Page 1 of 1

SSH works within enclave, Putty not working from VDI sessions.

Posted: 2017/03/06 17:32:31
by rocky595
I have one server where Putty stop working from people's workstations. The other servers work fine.

No IP tables. No firewalld.

SSH works fine between the servers.

I started Network Manager again to show connections, everything looks fine.

I can't ping the server from the VDI.

I looked at interfaces, ifconfig they are all up.

I may be missing the gateway.

Ideas are appreciated.

Jeff

Re: SSH works within enclave, Putty not working from VDI sessions.

Posted: 2017/03/08 17:01:37
by aks
Is the socket established between the client and the problematic ssh server (you can use telnet or nc or something like that to verify). If the socket is not established then quite likely you have a networking problem (or the server is not listening on the port you are connecting to). If the socket is established then it's an application layer problem - like ciphers and keys negotiated.

So does the socket get established?

Re: SSH works within enclave, Putty not working from VDI sessions.

Posted: 2017/03/18 12:44:28
by rocky595
I don't think it does and I pointed this out to networking.

I can't ping the IP.

When I do use putty from VDI do I have to put in RSA keys from the putty on the server targeted.

What I want to do is turn off any key certifications and just use passwords. This enclave is sectioned off, so the requirement from the DBA team is log in and do their work.

Thanks for replying.

Re: SSH works within enclave, Putty not working from VDI sessions.

Posted: 2017/03/18 12:46:28
by rocky595
aks wrote:Is the socket established between the client and the problematic ssh server (you can use telnet or nc or something like that to verify). If the socket is not established then quite likely you have a networking problem (or the server is not listening on the port you are connecting to). If the socket is established then it's an application layer problem - like ciphers and keys negotiated.

So does the socket get established?
I don't think it does and I pointed this out to networking.

I can't ping the IP.

When I do use putty from VDI do I have to put in RSA keys from the putty on the server targeted.

What I want to do is turn off any key certifications and just use passwords. This enclave is sectioned off, so the requirement from the DBA team is log in and do their work.

Thanks for replying.

Re: SSH works within enclave, Putty not working from VDI sessions.

Posted: 2017/03/19 18:59:59
by aks
Okay.

The words:
I have one server where Putty stop working
suggests it did work and now it doesn't.

So diagnostics:
I don't think it does and I pointed this out to networking.
I can't ping the IP.
You do know ping (specifically ICMP echo) is not he same thing as ssh, right?
When I do use putty from VDI do I have to put in RSA keys from the putty on the server targeted.
That seems quite normal. There's is a keyscan tool included in ssh for this purpose. It meant to get past the achilles heel of SSL/TLS: man in the middle attacks.
What I want to do is turn off any key certifications and just use passwords.
Scan their certificates, store in known hosts and be done.
I don't think it does and I pointed this out to networking.
If the socket is not established then for sure 100% the network path does not exist or the receiver is not listening. That is all.
I can't ping the IP.
Once again, ping is not the same .....
When I do use putty from VDI do I have to put in RSA keys from the putty on the server targeted.
Do you mean the "known hosts" thing mentioned above?

Sounds like you should just scan the subnet(s) involved and store their known keys in known hosts, as said earlier there's a tool for that.