MegaZone (zonereyrie) wrote,

  • Mood:
  • Music:

*grumble fsck mutter* Spurious errors

Ok, Paul, our ops dude, tightened down the PIX between some of our internal subnets. Ok, I can't blame him for that, it was a bit lax. He forgot to punch the holes for some things though, like UDP 53 (that's DNS folks), TCP 25 (SMTP aka email), and such. This caused the Linux box I maintain on the DMZ to suffer breakage - it became unreachable via SSH (even with TCP 22 - couldn't verify the host keys, I'm thinking DNS issue), and the emails it sends from cron, and when certain web forms are submitted, couldn't get out.

Ok, so I went down to the cage to work on things from console. Paul and I sorted things out, got 53, 25, 123 (NTP) and all punched through, and the mail got sent...

Ok, well, the only Linux box in the cage is this one, so 'ssh localhost'. Failure. 'ssh [IP]'. Failure. 'ssh' Failure. WTF?! Ok, nothing on the firewall logs, this is local. SSH broke at the same time? Well, the last connection I made, the other day, was to run 'up2date' and patch the box. Ok, maybe that broke something - but I applied the same patches to the two Linux boxes on my desktop and neither of those has a problem. So I beat my head against ssh and sshd for a while, thinking I must be missing *something*. Google produced some interesting data - but they were red herrings. Not that I knew that before spending some time chasing my tail...

I eventually got frustrated enough that I decided to go back to my cube where I could type comfortably - ie, not on a rack mount keyboard that is too high for sitting and too low for standing.

It fscking works. I can ssh into the remote box from my desk. WTF?!

ok, 'ssh localhost' - fails, just like in the cage.

You're shitting me, I just wasted time and drove up my blood pressure on an error that isn't? *mutter*

Oh, it works if you're root. Apparently 'ssh localhost' doesn't work as a non-priviledged user. I really don't care why it doesn't. I just wish I'd known that a few hours ago.

I'm going to lunch now.

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded