Solved

SSH Problems

Posted on 2002-06-25
19
561 Views
Last Modified: 2013-12-15
Hi,

I recently re-installed linux on one of my machines, and installed fine. However, ssh was installed but doesnt seem to be working. I can get an ssh connection from this machine to another machine, but I cant get an ssh connection to it from anywhere.

The error I'm getting when trying to connect to it is:

ssh_exchange_identification: Connection closed by remote host

The only access I have to this server is through webmin, as the server is co-located.

Any ideas would be helpful

Cheers
0
Comment
Question by:choccarlm
19 Comments
 
LVL 4

Expert Comment

by:MFCRich
ID: 7107240
Is password authentication enabled on this host? If not, enable it or move the public keys over.
0
 

Author Comment

by:choccarlm
ID: 7107300
How do I enable password authentication?

Cheers
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7108750
sounds like SSH Protocol version mismatch.
Could you please use
   ssh -v ....
and post the debug output.
Also check the messages file on the server.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:choccarlm
ID: 7109969
Hi, this is the output

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110002
these are only the first 2 lines.
Please post everything (hope you used a complete valid ssh command, so that there is not just the usage)
0
 

Author Comment

by:choccarlm
ID: 7110006
Sorry..

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Usage: ssh [options] host [command]
Options:
  -l user     Log in using this user name.
  -n          Redirect input from /dev/null.
  -A          Enable authentication agent forwarding.
  -a          Disable authentication agent forwarding.
  -X          Enable X11 connection forwarding.
  -x          Disable X11 connection forwarding.
  -i file     Identity for RSA authentication (default: ~/.ssh/identity).
  -t          Tty; allocate a tty even if command is given.
  -T          Do not allocate a tty.
  -v          Verbose; display verbose debugging messages.
  -V          Display version number only.
  -P          Don't allocate a privileged port.
  -q          Quiet; don't display any warning messages.
  -f          Fork into background after authentication.
  -e char     Set escape character; ``none'' = disable (default: ~).
  -c cipher   Select encryption algorithm: ``3des'', ``blowfish''
  -p port     Connect to this port.  Server must be on the same port.
  -L listen-port:host:port   Forward local port to remote address
  -R listen-port:host:port   Forward remote port to local address
              These cause ssh to listen for connections on a port, and
              forward them to the other side by connecting to host:port.
  -C          Enable compression.
  -N          Do not execute a shell or command.
  -g          Allow remote hosts to connect to forwarded ports.
  -4          Use IPv4 only.
  -6          Use IPv6 only.
  -2          Force protocol version 2.
  -o 'option' Process the option as if it was read from a configuration file.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110022
grrr,
that's exactly what nobody is interested in :-(

Please post result of (don't forget to substitute strings as necessary):

   ssh -v user@remote-host
0
 

Author Comment

by:choccarlm
ID: 7110033
SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to myserver.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 895.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.2.0p1
debug: Local version string SSH-1.5-OpenSSH_2.2.0p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'myserver.co.uk' is known and matches the RSA host key.
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root@1.myserver.co.uk'
debug: Server refused our key.
debug: Doing password authentication.
You have no controlling tty.  Cannot read passphrase.

debug: Calling cleanup 0x80615d8(0x0)

Please note that I'm doing this through webmin, that is why I have no controlling tty. This is the only access I have to the server.
0
 

Author Comment

by:choccarlm
ID: 7110037
The example above is from the server I'm having problems with. I.E I ran that command on the server that I cant connect to.

This following result is from a server that is working fine, and the username I have used is that of the problem server.

ssh -v root@problem.server.com

SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to problem.server.co.uk [111.222.333.444] port 22.
debug: Seeding random number generator
debug: Allocated local port 978.
debug: Connection established.
ssh_exchange_identification: Connection closed by remote host
debug: Calling cleanup 0x80615d8(0x0)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110054
ok, your first example is self-explanatory (see last 3 line:)

for 2'nd example (that of the question), we need messages from the server's log file: /var/log/messages probably
0
 

Author Comment

by:choccarlm
ID: 7110079
Hi, I ran cat /var/log/messages | grep ssh, and this is the result:

Jun 23 04:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 23 04:20:40  sshd[1667]: RSA key generation complete.
Jun 23 10:02:41  sshd[11986]: refused connect from my_ip
Jun 23 10:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 23 10:20:40  sshd[1667]: RSA key generation complete.
Jun 25 01:38:32  sshd[25279]: refused connect from my_ip
Jun 25 01:38:35  sshd[25280]: refused connect from my_ip
Jun 25 01:38:43  sshd[25281]: refused connect from my_ip
Jun 25 02:02:22  sshd[25428]: refused connect from my_server
Jun 25 02:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 02:20:40  sshd[1667]: RSA key generation complete.
Jun 25 03:36:55  sshd[25929]: refused connect from my_ip
Jun 25 03:37:22  sshd[25942]: refused connect from my_ip
Jun 25 03:37:23  sshd[25943]: refused connect from my_ip
Jun 25 04:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 04:20:40  sshd[1667]: RSA key generation complete.
Jun 25 10:40:32  sshd[29191]: refused connect from ip
Jun 25 11:20:40  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 11:20:41  sshd[1667]: RSA key generation complete.
Jun 25 21:37:33  sshd[32695]: refused connect from unknown
Jun 25 21:37:33  sshd[32696]: refused connect from unknown
Jun 25 22:20:41  sshd[1667]: Generating new 768 bit RSA key.
Jun 25 22:20:41  sshd[1667]: RSA key generation complete.
Jun 26 01:58:51  sshd[1774]: refused connect from my_ip
Jun 26 02:00:12  sshd[1788]: refused connect from my_server
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110084
your tcp_wrapper refused the connection.
See  man hosts_access, and check files /etc/hosts.{allow,deny}
Or start sshd without tcp_wrapper.
0
 

Author Comment

by:choccarlm
ID: 7110095
Sorry, I havent used the hosts.allow/deny in a while as we have a firewall on the router.

What is the correct way of using the hosts.allow file??

Is it ALLOWFROM ip_address??

Also, the hosts.deny file has the following line
ALL:ALL EXCEPT localhost:DENY

Am I right in thinking that the order it checks these files in is hosts.Deny then hosts.Allow??

Cheers
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 50 total points
ID: 7110147
sshd : ALL : ALLOW

Please refer to man hosts_access to decide in which file you want to write it.
0
 

Author Comment

by:choccarlm
ID: 7110152
Thanks

Will I need to restart anything once the changes have been made?
0
 

Author Comment

by:choccarlm
ID: 7110155
Thanks, it now works.

A quick question though, why dont any of my other servers have this entry in the hosts.allow file, yet still work?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7110178
probably 'cause this server starts sshd using portmaper (inetd), while the others have sshd as daemon running
0
 

Expert Comment

by:ap_velan
ID: 12856640
really this us usefull for me thanks a lot

hey friends i am doing VPN tunnels now anybody knows tunnels
please advise me some tunnels software

one side win2000 Server and anouther side Linux redhat 9 one more side redhat 9

my email id vadivelan@switch-ind.com [Network Admin]
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12860822
> .. advise me some tunnels software
ssh
:-)
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Weird Samba Connectivity Issue... 7 53
How to enable sync between two yum repo? 1 39
ftp to port 21 4 54
How does PHP Storm display on Linux high resolution laptops? 1 37
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question