Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Can't SSH access 2nd Solaris ZONE *** Beginner Question *** HELP!!

2,221 views
Skip to first unread message

underh20

unread,
Aug 3, 2009, 7:15:21 PM8/3/09
to
Dear Sir/Madam,

I created 2 zones "admiralty" and "stanley" at our Solaris 10 server.
All zones are running.
I can SSH in zone "admiralty" with no problem. However, I am getting
"ssh: connect to host stanley port 22: Connection refused" message
when I tried to SSH into
zone "stanley" from external. I see binding to port 22 error at
stanley's /var/adm/message file.
I suspected that there may be issue with loopback address or netmasks/
IP address setup at zone stanley. Could anyone help me resolving this
please ?

Below are the outputs "zoneadm list -cv" & "ifconfig -a" from global
zone,
"/var/adm/messages" & "/etc/inet/hosts" files from zone stanley and
"/etc/inet/hosts" file from zone admiralty.


Thanks, Bill

# zoneadm list -cv <from GLOBAL ZONE>

ID NAME STATUS PATH
BRAND IP
0 global running /
native shared
3 admiralty running /export/zone/admiralty
native shared
4 stanley running /export/zone/stanley
native shared

# ifconfig -a <from GLOBAL ZONE>

lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>
mtu 8232 index 1
zone stanley
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>
mtu 8232 index 1
zone admiralty
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
index 2
inet 172.25.114.174 netmask ffffff00 broadcast 172.25.114.255
ether 0:0:e:25:27:7b
hme0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
index 2
zone stanley
inet 172.25.114.177 netmask ffffff00 broadcast 172.25.114.255
hme0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
index 2
zone admiralty
inet 172.25.114.176 netmask ffffff00 broadcast 172.25.114.255

# cat /var/adm/messages <from ZONE stanley>
:
:
Aug 3 17:51:56 stanley sshd[971]: [ID 800047 auth.error] error: Bind
to port 22 on 172.25.114.174 failed: Cann
ot assign requested address.
Aug 3 17:51:56 stanley sshd[971]: [ID 800047 auth.crit] fatal: Cannot
bind any address.
Aug 3 17:51:56 stanley sshd[974]: [ID 800047 auth.error] error: Bind
to port 22 on 172.25.114.174 failed: Cann
ot assign requested address.
Aug 3 17:51:56 stanley sshd[974]: [ID 800047 auth.crit] fatal: Cannot
bind any address.
:
:
:


# cat /etc/inet/hosts <from ZONE stanley>
::1 localhost # original
127.0.0.1 localhost # original
172.25.114.177 stanley loghost

# cat /etc/inet/hosts <from ZONE admiralty>
::1 localhost
127.0.0.1 localhost
172.25.114.176 admiralty loghost

Ian Collins

unread,
Aug 3, 2009, 7:51:13 PM8/3/09
to
underh20 wrote:
> Dear Sir/Madam,
>
> I created 2 zones "admiralty" and "stanley" at our Solaris 10 server.
> All zones are running.
> I can SSH in zone "admiralty" with no problem. However, I am getting
> "ssh: connect to host stanley port 22: Connection refused" message
> when I tried to SSH into
> zone "stanley" from external. I see binding to port 22 error at
> stanley's /var/adm/message file.
> I suspected that there may be issue with loopback address or netmasks/
> IP address setup at zone stanley. Could anyone help me resolving this
> please ?
>
What does "svcs -l ssh" show you on stanley?

There might be some information in

/var/svc/log/network-ssh:default.log

--
Ian Collins

Ewald Ertl

unread,
Aug 4, 2009, 2:19:44 AM8/4/09
to
Hi,
I don't know why, but the ssh seems to try to bind to the IP-address
of the
global zone.

Perhaps you can investigate this with some system tools. like truss or
dtrace?

HTH
Ewald


underh20

unread,
Aug 4, 2009, 6:15:48 PM8/4/09
to
> Ewald- Hide quoted text -
>
> - Show quoted text -

Thanks for everyone's help. I was able to find the root cause of the
problem. The /etc/ssh/sshd_config
file in zone stanley was carried over from the global zone. We have
the "ListenAddress" binded to
the host address "172.25.114.174" in global zone. I just blanked out
the entry to "ListenAddress :: "
at the sshd_config file in zone stanley. Afterwards, I rebooted zone
stanley. The ssh service starts
fine and I can logged back on again. Problem is resolved :-)

THANKS,

Bill

Ian Collins

unread,
Aug 4, 2009, 6:24:52 PM8/4/09
to
underh20 wrote:
>
> Thanks for everyone's help. I was able to find the root cause of the
> problem. The /etc/ssh/sshd_config
> file in zone stanley was carried over from the global zone. We have
> the "ListenAddress" binded to
> the host address "172.25.114.174" in global zone. I just blanked out
> the entry to "ListenAddress :: "
> at the sshd_config file in zone stanley. Afterwards, I rebooted zone
> stanley. The ssh service starts
> fine and I can logged back on again. Problem is resolved :-)
>
If you change sshd_config, all that's required is:

svcadm restart ssh

to restart the service.

--
Ian Collins

0 new messages