Chris's questions

Recently ran into a hardware issue on my CentOS machine. After a PSU, ram, mobo and CPU replacement I think I have the hardware issue resolved.

However, I believe I have a network configuration issue causing SSH remote connection failures.

I tried regular ssh using my original account and key and I receive a connection timeout after server is expecting: debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP.

From the server itself with a new account:

$ ssh -v -o PubkeyAuthentication=no chris@localhost
Last login: ... 
[chris@dev ~]$ 

From a remote connection on the LAN to try remote SSH:

chris::Internets|10 ~ $ ssh -v -o PubkeyAuthentication=no chris@pug
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/chris/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: Connecting to pug [192.168.1.175] port 22.
debug1: Connection established.
debug1: identity file /Users/chris/.ssh/id_rsa type 1
debug1: identity file /Users/chris/.ssh/id_rsa-cert type -1
debug1: identity file /Users/chris/.ssh/id_dsa type -1
debug1: identity file /Users/chris/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Read from socket failed: Operation timed out

I have verified I can:

• ping remote boxes on lan and internet from server
• cannot wget web pages from server
• ping server from lan
• can access ssh port from lan or remote connection (still receive ssh errors)

I did see a post regarding DNS resolution issues causing an issue, I have UseDNS No which should avoid DNS entirely and not cause issues.

Any ideas here as I am scratching my head for what else to look for?

Edit:

/var/log/secure has the following contents:

Nov 29 11:19:45 dev sshd[5978]: fatal: Read from socket failed: Connection reset by peer

Also, I checked and SSH is listening on 22 as it should be.

[root@dev ~]# lsof -i TCP:22 | grep LISTEN 
sshd 5424 root 3u IPv4 39030 0t0 TCP *:ssh (LISTEN)
sshd 5424 root 3u IPv6 39032 0t0 TCP *:ssh (LISTEN)

To avoid complications, I flushed iptables:

[root@dev ~]# iptables -L -n 
Chain INPUT (policy ACCEPT)
target prot opt source destination 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination 

We have a box we suspect has been rooted at work. The question is how do we find it? I am no system administrator, but I was brought onto the team to resolve the situation and I am curious where good places to look for such as problem might be?

The reason we suspect this is that we have noticed a higher than normal network utilization on the machine from high (what appear to be random) ports.

What can do we to locate the problem child? What can we do to protect from this in the future? Is there monitoring we can run to make us aware of this in the future? (Aside from network monitoring which we are already working on keeping a closer eye on.)

Thanks in advance and I can provide more details if needed. Appreciate your time.

We have some PHP applications which handle internal communication with staff via email. From time to time a staff member claims they did not receive the email. The system BCC's or CC's me on all emails so I have copies of them personally. Additionally, when checking logs /var/log/maillog there is an entry for the message the staff member claims is not being sent.

I emailed the staff member with a copy of the message I received along with a copy of the line in the maillog. He is saying he checks junk/spam box once daily and thus he simply did not get this email.

Now this system has been running for approaching 2 years and we only have had 2 complains about email not arriving as it should.

Is there a way I can figure out where this email went or did not go?

We have .htaccess on our site http://subdomain.site.com/:

AuthType Kerberos
AuthName "Internet ID"

require valid-user

order deny,allow
deny from all
allow from all

On a sub directory of the site, http://subdomain.site.com/subdirectory/ we have an .htaccess:

AuthType none
Satisfy any 

The reason is that on this subdirectory/ we have a different authentication mechanism and do not want to use kerberos as authentication. The problem though is that in chrome the .htaccess authentication still pops up but firefox, opera, IE do not prompt for this authentication before loading the page.

I am having trouble understanding how a server side configuration could be presented to the end user differently depending on the browser? Is there something in my subdirectry .htaccess that I am missing ?

Is there a way to configure mod_auth_ldap without modifying httpd.conf ? (ie. only using .htaccess files)

The reason I ask is that we are trying to setup a directory on our site to use ldap authentication (I do not administrate the ldap server, simply have credentials to connect.) Additionally, I do not administrate the box hosting this project and am wondering if I can set this up without having to modify the main httpd.conf as this box hosts many many sites.