• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 577
  • Last Modified:

SSH Problems

Hi,

I recently re-installed linux on one of my machines, and installed fine. However, ssh was installed but doesnt seem to be working. I can get an ssh connection from this machine to another machine, but I cant get an ssh connection to it from anywhere.

The error I'm getting when trying to connect to it is:

ssh_exchange_identification: Connection closed by remote host

The only access I have to this server is through webmin, as the server is co-located.

Any ideas would be helpful

Cheers
0
choccarlm
Asked:
choccarlm
1 Solution
 
MFCRichCommented:
Is password authentication enabled on this host? If not, enable it or move the public keys over.
0
 
choccarlmAuthor Commented:
How do I enable password authentication?

Cheers
0
 
ahoffmannCommented:
sounds like SSH Protocol version mismatch.
Could you please use
   ssh -v ....
and post the debug output.
Also check the messages file on the server.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
choccarlmAuthor Commented:
Hi, this is the output

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
0
 
ahoffmannCommented:
these are only the first 2 lines.
Please post everything (hope you used a complete valid ssh command, so that there is not just the usage)
0
 
choccarlmAuthor Commented:
Sorry..

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Usage: ssh [options] host [command]
Options:
  -l user     Log in using this user name.
  -n          Redirect input from /dev/null.
  -A          Enable authentication agent forwarding.
  -a          Disable authentication agent forwarding.
  -X          Enable X11 connection forwarding.
  -x          Disable X11 connection forwarding.
  -i file     Identity for RSA authentication (default: ~/.ssh/identity).
  -t          Tty; allocate a tty even if command is given.
  -T          Do not allocate a tty.
  -v          Verbose; display verbose debugging messages.
  -V          Display version number only.
  -P          Don't allocate a privileged port.
  -q          Quiet; don't display any warning messages.
  -f          Fork into background after authentication.
  -e char     Set escape character; ``none'' = disable (default: ~).
  -c cipher   Select encryption algorithm: ``3des'', ``blowfish''
  -p port     Connect to this port.  Server must be on the same port.
  -L listen-port:host:port   Forward local port to remote address
  -R listen-port:host:port   Forward remote port to local address
              These cause ssh to listen for connections on a port, and
              forward them to the other side by connecting to host:port.
  -C          Enable compression.
  -N          Do not execute a shell or command.
  -g          Allow remote hosts to connect to forwarded ports.
  -4          Use IPv4 only.
  -6          Use IPv6 only.
  -2          Force protocol version 2.
  -o 'option' Process the option as if it was read from a configuration file.

0
 
ahoffmannCommented:
grrr,
that's exactly what nobody is interested in :-(

Please post result of (don't forget to substitute strings as necessary):

   ssh -v user@remote-host
0
 
choccarlmAuthor Commented:
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to myserver.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 895.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.2.0p1
debug: Local version string SSH-1.5-OpenSSH_2.2.0p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'myserver.co.uk' is known and matches the RSA host key.
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root@1.myserver.co.uk'
debug: Server refused our key.
debug: Doing password authentication.
You have no controlling tty.  Cannot read passphrase.

debug: Calling cleanup 0x80615d8(0x0)

Please note that I'm doing this through webmin, that is why I have no controlling tty. This is the only access I have to the server.
0
 
choccarlmAuthor Commented:
The example above is from the server I'm having problems with. I.E I ran that command on the server that I cant connect to.

This following result is from a server that is working fine, and the username I have used is that of the problem server.

ssh -v root@problem.server.com

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to problem.server.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 978.
debug: Connection established.
ssh_exchange_identification: Connection closed by remote host
debug: Calling cleanup 0x80615d8(0x0)
0
 
ahoffmannCommented:
ok, your first example is self-explanatory (see last 3 line:)

for 2'nd example (that of the question), we need messages from the server's log file: /var/log/messages probably
0
 
choccarlmAuthor Commented:
Hi, I ran cat /var/log/messages | grep ssh, and this is the result:

Jun 23 04:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 23 04:20:40  sshd[1667]: RSA key generation complete.
Jun 23 10:02:41  sshd[11986]: refused connect from my_ip
Jun 23 10:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 23 10:20:40  sshd[1667]: RSA key generation complete.
Jun 25 01:38:32  sshd[25279]: refused connect from my_ip
Jun 25 01:38:35  sshd[25280]: refused connect from my_ip
Jun 25 01:38:43  sshd[25281]: refused connect from my_ip
Jun 25 02:02:22  sshd[25428]: refused connect from my_server
Jun 25 02:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 02:20:40  sshd[1667]: RSA key generation complete.
Jun 25 03:36:55  sshd[25929]: refused connect from my_ip
Jun 25 03:37:22  sshd[25942]: refused connect from my_ip
Jun 25 03:37:23  sshd[25943]: refused connect from my_ip
Jun 25 04:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 04:20:40  sshd[1667]: RSA key generation complete.
Jun 25 10:40:32  sshd[29191]: refused connect from ip
Jun 25 11:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 11:20:41  sshd[1667]: RSA key generation complete.
Jun 25 21:37:33  sshd[32695]: refused connect from unknown
Jun 25 21:37:33  sshd[32696]: refused connect from unknown
Jun 25 22:20:41  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 22:20:41  sshd[1667]: RSA key generation complete.
Jun 26 01:58:51  sshd[1774]: refused connect from my_ip
Jun 26 02:00:12  sshd[1788]: refused connect from my_server
0
 
ahoffmannCommented:
your tcp_wrapper refused the connection.
See  man hosts_access, and check files /etc/hosts.{allow,deny}
Or start sshd without tcp_wrapper.
0
 
choccarlmAuthor Commented:
Sorry, I havent used the hosts.allow/deny in a while as we have a firewall on the router.

What is the correct way of using the hosts.allow file??

Is it ALLOWFROM ip_address??

Also, the hosts.deny file has the following line
ALL:ALL EXCEPT localhost:DENY

Am I right in thinking that the order it checks these files in is hosts.Deny then hosts.Allow??

Cheers
0
 
ahoffmannCommented:
sshd : ALL : ALLOW

Please refer to man hosts_access to decide in which file you want to write it.
0
 
choccarlmAuthor Commented:
Thanks

Will I need to restart anything once the changes have been made?
0
 
choccarlmAuthor Commented:
Thanks, it now works.

A quick question though, why dont any of my other servers have this entry in the hosts.allow file, yet still work?
0
 
ahoffmannCommented:
probably 'cause this server starts sshd using portmaper (inetd), while the others have sshd as daemon running
0
 
ap_velanCommented:
really this us usefull for me thanks a lot

hey friends i am doing VPN tunnels now anybody knows tunnels
please advise me some tunnels software

one side win2000 Server and anouther side Linux redhat 9 one more side redhat 9

my email id vadivelan@switch-ind.com [Network Admin]
0
 
ahoffmannCommented:
> .. advise me some tunnels software
ssh
:-)
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now