Hi,
I have just installed openssh on a recently installed Solaris 8 server and ran the ssh command "ssh -vv <hostname> -l <user name>" from another server to the new server . In return, I would only receive about four debug lines and then an error message of "ssh: connect to host <host name> port 22: Connection refused." Do you happen to know how and where I can resolve this ssh issue? Thank you.
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Hi,
The ssh daemon is on.... After checking with the "ps -ef | grep sshd, it did show that the sshd is on. When I to execute the daemon from the /usr/local/sbin directory (sshd), it would then come back with a "sshd re-exec requires execution with an absolute path." With that message, it seems as though ssh daemon is on.
From previous exprience with installing Solaris 8, I have never encountered with the firewall being turned on. If it is, where would I go to turn it off?
Hi Tintin,
The two Solaris servers are on different subnets. I have talk to our network engineer and he mentioned that the port 22 is not blocked on the PIX firewall. Is there someing in the ssh_config file that would block any port 22 activity coming in to be blocked and port 22 going out to be open? Thank you very much for your help.
Firstly sshd and sshd_config have nothing to do with outgoing ssh connections.
Do you have any of the following set in sshd_config?
AllowUsers
AllowGroups
DenyUsers
DenyGroups
If none of the above are set, on the Solaris 8 server as root, do
/usr/lib/ssh/sshd -d
This runs ssh in debug mode with output to the screen.
Then on the client, try to ssh to the server.
If you see no ssh debug output, it means it is definitely a network/firewall issue.
Hi Tintin,
When I input the /usr/local/sbin/sshd -d command, I would receive the below message in return...
debug1: sshd version OpenSSh_4.1p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
Privilege separation user sshd does not exist
Does the above return message mean anything to help in resolving the issue that I am going through?
Thank you..
sshd is configured to use a special user account, by default named "sshd", to create "privilege separation" between the privileged daemon running the port listener and the eventual secure shell session that will be created for the successfully-authenticatin
You should create a user account in /etc/passwd for a user named "sshd". The home directory for this account should be the Privilege Separation (PrivSep) Directory specified when the sshd daemon was built - this is usually /var/empty, which should be owned by the PrivSep user ID and mode 755 or 750.
The "sshd" entry in /etc/shadow should be locked.
Normally, I don't gripe about points/grades, but I think I'll make an exception here, especially since you asked a followup Question in this one.
A) TinTin contributed substantively to the solution by suggesting the diagnostic commands that revealed the root cause. In my opinion, he deserved some of the credit.
B) A grade of C does not seem to be congruent with the quality of assistance supplied.
As to your followup...
"Do you happen to know why I need to add "sshd" user in the passwd and group file when I did no thave to do that in the previous systems that I had to configure with the use of OpenSSH?"
No. Altho possible scenarios to explain that include:
1) The user ID was already present
2) You were installing a pre-PrivSep version of OpenSSH
3) You were installing a version of OpenSSH that had been built without PrivSep support
4) The configuration setting "UsePrivilegeSeparation No" was present in sshd_config
In any event, SSH is safer with PrivSep than without it.
Business Accounts
Answer for Membership
by: gsalcedoPosted on 2006-11-08 at 13:29:21ID: 17901890
This is in addition to the question above.... From the recently installed Solaris server, I am able to "ssh" to another server but not the other way around.