choccarlm
asked on
SSH Problems
Hi,
I recently re-installed linux on one of my machines, and installed fine. However, ssh was installed but doesnt seem to be working. I can get an ssh connection from this machine to another machine, but I cant get an ssh connection to it from anywhere.
The error I'm getting when trying to connect to it is:
ssh_exchange_identificatio
The only access I have to this server is through webmin, as the server is co-located.
Any ideas would be helpful
Cheers
I recently re-installed linux on one of my machines, and installed fine. However, ssh was installed but doesnt seem to be working. I can get an ssh connection from this machine to another machine, but I cant get an ssh connection to it from anywhere.
The error I'm getting when trying to connect to it is:
ssh_exchange_identificatio
The only access I have to this server is through webmin, as the server is co-located.
Any ideas would be helpful
Cheers
Is password authentication enabled on this host? If not, enable it or move the public keys over.
ASKER
How do I enable password authentication?
Cheers
Cheers
sounds like SSH Protocol version mismatch.
Could you please use
ssh -v ....
and post the debug output.
Also check the messages file on the server.
Could you please use
ssh -v ....
and post the debug output.
Also check the messages file on the server.
ASKER
Hi, this is the output
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
these are only the first 2 lines.
Please post everything (hope you used a complete valid ssh command, so that there is not just the usage)
Please post everything (hope you used a complete valid ssh command, so that there is not just the usage)
ASKER
Sorry..
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Usage: ssh [options] host [command]
Options:
-l user Log in using this user name.
-n Redirect input from /dev/null.
-A Enable authentication agent forwarding.
-a Disable authentication agent forwarding.
-X Enable X11 connection forwarding.
-x Disable X11 connection forwarding.
-i file Identity for RSA authentication (default: ~/.ssh/identity).
-t Tty; allocate a tty even if command is given.
-T Do not allocate a tty.
-v Verbose; display verbose debugging messages.
-V Display version number only.
-P Don't allocate a privileged port.
-q Quiet; don't display any warning messages.
-f Fork into background after authentication.
-e char Set escape character; ``none'' = disable (default: ~).
-c cipher Select encryption algorithm: ``3des'', ``blowfish''
-p port Connect to this port. Server must be on the same port.
-L listen-port:host:port Forward local port to remote address
-R listen-port:host:port Forward remote port to local address
These cause ssh to listen for connections on a port, and
forward them to the other side by connecting to host:port.
-C Enable compression.
-N Do not execute a shell or command.
-g Allow remote hosts to connect to forwarded ports.
-4 Use IPv4 only.
-6 Use IPv6 only.
-2 Force protocol version 2.
-o 'option' Process the option as if it was read from a configuration file.
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Usage: ssh [options] host [command]
Options:
-l user Log in using this user name.
-n Redirect input from /dev/null.
-A Enable authentication agent forwarding.
-a Disable authentication agent forwarding.
-X Enable X11 connection forwarding.
-x Disable X11 connection forwarding.
-i file Identity for RSA authentication (default: ~/.ssh/identity).
-t Tty; allocate a tty even if command is given.
-T Do not allocate a tty.
-v Verbose; display verbose debugging messages.
-V Display version number only.
-P Don't allocate a privileged port.
-q Quiet; don't display any warning messages.
-f Fork into background after authentication.
-e char Set escape character; ``none'' = disable (default: ~).
-c cipher Select encryption algorithm: ``3des'', ``blowfish''
-p port Connect to this port. Server must be on the same port.
-L listen-port:host:port Forward local port to remote address
-R listen-port:host:port Forward remote port to local address
These cause ssh to listen for connections on a port, and
forward them to the other side by connecting to host:port.
-C Enable compression.
-N Do not execute a shell or command.
-g Allow remote hosts to connect to forwarded ports.
-4 Use IPv4 only.
-6 Use IPv6 only.
-2 Force protocol version 2.
-o 'option' Process the option as if it was read from a configuration file.
grrr,
that's exactly what nobody is interested in :-(
Please post result of (don't forget to substitute strings as necessary):
ssh -v user@remote-host
that's exactly what nobody is interested in :-(
Please post result of (don't forget to substitute strings as necessary):
ssh -v user@remote-host
ASKER
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to myserver.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 895.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.2.0p1
debug: Local version string SSH-1.5-OpenSSH_2.2.0p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'myserver.co.uk' is known and matches the RSA host key.
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root@1.myserver.co.uk'
debug: Server refused our key.
debug: Doing password authentication.
You have no controlling tty. Cannot read passphrase.
debug: Calling cleanup 0x80615d8(0x0)
Please note that I'm doing this through webmin, that is why I have no controlling tty. This is the only access I have to the server.
Compiled with SSL (0x0090581f).
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to myserver.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 895.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.2.0p1
debug: Local version string SSH-1.5-OpenSSH_2.2.0p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'myserver.co.uk' is known and matches the RSA host key.
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root@1.myserver.co.uk'
debug: Server refused our key.
debug: Doing password authentication.
You have no controlling tty. Cannot read passphrase.
debug: Calling cleanup 0x80615d8(0x0)
Please note that I'm doing this through webmin, that is why I have no controlling tty. This is the only access I have to the server.
ASKER
The example above is from the server I'm having problems with. I.E I ran that command on the server that I cant connect to.
This following result is from a server that is working fine, and the username I have used is that of the problem server.
ssh -v root@problem.server.com
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to problem.server.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 978.
debug: Connection established.
ssh_exchange_identificatio
debug: Calling cleanup 0x80615d8(0x0)
This following result is from a server that is working fine, and the username I have used is that of the problem server.
ssh -v root@problem.server.com
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to problem.server.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 978.
debug: Connection established.
ssh_exchange_identificatio
debug: Calling cleanup 0x80615d8(0x0)
ok, your first example is self-explanatory (see last 3 line:)
for 2'nd example (that of the question), we need messages from the server's log file: /var/log/messages probably
for 2'nd example (that of the question), we need messages from the server's log file: /var/log/messages probably
ASKER
Hi, I ran cat /var/log/messages | grep ssh, and this is the result:
Jun 23 04:20:40 sshd[1667]: Generating new 768 bit RSA key.
Jun 23 04:20:40 sshd[1667]: RSA key generation complete.
Jun 23 10:02:41 sshd[11986]: refused connect from my_ip
Jun 23 10:20:40 sshd[1667]: Generating new 768 bit RSA key.
Jun 23 10:20:40 sshd[1667]: RSA key generation complete.
Jun 25 01:38:32 sshd[25279]: refused connect from my_ip
Jun 25 01:38:35 sshd[25280]: refused connect from my_ip
Jun 25 01:38:43 sshd[25281]: refused connect from my_ip
Jun 25 02:02:22 sshd[25428]: refused connect from my_server
Jun 25 02:20:40 sshd[1667]: Generating new 768 bit RSA key.
Jun 25 02:20:40 sshd[1667]: RSA key generation complete.
Jun 25 03:36:55 sshd[25929]: refused connect from my_ip
Jun 25 03:37:22 sshd[25942]: refused connect from my_ip
Jun 25 03:37:23 sshd[25943]: refused connect from my_ip
Jun 25 04:20:40 sshd[1667]: Generating new 768 bit RSA key.
Jun 25 04:20:40 sshd[1667]: RSA key generation complete.
Jun 25 10:40:32 sshd[29191]: refused connect from ip
Jun 25 11:20:40 sshd[1667]: Generating new 768 bit RSA key.
Jun 25 11:20:41 sshd[1667]: RSA key generation complete.
Jun 25 21:37:33 sshd[32695]: refused connect from unknown
Jun 25 21:37:33 sshd[32696]: refused connect from unknown
Jun 25 22:20:41 sshd[1667]: Generating new 768 bit RSA key.
Jun 25 22:20:41 sshd[1667]: RSA key generation complete.
Jun 26 01:58:51 sshd[1774]: refused connect from my_ip
Jun 26 02:00:12 sshd[1788]: refused connect from my_server
Jun 23 04:20:40 sshd[1667]: Generating new 768 bit RSA key.
Jun 23 04:20:40 sshd[1667]: RSA key generation complete.
Jun 23 10:02:41 sshd[11986]: refused connect from my_ip
Jun 23 10:20:40 sshd[1667]: Generating new 768 bit RSA key.
Jun 23 10:20:40 sshd[1667]: RSA key generation complete.
Jun 25 01:38:32 sshd[25279]: refused connect from my_ip
Jun 25 01:38:35 sshd[25280]: refused connect from my_ip
Jun 25 01:38:43 sshd[25281]: refused connect from my_ip
Jun 25 02:02:22 sshd[25428]: refused connect from my_server
Jun 25 02:20:40 sshd[1667]: Generating new 768 bit RSA key.
Jun 25 02:20:40 sshd[1667]: RSA key generation complete.
Jun 25 03:36:55 sshd[25929]: refused connect from my_ip
Jun 25 03:37:22 sshd[25942]: refused connect from my_ip
Jun 25 03:37:23 sshd[25943]: refused connect from my_ip
Jun 25 04:20:40 sshd[1667]: Generating new 768 bit RSA key.
Jun 25 04:20:40 sshd[1667]: RSA key generation complete.
Jun 25 10:40:32 sshd[29191]: refused connect from ip
Jun 25 11:20:40 sshd[1667]: Generating new 768 bit RSA key.
Jun 25 11:20:41 sshd[1667]: RSA key generation complete.
Jun 25 21:37:33 sshd[32695]: refused connect from unknown
Jun 25 21:37:33 sshd[32696]: refused connect from unknown
Jun 25 22:20:41 sshd[1667]: Generating new 768 bit RSA key.
Jun 25 22:20:41 sshd[1667]: RSA key generation complete.
Jun 26 01:58:51 sshd[1774]: refused connect from my_ip
Jun 26 02:00:12 sshd[1788]: refused connect from my_server
your tcp_wrapper refused the connection.
See man hosts_access, and check files /etc/hosts.{allow,deny}
Or start sshd without tcp_wrapper.
See man hosts_access, and check files /etc/hosts.{allow,deny}
Or start sshd without tcp_wrapper.
ASKER
Sorry, I havent used the hosts.allow/deny in a while as we have a firewall on the router.
What is the correct way of using the hosts.allow file??
Is it ALLOWFROM ip_address??
Also, the hosts.deny file has the following line
ALL:ALL EXCEPT localhost:DENY
Am I right in thinking that the order it checks these files in is hosts.Deny then hosts.Allow??
Cheers
What is the correct way of using the hosts.allow file??
Is it ALLOWFROM ip_address??
Also, the hosts.deny file has the following line
ALL:ALL EXCEPT localhost:DENY
Am I right in thinking that the order it checks these files in is hosts.Deny then hosts.Allow??
Cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
Will I need to restart anything once the changes have been made?
Will I need to restart anything once the changes have been made?
ASKER
Thanks, it now works.
A quick question though, why dont any of my other servers have this entry in the hosts.allow file, yet still work?
A quick question though, why dont any of my other servers have this entry in the hosts.allow file, yet still work?
probably 'cause this server starts sshd using portmaper (inetd), while the others have sshd as daemon running
really this us usefull for me thanks a lot
hey friends i am doing VPN tunnels now anybody knows tunnels
please advise me some tunnels software
one side win2000 Server and anouther side Linux redhat 9 one more side redhat 9
my email id vadivelan@switch-ind.com [Network Admin]
hey friends i am doing VPN tunnels now anybody knows tunnels
please advise me some tunnels software
one side win2000 Server and anouther side Linux redhat 9 one more side redhat 9
my email id vadivelan@switch-ind.com [Network Admin]
> .. advise me some tunnels software
ssh
:-)
ssh
:-)