Reverse a chained SSH connection ?

Similar Messages

• Problems with SSH: Connection Refused

  Greetings fellow Arch users,
  I have hit a bit of a snag that I could really use some extra help getting around. I've tried everything I can think of (and everything that Google thought might work) and I have my back rather against a wall, so I thought I'd come here to see if anyone can offer some advice.
  To make a long story short, I am a college student and am attempting to set up an ssh server on a desktop at my house so I can access it remotely from the college. I have the computer set up and the server running, however I am having difficulty making connections to it from my laptop. I know that the server is running, because I can log into it both from the server itself (sshing into local host) and from my laptop when I use the internal IP address.
  The server is on a static IP address within the network(192.168.0.75), and my router is configured to forward TCP port 1500 to it (I'm using 1500 as the port for my ssh server). However, when I attempt to log into the ssh server using my network's external IP address, the connection is refused. I used nmap to scan my network and found that, even though the proper ports are forwarded to the proper place as far as my Router's configuration interface is concerned, port 1500 is not listed as one of the open TCP ports. I also, to test it, temporarily disabled the firewalls on both the server and the client. That didn't help. The command that I am running is:
  ssh -p 1500 douglas@[external ip address
  As I am really not sure what is causing this problem, I don't know what information to provide. So here is everything that my inexperienced mind sees as likely being important. If you need anything more, let me know and I will do my best to provide it.
  Here is the sshd_config file from my server.
  # This is the sshd server system-wide configuration file. See
  # sshd_config(5) for more information.
  # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
  # The strategy used for options in the default sshd_config shipped with
  # OpenSSH is to specify options with their default value where
  # possible, but leave them commented. Uncommented options override the
  # default value.
  Port 1500
  #AddressFamily any
  #ListenAddress 0.0.0.0
  #ListenAddress ::
  # The default requires explicit activation of protocol 1
  #Protocol 2
  # HostKey for protocol version 1
  #HostKey /etc/ssh/ssh_host_key
  # HostKeys for protocol version 2
  #HostKey /etc/ssh/ssh_host_rsa_key
  #HostKey /etc/ssh/ssh_host_dsa_key
  #HostKey /etc/ssh/ssh_host_ecdsa_key
  # Lifetime and size of ephemeral version 1 server key
  #KeyRegenerationInterval 1h
  #ServerKeyBits 1024
  # Ciphers and keying
  #RekeyLimit default none
  # Logging
  # obsoletes QuietMode and FascistLogging
  #SyslogFacility AUTH
  #LogLevel INFO
  # Authentication:
  #LoginGraceTime 2m
  PermitRootLogin no
  #StrictModes yes
  #MaxAuthTries 6
  #MaxSessions 10
  #RSAAuthentication yes
  #PubkeyAuthentication yes
  # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
  # but this is overridden so installations will only check .ssh/authorized_keys
  AuthorizedKeysFile .ssh/authorized_keys
  #AuthorizedPrincipalsFile none
  #AuthorizedKeysCommand none
  #AuthorizedKeysCommandUser nobody
  # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  #RhostsRSAAuthentication no
  # similar for protocol version 2
  #HostbasedAuthentication no
  # Change to yes if you don't trust ~/.ssh/known_hosts for
  # RhostsRSAAuthentication and HostbasedAuthentication
  #IgnoreUserKnownHosts no
  # Don't read the user's ~/.rhosts and ~/.shosts files
  #IgnoreRhosts yes
  # To disable tunneled clear text passwords, change to no here!
  #PasswordAuthentication yes
  #PermitEmptyPasswords no
  # Change to no to disable s/key passwords
  ChallengeResponseAuthentication no
  # Kerberos options
  #KerberosAuthentication no
  #KerberosOrLocalPasswd yes
  #KerberosTicketCleanup yes
  #KerberosGetAFSToken no
  # GSSAPI options
  #GSSAPIAuthentication no
  #GSSAPICleanupCredentials yes
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
  # be allowed through the ChallengeResponseAuthentication and
  # PasswordAuthentication. Depending on your PAM configuration,
  # PAM authentication via ChallengeResponseAuthentication may bypass
  # the setting of "PermitRootLogin without-password".
  # If you just want the PAM account and session checks to run without
  # PAM authentication, then enable this but set PasswordAuthentication
  # and ChallengeResponseAuthentication to 'no'.
  UsePAM yes
  #AllowAgentForwarding yes
  #AllowTcpForwarding yes
  #GatewayPorts no
  #X11Forwarding no
  #X11DisplayOffset 10
  #X11UseLocalhost yes
  PrintMotd no # pam does that
  #PrintLastLog yes
  #TCPKeepAlive yes
  #UseLogin no
  UsePrivilegeSeparation sandbox # Default for new installations.
  #PermitUserEnvironment no
  #Compression delayed
  #ClientAliveInterval 0
  #ClientAliveCountMax 3
  #UseDNS yes
  #PidFile /run/sshd.pid
  #MaxStartups 10:30:100
  #PermitTunnel no
  #ChrootDirectory none
  #VersionAddendum none
  # no default banner path
  #Banner none
  # override default of no subsystems
  Subsystem sftp /usr/lib/ssh/sftp-server
  # Example of overriding settings on a per-user basis
  #Match User anoncvs
  # X11Forwarding no
  # AllowTcpForwarding no
  # ForceCommand cvs server
  The ouptut of ip addr when run on the server:
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
  valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host
  valid_lft forever preferred_lft forever
  2: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
  link/ether 00:21:9b:3a:be:94 brd ff:ff:ff:ff:ff:ff
  inet 192.168.0.75/24 brd 192.168.255.0 scope global enp8s0
  valid_lft forever preferred_lft forever
  inet6 fe80::221:9bff:fe3a:be94/64 scope link
  valid_lft forever preferred_lft forever
  Here is the output from running nmap on the network:
  Starting Nmap 6.40 ( http://nmap.org ) at 2013-09-28 21:05 EDT
  Initiating Ping Scan at 21:05
  Scanning address [2 ports]
  Completed Ping Scan at 21:05, 0.01s elapsed (1 total hosts)
  Initiating Parallel DNS resolution of 1 host. at 21:05
  Completed Parallel DNS resolution of 1 host. at 21:05, 0.05s elapsed
  Initiating Connect Scan at 21:05
  Scanning pa-addresss.dhcp.embarqhsd.net (address) [1000 ports]
  Discovered open port 80/tcp on address
  Discovered open port 443/tcp on address
  Discovered open port 23/tcp on address
  Discovered open port 21/tcp on address
  Completed Connect Scan at 21:05, 4.08s elapsed (1000 total ports)
  Nmap scan report for pa-address.dhcp.embarqhsd.net (address)
  Host is up (0.036s latency).
  Not shown: 995 closed ports
  PORT STATE SERVICE
  21/tcp open ftp
  23/tcp open telnet
  80/tcp open http
  443/tcp open https
  8080/tcp filtered http-proxy
  Read data files from: /usr/bin/../share/nmap
  Nmap done: 1 IP address (1 host up) scanned in 4.19 seconds
  Here is the ssh_config client-side:
  # $OpenBSD: ssh_config,v 1.27 2013/05/16 02:00:34 dtucker Exp $
  # This is the ssh client system-wide configuration file. See
  # ssh_config(5) for more information. This file provides defaults for
  # users, and the values can be changed in per-user configuration files
  # or on the command line.
  # Configuration data is parsed as follows:
  # 1. command line options
  # 2. user-specific file
  # 3. system-wide file
  # Any configuration value is only changed the first time it is set.
  # Thus, host-specific definitions should be at the beginning of the
  # configuration file, and defaults at the end.
  # Site-wide defaults for some commonly used options. For a comprehensive
  # list of available options, their meanings and defaults, please see the
  # ssh_config(5) man page.
  # Host *
  # ForwardAgent no
  # ForwardX11 no
  # RhostsRSAAuthentication no
  # RSAAuthentication yes
  # PasswordAuthentication yes
  # HostbasedAuthentication no
  # GSSAPIAuthentication no
  # GSSAPIDelegateCredentials no
  # BatchMode no
  # CheckHostIP yes
  # AddressFamily any
  # ConnectTimeout 0
  # StrictHostKeyChecking ask
  # IdentityFile ~/.ssh/identity
  # IdentityFile ~/.ssh/id_rsa
  # IdentityFile ~/.ssh/id_dsa
  # Port 22
  Protocol 2
  # Cipher 3des
  # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
  # MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160
  # EscapeChar ~
  # Tunnel no
  # TunnelDevice any:any
  # PermitLocalCommand no
  # VisualHostKey no
  # ProxyCommand ssh -q -W %h:%p gateway.example.com
  # RekeyLimit 1G 1h
  Output of ssh -v during connection attempt:
  OpenSSH_6.3, OpenSSL 1.0.1e 11 Feb 2013
  debug1: Reading configuration data /home/douglas/.ssh/config
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to address [address] port 1500.
  debug1: connect to address address port 1500: Connection refused
  ssh: connect to host address port 1500: Connection refused
  Thank you guys ahead of time. Getting this server operational is hardly critical, it is just a side project of mine, but I would really like to see it working.
  Douglas Bahr Rumbaugh
  Last edited by douglasr (2013-09-29 02:58:56)

  Okay, so I finally have the opportunity to try and log in from a remote network. And. . .  it doesn't work. Which is just my luck because I now need to wait an entire week, at least, before I can touch the server again. Anyway, running ssh with the maximum verbosity I get this output:
  douglas ~ $ ssh -vvv -p 2000 address
  OpenSSH_6.3, OpenSSL 1.0.1e 11 Feb 2013
  debug1: Reading configuration data /home/douglas/.ssh/config
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug2: ssh_connect: needpriv 0
  debug1: Connecting to address [address] port 2000.
  debug1: connect to address address port 2000: Connection timed out
  ssh: connect to host address port 2000: Connection timed out
  It takes a minute or two for the command to finish with the connection timeout, as one would expect. And yes, I am reasonably sure that the address that I am using is my home network's external IP. It is dynamic, but I checked it before I left which was just over an hour ago. I guess that it may have changed. I'll know that for sure in the morning, when my server sends me an automatic email with the network's current address. In the meantime I am operating under the assumption that the address I am using is correct. What else could be the problem?

• [SOLVED] Problem with adding a SSH connection to startup

  Hi guys. I have a problem with adding ssh connection to startup. i want this command to run before kde login screen  and keep running all time.
  ssh -D 9292 remoteuser@remotehost
  but it doesnt connect. Thanks for help!
  Last edited by alperenel (2011-03-11 00:10:27)

  cactus wrote:
  ssh -fN -D 9292 remoteuser@remotehost
  you need -f, which sends ssh to the background, and -N which does not execute a remote command.
  If you need it to run as a user other than root, then you probably need to utilize su as well.
  it didnt work either. i am putting it in rc.local but doesnt work.

• Prime 4.2 Telnet/ SSH Connections to Switches

  Hi everybody,
  I have a problem with LMS 4.2 and use Telnet/ SSH tool to open network devices.
  If I start the tool telnet/ssh, always starts a telnet session and no ssh session.
  But telnet is disabled on all devices in my network. Can I change something to open automatically a ssh session with putty?
  regards Bjoern

  Hi Bjoern,
  I am assuming you refer to the Device Center > Tools > Telnet/SSH option.
  The problem is not on LMS actually. What happens is that in the background, a telnet:// is being called.
  What will happen is that your system will launch whatever application has been assigned to the telnet protocol, typically the Windows CMD, which will open a telnet session automatically.
  In order to change this to use Putty for example, which would allow you to change to SSH connectivity (manually though) you can do the following:
  1) BACKUP YOUR REGISTRY.
  Go to Start > Run > Regedit > File > Export.
  2) Locate the following key:
  HKEY_CLASSES_ROOT > Telnet > shell > Open > command > (default)
  3) Modify the key value to point to the location of your "putty.exe" file (make sure to include the double quotes).
  Default value:
  "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\url.dll",TelnetProtocolHandler %l
  New value (will open putty automatically to the selected IP):
  "D:\Tools\putty.exe" %l
  New value (will open putty normally, you will need to type the IP but can change the connection protocol/port if desired):
  "D:\Tools\putty.exe"
  This should make your system open Putty for any "telnet://" links, including the Telnet/SSH link in the Tools section of Device Center.
  Best regards,
  Luis
  Message was edited by: Luis Jimenez
  Message was edited by: Luis Jimenez

• Ipfilter reload rules - how it impac the current SSH connection?

  Hi,
  I login to another solaris 10 system thru SSH, and change the ipfilter rultes in /etc/ipf/ipf.conf, generally as follows;
  - flush all the existing rules (not the state table)
  - reload the rules from cfg file
  I've sometimes my SSH connection is not impacted, but sometimes it can hange for a while, and a couple CR hits could bring it back...
  Anybody can explain how this part of ipfilter works internally? I suppose if the state table is flushed out, the SSH connection would definitely be shut-down?
  Thanks

  Seems that the problem was because my J2E app was running in a tomcat servlet container as a service. The service user account was set to the local service account. Plink was looking for its public key in CURRENT_USER (i.e. local service user) and not finding it.
  I've added the required registry settings to the default user in the registry and these get picked up by the local system user.
  Hey presto - plink can connect!

• SSH connections not logged on wtmpx

  Hello,
  which patch enables ssh to log connections to wtmpx?
  Actually the "last" command only shows login data about assigned pts, but if i
  connect using:
  ssh -T root@sunbox
  no record is logged on wtmpx. Also the "w" and "last" command doesn't show
  the user root as logged in, while... it is.
  I checked on solaris 10 and this issue is fixed, as ssh connections are logged
  apart from the terminal allocation.
  Someone know wich patch is needed on solaris 9 to solve this problem?
  Thank you in advance
  Robert

  Hello,
  which patch enables ssh to log connections to wtmpx?
  Actually the "last" command only shows login data about assigned pts, but if i
  connect using:
  ssh -T root@sunbox
  no record is logged on wtmpx. Also the "w" and "last" command doesn't show
  the user root as logged in, while... it is.
  I checked on solaris 10 and this issue is fixed, as ssh connections are logged
  apart from the terminal allocation.
  Someone know wich patch is needed on solaris 9 to solve this problem?
  Thank you in advance
  Robert

• Ping is ok, but no SSH connection

  Hi everybody,
  I have a problem with SSH connection. 
  I have a network, which can be pinged and connected by SSH from my laptop. 
  And some other machines (in my subnet)can ping this range of network, but can't connect by SSH. 
  No access list restrictions. No closed ports from server side. 
  And one thing... 
  I've checked bu wireshark, and see that, when this machines try to connect by SSH, there is no request out of its Ethernet interface. Ping is ok, again. 
  But they can connect by SSH to other machines, from other subnets. 
  Which information do you need to investigate and help with this problem? 

  If the original poster is able to SSH to the device from his laptop then this demonstrates that SSH is enabled and seems correctly configured (which rules out one of the most common problems).
  If other devices are able to ping then it seems to demonstrate IP connectivity and correct routing (which rules out another of the common problems).
  I wonder if the problem might involve versions of SSH and what is configured on the device. If the device specifies version 2 (for example) and the original poster is specifying version 2 but the other devices are using version 1 then it would cause these symptoms.
  It would be helpful if the original poster would provide the output of show ip ssh and the configuration of the vty ports. It would be even more helpul if the original poster would provide the complete configuration of the device (with sensitive data masked out).
  HTH
  Rick

• WS-6509 refusing SSH connections via TACACS+ 5.5

  Hello everyone, we have our Core 6509's using AAA with TACACS+ version 5.5 appliance.
  We have 4 appliances 2 each in 2 locations.
  We have an issue where 6509's refuse to authorize/authenticate valid users for ssh connections.
  When you ssh to the device you can enter your password but ssh tectia just closes or you see the login banner and "Authorization denied" and ssh closes.
  The switches have there tacacs-server settings pointing to all four TACACS+ devices.
  Occasionally one or both will attempt to use one of the 2 non local TACACS+ servers to authenticate/athorize connections.
  You can login from the console if you interrupt it's connection to TACACS by disconnecting the fiber connections momentarily.
  Has anyone seen something like this before?
  This happens once or twice a year.
  ej

  That's the funny part, TACACS shows green stating that I'm passing all the checks.
  When I select the magnifying glass I see "passed" in green at the top.
  when I check "Evaluating Identity Policy" it says.
  Matched Default Rule
  Selected Identity Store - Internal Users
  Authenticating user against Active Directory
  Could not establish connection with ACS Active Directory agent
  Looking up User in Internal Users IDStore - "My username"
  Found User in Internal Users IDStore
  Wrong password or invalid shared secret
  The advanced option that is configured for a failed authentication request is used.
  The 'Continue' advanced option is configured in case of a failed authentication request.
  But I'm able to access all other switches so my AD username/password are correct.
  At first I was unable to access it's pair. After we did a hard reset on one of the ACS's that was resolved.
  But I still can't get into the other pair.
  ej

• SSH timeout not available while on ssh connection

  Hi Everyone,
  I found that ssh timeout command is  only available when you console to ASA.
  It is not available when you do the ssh connection to ASA is this default behaviour? or any reason behind it?
  Thanks
  Mahesh

  Hi Jennifer,
  My bad actually i overlooked the command.
  it does have  option
  ciscoasa(config)# ssh                         ?
  configure mode commands/options:
    Hostname or A.B.C.D  The IP address of the host and/or network authorized to
                         login to the system
    X:X:X:X::X/<0-128>   IPv6 address/prefix authorized to login to the system
    scopy                Secure Copy mode
    timeout              Configure ssh idle timeout ?????????????
    version              Specify protocol version to be supported
  exec mode commands/options:
    disconnect  Specify SSH session id to be disconnected after this keyword
  Thanks for help.
  MAhesh

• Number of ssh connection to Oracle servers

  Hello All,
  one of the requirements while implementing Oracle rac is to have passwordless ssh connectivity betweeen the nodes.
  My question is that needed after implementation by the Oracle nodes?
  Does Oracle nodes communicate to each others using ssh after implementation?
  Regards,

  OK, a quick search yielded this Oracle document
  http://www.oracle.com/technetwork/articles/hunter-rac11gr2-iscsi-2-088698.html
  16. Configure RAC Nodes for Remote Access using SSH - (Optional)
  Perform the following optional procedures on both Oracle RAC nodes to manually configure passwordless SSH connectivity between the two cluster member nodes as the "grid" and "oracle" user.
  One of the best parts about this section of the document is that it is completely optional! That's not to say configuring Secure Shell (SSH) connectivity between the Oracle RAC nodes is not necessary. To the contrary, the Oracle Universal Installer (OUI) uses the secure shell tools ssh and scp commands during installation to run remote commands on and copy files to the other cluster nodes. During the Oracle software installations, SSH must be configured so that these commands do not prompt for a password. The ability to run SSH commands without being prompted for a password is sometimes referred to as user equivalence.
  The reason this section of the document is optional is that the OUI interface in 11g release 2 includes a new feature that can automatically configure SSH during the actual install phase of the Oracle software for the user account running the installation. The automatic configuration performed by OUI creates passwordless SSH connectivity between all cluster member nodes. Oracle recommends that you use the automatic procedure whenever possible.
  Regards
  Venkat

• AIX SSH Connectivity,  existence check failed for bin/bash

  hello;
  I received error
  AIX 7 Oracle RAC 11g R2
  Oracle RAC AIX SSH Connectivity
  existence check failed for bin/bash on node2
  but the bin/bash exists
  have any idea?
  regards
  siyavus
  Edited by: sak on May 31, 2011 10:41 PM

  Does it really say "bin/bash"? It should have a slash in front of bin: "/bin/bash"
  Can you login to node 2 and do:
  echo $PATH
  ls -l /bin/bash

• New Terminal tab same ssh connection

  How do I open a new terminal tab so that it opens the same remote ssh connection as my current tab?

  ssh connections are a single process running in one shell, and when you create a new tab you are creating a new local shell that will not be running this process. Furthermore the remote server will not accept a duplicate connection from you without authentication. In essence, this is impossible to do. The closest thing you can do is make use of the bash history, and press the up arrow to scroll through your most recent commands until you get to the ssh command you used for your current connection, and then execute it.
  If the connection is a standard one you regularly use, then you can bookmark it in your .bashrc file by creating a function that points to it. For instance, the following in your .bashrc file would make a specific ssh connection be run by entering "myserver" at the command line:
  function myserver() {
       ssh username|password@hostname
  You can leave out the password option to have it prompt you for the password each time (it is also more secure to leave out the password).

• Setting Printmotd to yes in sshd_config disallows SSH connections

  Once I set Printmotd to yes, HUP the ssh daemon and try to establish a ssh connection, it just hangs indefinitely after accepting the password. This is on Solaris 9 with Open SSL. I have checked the following:
  1. The sshd_config file is not the problem as it runs okay on another server without a problem.
  2. Eliminated the possibility of a connection between the version of Solaris and the OpenSSL version by testing it on another server with the same versions.
  3. Identified that only the Printmotd setting is causing new ssh connections to hang on these domains.
  4. Checked that the sshd binary is also working fine by transporting it across to another test server.
  5. Replicated the same settings as they exist on the other Solaris 9 server to these domains, however the ssh connections still failed.
  6. Investigated the /etc/profile settings as well and they are the the same.
  I have checked the permissions of /etc/issue and those are different. Can that be the cause of the problem? or is it something else that I have overlooked?

  Using debug mode, when I try to login I get the completely same set of messages that i would get when ssh is working, except it hangs at the point indicated below:
  debug1: next auth method to try is password
  d36@nuspe's password:
  debug1: ssh-userauth2 successfull: method password
  debug1: channel 0: new [client-session]
  debug1: send channel open 0
  debug1: Entering interactive session.
  debug1: client_init id 0 arg 0
  debug1: channel request 0: shell
  debug1: channel 0: open confirm rwindow 0 rmax 32768 -> Stops here
  A successful ssh connection goes from the previous line to:
  Last login: Mon Jun 15 13:38:48 2009 from nus007

• LMS 4.2 is not releasing SSH connections of the devices

  Hello!
  We have LMS opens SSH sessions to Nexus 5000 devices as part of some jobs.
  These SSH connections are not being released by LMS as soon as jobs are completed, which leads the N5K devices to hang without any way of managing them remotely.
  We see these connections as idle on the nexus devices (which also should kill these sessions, but this is not the issue).
  We have found a known bug:
  CSCty90928
  LMS Pari jobs are not releasing SSH,telnet connections of the devices
  Symptom:
  Telnet/SSH connections are not released by LMS
  Conditions:
  Pari collections jobs are not releasing the connections after the Job completed
  Workaround:
  None
  This bug is categorized as "2 – severe" and is in "Open (Postponed)" status.
  I have a few questions, if anyone can assist:
  1.) What is the ETA to fix this bug?
  2.) Are there any other known bugs matching what we see (documented public bugs, with bug ID's, internal bugs or even undocumented bugs).
  3.) Is there any released or unreleased (even yet to be tested by TAC) patch we can use that should fix the issue?
  4.) Is there any way to adjust LMS idle timeout of SSH/Telnet sessions (I couldn't find it in the GUI, but maybe there is a way to change this parameter using a perl script or modifying one of LMS properties files)?
  Thanking in advance, Udi Dahan.

  Hello Ehud
  From N5k side we have submitted bug CSCty00044
  Currently there is no fix for it and our debelopment team is catively working on it and investigating the issue in the lab.
  To get ETA for the release I would suggest you reach your account team and check with them how fast fixed release will be available.
  HTH,
  Alex

• Users refused SSH connection of home directory server.

  I have an odd situation when using SSH connections for secure FTP file
  access on my NW6.5 servers.
  I've got two main data servers. Both are identical in setup: NW6.5SP8/eDir
  8.8SP5 VM's running on identical Dell PE1950's attached to a Hitachi SAN
  array.
  One server hosts the users' home folders, the other holds data shared across
  the enterprise.
  I have a third data server at a remote campus.
  With the server that hosts the user's home folders, I've several accounts
  that are not able to connect. The server logs indicate a failed password.
  That same user, however, can log in successfully to either the server that
  holds shared data or the server at the remote site.
  Due to the nature of how Novell implements SSH, once they've logged in,
  they're attached to their home folder on the server that will not allow them
  direct connection.
  Since this issue does not affect all users, I don't understand where the
  issue lies.
  The sshd_config file on both servers are identical.
  Not sure if it's applicable to this issue, but SDIDIAG reports no problems
  on either server.
  The entries from the respective log files:
  Home directory server:
  30 Mar - 19:02:36[0080892840] (4983b0e0)SSHD Session 1 <118429> : Failed
  password for xxxxx from xxx.xxx.xxx.xxx port 1525 ssh2
  30 Mar - 19:02:36[0080892840] (4983b0e0)SSHD Session 1 <118429> fatal: Read
  from socket failed: Error 0
  Shared data server:
  30 Mar - 19:03:19[0080892523] (40e601c0)SSHD Shell 109 <109376> :
  [email protected]:1526 - SFTP connection(109376) accepted.
  30 Mar - 19:03:19[0080892522] (40d074e0)SSHD Session 1 <109376> : subsystem
  request for sftp
  30 Mar - 19:03:18[0080892522] (40d074e0)SSHD Session 1 <109376> : Accepted
  password for xxxxx from xxx.xxx.xxx.xxx port 1526 ssh2
  In the past I've collected iMonitor traces, but could find anything concrete
  that points to a system issue.
  That said, I can't remember what all I set up in the trace configuration
  beyond NMAS and LDAP, so I may have been looking for the wrong thing.
  Any ideas of where to look for problems are welcome.

  Grant,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/