1

When I try to ssh into one of my rpis (let's call it .7) with verbose I get the following output

ssh [email protected] -v
OpenSSH_8.9p1 Ubuntu-3ubuntu0.4, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.7 [192.168.1.7] port 22.

and it just hangs endlessly.

I'm able to connect to all other raspberry pis in my house except for this particular one (no idea why). I've even tried to log into another rpi (say .62) and then I was able to ssh from it into (.7), which leads me to suspect that it's a problem with the config of my laptop, although I cannot figure out what it is.

Update 1

ssh_config file

Include /etc/ssh/ssh_config.d/*.conf

Host *
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes

sshd_config file

Include /etc/ssh/sshd_config.d/*.conf
KbdInteractiveAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem   sftp    /usr/lib/openssh/sftp-server

and the second file does not exist

Update 2

OpenSSH_8.9p1 Ubuntu-3ubuntu0.4, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.1.7 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/username/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/username/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.1.7 [192.168.1.7] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10

Update 3

The output of tcpdump is as follows

sudo tcpdump  -i wlp0s20f3 -n 'port 22'
[sudo] password for myusername:            
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlp0s20f3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
10:11:10.086559 IP 192.168.1.5.50418 > 192.168.1.7.22: Flags [S], seq 441937362, win 64240, options [mss 1460,sackOK,TS val 2181705493 ecr 0,nop,wscale 7], length 0
10:11:11.087399 IP 192.168.1.5.50418 > 192.168.1.7.22: Flags [S], seq 441937362, win 64240, options [mss 1460,sackOK,TS val 2181706494 ecr 0,nop,wscale 7], length 0
10:11:13.103394 IP 192.168.1.5.50418 > 192.168.1.7.22: Flags [S], seq 441937362, win 64240, options [mss 1460,sackOK,TS val 2181708510 ecr 0,nop,wscale 7], length 0
10:11:17.199574 IP 192.168.1.5.50418 > 192.168.1.7.22: Flags [S], seq 441937362, win 64240, options [mss 1460,sackOK,TS val 2181712606 ecr 0,nop,wscale 7], length 0

where my laptop is 192.168.1.5 and my wireless card interface (obtained from ifconfig) is wlp0s20f3. I basically run the command and then in a separate terminal window tried to ssh into the (.7)

Improve this question
19
  • 1
    Please include the contents of /etc/ssh/ssh_config and ~/.ssh/config from your client system (Ubuntu?) in the question. (The second file might not exist - that's ok, but tell us.) Also, if the files are too large you can omit all blank lines and lines starting with #)
    – Chris Davies
    Commented Dec 1, 2023 at 15:05
  • @ChrisDavies added. Thanks
    – Ajned
    Commented Dec 1, 2023 at 15:42
  • 1
    You've included the sshd_config file but I need to see the ssh_config file. Please check
    – Chris Davies
    Commented Dec 1, 2023 at 16:39
  • It is kind of weird, but 2 things come to mind. One thing is log in with physical keyboard and screen and ssh to localhost, see if that works. Also increase verbosity to -vv or -vvv - when I was trying to troubleshoot connection that hung due to firewall port forwarding rules it was very helpful to see the connection being established. Another thing I did was monitoring the exchange with tcpdump. In that case there was only SYN connection but no SYN-ACK response. Asking tcpdump to filter out everything else helps a lot.
    – r0berts
    Commented Dec 1, 2023 at 19:14
  • 1
    Never mind I didn't read correctly the tcpdump output. That's the same LAN.
    – A.B
    Commented Dec 2, 2023 at 11:04

1 Answer 1

Reset to default
0

Thank you very much for everyone's help. I'm not surprised that the root cause ended up being my crappy router (from Sky Hub). It was set up to provide a static IP address to the pi, and as soon as I changed that IP it started working again. It must have kept some misconfiguration associated with the previous IP which was cleared up when I set a new one. Thanks all.

Improve this answer
3
  • From my brief glance up top it seems that you run tcpdump on your laptop, not rpi :-) but in this case it shows the same thing - your laptop is trying to connect to rpi (sending SYN packets to what it thinks raspi should be x.x.x.7) but getting no reply. If it worked you'd have a stream of back and forth. And you got to solution yourself - there was no such address (x.x.x.7) at the time. Well done. When I am sometimes in this uncertain situation I use nmap to quickly scan my LAN and see what exact addresses I have. So now you know - what appears 'hanged' is 'no connection'.
    – r0berts
    Commented Dec 3, 2023 at 8:32
  • Hi @r0berts. Thanks, but the address was effectively 192.168.1.7 and working (I was able to connect to it via another rpi). The problem was specifically between my laptop and the rpi. There must be a bug in how the router maps static addresses, but I'm not going to spend time to understand how/why (best to get a new router). Thanks again
    – Ajned
    Commented Dec 4, 2023 at 7:19
  • Maybe, however if the fault was with the hub, it did not give out the IP so the raspi did not have it. If on the other hand it had the IP (maybe from before reboot, etc) and you could connect from another rpi, then there was something with your laptop - when you connect directly to an IP address then hub/router is NOT involved at all. Either the device has a working IP and your particular laptop cannot connect (e.g. due to firewall block) or it did not get the IP so you could not connect (more likely option). Good this is resolved though, but info from here may come handy another day.
    – r0berts
    Commented Dec 5, 2023 at 10:28

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.