Xetroximyn
asked on
ssh connection issues - have to try over and over before connection will be successful
I have a server and everyone is having problems trying to putty ssh to it... it closes connection before any login prompt... have to try over and over and eventually it will work. I have tried raising max sessions and restart sshd... any ideas?
Below is an connection attempt with verbose output
Below is an connection attempt with verbose output
[root@~]# ssh -v 192.168.1.2
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.2 [192.168.1.2] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type 2
debug1: loaded 3 keys
ssh_exchange_identification: Connection closed by remote host
[root@~]#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Trying to login in password.
there is no /etc/ssh/ssh_host_ecdsa_ke y. (a bunch of other keys but not that one)
Password auth is definitely enabled. Because if you try over and over again it will fail a bunch, but eventually work fine.... usually within 30 seconds. Like... so it was working about 5-10% of the time.
Issue seems to be much better today... Seems to work first try 80% of the time... so much less annoying for people.... but still would be nice to know whats going on
there is no /etc/ssh/ssh_host_ecdsa_ke
Password auth is definitely enabled. Because if you try over and over again it will fail a bunch, but eventually work fine.... usually within 30 seconds. Like... so it was working about 5-10% of the time.
Issue seems to be much better today... Seems to work first try 80% of the time... so much less annoying for people.... but still would be nice to know whats going on
ASKER
So it's back today... 90-95% of connection attempts are failing... any ideas/guidance?
ASKER
FYI I have a bunch of these when I grep ps for ssh
I see here
http://serverfault.com/questions/486220/is-someone-bruteforcing-my-password-sshd-unknown-net-and-sshd-accepted-fl
They say it's people trying to brute force the server, and to check /var/log/auth.log to look for failed attempts... but I have no auth.log.
Is there a way I can find the IP addresses these are coming from to confirm?
I see here
http://serverfault.com/questions/486220/is-someone-bruteforcing-my-password-sshd-unknown-net-and-sshd-accepted-fl
They say it's people trying to brute force the server, and to check /var/log/auth.log to look for failed attempts... but I have no auth.log.
Is there a way I can find the IP addresses these are coming from to confirm?
oot 29932 30104 0 13:26 ? 00:00:00 sshd: [accepted]
sshd 29933 29932 0 13:26 ? 00:00:00 sshd: [net]
root 29945 30104 0 13:26 ? 00:00:00 sshd: [accepted]
sshd 29946 29945 0 13:26 ? 00:00:00 sshd: [net]
root 29970 30104 0 13:26 ? 00:00:00 sshd: [accepted]
sshd 29971 29970 0 13:26 ? 00:00:00 sshd: [net]
root 29988 30104 0 13:26 ? 00:00:00 sshd: [accepted]
sshd 29989 29988 0 13:26 ? 00:00:00 sshd: [net]
root 30001 30104 0 13:26 ? 00:00:00 sshd: [accepted]
sshd 30002 30001 0 13:26 ? 00:00:00 sshd: [net]
root 30029 30104 0 13:26 ? 00:00:00 sshd: [accepted]
sshd 30030 30029 0 13:26 ? 00:00:00 sshd: [net]
root 30036 30104 0 13:26 ? 00:00:00 sshd: [accepted]
sshd 30037 30036 0 13:26 ? 00:00:00 sshd: [net]
root 30050 30104 0 13:26 ? 00:00:00 sshd: [accepted]
sshd 30051 30050 0 13:26 ? 00:00:00 sshd: [net]
root 30073 30104 0 13:26 ? 00:00:00 sshd: [accepted]
sshd 30074 30073 0 13:26 ? 00:00:00 sshd: [net]
root 30075 30104 0 13:26 ? 00:00:00 sshd: [accepted
ASKER
So I see this in messages...
Open in new window
also this when I restart it
Open in new window
I tried to generate a key but I get...
Open in new window