[sf-lug] request for help re ssh -- sshd login failure

Tue Feb 9 18:37:49 PST 2016

Quoting Jim Stockford (jim at well.com):

> Thank you, Rick. We expect to keep working on
> this platform even if we set up something else,
> too.

Once again, why Ubuntu specifically?  What problem are you trying to
solve?

> I, at least, am too ignorant to do much other
> than flail. The biggest problem is to know
> where to start looking.

You can start looking anywhere, as long as you keep careful track of
everything you're doing and apply logical methods of troubleshooting,
e.g., do not go around wildly introducing variables, observe
consequences, tally up suspects and seek to eliminate them, attempt to
use the simplest possible test scenarios and the fewest assumption, be
_aware_ of your assumptions as you proceed, occasionally stop to
contemplate what you know vs. what is unknown, etcetera.

In other words, troubleshoot.  No expertise is required, only careful
attention and logic.  

> We have not tried using the ssh client on the
> sshd host and logging into lo

As you will prhaps appreciate, ssh'ing to localhost is the simplest
possible way to test an sshd and an ssh client.

BTW, the one scenario I can immediately think of where it might _indeed_
be best to blow away your system and reinstall is if you guys have been
screwing around with PAM configurations, sshd conffiles, and other
system-level matters _and did not keep careful records_ (such that your
system is no longer in a known state, and you cannot revert).  If that
is the case, sure, blow away and reinstall -- and don't make that
mistake a second time.

> We have inspected log files and config files.

I'm not even clear on what you thought you'd find in the configuration
files.  A conffile item saying 

I_INSTALLED_AN_SSHD_BUT_WANT_IT_NOT_TO_WORK = Yes

?

You say you 'inspected log files'?  Well?  Was your connection attempt
recorded by the sshd?  If so, was it refused?  Did it say why?

> We will investigate the options to ssh and
> sshd and whatever else seems to be relevant
> and increase verbosity.

You just add '-v' or '-vv' for more verbosity or '-vvv' for even more
verbosity until your brain melts from information overload.

But really, all you really need is logic and observation.  And attention
to fundamentals.  Like, for example, did you make sure the sshd is
actually running?[1]  That nobody stupidly inserted a firewall rule
blocking ssh connections?

And stop flailing.  That merely introduces spurious variables, which 
are the very opposite of helpful in any diagnostic situation.

[1] Like, using ps and netstat.  If you don't know how to effectively
use ps and netstat, fix that.