ESXi, OmniOS VM and problem with portforwarding (TCP_NODELAY: Invalid argument)

Discussion in 'Solaris, Nexenta, OpenIndiana, and napp-it' started by nle, Jun 29, 2013.

  1. nle

    nle Member

    Joined:
    Oct 24, 2012
    Messages:
    175
    Likes Received:
    6
    Hi Guys, I have successfully installed ESXi and then OmniOS VM (with napp-it –*thanks Gea!)

    Im trying to SSH with portforwarding to the OmniOS VM (with two aggregated passthrough NICs), but I keep getting "sshd[695]: [ID 800047 auth.error] error: setsockopt TCP_NODELAY: Invalid argument" in messages. Normal SSH works fine.

    I try to connect with:
    Code:
    ssh -L 4200:localhost:4243 username@server.hostname
    It connects, but when my CrashPlan clients try connects I get this in messages:
    Code:
    Jun 29 22:42:43 hostname sshd[695]: [ID 800047 auth.error] error: setsockopt TCP_NODELAY: Invalid argument
    Jun 29 22:45:35 hostname last message repeated 1 time
    Jun 29 22:52:50 hostname sshd[1081]: [ID 800047 auth.error] error: setsockopt TCP_NODELAY: Invalid argument
    
    It seems like the CrashPlan service is listening on port 4242
    Code:
    #netstat -na | grep LISTEN | grep 42
          *.4242               *.*                0      0 65880      0 LISTEN
    ::ffff:127.0.0.1.4243                   *.*                             0      0 128000      0 LISTEN
          *.4242                            *.*                             0      0 65880      0 LISTEN

    I have tried to set
    Code:
    AllowTcpPortforwarding yes 
    GatewayPorts yes
    in sshd_config, but none of the above works.

    Current sshd_config:
    Code:
    #
    # Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
    #
    # Configuration file for sshd(1m) (see also sshd_config(4))
    #
    
    # Protocol versions supported
    #
    # The sshd shipped in this release of Solaris has support for major versions
    # 1 and 2.  It is recommended due to security weaknesses in the v1 protocol
    # that sites run only v2 if possible. Support for v1 is provided to help sites
    # with existing ssh v1 clients/servers to transition. 
    # Support for v1 may not be available in a future release of Solaris.
    #
    # To enable support for v1 an RSA1 key must be created with ssh-keygen(1).
    # RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they
    # do not already exist, RSA1 keys for protocol v1 are not automatically created.
    
    # Uncomment ONLY ONE of the following Protocol statements.
    
    # Only v2 (recommended)
    Protocol 2
    
    # Both v1 and v2 (not recommended)
    #Protocol 2,1
    
    # Only v1 (not recommended)
    #Protocol 1
    
    # Listen port (the IANA registered port number for ssh is 22)
    Port 22
    
    # The default listen address is all interfaces, this may need to be changed
    # if you wish to restrict the interfaces sshd listens on for a multi homed host.
    # Multiple ListenAddress entries are allowed.
    
    # IPv4 only
    ListenAddress 0.0.0.0
    # IPv4 & IPv6
    #ListenAddress ::
    
    # If port forwarding is enabled (default), specify if the server can bind to
    # INADDR_ANY. 
    # This allows the local port forwarding to work when connections are received
    # from any remote host.
    #GatewayPorts no #default
    GatewayPorts yes
    
    # X11 tunneling options
    X11Forwarding yes
    X11DisplayOffset 10
    X11UseLocalhost yes
    
    # The maximum number of concurrent unauthenticated connections to sshd.
    # start:rate:full see sshd(1) for more information.
    # The default is 10 unauthenticated clients.
    #MaxStartups 10:30:60
    
    # Banner to be printed before authentication starts.
    Banner /etc/issue
    
    # Should sshd print the /etc/motd file and check for mail.
    # On Solaris it is assumed that the login shell will do these (eg /etc/profile).
    PrintMotd no
    
    # KeepAlive specifies whether keep alive messages are sent to the client.
    # See sshd(1) for detailed description of what this means.
    # Note that the client may also be sending keep alive messages to the server.
    KeepAlive yes
    
    # Syslog facility and level 
    SyslogFacility auth
    LogLevel info
    
    #
    # Authentication configuration
    # 
    
    # Host private key files
    # Must be on a local disk and readable only by the root user (root:sys 600).
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    
    # Length of the server key
    # Default 768, Minimum 512
    ServerKeyBits 768
    
    # sshd regenerates the key every KeyRegenerationInterval seconds.
    # The key is never stored anywhere except the memory of sshd.
    # The default is 1 hour (3600 seconds).
    KeyRegenerationInterval 3600
    
    # Ensure secure permissions on users .ssh directory.
    StrictModes yes
    
    # Length of time in seconds before a client that hasn't completed
    # authentication is disconnected.
    # Default is 600 seconds. 0 means no time limit.
    LoginGraceTime 600
    
    # Maximum number of retries for authentication
    # Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2
    MaxAuthTries  →  6
    MaxAuthTriesLog  →  3
    
    # Are logins to accounts with empty passwords allowed.
    # If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK 
    # to pam_authenticate(3PAM).
    PermitEmptyPasswords no
    
    # To disable tunneled clear text passwords, change PasswordAuthentication to no.
    PasswordAuthentication yes
    
    # Are root logins permitted using sshd.
    # Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
    # maybe denied access by a PAM module regardless of this setting.
    # Valid options are yes, without-password, no.
    PermitRootLogin no
    
    # sftp subsystem
    Subsystem  →  sftp  →  internal-sftp
    
    
    # SSH protocol v1 specific options
    #
    # The following options only apply to the v1 protocol and provide
    # some form of backwards compatibility with the very weak security
    # of /usr/bin/rsh.  Their use is not recommended and the functionality
    # will be removed when support for v1 protocol is removed.
    
    # Should sshd use .rhosts and .shosts for password less authentication.
    IgnoreRhosts yes
    RhostsAuthentication no
    
    # Rhosts RSA Authentication
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts.
    # If the user on the client side is not root then this won't work on
    # Solaris since /usr/bin/ssh is not installed setuid.
    RhostsRSAAuthentication no
    
    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.
    #IgnoreUserKnownHosts yes
    
    # Is pure RSA authentication allowed.
    # Default is yes
    RSAAuthentication yes
    
    #portforwarding #non-default
    AllowTcpForwarding yes
    
     
    #1
    Last edited: Jun 30, 2013
  2. nle

    nle Member

    Joined:
    Oct 24, 2012
    Messages:
    175
    Likes Received:
    6
    I managed to fix the problem. After alot of googling, irc, etc. I suddenly remembered I experienced the same error on Nexenta. The error is due to IPV6.

    You can fix it by disabling ipv6 in the sshd, and here is what you do:

    Modifiy: /lib/svc/method/sshd
    Find the line "/usr/lib/ssh/sshd" and change it to "/usr/lib/ssh/sshd -4"

    Then edit "/etc/ssh/sshd_config" and comment
    out "ListenAddress ::" and uncomment "ListenAddress 0.0.0.0"

    Execute "svcadm restart ssh" and you are good to go.
     
    #2
Similar Threads: ESXi OmniOS
Forum Title Date
Solaris, Nexenta, OpenIndiana, and napp-it OmniOS 151030 VM (ESXi) with LSI 9400-8i Tri-Mode HBA freezing up Aug 10, 2019
Solaris, Nexenta, OpenIndiana, and napp-it Esxi 6.7 / OmniOS 151028 Dec 18, 2018
Solaris, Nexenta, OpenIndiana, and napp-it FreeBSD/FreeNAS vs OmniOS/Napp-it write speeds when used as ESXi NFS VM datastore? Jul 29, 2018
Solaris, Nexenta, OpenIndiana, and napp-it Napp-in-one (OmniOS) on ESXi 6.5U1, performance issues? Feb 21, 2018
Solaris, Nexenta, OpenIndiana, and napp-it OmniOS / ESXi / multiple NICs Feb 21, 2018

Share This Page