ssh-keyscan fails for ipv6 addresses - ssh

I can't get ssh-keyscan to work for ipv6 addresses. Can someone help me?
$ ssh-keyscan -6v -t rsa FE80:0000:021B:21FF:FEDA:62AD
getaddrinfo FE80:0000:021B:21FF:FEDA:62AD: Name or service not known
$ ssh-keyscan -6v -t rsa [FE80:0000:021B:21FF:FEDA:62AD]
getaddrinfo [FE80:0000:021B:21FF:FEDA:62AD]: Name or service not known
but this works:
$ ping6 -I bond0 fe80::21b:21ff:feda:62ad
PING fe80::21b:21ff:feda:62ad(fe80::21b:21ff:feda:62ad) from fe80::21b:21ff:feda:64a9 bond0: 56 data bytes
64 bytes from fe80::21b:21ff:feda:62ad: icmp_seq=1 ttl=64 time=0.571 ms
64 bytes from fe80::21b:21ff:feda:62ad: icmp_seq=2 ttl=64 time=0.165 ms
64 bytes from fe80::21b:21ff:feda:62ad: icmp_seq=3 ttl=64 time=0.145 ms
^C
--- fe80::21b:21ff:feda:62ad ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2206ms
rtt min/avg/max/mdev = 0.145/0.293/0.571/0.197 ms

You specified a link-local IPv6 address but forgot the scope. Add the scope ID to it.
You also are missing some octets in the address as you originally gave it.
Correct both of these problems:
ssh-keyscan -6v -t rsa FE80::021B:21FF:FEDA:62AD%bond0

Related

Unable to copy SSH rsa key from master to slave in oracle VM

I am trying to setup a multinode cluster in ubuntu. I install ubuntu on oracle VM one is master and one slave. For communication I generate a SSH key on master and trying to copy the same to slave. I am using below command:
ssh-copy-id -i /home/kumar/.ssh/id_rsa.pub kumar#slave
and I am getting below error:
/usr/bin/ssh-copy-id: Error: ssh: connect to host slave port 22:Connection time out
I have added the ip and name of machines in /etc/hosts file.
I am not sure what else I am missing, if you have any workaround please let me know
And if I ping slave form master:
ping 10.193.67.255
I am getting this:
64 bytes from 10.193.67.1: icmp_seq=1 ttl=254 time 3.23 ms
64 bytes from 10.193.67.1: icmp_seq=2 ttl=254 time 2.69 ms
64 bytes from 10.193.67.1: icmp_seq=3 ttl=254 time 3.23 ms
64 bytes from 10.193.67.1: icmp_seq=4 ttl=254 time 2.91 ms

Force docker-machine to specific IP using Hyper-V, network unreachable

I have found a partial answer to this question, and it is successfully setting the machine at the desired IP address. But the network is unreachable from inside a docker-machine created with the Hyper-V driver.
The TLDR on the answer above is to create a script, /var/lib/boot2docker/bootsync.sh:
sudo cat /var/run/udhcpc.eth0.pid | xargs sudo kill
sudo ifconfig eth0 192.168.XXX.YYY netmask 255.255.255.0 broadcast 192.168.XXX.255 up
Once I make the script, I restart the machine.
When I restart the machine, the IP is set to my desired address (expected). I can remote in at the address, so it is at least available through the host. But when I test for connections, there is no connection to the internet (unexpected).
Boot2Docker version 17.05.0-ce, build HEAD : 5ed2840 - Fri May 5 21:04:09 UTC 2017
Docker version 17.05.0-ce, build 89658be
docker#machine:~$ docker pull ubuntu
Using default tag: latest
Error response from daemon: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on [::1]:53: read udp [::1]:48331->[::1]:53: read: connection refused
docker#machine:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Network is unreachable
If I remove the script and restart again, I am reassigned a new/random IP address (expected), remote in at that new IP address, and can do network connections (expected):
docker#pm:~$ docker pull ubuntu
Using default tag: latest
latest: Pulling from library/ubuntu
aafe6b5e13de: Pull complete
0a2b43a72660: Pull complete
18bdd1e546d2: Pull complete
8198342c3e05: Pull complete
f56970a44fd4: Pull complete
Digest: sha256:f3a61450ae43896c4332bda5e78b453f4a93179045f20c8181043b26b5e79028
Status: Downloaded newer image for ubuntu:latest
docker#pm:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=43 time=18.424 ms
64 bytes from 8.8.8.8: seq=1 ttl=43 time=27.638 ms
The accepted answer has several up votes, but it reads like this is a confirmed work around on VirtualBox. Not sure what about Hyper-V would be causing the IP assignment to cut off internet access.
I had the same problem, and I solved it by adding the following to the end of bootsync.sh:
route add default gw <address>
There was no default route to the gateway or the internet, so it must be set manually.

cannot SSH/SCP to Qemu based powerpc VM

I want to transfer a file to a QEMU based PowerPC VM (emulating Freescale's MPC8544DS). I've used buildroot to build the kernel and rootfs. I am invoking the VM like so:
qemu-system-ppc -nographic -M mpc8544ds -m 512 -kernel ~/CrossCompilation/zImage -hda ~/CrossCompilation/rootfs.cpio -append "root=/dev/sda rw" -redir tcp:2222::22
However I was not able to transfer the file and it was throwing the following logs and error:
Executing: program /usr/bin/ssh host localhost, user root, command scp -v -t ~/.
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to localhost [::1] port 2222.
debug1: connect to address ::1 port 2222: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file ~/.ssh/id_rsa type -1
debug1: identity file ~/.ssh/id_rsa-cert type -1
debug1: identity file ~/.ssh/id_dsa type -1
debug1: identity file ~/.ssh/id_dsa-cert type -1
debug1: identity file ~/.ssh/id_ecdsa type -1
debug1: identity file ~/.ssh/id_ecdsa-cert type -1
ssh_exchange_identification: Connection closed by remote host
lost connection
I presumed that since my VM does not seem to have any physical network adapter, networking would not be possible. So I invoke QEMU like so:
/qemu-system-ppc -nographic -M mpc8544ds -m 512 -kernel ~/CrossCompilation/zImage -hda ~/CrossCompilation/rootfs.cpio -netdev user,id=network0 -device e1000,netdev=network0 -append "root=/dev/sda rw" -redir tcp:2222::22
Sill no luck. Infact doing this does not even add any new physical ethernet adapter either (as I had thought). The only 'live' adapter, like before, is the loopback adapter.
ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
I was earlier under the impression that perhaps this is happening as there is no ssh deamon running on the VM hence I added Dropbear to the list of target packages and it starts while the VM boots up (it shows up as part of the startup log). Yet it fails with the very same error. So obviously this does not seem to the culprit.
I am not sure if its something to do with the networking setup on my VM or perhaps something needs to be added to the rootfs (busybox).
Waiting to hear.
If you don't have a network adapter, the best thing to do would be mount a shared drive. This page has some info on creating and modifying disks with an ARM1176JZF-S system:
http://xecdesign.com/working-with-qemu/
Tested on Buildroot 2016.05, QEMU 2.5.0 x86_64, Ubuntu 16.04 host
I'm not into ppc, but this should work there as well. Let me know if not.
Start with qemu_x86_64_defconfig and enable the openssh package.
Start QEMU with:
qemu-system-x86_64 \
-M pc \
-append root=/dev/vda \
-drive file=output/images/rootfs.ext2,if=virtio,format=raw \
-enable-kvm \
-kernel output/images/bzImage \
-m 512 \
-net nic,model=virtio \
-net user,hostfwd=tcp::2222-:22
Then on guest:
vi /etc/ssh/sshd_config
Modify the following settings:
PermitRootLogin yes
PermitEmptyPassword yes
And restart the server:
/etc/init.d/50sshd restart
It is because this file exists that sshd starts by default.
Then from host:
ssh root#localhost -p 2222
In case of failure, also check the server logs on guest:
less /var/log/messages
Then on the final system you should automate the creation of that log file with BR2_ROOTFS_OVERLAY or BR2_ROOTFS_POST_BUILD_SCRIPT: https://buildroot.org/downloads/manual/manual.html#rootfs-custom

Cant SSH over IPSEC

I am in AWS and i have two VPCS between virgina and oregon and I am trying to SSH from either region.
My rules allow everything needed and I can ping
Virgina
IPSEC-Machine 10.10.1.47
Host-Machine-V 10.10.4.125
Oregon
IPSEC-Machine 10.20.0.97
Host-Machine-O 10.20.1.190
I can ping between regions
[ec2-user#ip-10-20-0-97 ~]$ ping 10.10.1.47
PING 10.10.1.47 (10.10.1.47) 56(84) bytes of data.
64 bytes from 10.10.1.47: icmp_seq=1 ttl=64 time=60.5 ms
--- 10.10.1.47 ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1002ms
rtt min/avg/max/mdev = 60.560/60.560/60.560/0.000 ms
SSH seems to work
[ec2-user#ip-10-10-1-47 ~]$ nc -v -w 1 10.20.1.190 -z 22
Connection to 10.20.1.190 22 port [tcp/ssh] succeeded!
[ec2-user#ip-10-10-1-47 ~]$
But when on 10.10.1.47 and I type ssh 10.20.1.190 it just hangs and I get nothing. The keys are all correct but even if I get a permission denied at this point I would be happy.
I'm not really sure what could be causing this, but here are a few things to try:
Use the EC2 hostname to connect - it's possible that something in the addressing is causing problems between the regions. My only guess at the moment is that the IP address is actually someone else's server in the Virginia region, and not your server in Oregon.
Run the nmap portscanner to ensure that the port is open. I saw that you used netcat, but a proper portscan may help.
Run ssh -vvv to get verbose output, this may give you some information to figure out what the problem is.

Why can I ping a server but not connect via SSH? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
When I ping my server, it responds:
user#localhost:~$ ping my.server
PING my.server (111.111.111.11) 56(84) bytes of data.
64 bytes from my.server (111.111.111.11): icmp_req=1 ttl=42 time=38.4 ms
64 bytes from my.server (111.111.111.11): icmp_req=2 ttl=42 time=50.0 ms
64 bytes from my.server (111.111.111.11): icmp_req=3 ttl=42 time=58.6 ms
^C
--- my.server ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 38.419/49.037/58.637/8.287 ms
but when I try to ssh (something that I always do, and have been doing for the past few hours on the same connection), it hangs:
user#localhost:~$ ssh my.server
http://speedtest.net says that my connection has 1.5 Mbps download and 0.4 Mbps upload speed.
Is there a reason that ssh hangs?
Results from suggestions provided in answers
from #nsfyn55
user#localhost:~$ telnetmy.server 22
Trying 111.111.111.11...
Connected to my.server
Escape character is '^]'.
SSH-2.0-OpenSSH_4.3
Connection closed by foreign host.
from #vahid:
user#localhost:~$ nc -v -w 1 111.111.111.111 -z 22
nc: timeout cannot be negative
ping (ICMP protocol) and ssh are two different protocols.
It could be that ssh service is not running or not installed
firewall restriction (local to server like iptables or even sshd config lock down ) or (external firewall that protects incomming traffic to network hosting 111.111.111.111)
First check is to see if ssh port is up
nc -v -w 1 111.111.111.111 -z 22
if it succeeds then ssh should communicate if not then it will never work until restriction is lifted or ssh is started
Find out two pieces of information
Whats the hostname or IP of the target ssh server
What port is the ssh daemon listening on (default is port 22)
$> telnet <hostname or ip> <port>
Assuming the daemon is up and running and listening on that port it should etablish a telnet session. Likely causes:
The ssh daemon is not running
The host is blocking the target port with its software firewall
Some intermediate network device is blocking or filtering the target port
The ssh daemon is listening on a non standard port
A TCP wrapper is configured and is filtering out your source host
On the server, try:
netstat -an
and look to see if tcp port 22 is opened (use findstr in Windows or grep in Unix).