From diamondsw at mac.com Wed Mar 2 13:48:39 2005 From: diamondsw at mac.com (Diamond Software) Date: Wed Mar 2 13:48:45 2005 Subject: [pssh-users] pSSH timeout problems? Message-ID: <5045e349be5c4431fd5dab7cf643cf80@mac.com> My Treo arrived and it's excellent. Last night while using it everything was great (and I've already bought MicroVNC - it's perfect!). However, today there is a *long* wait after "Authenticating (none)..." before it finally fails - well over a minute. If I keep the Treo from turning off, it does finally respond and let me log in - performance seems fine. Similarly, MicroVNC (which appears to have a shorter timeout on the SSH login) cannot complete login at all, with the dreaded "NetRead:recv error: timeout (0x1212)" error. No configuration changes were made between last night and today on either the server or Palm. Any ideas? - Joshua Ochs From diamondsw at mac.com Wed Mar 2 19:01:52 2005 From: diamondsw at mac.com (Diamond Software) Date: Wed Mar 2 19:02:28 2005 Subject: [pssh-users] Troubleshooting pSSH Message-ID: So, my strange SSH problems are continuing. Here's some more information: In pSSH: - The "Authenticating (none) ..." step takes 60 seconds to time out; everything before and after is fine - This is server independent - two separate servers on the same LAN exhibit the same behavior In microVNC: - Authentication appears to happen quickly, as bad credentials are rejected properly - Somewhere after authentication (but before VNC handshake) the session times out (looks like a 30 second time-out) Now, how do I troubleshoot this? I don't know if this is something on the WAN, my router (which I have reset), or my Treo. I can hard reset the Treo, but that is such a pain that I'd rather *know* it's the Treo before I do so. I don't have any SSH servers elsewhere to connect to, nor do I have any other non-Sprint devices to try using pSSH on. Would anyone be willing to help test by SSH'ing into my LAN from a) a non-Sprint phone with pSSH, and b) a Sprint phone with pSSH? This will help me figure out if it's my Palm, the Sprint network, the wider network, or my LAN. Any takers, or any other suggestions? - Joshua Ochs From vitroth+ at cmu.edu Wed Mar 2 19:49:21 2005 From: vitroth+ at cmu.edu (David Nolan) Date: Wed Mar 2 19:49:24 2005 Subject: [pssh-users] Troubleshooting pSSH In-Reply-To: References: Message-ID: --On Wednesday, March 02, 2005 6:01 PM -0600 Diamond Software wrote: > I don't have any SSH servers elsewhere to connect to, nor do I have any > other non-Sprint devices to try using pSSH on. Would anyone be willing to > help test by SSH'ing into my LAN from a) a non-Sprint phone with pSSH, > and b) a Sprint phone with pSSH? This will help me figure out if it's my > Palm, the Sprint network, the wider network, or my LAN. > Can you run sshd on a non standard port with debugging enabled? i.e., as root run 'sshd -d -p 9000'. Maybe watching the sshd output during the connection will help you figure out whats going on. -David David Nolan <*> vitroth+@cmu.edu curses: May you be forced to grep the termcap of an unclean yacc while a herd of rogue emacs fsck your troff and vgrind your pathalias! From diamondsw at mac.com Thu Mar 3 03:03:17 2005 From: diamondsw at mac.com (Diamond Software) Date: Thu Mar 3 03:12:22 2005 Subject: [pssh-users] Troubleshooting pSSH In-Reply-To: References: Message-ID: <598b1e523865987b60e5594d034b3bb4@mac.com> > Can you run sshd on a non standard port with debugging enabled? i.e., > as root run 'sshd -d -p 9000'. Maybe watching the sshd output during > the connection will help you figure out whats going on. A few additional notes - running pSSH on another Sprint Treo 600 yielded the same results, so this shouldn't be something wrong on my Treo. However, I'm getting the same results on multiple servers, so it shouldn't be server-side. I don't see anything that would indicate the network is at fault - HELP! I am getting very confused at this point. Something seems to be stalling either the response being sent by SSHd to the "none" authentication request, or the Treo is not receiving it. Everything worked on Tuesday night, and failed as of Wednesday morning. Here's the debug output from sshd - I've indicated where it seems to hang before giving up: pSSH output: [Foundation:~] ________% sudo sshd -d -p 9000 debug1: sshd version OpenSSH_3.6.1p1+CAN-2004-0175 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: Bind to port 9000 on ::. Server listening on :: port 9000. debug1: Bind to port 9000 on 0.0.0.0. Server listening on 0.0.0.0 port 9000. debug1: Server will not fork when running in debugging mode. Connection from 68.30.178.97 port 64458 debug1: Current Session ID is 00212E40 / Session Attributes are 00008030 debug1: Creating new security session... debug1: New Session ID is 1D69B770 / Session Attributes are 00009020 debug1: Client protocol version 2.0; client software version pssh_2004_12_30 debug1: no match: pssh_2004_12_30 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.6.1p1+CAN-2004-0175 debug1: permanently_set_uid: 75/75 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: An invalid name was supplied Configuration file does not specify default realm debug1: no credentials for GSSAPI mechanism Kerberos debug1: An invalid name was supplied Configuration file does not specify default realm debug1: no credentials for GSSAPI mechanism Kerberos debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes128-cbc hmac-sha1 none debug1: kex: server->client aes128-cbc hmac-sha1 none debug1: expecting SSH2_MSG_KEXDH_INIT debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user ________ service ssh-connection method none debug1: attempt 0 failures 0 *** Pause occurs here, 60 seconds or longer *** debug1: Starting up PAM with username "________" debug1: PAM setting rhost to "68.30.178.97" Failed none for ________ from 68.30.178.97 port 64458 ssh2 Failed none for ________ from 68.30.178.97 port 64458 ssh2 *** Password requested here *** debug1: userauth-request for user ________ service ssh-connection method password debug1: attempt 1 failures 1 debug1: PAM Password authentication accepted for user "________" Accepted password for ________ from 68.30.178.97 port 64458 ssh2 debug1: monitor_child_preauth: ________ has been authenticated by privileged process Accepted password for ________ from 68.30.178.97 port 64458 ssh2 (more output, but connection is successful) MicroVNC Output: [Foundation:~] ________% sudo sshd -d -p 9000 debug1: sshd version OpenSSH_3.6.1p1+CAN-2004-0175 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: Bind to port 9000 on ::. Server listening on :: port 9000. debug1: Bind to port 9000 on 0.0.0.0. Server listening on 0.0.0.0 port 9000. debug1: Server will not fork when running in debugging mode. Connection from 68.30.178.97 port 37806 debug1: Current Session ID is 00212E40 / Session Attributes are 00008030 debug1: Creating new security session... debug1: New Session ID is 1CA1B770 / Session Attributes are 00009020 debug1: Client protocol version 2.0; client software version nyamaSSH-2.0 debug1: no match: nyamaSSH-2.0 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.6.1p1+CAN-2004-0175 debug1: permanently_set_uid: 75/75 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: An invalid name was supplied Configuration file does not specify default realm debug1: no credentials for GSSAPI mechanism Kerberos debug1: An invalid name was supplied Configuration file does not specify default realm debug1: no credentials for GSSAPI mechanism Kerberos debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server blowfish-cbc hmac-sha1-96 none debug1: kex: server->client blowfish-cbc hmac-sha1-96 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user ________ service ssh-connection method none debug1: attempt 0 failures 0 *** Pause occurs here *** debug1: Starting up PAM with username "________" debug1: PAM setting rhost to "68.30.178.97" Failed none for ________ from 68.30.178.97 port 37806 ssh2 Failed none for ________ from 68.30.178.97 port 37806 ssh2 Connection closed by 68.30.178.97 debug1: Calling cleanup 0x2ce34(0x0) debug1: Calling cleanup 0x1fd84(0x0) *** MicroVNC drops connection in less than 60 seconds *** From jeff at cepheid.org Thu Mar 3 15:11:16 2005 From: jeff at cepheid.org (Jeff Bachtel) Date: Thu Mar 3 15:11:18 2005 Subject: [pssh-users] crash on startup with a cingular Treo 650 Message-ID: <20050303201116.GC96968@cepheid.org> I installed the pssh.prc file for the 12-30 build on my new Treo 650. When I try to run pssh, I get the warning screen about pssh being untested. I hit ok, and immediately the screen goes dark and the Treo reboots. Could this be a heap or IP issue? If anyone can help me debug this, I'd appreciate it. jeff -- Jeff Bachtel (root@VPR,TAMU) http://www.cepheid.org/~jeff "For centuries, man had watched [finger jeff@cepheid.org for PGP key] the clouds; now, they were watching him." - S. Sachs From bill at monkey.org Thu Mar 3 15:18:24 2005 From: bill at monkey.org (Bill Merrill) Date: Thu Mar 3 15:18:26 2005 Subject: [pssh-users] crash on startup with a cingular Treo 650 In-Reply-To: <20050303201116.GC96968@cepheid.org> References: <20050303201116.GC96968@cepheid.org> Message-ID: On Thu, 3 Mar 2005, Jeff Bachtel wrote: > I installed the pssh.prc file for the 12-30 build on my new Treo 650. > When I try to run pssh, I get the warning screen about pssh being > untested. I hit ok, and immediately the screen goes dark and the Treo > reboots. > > Could this be a heap or IP issue? If anyone can help me debug this, > I'd appreciate it. > Is this consistent for you? I seem to get occasional resets when connecting to to gprs, this has happened to me in blazer and pssh. I can't reproduce the crash, but have anecdotal evidence from other friends with gsm 650's as well. -Bill Merrill From jeff at cepheid.org Thu Mar 3 15:21:17 2005 From: jeff at cepheid.org (Jeff Bachtel) Date: Thu Mar 3 15:21:19 2005 Subject: [pssh-users] crash on startup with a cingular Treo 650 In-Reply-To: References: <20050303201116.GC96968@cepheid.org> Message-ID: <20050303202117.GD96968@cepheid.org> > Is this consistent for you? 100% consistent... I've not gotten past the warning screen yet. Thanks, Jeff From diamondsw at mac.com Thu Mar 3 16:16:01 2005 From: diamondsw at mac.com (Diamond Software) Date: Thu Mar 3 16:16:09 2005 Subject: [pssh-users] Re: Troubleshooting pSSH Message-ID: <282b7064f8c9f745e60002a52dc81847@mac.com> Okay, I've collected a lot of conflicting data. The last thing I'll test is taking a "non-working" computer to a "working" network to finally isolate if this is network-related or computer-related. At this point I don't think it's pSSH or Sprint related, but I thought I'd post this for general information. Here's my data: http://homepage.mac.com/jochs/files/SSH_Datapoints.xls Thanks again everyone! - Joshua Ochs From pssh at db.lm.com Thu Mar 3 17:11:55 2005 From: pssh at db.lm.com (Chris Tracy) Date: Thu Mar 3 17:11:57 2005 Subject: [pssh-users] Troubleshooting pSSH In-Reply-To: References: Message-ID: <20050303171056.Y17139@zaxxon.telerama.com> > So, my strange SSH problems are continuing. Here's some more > information: > > In pSSH: > - The "Authenticating (none) ..." step takes 60 seconds to time out; > everything before and after is fine Hmm...DNS issue, maybe? -Chris > - This is server independent - two separate servers on the same LAN > exhibit the same behavior > > In microVNC: > - Authentication appears to happen quickly, as bad credentials are > rejected properly > - Somewhere after authentication (but before VNC handshake) the > session times out (looks like a 30 second time-out) > > Now, how do I troubleshoot this? I don't know if this is something on > the WAN, my router (which I have reset), or my Treo. I can hard reset > the Treo, but that is such a pain that I'd rather *know* it's the Treo > before I do so. > > I don't have any SSH servers elsewhere to connect to, nor do I have any > other non-Sprint devices to try using pSSH on. Would anyone be willing > to help test by SSH'ing into my LAN from a) a non-Sprint phone with > pSSH, and b) a Sprint phone with pSSH? This will help me figure out if > it's my Palm, the Sprint network, the wider network, or my LAN. > > Any takers, or any other suggestions? > > - Joshua Ochs > > _______________________________________________ > pssh-users mailing list > pssh-users@sealiesoftware.com > http://six.pairlist.net/mailman/listinfo/pssh-users > From jeff at cepheid.org Thu Mar 3 22:24:35 2005 From: jeff at cepheid.org (Jeff Bachtel) Date: Thu Mar 3 22:24:46 2005 Subject: [pssh-users] crash on startup with a cingular Treo 650 In-Reply-To: <20050303202117.GD96968@cepheid.org> References: <20050303201116.GC96968@cepheid.org> <20050303202117.GD96968@cepheid.org> Message-ID: <20050304032435.GF96968@cepheid.org> On Thu, Mar 03, 2005 at 02:21:17PM -0600, Jeff Bachtel wrote: > > Is this consistent for you? > > 100% consistent... I've not gotten past the warning screen yet. It turns out my error was due to memory corruption, possibly due to using jpilot instead of Palm Desktop (alternatively, I had old jpilot data lying around that corrupted the 650). Everything works perfectly now, sorry for the noise, Jeff From diamondsw at mac.com Fri Mar 4 01:54:48 2005 From: diamondsw at mac.com (Diamond Software) Date: Fri Mar 4 01:54:59 2005 Subject: [pssh-users] Troubleshooting pSSH Message-ID: Chris, you were right - it is a DNS issue. I've been working with the author of MicroVNC (fantastic guy!), and we've nailed it down; figuring out how to properly fix it is another matter. As Chris surmised, the SSH server is attempting to perform a DNS lookup before responding to the "Authentication (none)" request. Sprint apparently has not assigned the Treo a DNS name. Why the lookup does not fail immediately is a mystery to me. So, for now I'm trying to find a way to stop sshd from performing this DNS lookup. While some searches have yielded info about a "UseDNS no" option, it appears this has been removed, and there is no way I've found to prevent lookups. I have used an /etc/hosts entry in the meantime, but as soon as the Treo's IP changes this will break. I'd really like to solve this at the network or client level - I don't want to suddenly come up against an SSH server I need to connect to that fails due to this DNS lookup problem. Any suggestions? - Joshua Ochs From gparker-pssh at sealiesoftware.com Fri Mar 4 02:12:55 2005 From: gparker-pssh at sealiesoftware.com (Greg Parker) Date: Fri Mar 4 02:12:57 2005 Subject: [pssh-users] Troubleshooting pSSH In-Reply-To: References: Message-ID: <16936.2679.180623.803728@kaazh.pair.com> Diamond Software writes: > So, for now I'm trying to find a way to stop sshd from performing this > DNS lookup. While some searches have yielded info about a "UseDNS no" > option, it appears this has been removed, and there is no way I've > found to prevent lookups. I have used an /etc/hosts entry in the > meantime, but as soon as the Treo's IP changes this will break. I don't see any indication that UseDNS has been removed. You might check to make sure you also have VerifyReverseMapping=no, which is the default. > I'd really like to solve this at the network or client level - I don't > want to suddenly come up against an SSH server I need to connect to > that fails due to this DNS lookup problem. The only options here are to get reverse DNS (take it up with Sprint, and good luck), or increase the client's timeout. Do you know how long of a timeout you need? -- Greg Parker gparker-pssh@sealiesoftware.com From diamondsw at mac.com Fri Mar 4 02:24:11 2005 From: diamondsw at mac.com (Diamond Software) Date: Fri Mar 4 02:24:19 2005 Subject: [pssh-users] Troubleshooting pSSH In-Reply-To: <16936.2679.180623.803728@kaazh.pair.com> References: <16936.2679.180623.803728@kaazh.pair.com> Message-ID: > I don't see any indication that UseDNS has been removed. You might > check to make sure you also have VerifyReverseMapping=no, which is > the default. I discovered it was the opposite - in OpenSSH 3.6, UseDNS was not yet present, and it used VerifyReverseMapping instead. While the default *should* be VerifyReverseMapping=no, some platforms ship with a default of "yes" (notably Mac OS X, contrary to its own documentation). So on my Gentoo box, I set "UseDNS no", on Mac OS X "VerifyReverseMapping no". >> I'd really like to solve this at the network or client level - I don't >> want to suddenly come up against an SSH server I need to connect to >> that fails due to this DNS lookup problem. > > The only options here are to get reverse DNS (take it up with > Sprint, and good luck), or increase the client's timeout. Do > you know how long of a timeout you need? For pure SSH I'm okay - the DNS lookup timeout is at 60 seconds, and I've set my Treo not to turn off until 2 minutes. For MicroVNC it's more problematic, as that times out connecting in 30 seconds. I was afraid I'd have to chat with Sprint. I'll play up my corporate ties and networking background to see if I can't reach someone a) knowledgeable, and b) able to fix things. Thanks so much, everyone!! - Joshua Ochs From diamondsw at mac.com Fri Mar 4 10:09:38 2005 From: diamondsw at mac.com (Diamond Software) Date: Fri Mar 4 10:09:47 2005 Subject: [pssh-users] Troubleshooting pSSH Message-ID: <941751faa66d4b429e66a6980ddb0ca5@mac.com> Sometimes I wish I hadn't gotten out of bed. It looks like my temporary /etc/hosts entry last night must have been cached, as this morning the SSH connection failed again. OpenSSH 3.6's "VerifyReverseMapping no" configuration option and "-u0" command line option do not appear to stop it from performing DNS lookups, but OpenSSH 3.9's "UseDNS no" properly stops it. So now I have one server working, and two servers not. Anyone have any further advice for stopping DNS resolution by the server? I know I can always install OpenSSH 3.9, but I'm leery of maintaining my own OpenSSH installation - I'd like to keep using the vendor-installed version so they can keep it updated. Furthermore, I imagine upgrading OpenSSH on a server you're connected to via SSH would be very difficult. Thanks, everyone! - Joshua Ochs From diamondsw at mac.com Fri Mar 4 17:34:28 2005 From: diamondsw at mac.com (Diamond Software) Date: Fri Mar 4 17:34:33 2005 Subject: [pssh-users] SSH... solved? Message-ID: <8b3fbb9b710aa072bf136cd3ffdb460e@mac.com> You're probably all sick of hearing from me at this point. However, I do have some good news: 1) To fix the long delay on OpenSSH 3.7 and later: Add "UseDNS no" to /etc/ssh/sshd_config 2) To fix the long delay on OpenSSH 3.6: Add "VerifyReverseMapping no" to /etc/sshd_config Add "-u0" to the sshd arguments Remove any "AllowUsers" or "DenyUsers" statements from sshd_config While the man page for sshd says that DNS queries should only be sent for "AllowUsers" entries that have the form "user@host", my situation shows that they are being sent for any "AllowUsers" entry. This effectively negates the "-u0" option. Oi. I see why people fear DNS now. :) I also see why OpenSSH finally added "UseDNS no" after OpenSSH 3.6. Thanks, everyone! - Joshua Ochs From diamondsw at mac.com Fri Mar 4 17:36:08 2005 From: diamondsw at mac.com (Diamond Software) Date: Fri Mar 4 17:36:13 2005 Subject: [pssh-users] pSSH Feature Request Message-ID: Would it be possible to add a name field for saved connection profiles? It's a lot nicer looking at a list like "Laptop", "Work", "Web Server" than a list of usernames, domains, and ports. And full 5-way navigator support would be nice, but not too many programs support that yet. Thanks again! - Joshua Ochs