Link to home
Start Free TrialLog in
Avatar of Xetroximyn
XetroximynFlag for United States of America

asked on

ssh connection issues - have to try over and over before connection will be successful

I have a server and everyone is having problems trying to putty ssh to it... it closes connection before any login prompt... have to try over and over and eventually it will work.  I have tried raising max sessions and restart sshd... any ideas?

Below is an connection attempt with verbose output

[root@~]# ssh -v 192.168.1.2
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.2 [192.168.1.2] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type 2
debug1: loaded 3 keys
ssh_exchange_identification: Connection closed by remote host
[root@~]#

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Steven Vona
Steven Vona
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Xetroximyn

ASKER

Thanks!

So I see this in messages...

May 22 20:58:15 oaccati sshd[29072]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:17 oaccati sshd[29104]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:18 oaccati sshd[29130]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:18 oaccati sshd[29132]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:19 oaccati sshd[29145]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:20 oaccati sshd[29159]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:20 oaccati sshd[29185]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:20 oaccati sshd[29187]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:22 oaccati sshd[29197]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:22 oaccati sshd[29214]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:23 oaccati sshd[29227]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:23 oaccati sshd[29264]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:23 oaccati sshd[29277]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:25 oaccati sshd[29292]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:28 oaccati sshd[29316]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
May 22 20:58:28 oaccati sshd[29324]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key

Open in new window


also this when I restart it

[root@ssh]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
                                                           [  OK  ]
[root@ssh]#

Open in new window


I tried to generate a key but I get...

# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
unknown key type ecdsa

Open in new window

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Trying to login in password.

there is no /etc/ssh/ssh_host_ecdsa_key. (a bunch of other keys but not that one)

Password auth is definitely enabled.  Because if you try over and over again it will fail a bunch, but eventually work fine.... usually within 30 seconds.   Like... so it was working about 5-10% of the time.

Issue seems to be much better today... Seems to work first try 80% of the time... so much less annoying for people.... but still would be nice to know whats going on
So it's back today... 90-95% of connection attempts are failing... any ideas/guidance?
FYI I have a bunch of these when I grep ps for ssh

I see here
http://serverfault.com/questions/486220/is-someone-bruteforcing-my-password-sshd-unknown-net-and-sshd-accepted-fl

They say it's people trying to brute force the server, and to check /var/log/auth.log to look for failed attempts... but I have no auth.log.

Is there a way I can find the IP addresses these are coming from to confirm?

oot     29932 30104  0 13:26 ?        00:00:00 sshd: [accepted]
sshd     29933 29932  0 13:26 ?        00:00:00 sshd: [net]
root     29945 30104  0 13:26 ?        00:00:00 sshd: [accepted]
sshd     29946 29945  0 13:26 ?        00:00:00 sshd: [net]
root     29970 30104  0 13:26 ?        00:00:00 sshd: [accepted]
sshd     29971 29970  0 13:26 ?        00:00:00 sshd: [net]
root     29988 30104  0 13:26 ?        00:00:00 sshd: [accepted]
sshd     29989 29988  0 13:26 ?        00:00:00 sshd: [net]
root     30001 30104  0 13:26 ?        00:00:00 sshd: [accepted]
sshd     30002 30001  0 13:26 ?        00:00:00 sshd: [net]
root     30029 30104  0 13:26 ?        00:00:00 sshd: [accepted]
sshd     30030 30029  0 13:26 ?        00:00:00 sshd: [net]
root     30036 30104  0 13:26 ?        00:00:00 sshd: [accepted]
sshd     30037 30036  0 13:26 ?        00:00:00 sshd: [net]
root     30050 30104  0 13:26 ?        00:00:00 sshd: [accepted]
sshd     30051 30050  0 13:26 ?        00:00:00 sshd: [net]
root     30073 30104  0 13:26 ?        00:00:00 sshd: [accepted]
sshd     30074 30073  0 13:26 ?        00:00:00 sshd: [net]
root     30075 30104  0 13:26 ?        00:00:00 sshd: [accepted

Open in new window