Can't SSH into my Fedora 34 Workstation

iridium

New Member
Joined
Nov 18, 2021
Messages
14
Reaction score
0
Credits
107
Hello,

when I try to connect to my Fedora 34 installation from my ubuntu installation on my laptop, it refuses to connect. The fedora workstation is running, the IP I'm trying to access is correct, I can ping it and I can login locally, but not via ssh. It has worked before but I have no clue why it stopped working.

Here is the output of
Bash:
, which contain my fedora username and the IP of the fedora machine:
Code:
OpenSSH_8.4p1 Ubuntu-6ubuntu2, OpenSSL 1.1.1l  24 Aug 2021
debug1: Reading configuration data /home/aaron/.ssh/config
debug1: /home/aaron/.ssh/config line 4: Deprecated option "cipher"
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.178.31 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.178.31 [192.168.178.31] port 22.
debug1: Connection established.
debug1: identity file /home/aaron/.ssh/id_rsa type 0
debug1: identity file /home/aaron/.ssh/id_rsa-cert type -1
debug1: identity file /home/aaron/.ssh/id_dsa type -1
debug1: identity file /home/aaron/.ssh/id_dsa-cert type -1
debug1: identity file /home/aaron/.ssh/id_ecdsa type -1
debug1: identity file /home/aaron/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/aaron/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/aaron/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/aaron/.ssh/id_ed25519 type -1
debug1: identity file /home/aaron/.ssh/id_ed25519-cert type -1
debug1: identity file /home/aaron/.ssh/id_ed25519_sk type -1
debug1: identity file /home/aaron/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/aaron/.ssh/id_xmss type -1
debug1: identity file /home/aaron/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Ubuntu-6ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.6
debug1: match: OpenSSH_8.6 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.178.31:22 as 'aaron'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],[email protected],aes256-ctr,[email protected],aes128-ctr
debug2: ciphers stoc: [email protected],[email protected],aes256-ctr,[email protected],aes128-ctr
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

I appreciate all help.
 


You say you've ssh'd to this system before? Your ssh debug is missing some stuff at the bottom it seems.

By default fedora workstation disables ssh (incoming)
systemctl enable sshd
systemctl start sshd
firewall-cmd --add-service=ssh --permanent
firewall-cmd --reload

After all this is done, you still can't ssh as root
edit /etc/ssh/sshd_config
Find the line that says...
PermitRootLogin
This will probably be commented out, and have some other stuff in the line.
Change this to..
PermitRootLogin yes
(nothing should be on the line after the "yes".)
 
You say you've ssh'd to this system before? Your ssh debug is missing some stuff at the bottom it seems.

By default fedora workstation disables ssh (incoming)
systemctl enable sshd
systemctl start sshd
firewall-cmd --add-service=ssh --permanent
firewall-cmd --reload

After all this is done, you still can't ssh as root
edit /etc/ssh/sshd_config
Find the line that says...
PermitRootLogin
This will probably be commented out, and have some other stuff in the line.
Change this to..
PermitRootLogin yes
(nothing should be on the line after the "yes".)
Nothing is being printed after that last line. It just stops there. I've changed the settings according to your tips, but the SSH log stayed the same and I still can't login.
 
Can you ssh locally?

ssh user@localhost
 
Can you go the other direction? From fedora to Ubuntu?
 
What do you see in /var/log/secure and /var/log/messages when you try to connect from your Ubuntu system to your Fedoro system using ssh? I'm' getting the impression Fedora might have updated their Cipherlist or KexAlorithms to something that Ubuntu doesn't support or something like that. Was this after you updated either Fedora or Ubuntu?
 
What do you see in /var/log/secure and /var/log/messages when you try to connect from your Ubuntu system to your Fedoro system using ssh? I'm' getting the impression Fedora might have updated their Cipherlist or KexAlorithms to something that Ubuntu doesn't support or something like that. Was this after you updated either Fedora or Ubuntu?
I updated Fedora, but it wasn't a version update (I had updated to 34 a while ago) and switched from Debian to Ubuntu at the same time. Do you mean the logs on my Fedora or Ubuntu system? Anyway, I don't see secure or messages in /var/logs/, neither on Ubuntu nor Fedora.
 
I don't see secure or messages in /var/logs/, neither on Ubuntu nor Fedora.
I meant check those log files on Fedora since you are trying to connect to that system.
 
Code:
[root@fedora ~]# ls  /var/log/messages  /var/log/secure 
/var/log/messages  /var/log/secure
It should be on your system otherwise you can just follow the journal of your the sshd service and then login from your Ubuntu system to see if you see anything.
Code:
journalctl -u sshd -ef
 
Code:
[root@fedora ~]# ls  /var/log/messages  /var/log/secure
/var/log/messages  /var/log/secure
It should be on your system otherwise you can just follow the journal of your the sshd service and then login from your Ubuntu system to see if you see anything.
Code:
journalctl -u sshd -ef
These files are not on my Fedora system. I followed the journal on my fedora system while trying to login to Fedora from Ubuntu, but nothing shows up in journalctl.
 
What happens when you run the journal command on Fedora when logging into Fedora, so idirdium@localhost?
 
Code:
Nov 20 11:36:42 localhost.localdomain sshd[16294]: Accepted password for aaron from ::1 port 41998 ssh2
Nov 20 11:36:42 localhost.localdomain sshd[16294]: pam_unix(sshd:session): session opened for user aaron(uid=1000) by (uid=0)

shows up when I used ssh locally.
 
Then it seems like the problem is on the Ubuntu side, can you run the following on your Ubuntu system?
Code:
sudo grep ssh /var/log/dpkg.log  | grep upgrade
 
Last edited:
Then it seems like the problem is on the Ubuntu side, can you run the following on your Ubuntu system?
Code:
sudo grep ssh /var/log/dpkg.log  | grep upgrade
[/CODE
I ran the code, there wasn't any output. I tried to ssh into fedora using termux on my android phone and it worked fine, however I also couldn't access it using a Fedora Live-CD I just tested (to see whether it's a Ubuntu issue). So I'm not quite sure which side's fault it is. It seems to be failing to connect from my laptop all the time, but is fine from my phone apparently.
 
Install tcpdump on your Fedora system.
Code:
sudo dnf install tcpdump
Then run it on your Fedora system.
Code:
sudo tcpdump -i any  host 192.168.122.10 and port 22
Replace 192.168.122.10 with the ip adress of your Ubuntu system, then try and connect through ssh from your Ubunt system to your Fedora system. What output do you get then?
 
Install tcpdump on your Fedora system.
Code:
sudo dnf install tcpdump
Then run it on your Fedora system.
Code:
sudo tcpdump -i any  host 192.168.122.10 and port 22
Replace 192.168.122.10 with the ip adress of your Ubuntu system, then try and connect through ssh from your Ubunt system to your Fedora system. What output do you get then?
I logged the following output doing this. Ubuntu's IP is 192.168.178.201:

Code:
15:40:15.539887 enp24s0 Out IP localhost.localdomain.ssh > 192.168.178.201.50974: Flags [P.], seq 3545413056:3545413140, ack 1864030411, win 501, options [nop,nop,TS val 2374093782 ecr 2710364196], length 84
15:40:15.540043 enp24s0 In  IP 192.168.178.201.50974 > localhost.localdomain.ssh: Flags [.], ack 0, win 502, options [nop,nop,TS val 2710364197 ecr 2374093729], length 0
15:40:15.551470 enp24s0 Out IP localhost.localdomain.ssh > 192.168.178.201.50974: Flags [P.], seq 84:152, ack 1, win 501, options [nop,nop,TS val 2374093793 ecr 2710364197], length 68
15:40:15.551663 enp24s0 Out IP localhost.localdomain.ssh > 192.168.178.201.50974: Flags [P.], seq 152:364, ack 1, win 501, options [nop,nop,TS val 2374093793 ecr 2710364197], length 212
15:40:15.586332 enp24s0 In  IP 192.168.178.201.50974 > localhost.localdomain.ssh: Flags [.], ack 84, win 502, options [nop,nop,TS val 2710364249 ecr 2374093782], length 0
15:40:15.607899 enp24s0 In  IP 192.168.178.201.50974 > localhost.localdomain.ssh: Flags [.], ack 152, win 502, options [nop,nop,TS val 2710364264 ecr 2374093793], length 0
15:40:15.614759 enp24s0 In  IP 192.168.178.201.50974 > localhost.localdomain.ssh: Flags [.], ack 364, win 502, options [nop,nop,TS val 2710364280 ecr 2374093793], length 0
15:40:17.803946 enp24s0 In  IP 192.168.178.201.50978 > localhost.localdomain.ssh: Flags [S], seq 717405248, win 64484, options [mss 1356,sackOK,TS val 2710366450 ecr 0,nop,wscale 7], length 0
15:40:17.804041 enp24s0 Out IP localhost.localdomain.ssh > 192.168.178.201.50978: Flags [S.], seq 3096378100, ack 717405249, win 65160, options [mss 1460,sackOK,TS val 2374096046 ecr 2710366450,nop,wscale 7], length 0
15:40:17.854440 enp24s0 In  IP 192.168.178.201.50978 > localhost.localdomain.ssh: Flags [.], ack 1, win 504, options [nop,nop,TS val 2710366515 ecr 2374096046], length 0
15:40:17.854533 enp24s0 In  IP 192.168.178.201.50978 > localhost.localdomain.ssh: Flags [P.], seq 1:40, ack 1, win 504, options [nop,nop,TS val 2710366516 ecr 2374096046], length 39: SSH: SSH-2.0-OpenSSH_8.4p1 Ubuntu-6ubuntu2
15:40:17.854558 enp24s0 Out IP localhost.localdomain.ssh > 192.168.178.201.50978: Flags [.], ack 40, win 509, options [nop,nop,TS val 2374096096 ecr 2710366516], length 0
15:40:17.868949 enp24s0 Out IP localhost.localdomain.ssh > 192.168.178.201.50978: Flags [P.], seq 1:22, ack 40, win 509, options [nop,nop,TS val 2374096111 ecr 2710366516], length 21: SSH: SSH-2.0-OpenSSH_8.6
15:40:17.921021 enp24s0 In  IP 192.168.178.201.50978 > localhost.localdomain.ssh: Flags [.], ack 22, win 504, options [nop,nop,TS val 2710366581 ecr 2374096111], length 0
15:40:17.921053 enp24s0 Out IP localhost.localdomain.ssh > 192.168.178.201.50978: Flags [P.], seq 22:958, ack 40, win 509, options [nop,nop,TS val 2374096163 ecr 2710366581], length 936
15:40:17.923354 enp24s0 In  IP 192.168.178.201.50978 > localhost.localdomain.ssh: Flags [P.], seq 1400:1552, ack 22, win 504, options [nop,nop,TS val 2710366582 ecr 2374096111], length 152
15:40:17.923380 enp24s0 Out IP localhost.localdomain.ssh > 192.168.178.201.50978: Flags [.], ack 40, win 509, options [nop,nop,TS val 2374096165 ecr 2710366581,nop,nop,sack 1 {1400:1552}], length 0
15:40:17.970760 enp24s0 In  IP 192.168.178.201.50978 > localhost.localdomain.ssh: Flags [.], ack 958, win 502, options [nop,nop,TS val 2710366636 ecr 2374096163], length 0
15:40:23.515951 enp24s0 Out IP localhost.localdomain.ssh > 192.168.178.201.50976: Flags [F.], seq 1871365406, ack 3356230338, win 509, options [nop,nop,TS val 2374101758 ecr 2710252244,nop,nop,sack 1 {1361:1562}], length 0
15:40:23.561831 enp24s0 In  IP 192.168.178.201.50976 > localhost.localdomain.ssh: Flags [R], seq 3356230338, win 0, length 0
15:40:23.801038 enp24s0 Out IP localhost.localdomain.ssh > 192.168.178.201.50976: Flags [F.], seq 0, ack 1, win 509, options [nop,nop,TS val 2374102043 ecr 2710252244,nop,nop,sack 1 {1361:1562}], length 0
15:40:23.854309 enp24s0 In  IP 192.168.178.201.50976 > localhost.localdomain.ssh: Flags [R], seq 3356230338, win 0, length 0
15:40:24.081058 enp24s0 Out IP localhost.localdomain.ssh > 192.168.178.201.50976: Flags [F.], seq 0, ack 1, win 509, options [nop,nop,TS val 2374102323 ecr 2710252244,nop,nop,sack 1 {1361:1562}], length 0
15:40:24.137406 enp24s0 In  IP 192.168.178.201.50976 > localhost.localdomain.ssh: Flags [R], seq 3356230338, win 0, length 0
15:40:24.697055 enp24s0 Out IP localhost.localdomain.ssh > 192.168.178.201.50976: Flags [F.], seq 0, ack 1, win 509, options [nop,nop,TS val 2374102939 ecr 2710252244,nop,nop,sack 1 {1361:1562}], length 0
15:40:24.745713 enp24s0 In  IP 192.168.178.201.50976 > localhost.localdomain.ssh: Flags [R], seq 3356230338, win 0, length 0

Thank you very much for your help so far!
 
There is ssh traffic between the to systems so that's not the problem. Your verbose output ends with.
Code:
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
When I do a verbose ssh connection from Mint to Fedora I see the same but I also get a reply.
Code:
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
So I'm thinking it may be a KexAlgorithms incompatiblity between the two systems or something like that. I'm no expert when it comes to encryption but can you run this command on both systems and share the output.
Code:
 ssh -Q KexAlgorithms
 

Members online


Top