On Mon, Jan 13, 2020 at 01:00:05PM -0500, Stephen John Smoogen wrote: > On Mon, 13 Jan 2020 at 12:23, Patrick Bégou > <Patrick.Begou at legi.grenoble-inp.fr> wrote: > > > > Hi, > > > > I have a strange problem with a freshly installed Centos7 desktop > > (most8pc25). I can't ssh to 2 CentOS6 servers, even with firewall > > disabled on the client and on the server. But I can connect from the > > server to the client, all in the same VLAN. I can also ssh from this > > desktop to centos7 servers in the same VLAN or in another VLAN. > > > > No idea about this problem. > > > > On the server kareline (client is most8pc25), tcpdump says: > > > > So the client is able to talk to the server and the server is responding. > > > > > On the Centos7 client, with "-v -v" ssh says: > > > > > > [tec21 at most8pc25 ~]$ssh -v -v kareline > > OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: /etc/ssh/ssh_config line 58: Applying options for * > > debug1: Connecting to kareline [194.254.66.8] port 22. > > debug1: Connection established. > > ^^ this says the first part started working. > > > > debug1: Local version string SSH-2.0-OpenSSH_7.4 > > debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 > > debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 > > debug1: Authenticating to kareline:22 as 'tec21' > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > It got items and says it is going to use the user tec21 to login > > > debug2: local client KEXINIT proposal > > > debug1: kex: client->server cipher: aes128-ctr MAC: umac-64 at openssh.com > > debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16 > > debug1: kex: diffie-hellman-group-exchange-sha256 need=16 dh_need=16 > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent > > Connection closed by 194.254.66.8 port 22 > > > > The server then stops the connection. I would then go through the > following on the host: > 1. Is fail2ban or something else dropping the connection for some reason? > 2. Is there a log in /var/log/secure to say something is going on? > 3. Does running the server on port 2222 in debug mode and connecting > from the client give a reason for it dieing? > 4. On the client and server are /etc/ssh/*_config changed from > defaults and what changes are there. Sometimes saying you want XYZ > algo in one and not having it in another causes dropped connections > but I thought it gave an error. How about selinux on the remotes? Fred -- ---- Fred Smith -- fredex at fcshome.stoneham.ma.us ----------------------------- "For the word of God is living and active. Sharper than any double-edged sword, it penetrates even to dividing soul and spirit, joints and marrow; it judges the thoughts and attitudes of the heart." ---------------------------- Hebrews 4:12 (niv) ------------------------------