?
Solved

SSH Problems

Posted on 2002-06-25
19
Medium Priority
?
568 Views
Last Modified: 2013-12-15
Hi,

I recently re-installed linux on one of my machines, and installed fine. However, ssh was installed but doesnt seem to be working. I can get an ssh connection from this machine to another machine, but I cant get an ssh connection to it from anywhere.

The error I'm getting when trying to connect to it is:

ssh_exchange_identification: Connection closed by remote host

The only access I have to this server is through webmin, as the server is co-located.

Any ideas would be helpful

Cheers
0
Comment
Question by:choccarlm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
19 Comments
 
LVL 4

Expert Comment

by:MFCRich
ID: 7107240
Is password authentication enabled on this host? If not, enable it or move the public keys over.
0
 

Author Comment

by:choccarlm
ID: 7107300
How do I enable password authentication?

Cheers
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7108750
sounds like SSH Protocol version mismatch.
Could you please use
   ssh -v ....
and post the debug output.
Also check the messages file on the server.
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 

Author Comment

by:choccarlm
ID: 7109969
Hi, this is the output

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110002
these are only the first 2 lines.
Please post everything (hope you used a complete valid ssh command, so that there is not just the usage)
0
 

Author Comment

by:choccarlm
ID: 7110006
Sorry..

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Usage: ssh [options] host [command]
Options:
  -l user     Log in using this user name.
  -n          Redirect input from /dev/null.
  -A          Enable authentication agent forwarding.
  -a          Disable authentication agent forwarding.
  -X          Enable X11 connection forwarding.
  -x          Disable X11 connection forwarding.
  -i file     Identity for RSA authentication (default: ~/.ssh/identity).
  -t          Tty; allocate a tty even if command is given.
  -T          Do not allocate a tty.
  -v          Verbose; display verbose debugging messages.
  -V          Display version number only.
  -P          Don't allocate a privileged port.
  -q          Quiet; don't display any warning messages.
  -f          Fork into background after authentication.
  -e char     Set escape character; ``none'' = disable (default: ~).
  -c cipher   Select encryption algorithm: ``3des'', ``blowfish''
  -p port     Connect to this port.  Server must be on the same port.
  -L listen-port:host:port   Forward local port to remote address
  -R listen-port:host:port   Forward remote port to local address
              These cause ssh to listen for connections on a port, and
              forward them to the other side by connecting to host:port.
  -C          Enable compression.
  -N          Do not execute a shell or command.
  -g          Allow remote hosts to connect to forwarded ports.
  -4          Use IPv4 only.
  -6          Use IPv6 only.
  -2          Force protocol version 2.
  -o 'option' Process the option as if it was read from a configuration file.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110022
grrr,
that's exactly what nobody is interested in :-(

Please post result of (don't forget to substitute strings as necessary):

   ssh -v user@remote-host
0
 

Author Comment

by:choccarlm
ID: 7110033
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to myserver.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 895.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.2.0p1
debug: Local version string SSH-1.5-OpenSSH_2.2.0p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'myserver.co.uk' is known and matches the RSA host key.
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root@1.myserver.co.uk'
debug: Server refused our key.
debug: Doing password authentication.
You have no controlling tty.  Cannot read passphrase.

debug: Calling cleanup 0x80615d8(0x0)

Please note that I'm doing this through webmin, that is why I have no controlling tty. This is the only access I have to the server.
0
 

Author Comment

by:choccarlm
ID: 7110037
The example above is from the server I'm having problems with. I.E I ran that command on the server that I cant connect to.

This following result is from a server that is working fine, and the username I have used is that of the problem server.

ssh -v root@problem.server.com

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to problem.server.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 978.
debug: Connection established.
ssh_exchange_identification: Connection closed by remote host
debug: Calling cleanup 0x80615d8(0x0)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110054
ok, your first example is self-explanatory (see last 3 line:)

for 2'nd example (that of the question), we need messages from the server's log file: /var/log/messages probably
0
 

Author Comment

by:choccarlm
ID: 7110079
Hi, I ran cat /var/log/messages | grep ssh, and this is the result:

Jun 23 04:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 23 04:20:40  sshd[1667]: RSA key generation complete.
Jun 23 10:02:41  sshd[11986]: refused connect from my_ip
Jun 23 10:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 23 10:20:40  sshd[1667]: RSA key generation complete.
Jun 25 01:38:32  sshd[25279]: refused connect from my_ip
Jun 25 01:38:35  sshd[25280]: refused connect from my_ip
Jun 25 01:38:43  sshd[25281]: refused connect from my_ip
Jun 25 02:02:22  sshd[25428]: refused connect from my_server
Jun 25 02:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 02:20:40  sshd[1667]: RSA key generation complete.
Jun 25 03:36:55  sshd[25929]: refused connect from my_ip
Jun 25 03:37:22  sshd[25942]: refused connect from my_ip
Jun 25 03:37:23  sshd[25943]: refused connect from my_ip
Jun 25 04:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 04:20:40  sshd[1667]: RSA key generation complete.
Jun 25 10:40:32  sshd[29191]: refused connect from ip
Jun 25 11:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 11:20:41  sshd[1667]: RSA key generation complete.
Jun 25 21:37:33  sshd[32695]: refused connect from unknown
Jun 25 21:37:33  sshd[32696]: refused connect from unknown
Jun 25 22:20:41  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 22:20:41  sshd[1667]: RSA key generation complete.
Jun 26 01:58:51  sshd[1774]: refused connect from my_ip
Jun 26 02:00:12  sshd[1788]: refused connect from my_server
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110084
your tcp_wrapper refused the connection.
See  man hosts_access, and check files /etc/hosts.{allow,deny}
Or start sshd without tcp_wrapper.
0
 

Author Comment

by:choccarlm
ID: 7110095
Sorry, I havent used the hosts.allow/deny in a while as we have a firewall on the router.

What is the correct way of using the hosts.allow file??

Is it ALLOWFROM ip_address??

Also, the hosts.deny file has the following line
ALL:ALL EXCEPT localhost:DENY

Am I right in thinking that the order it checks these files in is hosts.Deny then hosts.Allow??

Cheers
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 200 total points
ID: 7110147
sshd : ALL : ALLOW

Please refer to man hosts_access to decide in which file you want to write it.
0
 

Author Comment

by:choccarlm
ID: 7110152
Thanks

Will I need to restart anything once the changes have been made?
0
 

Author Comment

by:choccarlm
ID: 7110155
Thanks, it now works.

A quick question though, why dont any of my other servers have this entry in the hosts.allow file, yet still work?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110178
probably 'cause this server starts sshd using portmaper (inetd), while the others have sshd as daemon running
0
 

Expert Comment

by:ap_velan
ID: 12856640
really this us usefull for me thanks a lot

hey friends i am doing VPN tunnels now anybody knows tunnels
please advise me some tunnels software

one side win2000 Server and anouther side Linux redhat 9 one more side redhat 9

my email id vadivelan@switch-ind.com [Network Admin]
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12860822
> .. advise me some tunnels software
ssh
:-)
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month10 days, 22 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question