Solved

SSH Problems

Posted on 2002-06-25
19
558 Views
Last Modified: 2013-12-15
Hi,

I recently re-installed linux on one of my machines, and installed fine. However, ssh was installed but doesnt seem to be working. I can get an ssh connection from this machine to another machine, but I cant get an ssh connection to it from anywhere.

The error I'm getting when trying to connect to it is:

ssh_exchange_identification: Connection closed by remote host

The only access I have to this server is through webmin, as the server is co-located.

Any ideas would be helpful

Cheers
0
Comment
Question by:choccarlm
19 Comments
 
LVL 4

Expert Comment

by:MFCRich
Comment Utility
Is password authentication enabled on this host? If not, enable it or move the public keys over.
0
 

Author Comment

by:choccarlm
Comment Utility
How do I enable password authentication?

Cheers
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
sounds like SSH Protocol version mismatch.
Could you please use
   ssh -v ....
and post the debug output.
Also check the messages file on the server.
0
 

Author Comment

by:choccarlm
Comment Utility
Hi, this is the output

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
these are only the first 2 lines.
Please post everything (hope you used a complete valid ssh command, so that there is not just the usage)
0
 

Author Comment

by:choccarlm
Comment Utility
Sorry..

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Usage: ssh [options] host [command]
Options:
  -l user     Log in using this user name.
  -n          Redirect input from /dev/null.
  -A          Enable authentication agent forwarding.
  -a          Disable authentication agent forwarding.
  -X          Enable X11 connection forwarding.
  -x          Disable X11 connection forwarding.
  -i file     Identity for RSA authentication (default: ~/.ssh/identity).
  -t          Tty; allocate a tty even if command is given.
  -T          Do not allocate a tty.
  -v          Verbose; display verbose debugging messages.
  -V          Display version number only.
  -P          Don't allocate a privileged port.
  -q          Quiet; don't display any warning messages.
  -f          Fork into background after authentication.
  -e char     Set escape character; ``none'' = disable (default: ~).
  -c cipher   Select encryption algorithm: ``3des'', ``blowfish''
  -p port     Connect to this port.  Server must be on the same port.
  -L listen-port:host:port   Forward local port to remote address
  -R listen-port:host:port   Forward remote port to local address
              These cause ssh to listen for connections on a port, and
              forward them to the other side by connecting to host:port.
  -C          Enable compression.
  -N          Do not execute a shell or command.
  -g          Allow remote hosts to connect to forwarded ports.
  -4          Use IPv4 only.
  -6          Use IPv6 only.
  -2          Force protocol version 2.
  -o 'option' Process the option as if it was read from a configuration file.

0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
grrr,
that's exactly what nobody is interested in :-(

Please post result of (don't forget to substitute strings as necessary):

   ssh -v user@remote-host
0
 

Author Comment

by:choccarlm
Comment Utility
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to myserver.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 895.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.2.0p1
debug: Local version string SSH-1.5-OpenSSH_2.2.0p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'myserver.co.uk' is known and matches the RSA host key.
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root@1.myserver.co.uk'
debug: Server refused our key.
debug: Doing password authentication.
You have no controlling tty.  Cannot read passphrase.

debug: Calling cleanup 0x80615d8(0x0)

Please note that I'm doing this through webmin, that is why I have no controlling tty. This is the only access I have to the server.
0
 

Author Comment

by:choccarlm
Comment Utility
The example above is from the server I'm having problems with. I.E I ran that command on the server that I cant connect to.

This following result is from a server that is working fine, and the username I have used is that of the problem server.

ssh -v root@problem.server.com

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to problem.server.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 978.
debug: Connection established.
ssh_exchange_identification: Connection closed by remote host
debug: Calling cleanup 0x80615d8(0x0)
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
ok, your first example is self-explanatory (see last 3 line:)

for 2'nd example (that of the question), we need messages from the server's log file: /var/log/messages probably
0
 

Author Comment

by:choccarlm
Comment Utility
Hi, I ran cat /var/log/messages | grep ssh, and this is the result:

Jun 23 04:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 23 04:20:40  sshd[1667]: RSA key generation complete.
Jun 23 10:02:41  sshd[11986]: refused connect from my_ip
Jun 23 10:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 23 10:20:40  sshd[1667]: RSA key generation complete.
Jun 25 01:38:32  sshd[25279]: refused connect from my_ip
Jun 25 01:38:35  sshd[25280]: refused connect from my_ip
Jun 25 01:38:43  sshd[25281]: refused connect from my_ip
Jun 25 02:02:22  sshd[25428]: refused connect from my_server
Jun 25 02:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 02:20:40  sshd[1667]: RSA key generation complete.
Jun 25 03:36:55  sshd[25929]: refused connect from my_ip
Jun 25 03:37:22  sshd[25942]: refused connect from my_ip
Jun 25 03:37:23  sshd[25943]: refused connect from my_ip
Jun 25 04:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 04:20:40  sshd[1667]: RSA key generation complete.
Jun 25 10:40:32  sshd[29191]: refused connect from ip
Jun 25 11:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 11:20:41  sshd[1667]: RSA key generation complete.
Jun 25 21:37:33  sshd[32695]: refused connect from unknown
Jun 25 21:37:33  sshd[32696]: refused connect from unknown
Jun 25 22:20:41  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 22:20:41  sshd[1667]: RSA key generation complete.
Jun 26 01:58:51  sshd[1774]: refused connect from my_ip
Jun 26 02:00:12  sshd[1788]: refused connect from my_server
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
your tcp_wrapper refused the connection.
See  man hosts_access, and check files /etc/hosts.{allow,deny}
Or start sshd without tcp_wrapper.
0
 

Author Comment

by:choccarlm
Comment Utility
Sorry, I havent used the hosts.allow/deny in a while as we have a firewall on the router.

What is the correct way of using the hosts.allow file??

Is it ALLOWFROM ip_address??

Also, the hosts.deny file has the following line
ALL:ALL EXCEPT localhost:DENY

Am I right in thinking that the order it checks these files in is hosts.Deny then hosts.Allow??

Cheers
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 50 total points
Comment Utility
sshd : ALL : ALLOW

Please refer to man hosts_access to decide in which file you want to write it.
0
 

Author Comment

by:choccarlm
Comment Utility
Thanks

Will I need to restart anything once the changes have been made?
0
 

Author Comment

by:choccarlm
Comment Utility
Thanks, it now works.

A quick question though, why dont any of my other servers have this entry in the hosts.allow file, yet still work?
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
probably 'cause this server starts sshd using portmaper (inetd), while the others have sshd as daemon running
0
 

Expert Comment

by:ap_velan
Comment Utility
really this us usefull for me thanks a lot

hey friends i am doing VPN tunnels now anybody knows tunnels
please advise me some tunnels software

one side win2000 Server and anouther side Linux redhat 9 one more side redhat 9

my email id vadivelan@switch-ind.com [Network Admin]
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> .. advise me some tunnels software
ssh
:-)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now