Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

ssh: connect to host <hostname> port 22: Connection refused

Posted on 2006-11-08
14
25,719 Views
Last Modified: 2013-12-27
Hi,

I have just installed openssh on a recently installed Solaris 8 server and ran the ssh command "ssh -vv <hostname> -l <user name>" from another server to the new server .  In return, I would only receive about four debug lines  and then an error message of "ssh: connect to host <host name> port 22: Connection refused."  Do you happen to know how and where I can resolve this ssh issue?  Thank you.
0
Comment
Question by:gsalcedo
  • 6
  • 5
  • 3
14 Comments
 

Author Comment

by:gsalcedo
ID: 17901890
This is in addition to the question above.... From the recently installed Solaris server, I am able to "ssh" to another server but not the other way around.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17901960
"connection refused" generally indicates that an SSH server daemon is not running on the system you're trying to access. Unless there is a firewall between the machine you're on and the machine you're trying to reach, I'd suspect that no SSH server is running.
0
 

Author Comment

by:gsalcedo
ID: 17902024
Hi PsiCop,

If I am able to "ssh" out successfully from the initially installed Solaris 8, shouldn't the ssh daemon be running?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 48

Expert Comment

by:Tintin
ID: 17902082
Being able to ssh out doesn't rely on the sshd daemon running.

Do

ps -ef|grep sshd

If it is running, then the problem is almost certain to be a firewall blocking port 22.
0
 

Author Comment

by:gsalcedo
ID: 17902315
Hi,

The ssh daemon is on....  After checking with the "ps -ef | grep sshd, it did show that the sshd is on.  When I to execute the daemon from the /usr/local/sbin directory (sshd), it would then come back with a "sshd re-exec requires execution with an absolute path."  With that message, it seems as though ssh daemon is on.  

From previous exprience with installing Solaris 8, I have never encountered with the firewall being turned on.  If it is, where would I go to turn it off?

0
 
LVL 48

Expert Comment

by:Tintin
ID: 17902363
Is the client you are connecting from in the same subnet as the Solaris 8 server?
Do you have a network admin?
Do you have any ACL's defined in /etc/ssh/sshd_config?
0
 

Author Comment

by:gsalcedo
ID: 17902455
Hi Tintin,

The two Solaris servers are on different subnets.  I have talk to our network engineer and he mentioned that the port 22 is not blocked on the PIX firewall.  Is there someing in the ssh_config file that would block any port 22 activity coming in to be blocked and port 22 going out to be open?  Thank you very much for your help.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17902929
Firstly sshd and sshd_config have nothing to do with outgoing ssh connections.

Do you have any of the following set in sshd_config?

AllowUsers
AllowGroups
DenyUsers
DenyGroups

If none of the above are set, on the Solaris 8 server as root, do

/usr/lib/ssh/sshd -d

This runs ssh in debug mode with output to the screen.

Then on the client, try to ssh to the server.

If you see no ssh debug output, it means it is definitely a network/firewall issue.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 17902936
Additionally on the Solaris 8 server you can do

snoop src <ip of the host you are sshing from>

again, if you see no output when you try to ssh to the server, it means it is definitely a network/firewall issue.

0
 
LVL 48

Expert Comment

by:Tintin
ID: 17902940
Ah, forgot you have a different path to ssh

/usr/lib/ssh/sshd  on your system should be /usr/local/sbin/sshd
0
 

Author Comment

by:gsalcedo
ID: 17930758
Hi Tintin,

When I input the /usr/local/sbin/sshd -d command, I would receive the below message in return...

debug1: sshd version OpenSSh_4.1p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
Privilege separation user sshd does not exist

Does the above return message mean anything to help in resolving the issue that I am going through?

Thank you..
0
 
LVL 34

Accepted Solution

by:
PsiCop earned 125 total points
ID: 17931029
sshd is configured to use a special user account, by default named "sshd", to create "privilege separation" between the privileged daemon running the port listener and the eventual secure shell session that will be created for the successfully-authenticating user. Use of privilege separation insures that if an SSH daemon process is compromised, the breach happens to an unprivileged user ID, not to the privileged instance of the daemon.

You should create a user account in /etc/passwd for a user named "sshd". The home directory for this account should be the Privilege Separation (PrivSep) Directory specified when the sshd daemon was built - this is usually /var/empty, which should be owned by the PrivSep user ID and mode 755 or 750.

The "sshd" entry in /etc/shadow should be locked.
0
 

Author Comment

by:gsalcedo
ID: 17931125
Hi PsiCop,

Yes... that worked....  Do you happen to know why I need to add "sshd" user in the passwd and group file when I did no thave to do that in the previous systems that I had to configure with the use of OpenSSH?

Thank you...
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 17931212
Normally, I don't gripe about points/grades, but I think I'll make an exception here, especially since you asked a followup Question in this one.

A) TinTin contributed substantively to the solution by suggesting the diagnostic commands that revealed the root cause. In my opinion, he deserved some of the credit.

B) A grade of C does not seem to be congruent with the quality of assistance supplied.

As to your followup...

"Do you happen to know why I need to add "sshd" user in the passwd and group file when I did no thave to do that in the previous systems that I had to configure with the use of OpenSSH?"

No. Altho possible scenarios to explain that include:

1) The user ID was already present

2) You were installing a pre-PrivSep version of OpenSSH

3) You were installing a version of OpenSSH that had been built without PrivSep support

4) The configuration setting "UsePrivilegeSeparation No" was present in sshd_config

In any event, SSH is safer with PrivSep than without it.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AIX  NFS  question 1 153
Upgrade RHEL from 6.7 to 6.8.... any benefit to having installed 6.8 to begin with? 2 1,076
Sed question 2 102
Authenticate using sesu from script 7 57
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question