Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


unable to establish ssh connection to EC2 Windows 2003 Server- no data exchanged after TCP handshake

Posted on 2009-05-10
Medium Priority
Last Modified: 2012-05-06
I get the following error after 5 seconds of starting Putty trying to connect to a Windows 2003 server hosted on Amazon EC2.
"Server unexpectedly closed network connection"

This is happening on just one client->server combination. I am attaching all the data - before
that, let me state what the problem is NOT.

1. Not a firewall issue ( I can ssh from the same client to all other servers in the same EC2 group )
2. Not a key issue ( I can ssh from a different client to the same server with the same key )

On the network, after the initial TCP handshake, nothing happens for 5 seconds
( verified on both client and server ). Then the server resets the TCP connection.
No data is exchanged. The SSH protocol version packet which is supposed to
arrive from the server after the connection establishment is never sent.

The config files on the server are as below-

$ cat /etc/hosts.allow
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#               CYGWIN note: if you use a software firewall (such
#               as ZoneAlarm or the "Windows Firewall" in Windows
#               XP), you must also open a 'hole' at the proper
#               port for the services you enable below.
ALL : localhost : allow
sshd: ALL

$ cat /etc/hosts.deny
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.

$ cat /etc/sshd_config
#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 22
#AddressFamily any
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh_host_rsa_key
#HostKey /etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
StrictModes no
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/sbin/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server

There is nothing in the /var/log/sshd.log.
Question by:TheJoeShmoe
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 33

Expert Comment

ID: 24352859
I am confused..
you said it is a windows 2003 server, yet proceed to detail a linux configuration.
something must be incorrect...

If it really is a windows 2003 server, then you need to connect to it via RDP as by default no sshd is installed on windows images.


Author Comment

ID: 24361054
I have installed Cygwin on the Windows 2003 Server. Surely that was apparent from the multiple places where the word "CYGWIN" can be found in my problem statement?
LVL 33

Expert Comment

ID: 24362000
meh, was not apparent to me, seemed like standard conf notes.
sorry, I can't help here :( never ran sshd out of cygwin
Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

LVL 33

Expert Comment

ID: 24362002
try to install a windows native sshd - they actually work pretty well

Author Comment

ID: 24362268
It is a native sshd, if by native you mean Win32 app.
And it works fine against clients on other machines.
I was looking for some insight on why a ssh server would not send the Server protocol
packet after the tcp handshake.
LVL 33

Expert Comment

ID: 24362609
try to install a fresh putty on a different PC to eliminate client side problems.


Accepted Solution

TheJoeShmoe earned 0 total points
ID: 24618941
I found the problem and note it here if it helps anyone in future. I had given up and
found the problem quite accidentally while examining the Windows system event
log ( C:\windows\system32\eventvwr.msc ).

There were many red error messages from "sshd". Each one had the following
text =
"can't verify hostname: gethostbyname(ABTS-North-Dynamic-".
 And some other stuff.

In my hosts.allow file, I had allowed ALL for sshd, so it was not a simple denial
issue. The problem was that sshd was trying to call gethostbyname() on the
above host ( which I assume is my ISP's machine ) and failing. I added it to
the /etc/hosts file as follows -       ABTS-North-Dynamic-

and everything works fine. So it was not a firewall or other clientside issue,
as I had suspected, nor a key issue ( all these were eliminated by my tests
as possible problem causes as explained in my problem statement ). It was
something in my ISP that was causing the problem. When I connected through
other ISPs to the same server, everything was working fine.

Hope this helps someone.
LVL 33

Expert Comment

ID: 24619699
I recommend PAQ and refund in order for the solution to be helpful to others in the future

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We all know how boring and exhausting it is to transfer huge web projects developed locally to a webserver simply via FTP. The File Transfer Protocol is a really nice solution if you need to transfer small amounts of files, but if you're plannin…
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question