# Unable to SSH from OSX 10.3.8 into Linux Fedora Core2



## danielh (Apr 1, 2005)

hi guys,

i'm setting up a linux box (fedora core 3) at home running sshd for remote access.

i can remotely access my fedora linux box from my windows machine using an ssh client (secure crt) and it worked fine.

i'm also can ssh from my fedora linux into my mac fine. 

i have another linux box running redhat 9.0 and i'm able to ssh from my mac to the redhat box ok.

however i'm not able to ssh from my mac into my fedora linux machine. very odd indeed. 

my mac is currently running OSX v10.3.8 with OpenSSH_3.6.1p1+CAN-2004-0175, SSH protocols 1.5/2.0, OpenSSL 0x0090702f version.

my linux box have ssh version of OPENSSH_3.91p1, OpenSSL 0.9.7a Feb 13 2003. 

here's the verbose output of ssh session that i initiate from my mac.

achilles:~ daniel$ ssh -v -l daniel 192.168.1.2
OpenSSH_3.6.1p1+CAN-2004-0175, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to 192.168.1.2 [192.168.1.2] port 22.
debug1: Connection established.
debug1: identity file /Users/daniel/.ssh/identity type -1
debug1: identity file /Users/daniel/.ssh/id_rsa type -1
debug1: identity file /Users/daniel/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p1+CAN-2004-0175
debug1: An invalid name was supplied
Cannot determine realm for numeric host address

debug1: An invalid name was supplied
A parameter was malformed
Validation error

debug1: An invalid name was supplied
Cannot determine realm for numeric host address

debug1: An invalid name was supplied
A parameter was malformed
Validation error

debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Write failed: Broken pipe
debug1: Calling cleanup 0x1c540(0x0)



perhaps someone could shed a light why this is the case and decrypt what the bug means and what i need to do to fix it?


thanks heaps

daniel


----------



## HomunQlus (Apr 1, 2005)

Maybe it's worth a try to check the IPTABLES script on the Fedora box if it accepts incoming connections for SSH. Check if a line like this is in */etc/init.d/iptables*:

*$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 22 -j ACCEPT*

If yes, I have no idea.

If no, add this line, save the file, login as root and do

/etc/init.d/iptables restart


----------



## danielh (Apr 1, 2005)

HomunQlus said:
			
		

> Maybe it's worth a try to check the IPTABLES script on the Fedora box if it accepts incoming connections for SSH. Check if a line like this is in */etc/init.d/iptables*:
> 
> *$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 22 -j ACCEPT*
> 
> ...




thanks homunqlus.

however as you can see from my original post that i'm able to ssh from my pc using a program called securecrt into my fedora linux using the same login credentials. 

hence the fedora linux box already accepting ssh connection. i've also disabled the linux firewall but made no difference. 

i believe it's something got to do with the ssh negotiation between my mac and my fedora linux box. 


daniel


----------



## HomunQlus (Apr 1, 2005)

strange. I also have Fedora Core 3 as gateway running, and can connect without any problems by doing ssh -l root [ip].

maybe you can try to upgrade all the packages in the system, starting with the Kernel, and then sshd.

As root, do a 

*yum upgrade kernel*

which will download and install the latest Kernel, then do

*yum upgrade sshd*

and see if it finds a newer version of the ssh daemon.


//EDIT:

Just saw you're talking about Fedora Core 2. This release is known to have very fateful bugs. Upgrade the whole distribution to Fedora Core 3, and you should be fine.


----------



## danielh (Apr 1, 2005)

it's actually fedora core 3 that i am using. 

i have another fedore core 3 box at work. i want to try and use my mac to ssh to the box and see if i have the same problem or not.


----------



## danielh (Apr 4, 2005)

it worked!

i have to add the hostname of the fedora linux box into /etc/hosts file on my mac to make it work.

i'm happy it worked but i still don't understand why i couldn't just use the ip address of my fedora linux when i want to ssh?


----------



## scruffy (Apr 5, 2005)

This seems to explain it

http://www.webmasterworld.com/forum40/1350.htm

Looks like it tries to do a reverse host lookup, and fails (as there's neither an A nor a PTR record in DNS, and no /etc/hosts entry)


----------



## scruffy (Apr 5, 2005)

Sorry - it seems you can get to the thread only if you search google and get to it that way - the query I used was 

Cannot determine realm for numeric host address

I think it was the first hit.  Anyway, it was on the first page.


----------



## smtpgeek (Apr 12, 2005)

I am having the same issue, but with logging into FreeBSD boxen that do not have reverse dns set up.  While I can go ahead and set up reverse or populate my hosts file, I am not going to always have that option.  Is there a way to change the behavior of the client?  In ssh_config, there is CheckHostIP variable.  I canged this to no and it still did not work and I am wondering if this is what this is for.  I know I can most likely find this on the web, but would like to hear from someone wo has already dealt with this.

Another question....do I have to restart anything for a change to ssh_config to take effect?  I am thinking that sshd does not have anything to do with the client, but I am not really sure.  My logic is that whenever the client starts a session, it reads reads ssh_config.


----------

