Solved

SSH Problems

Posted on 2002-06-25
19
564 Views
Last Modified: 2013-12-15
Hi,

I recently re-installed linux on one of my machines, and installed fine. However, ssh was installed but doesnt seem to be working. I can get an ssh connection from this machine to another machine, but I cant get an ssh connection to it from anywhere.

The error I'm getting when trying to connect to it is:

ssh_exchange_identification: Connection closed by remote host

The only access I have to this server is through webmin, as the server is co-located.

Any ideas would be helpful

Cheers
0
Comment
Question by:choccarlm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
19 Comments
 
LVL 4

Expert Comment

by:MFCRich
ID: 7107240
Is password authentication enabled on this host? If not, enable it or move the public keys over.
0
 

Author Comment

by:choccarlm
ID: 7107300
How do I enable password authentication?

Cheers
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7108750
sounds like SSH Protocol version mismatch.
Could you please use
   ssh -v ....
and post the debug output.
Also check the messages file on the server.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:choccarlm
ID: 7109969
Hi, this is the output

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110002
these are only the first 2 lines.
Please post everything (hope you used a complete valid ssh command, so that there is not just the usage)
0
 

Author Comment

by:choccarlm
ID: 7110006
Sorry..

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Usage: ssh [options] host [command]
Options:
  -l user     Log in using this user name.
  -n          Redirect input from /dev/null.
  -A          Enable authentication agent forwarding.
  -a          Disable authentication agent forwarding.
  -X          Enable X11 connection forwarding.
  -x          Disable X11 connection forwarding.
  -i file     Identity for RSA authentication (default: ~/.ssh/identity).
  -t          Tty; allocate a tty even if command is given.
  -T          Do not allocate a tty.
  -v          Verbose; display verbose debugging messages.
  -V          Display version number only.
  -P          Don't allocate a privileged port.
  -q          Quiet; don't display any warning messages.
  -f          Fork into background after authentication.
  -e char     Set escape character; ``none'' = disable (default: ~).
  -c cipher   Select encryption algorithm: ``3des'', ``blowfish''
  -p port     Connect to this port.  Server must be on the same port.
  -L listen-port:host:port   Forward local port to remote address
  -R listen-port:host:port   Forward remote port to local address
              These cause ssh to listen for connections on a port, and
              forward them to the other side by connecting to host:port.
  -C          Enable compression.
  -N          Do not execute a shell or command.
  -g          Allow remote hosts to connect to forwarded ports.
  -4          Use IPv4 only.
  -6          Use IPv6 only.
  -2          Force protocol version 2.
  -o 'option' Process the option as if it was read from a configuration file.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110022
grrr,
that's exactly what nobody is interested in :-(

Please post result of (don't forget to substitute strings as necessary):

   ssh -v user@remote-host
0
 

Author Comment

by:choccarlm
ID: 7110033
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to myserver.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 895.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.2.0p1
debug: Local version string SSH-1.5-OpenSSH_2.2.0p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'myserver.co.uk' is known and matches the RSA host key.
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root@1.myserver.co.uk'
debug: Server refused our key.
debug: Doing password authentication.
You have no controlling tty.  Cannot read passphrase.

debug: Calling cleanup 0x80615d8(0x0)

Please note that I'm doing this through webmin, that is why I have no controlling tty. This is the only access I have to the server.
0
 

Author Comment

by:choccarlm
ID: 7110037
The example above is from the server I'm having problems with. I.E I ran that command on the server that I cant connect to.

This following result is from a server that is working fine, and the username I have used is that of the problem server.

ssh -v root@problem.server.com

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to problem.server.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 978.
debug: Connection established.
ssh_exchange_identification: Connection closed by remote host
debug: Calling cleanup 0x80615d8(0x0)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110054
ok, your first example is self-explanatory (see last 3 line:)

for 2'nd example (that of the question), we need messages from the server's log file: /var/log/messages probably
0
 

Author Comment

by:choccarlm
ID: 7110079
Hi, I ran cat /var/log/messages | grep ssh, and this is the result:

Jun 23 04:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 23 04:20:40  sshd[1667]: RSA key generation complete.
Jun 23 10:02:41  sshd[11986]: refused connect from my_ip
Jun 23 10:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 23 10:20:40  sshd[1667]: RSA key generation complete.
Jun 25 01:38:32  sshd[25279]: refused connect from my_ip
Jun 25 01:38:35  sshd[25280]: refused connect from my_ip
Jun 25 01:38:43  sshd[25281]: refused connect from my_ip
Jun 25 02:02:22  sshd[25428]: refused connect from my_server
Jun 25 02:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 02:20:40  sshd[1667]: RSA key generation complete.
Jun 25 03:36:55  sshd[25929]: refused connect from my_ip
Jun 25 03:37:22  sshd[25942]: refused connect from my_ip
Jun 25 03:37:23  sshd[25943]: refused connect from my_ip
Jun 25 04:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 04:20:40  sshd[1667]: RSA key generation complete.
Jun 25 10:40:32  sshd[29191]: refused connect from ip
Jun 25 11:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 11:20:41  sshd[1667]: RSA key generation complete.
Jun 25 21:37:33  sshd[32695]: refused connect from unknown
Jun 25 21:37:33  sshd[32696]: refused connect from unknown
Jun 25 22:20:41  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 22:20:41  sshd[1667]: RSA key generation complete.
Jun 26 01:58:51  sshd[1774]: refused connect from my_ip
Jun 26 02:00:12  sshd[1788]: refused connect from my_server
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110084
your tcp_wrapper refused the connection.
See  man hosts_access, and check files /etc/hosts.{allow,deny}
Or start sshd without tcp_wrapper.
0
 

Author Comment

by:choccarlm
ID: 7110095
Sorry, I havent used the hosts.allow/deny in a while as we have a firewall on the router.

What is the correct way of using the hosts.allow file??

Is it ALLOWFROM ip_address??

Also, the hosts.deny file has the following line
ALL:ALL EXCEPT localhost:DENY

Am I right in thinking that the order it checks these files in is hosts.Deny then hosts.Allow??

Cheers
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 50 total points
ID: 7110147
sshd : ALL : ALLOW

Please refer to man hosts_access to decide in which file you want to write it.
0
 

Author Comment

by:choccarlm
ID: 7110152
Thanks

Will I need to restart anything once the changes have been made?
0
 

Author Comment

by:choccarlm
ID: 7110155
Thanks, it now works.

A quick question though, why dont any of my other servers have this entry in the hosts.allow file, yet still work?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110178
probably 'cause this server starts sshd using portmaper (inetd), while the others have sshd as daemon running
0
 

Expert Comment

by:ap_velan
ID: 12856640
really this us usefull for me thanks a lot

hey friends i am doing VPN tunnels now anybody knows tunnels
please advise me some tunnels software

one side win2000 Server and anouther side Linux redhat 9 one more side redhat 9

my email id vadivelan@switch-ind.com [Network Admin]
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12860822
> .. advise me some tunnels software
ssh
:-)
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question