Solaris 11 ssh on machine with multiple Ethernet ports


 
Thread Tools Search this Thread
Operating Systems Solaris Solaris 11 ssh on machine with multiple Ethernet ports
# 1  
Old 05-15-2017
Solaris 11 ssh on machine with multiple Ethernet ports

I have a server with 6 Ethernet ports. 4 are the the motherboard based 1 GBE ports and 2 are 10 GBE ports on NICs.

I have set these all up with static IP addresses and use the standard /etc/nsswitch.files. My IP addresses are

Code:
net0 192.168.1.82
net1 192.168.2.82

and so on till
Code:
net5 192.168.6.82

I can ssh in as a user on any of the ports from net1 through net5. I can also telnet and rlogin through those interfaces.

However when I try and ssh in on net0 (192.168.1.82) there is this really long wait till the password prompt, and then I get a permission denied message.

This seems to fail on both sides. So if I log into my server (thorugh one of the interfaces that does allow a login and then try to go to some other machine on our network on the 192.168.1. subnet the exact same thing happens - it fails)

I can ping just fine on the 192.168.1. subnet, plus of course it is actively rejecting a password so I'm not sure if this is a hardware issue.

Any help would be mightly appreciated.

Last edited by rbatte1; 05-16-2017 at 08:08 AM..
# 2  
Old 05-16-2017
Hmm. What does
Code:
 dladm sho-phys

show? Are you on Solaris 11.3?
# 3  
Old 05-16-2017
Could this be a routing thing? i.e. there is no route out for 192.168.1.0/24

Can you show us the output from netstat -rn?

Perhaps a trace to check that you are actually connecting to the correct 192.168.1.82. It is possible that you are being routed off elsewhere when you try to connect in. What does traceroute 192.168.1.82 give you from the client end? - or tracert 192.168.1.82 on Windows. Is it what you expect and is it similar to trying to get to the other addresses? Perhaps you are being sent elsewhere and it is rightly rejecting your login attempt. You might need to look at ARP tables to make sure you are getting to the right card by checking the MAC address.


Sorry I can't give more help at the moment,
Robin
# 4  
Old 05-16-2017
Quote:
Originally Posted by jim mcnamara
Hmm. What does
Code:
 dladm sho-phys

show? Are you on Solaris 11.3?
I am on Solaris 11.3.

Code:
# dladm show-phys
LINK              MEDIA                STATE      SPEED  DUPLEX    DEVICE
net2              Ethernet             up         1000   full      bnx2
net1              Ethernet             down       0      unknown   bnx1
net0              Ethernet             up         1000   full      bnx0
net3              Ethernet             up         1000   full      bnx3
net5              Ethernet             up         10000  full      cxge0
net4              Ethernet             up         10000  full      ixgbe0

---------- Post updated at 09:47 AM ---------- Previous update was at 09:41 AM ----------

Quote:
Originally Posted by rbatte1
Could this be a routing thing? i.e. there is no route out for 192.168.1.0/24

Can you show us the output from netstat -rn?

Perhaps a trace to check that you are actually connecting to the correct 192.168.1.82. It is possible that you are being routed off elsewhere when you try to connect in. What does traceroute 192.168.1.82 give you from the client end? - or tracert 192.168.1.82 on Windows. Is it what you expect and is it similar to trying to get to the other addresses? Perhaps you are being sent elsewhere and it is rightly rejecting your login attempt. You might need to look at ARP tables to make sure you are getting to the right card by checking the MAC address.


Sorry I can't give more help at the moment,
Robin

Code:
# netstat -rn

Routing Table: IPv4
  Destination           Gateway           Flags  Ref     Use     Interface 
-------------------- -------------------- ----- ----- ---------- --------- 
default              10.1.10.1            UG        2          8 net3      
10.0.0.0             10.1.10.82           U         3          0 net3      
127.0.0.1            127.0.0.1            UH        2        158 lo0       
192.168.1.0          192.168.1.82         U         2          0 net0      
192.168.3.0          192.168.3.82         U         2          0 net2      
192.168.5.0          192.168.5.82         U         3         57 net4      
192.168.127.0        192.168.127.82       U         2          0 net5      

Routing Table: IPv6
  Destination/Mask            Gateway                   Flags Ref   Use    If   
--------------------------- --------------------------- ----- --- ------- ----- 
::1                         ::1                         UH      2       0 lo0



Code:
# traceroute 192.168.1.82
traceroute to 192.168.1.82 (192.168.1.82), 30 hops max, 60 byte packets
 1  192.168.1.82 (192.168.1.82)  0.604 ms  0.587 ms  0.571 ms

Of course like I mentioned I can ping the interface. It just doesn't seem to allow any traffic through it: ssh, telnet, rlogin, ftp all fail from the client to 192.168.1.82.

Similarly if I am on the server then ssh, telnet, rlogin, ftp to any other machine on our network fails as well. I've tried to set up public keys, shosts, rhosts, nothing gets me by it.

---------- Post updated at 09:52 AM ---------- Previous update was at 09:47 AM ----------

In case it helps, here's the output to a verbose ssh. The client machine is running Centos 7.3

Code:
# ssh -vvv 192.168.1.82 
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.82 [192.168.1.82] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug3: Incorrect RSA1 identifier
debug3: Could not load "/root/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type 2
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH_5* compat 0x0c000000
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "192.168.1.82" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: setup hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: bits set: 1532/3072
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 5e:4a:42:bf:ac:15:be:82:0a:dd:29:72:d6:7e:99:51
debug3: load_hostkeys: loading entries for host "192.168.1.82" from file "/root/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys
debug1: Host '192.168.1.82' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug2: bits set: 1526/3072
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa (0x7f2ce92965f0),
debug2: key: /root/.ssh/id_dsa (0x7f2ce929aaf0),
debug2: key: /root/.ssh/id_ecdsa ((nil)),
debug2: key: /root/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root@192.168.1.82's password: 
debug3: packet_send2: adding 64 (len 56 padlen 8 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password
Permission denied, please try again.
root@192.168.1.82's password:

The call hangs for a while on

Code:
expecting SSH2_MSG_KEX_DH_GEX_REPLY

and again at

Code:
key: /root/.ssh/id_ed25519 ((nil)),

This User Gave Thanks to ashlaw For This Post:
# 5  
Old 05-19-2017
What does the output from an
Code:
ssh -vvv ...

to one of the working IP addresses look like?

And do you have root access on the server?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Disable multiple ssh logins for an OS user in Solaris

Hi folks, I am fairly a beginner when it comes to Solaris OS administration, but part of my job somehow has scope to provide L1-level of OS administration over a few solaris servers. Now, we have a requirement to limit the number of simultaneous ssh logins/sessions to the server, sort of... (0 Replies)
Discussion started by: engrcha
0 Replies

2. AIX

Locating and Mapping Physical Ethernet Ports

Hello Everyone, Quick question, any short and fast way to locate and map the physical Ethernet ports on the physical server ? Server with expansion box has around 12 ethernet ports (fibre and ethernet) what is the quickest way to map or find out en0 represents which physical port ? ... (1 Reply)
Discussion started by: filosophizer
1 Replies

3. Red Hat

Block all ports of a particular machine

Dear Concern, I want to block all ports of a particular node (ip: 172.16.10.141) through iptables. My nodes ip addresses are as below:172.16.10.137 172.16.10.138 Please advise us. (0 Replies)
Discussion started by: makauser
0 Replies

4. Red Hat

iptables applied in local machine, can't ssh remote machine after chain changed to DROP

I want to SSH to 192.168.1.15 Server from my machine, my ip was 192.168.1.99 Source Destination was UP, with IP 192.168.1.15. This is LAN Network there are 30 Machine's Connected to the network and working fine, I'm Playing around the local machine's because I need to apply the same rules in... (2 Replies)
Discussion started by: babinlonston
2 Replies

5. Solaris

Solaris ssh client hangs when connecting to another Solaris machine

Got a strange problem. I have 4 Solaris servers all configured the same, Solaris 10 x86 update 10. When I try to ssh from one Solaris 10 server to another server ssh hangs. I have an identical server and when I try this everything works fine. The weird thing is if I am root on the server... (1 Reply)
Discussion started by: ccj4467
1 Replies

6. Solaris

Unable to login using ssh,telnet onto my solaris machine with solaris 10 installed

Hi, I am unable to login into my terminal hosting Solaris 10 and get the below error message "Server refused to allocate pty ld.so.1: sh: fatal: libc.so.1: open failed: No such file or directory " Is there anyways i can get into my machine and what kind of changes are required to be... (7 Replies)
Discussion started by: sankasu
7 Replies

7. Shell Programming and Scripting

ssh connection from remote machine in solaris

Hi! I have two solaris 10 machines(say 10.1.1.1,10.1.1.2). i have installed rsync on 10.1.1.2, 10.1.1.1::: Sun Microsystems Inc. SunOS 5.10 Generic January 2005 -bash-3.00$ ssh 10.1.1.2 "echo $PATH" Password:... (4 Replies)
Discussion started by: dddkiran
4 Replies

8. UNIX for Dummies Questions & Answers

Solaris 10: Cannot ssh into machine- authentication issues

Greetings! I just managed to install Solaris 10 on a Sparc based machine. However, there might be a problem with the way ssh is configured. I CAN ssh from the machine into another on the network (same subnet, as root), but then the newly installed machine CANNOT seem to accept incoming ssh... (2 Replies)
Discussion started by: agummad
2 Replies

9. UNIX for Dummies Questions & Answers

NTP idle ports and ethernet interfaces

I did a netstat -an and saw that ntp was listening on 4 UDP ports for each interface. Is this insecure because they are UDP ports and I don't see them in a listen state, is that because they are just a client. Thank you. *.ntp Idle... (2 Replies)
Discussion started by: csross
2 Replies

10. UNIX for Dummies Questions & Answers

aggregate ethernet ports under Solaris

I have been looking for info on how to aggregate 2 ore 3 NIC's into into one big pipe. Any advice would be appreciated. -Chuck (4 Replies)
Discussion started by: 98_1LE
4 Replies
Login or Register to Ask a Question