Solved

unable to establish ssh connection to EC2 Windows 2003 Server- no data exchanged after TCP handshake

Posted on 2009-05-10
9
1,219 Views
Last Modified: 2012-05-06
I get the following error after 5 seconds of starting Putty trying to connect to a Windows 2003 server hosted on Amazon EC2.
"Server unexpectedly closed network connection"

This is happening on just one client->server combination. I am attaching all the data - before
that, let me state what the problem is NOT.

1. Not a firewall issue ( I can ssh from the same client to all other servers in the same EC2 group )
2. Not a key issue ( I can ssh from a different client to the same server with the same key )

On the network, after the initial TCP handshake, nothing happens for 5 seconds
( verified on both client and server ). Then the server resets the TCP connection.
No data is exchanged. The SSH protocol version packet which is supposed to
arrive from the server after the connection establishment is never sent.

The config files on the server are as below-

$ cat /etc/hosts.allow
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
#               CYGWIN note: if you use a software firewall (such
#               as ZoneAlarm or the "Windows Firewall" in Windows
#               XP), you must also open a 'hole' at the proper
#               port for the services you enable below.
#
ALL : localhost 127.0.0.1/32 : allow
ALL : PARANOID : deny
sshd: ALL

$ cat /etc/hosts.deny
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
ALL:ALL EXCEPT localhost:DENY

$ cat /etc/sshd_config
#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh_host_rsa_key
#HostKey /etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
StrictModes no
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/sbin/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server

There is nothing in the /var/log/sshd.log.
0
Comment
Question by:TheJoeShmoe
  • 5
  • 3
9 Comments
 
LVL 32

Expert Comment

by:shalomc
ID: 24352859
I am confused..
you said it is a windows 2003 server, yet proceed to detail a linux configuration.
something must be incorrect...

If it really is a windows 2003 server, then you need to connect to it via RDP as by default no sshd is installed on windows images.

ShalomC
0
 

Author Comment

by:TheJoeShmoe
ID: 24361054
I have installed Cygwin on the Windows 2003 Server. Surely that was apparent from the multiple places where the word "CYGWIN" can be found in my problem statement?
0
 
LVL 32

Expert Comment

by:shalomc
ID: 24362000
meh, was not apparent to me, seemed like standard conf notes.
sorry, I can't help here :( never ran sshd out of cygwin
0
 
LVL 32

Expert Comment

by:shalomc
ID: 24362002
try to install a windows native sshd - they actually work pretty well
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:TheJoeShmoe
ID: 24362268
It is a native sshd, if by native you mean Win32 app.
And it works fine against clients on other machines.
I was looking for some insight on why a ssh server would not send the Server protocol
packet after the tcp handshake.
0
 
LVL 32

Expert Comment

by:shalomc
ID: 24362609
try to install a fresh putty on a different PC to eliminate client side problems.

0
 

Accepted Solution

by:
TheJoeShmoe earned 0 total points
ID: 24618941
I found the problem and note it here if it helps anyone in future. I had given up and
found the problem quite accidentally while examining the Windows system event
log ( C:\windows\system32\eventvwr.msc ).

There were many red error messages from "sshd". Each one had the following
text =
"can't verify hostname: gethostbyname(ABTS-North-Dynamic-088.19.162.122.airtelbroadband.in)failed".
 And some other stuff.

In my hosts.allow file, I had allowed ALL for sshd, so it was not a simple denial
issue. The problem was that sshd was trying to call gethostbyname() on the
above host ( which I assume is my ISP's machine ) and failing. I added it to
the /etc/hosts file as follows -

122.162.19.88       ABTS-North-Dynamic-088.19.162.122.airtelbroadband.in

and everything works fine. So it was not a firewall or other clientside issue,
as I had suspected, nor a key issue ( all these were eliminated by my tests
as possible problem causes as explained in my problem statement ). It was
something in my ISP that was causing the problem. When I connected through
other ISPs to the same server, everything was working fine.

Hope this helps someone.
0
 
LVL 32

Expert Comment

by:shalomc
ID: 24619699
I recommend PAQ and refund in order for the solution to be helpful to others in the future
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Secure Shell (SSH) is a network protocol for secure data communication, mainly used to administer remote Unix / Linux servers via command line. But it also allows the user to open a secure tunnel between a client and a server where he can send any k…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now