MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
October
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
2007
Months
Jan Feb Mar
Apr May Jun
Jul Aug Sep
OctNov Dec


Thu, Oct 18, 2007 9:06 pm

SSH Connection Closed By Remote Host

After upgrading SSH on a system to version 4.7p1, I found I could no longer SSH into the system, except if I used ssh 127.0.0.1 from the system itself.

At first, I thought it was a firewall issue, but I was told that the firewall was configured to allow outside access to the system via port 22, yet I still couldn't get in. When I tried to connect to the system via ssh from the console of the system itself, I couldn't get in if I used the Fully Qualified Domain Name (FQDN) nor the IP address of the system. I got an "ssh_exchange_identification" error when I tried. 

# ssh server1.example.com
ssh_exchange_identification: Connection closed by remote host

I rebooted the system, but the results were the same. When I checked to see whether the system was listening on all interfaces on port 22, I saw the following: 

# netstat -a | grep 22
      *.22                 *.*                0      0     0      0 LISTEN

When I used tail /var/log/authlog, I saw the following: 

Oct 18 18:49:44 server1 reboot: rebooted by jsmith
Oct 18 18:51:23 server1 sshd[258]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Oct 18 18:51:23 server1 sshd[258]: fatal: Cannot bind any address.
Oct 18 18:53:21 server1 sshd[2310]: refused connect from 89.sub-75-196-157.myvzw.com
Oct 18 18:54:51 server1 sshd[2415]: refused connect from server1.example.com
Oct 18 18:55:25 server1 sshd[2420]: refused connect from server1.example.com
Oct 18 18:57:13 server1 sshd[2426]: refused connect from frostdragon.com

When I checked to see what application had port 22 open with lsof, I found sshd listed. 

# lsof -i TCP:22
COMMAND PID USER   FD   TYPE        DEVICE SIZE/OFF NODE NAME
sshd    249 root    4u  inet 0x30000115068      0t0  TCP *:22 (LISTEN)

I didn't see any setting in /usr/local/etc/sshd_config that I thought would cause the problem. I then looked in /etc/hosts.allow and realized I needed to add SSH access there. I added the line below. 

sshd   : allow ALL

I was then able immediately to SSH into the system. But, when I did so, I realized that no login banner was appearing. I needed to have a warning banner clearly stating, before any userid or password prompt appeared, that access is allowed only for authorized users. So I created a file /etc/banner with text for that warning message (the file has 744 protection, i.e. world read access). I then modified the "banner" section of /usr/local/etc/sshd_config to point to the banner text file /etc/banner. 

# no default banner path
#Banner /some/path
Banner /etc/banner

I then restarted sshd.

# /etc/init.d/sshd stop
Stopping sshd
# /etc/init.d/sshd start
Starting sshd

Then when I attempted to ssh into the system, I saw the banner prior to the password prompt appearing.

[/network/ssh] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo