxim Konovalov <maxim@macomnet.ru>
Subject: Re: gnu/81689: Unable to connect via SSH using protocol v2
Date: Mon, 30 May 2005 23:24:37 -0700

 On Monday 30 May 2005 10:50 pm, Xin LI wrote:
 >So let's give the option a try :-)
 
 Uh-oh - Now I can't SSH into the box at all:
 
 >$ ssh eric@172.16.0.102
 >ssh: connect to host 172.16.0.102 port 22: Connection refused
 
 >In addition, what OpenSSH version are you running?  (try "telnet localhost 22")
 
 >$ telnet 172.16.0.102 22
 >Trying 172.16.0.102...
 >Connected to 172.16.0.102 (172.16.0.102).
 >Escape character is '^]'.
 >SSH-1.99-OpenSSH_3.5p1 FreeBSD-20030924
 
 -- 
 Eric P.,
 Truckee, CA

From: Eric Pretorious <eric@pretorious.net>
To: delphij@delphij.net
Cc: bug-followup@freebsd.org, Maxim Konovalov <maxim@macomnet.ru>
Subject: Re: gnu/81689: Unable to connect via SSH using protocol v2
Date: Mon, 30 May 2005 23:29:38 -0700

 On Monday 30 May 2005 11:24 pm, Eric Pretorious wrote:
 >On Monday 30 May 2005 10:50 pm, Xin LI wrote:
 >>So let's give the option a try :-)
 >
 >Uh-oh - Now I can't SSH into the box at all:
 >
 >>$ ssh eric@172.16.0.102
 >>ssh: connect to host 172.16.0.102 port 22: Connection refused
 
 During start-up I see the error:
 
 >Starting standard daemons: cron sshd/etc/sshd_config: Line 95: Bad configuration option: UseDNS
 
 -- 
 Eric P.,
 Truckee, CA

From: Maxim Konovalov <maxim@macomnet.ru>
To: Eric Pretorious <eric@pretorious.net>
Cc: delphij@delphij.net, bug-followup@freebsd.org
Subject: Re: gnu/81689: Unable to connect via SSH using protocol v2
Date: Tue, 31 May 2005 10:47:30 +0400 (MSD)

 Try VerifyReverseMapping no
 
 -- 
 Maxim Konovalov

From: Eric Pretorious <eric@pretorious.net>
To: Maxim Konovalov <maxim@macomnet.ru>
Cc: delphij@delphij.net, bug-followup@freebsd.org
Subject: Re: gnu/81689: Unable to connect via SSH using protocol v2
Date: Tue, 31 May 2005 00:11:32 -0700

 On Monday 30 May 2005 11:47 pm, Maxim Konovalov wrote:
 >Try VerifyReverseMapping no
 
 $ grep -i reverse /etc/ssh/sshd_config
 #VerifyReverseMapping no
 
 =46rom man 5 sshd_config:
 > VerifyReverseMapping
 > Specifies whether sshd should try to verify the remote host name
 > and check... The default is ``no''.
 
 =2D-=20
 Eric P.,
 Truckee, CA

From: Eric Pretorious <eric@pretorious.net>
To: Maxim Konovalov <maxim@macomnet.ru>
Cc: delphij@delphij.net, bug-followup@freebsd.org
Subject: Re: gnu/81689: Unable to connect via SSH using protocol v2
Date: Tue, 31 May 2005 22:38:27 -0700

 On Monday 30 May 2005 11:47 pm, Maxim Konovalov wrote:
 >Try VerifyReverseMapping no
 
 VerifyReverseMapping is turned OFF by default. Setting the value explicitly did not fix the problem.
 
 -- 
 Eric P.,
 Truckee, CA

From: Eric Pretorious <eric@pretorious.net>
To: bug-followup@freebsd.org, eric@pretorious.net
Cc:  
Subject: Re: gnu/81689: Unable to connect via SSH using protocol v2
Date: Tue, 31 May 2005 22:41:30 -0700

 I need to be clear about this: I am using the STOCK configuration file. (i.e., I have NOT modified /etc/ssh/sshd_config.)
 
 -- 
 Eric P.,
 Truckee, CA
State-Changed-From-To: open->feedback 
State-Changed-By: gavin 
State-Changed-When: Wed Jun 13 12:59:31 UTC 2007 
State-Changed-Why:  

To submitter: Is this still a problem on more recent versions 
of FreeBSD? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=81689 
State-Changed-From-To: feedback->closed 
State-Changed-By: gavin 
State-Changed-When: Mon Jul 16 12:58:39 UTC 2007 
State-Changed-Why:  
Feedback timeout (1 month) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=81689 
>Unformatted:
