[CentOS] ssh_exchange_identification: Connection closed by remote host
Greetings, I have accounts on two Centos servers, A and B, each hosted on a remote VPS by a different provider/datacenter. Until yesterday night, I could connect without problems via SSH to both servers from my home Fedora 16 desktop. Yesterday I completed (fingers crossed) the switch to a different ADSL provider. From the moment I turned on the modem on the new ADSL line, I became unable to ssh into server A. All attempts abort with this message: ssh_exchange_identification: Connection closed by remote host I know that server A is still up and running, because the websites and email services it runs are still up. Server B is still reachable via ssh, no problem. The only difference between the two servers is that A runs Centos 4.something, while B runs Centos 6.1 I have already done some online search on this problem, but all the pages I have found discuss how to diagnose and fix it working on the server (*), which is exactly what I can't do right now... Any clues on what may have happened, and if it could be related in any way to differences (whatever they may be) between ADSL providers, instead of a bizarre coincidence? Of course, I can and will ask the VPS provider to reboot the machine, but I would also like to know your opinion on what exactly may have happened, and how to prevent it in the future (also to pass your suggestions to the provider). TIA, Marco (*) except remove the server entry from .ssh/known_hosts in my home desktop. I did it and nothing changed ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
M. Fioretti wrote: > > I have accounts on two Centos servers, A and B, each hosted on a remote > VPS by a different provider/datacenter. > > Until yesterday night, I could connect without problems via SSH to both > servers from my home Fedora 16 desktop. > > Yesterday I completed (fingers crossed) the switch to a different ADSL > provider. From the moment I turned on the modem on the new ADSL line, I > became unable to ssh into server A. All attempts abort with this message: > > ssh_exchange_identification: Connection closed by remote host This would be obnoxious, but have you checked with your ADSL provider, to see if they're blocking ssh traffic? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
on 9/14/2012 8:26 AM m.r...@5-cent.us spake the following: > M. Fioretti wrote: >> >> I have accounts on two Centos servers, A and B, each hosted on a remote >> VPS by a different provider/datacenter. >> >> Until yesterday night, I could connect without problems via SSH to both >> servers from my home Fedora 16 desktop. >> >> Yesterday I completed (fingers crossed) the switch to a different ADSL >> provider. From the moment I turned on the modem on the new ADSL line, I >> became unable to ssh into server A. All attempts abort with this message: >> >> ssh_exchange_identification: Connection closed by remote host > > This would be obnoxious, but have you checked with your ADSL provider, to > see if they're blocking ssh traffic? > > mark > Also. Could the server A have a firewall that had allow ranges for your original ip range? Or denyhosts... something like that ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On 09/14/2012 05:09 PM, M. Fioretti wrote: > Greetings, > > I have accounts on two Centos servers, A and B, each hosted on a remote > VPS by a different provider/datacenter. > > Until yesterday night, I could connect without problems via SSH to both > servers from my home Fedora 16 desktop. > > Yesterday I completed (fingers crossed) the switch to a different ADSL > provider. From the moment I turned on the modem on the new ADSL line, I > became unable to ssh into server A. All attempts abort with this message: > > ssh_exchange_identification: Connection closed by remote host > > I know that server A is still up and running, because the websites and > email services it runs are still up. Server B is still reachable via ssh, > no problem. The only difference between the two servers is that A runs > Centos 4.something, while B runs Centos 6.1 > > I have already done some online search on this problem, but all the pages > I have found discuss how to diagnose and fix it working on the server (*), > which is exactly what I can't do right now... > > Any clues on what may have happened, and if it could be related in any way > to differences (whatever they may be) between ADSL providers, instead of a > bizarre coincidence? > > Of course, I can and will ask the VPS provider to reboot the machine, but > I would also like to know your opinion on what exactly may have happened, > and how to prevent it in the future (also to pass your suggestions to the > provider). Check the /var/log/secure log. It could be that some bot is trying to brute force your server and the daemon is hitting the session limit. Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Friday 14 September 2012 16:32:18 Scott Silva wrote: > on 9/14/2012 8:26 AM m.r...@5-cent.us spake the > > following: > > M. Fioretti wrote: > >> I have accounts on two Centos servers, A and B, each hosted on a > >> remote VPS by a different provider/datacenter. > >> > >> Until yesterday night, I could connect without problems via SSH > >> to both servers from my home Fedora 16 desktop. > >> > >> Yesterday I completed (fingers crossed) the switch to a > >> different ADSL provider. From the moment I turned on the modem > >> on the new ADSL line, I became unable to ssh into server A. All > >> attempts abort with this message: > >> > >> ssh_exchange_identification: Connection closed by remote host > > > > > > This would be obnoxious, but have you checked with your ADSL > > provider, to see if they're blocking ssh traffic? > > > > mark > > Also. Could the server A have a firewall that had allow ranges for > your original ip range? Or denyhosts... something like that >From memory the only time I've seen that error message was due to entries in the /etc/hosts.allow file specifying what IP addresses are allowed ssh in. Changing your ISP would change your address. Tony > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
Am 14.09.2012 um 17:09 schrieb M. Fioretti: > Greetings, > > I have accounts on two Centos servers, A and B, each hosted on a remote > VPS by a different provider/datacenter. > > Until yesterday night, I could connect without problems via SSH to both > servers from my home Fedora 16 desktop. > > Yesterday I completed (fingers crossed) the switch to a different ADSL > provider. From the moment I turned on the modem on the new ADSL line, I > became unable to ssh into server A. All attempts abort with this message: > > ssh_exchange_identification: Connection closed by remote host Check your tcp_wrapper configuration (/etc/hosts.allow, /etc/hosts.deny). -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Fri, September 14, 2012 5:32 pm, Scott Silva wrote: > Could the server A have a firewall that had allow ranges for your > original ip range? Or denyhosts... something like that No, there are no such settings. Answering to other questions: > have you checked with your ADSL provider, to > see if they're blocking ssh traffic? no, because as I said in my original message, I **can** do ssh traffic. I am doing it right now, on the other Centos server. It is only one of them that became unreachable. > Check the /var/log/secure log > Check your tcp_wrapper configuration of course I can't do it right now, exactly because... I can't connect to the server. But I will pass along these and all other similar suggestions to the VPS provider help desk, since they will surely save time, so thanks for these and any other tips that may come! Marco ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
>> On Fri, 14 Sep 2012 17:09:46 +0200 (CEST), >> "M. Fioretti" said: M> Yesterday I completed (fingers crossed) the switch to a different ADSL M> provider. From the moment I turned on the modem on the new ADSL line, I M> became unable to ssh into server A. All attempts abort with this M> message: M>ssh_exchange_identification: Connection closed by remote host This is in the "grasping at straws" category, but have you tried connecting with a different cipher, like "blowfish" or "3des-cbc"? If/as/when you get access to the server, can you disable TCP checksum offloading? root# ethtool -K eth0 tx off rx off root# ethtool -t eth0 offline # adapter self-test -- Karl Vogel I don't speak for the USAF or my company A sum of accountants --collective nouns, June 1999 LINGUIST ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Fri, September 14, 2012 9:06 pm, Karl Vogel wrote: >>> On Fri, 14 Sep 2012 17:09:46 +0200 (CEST), >>> "M. Fioretti" said: > > M> Yesterday I completed (fingers crossed) the switch to a different ADSL > M> provider. From the moment I turned on the modem on the new ADSL line, I > M> became unable to ssh into server A. All attempts abort with this > M> message: > M>ssh_exchange_identification: Connection closed by remote host > >This is in the "grasping at straws" category, but have you tried >connecting with a different cipher, like "blowfish" or "3des-cbc"? I confess I had forgotten that this option existed. However, I just tried both cyphers and there is no difference. Thanks for the other suggestion, I'll try that as the server is reachable again. Marco ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
M. Fioretti wrote: > > On Fri, September 14, 2012 9:06 pm, Karl Vogel wrote: On Fri, 14 Sep 2012 17:09:46 +0200 (CEST), "M. Fioretti" said: >> >> M> Yesterday I completed (fingers crossed) the switch to a different >> ADSL M> provider. From the moment I turned on the modem on the new ADSL line, >> M> I became unable to ssh into server A. All attempts abort with this >> M> message: >> M>ssh_exchange_identification: Connection closed by remote host >> > both cyphers and there is no difference. Thanks for the other suggestion, > I'll try that as the server is reachable again. It's now reachable? Sounds to me as though your provider, or hosting provider, had something screwed up and just fixed it. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Fri, September 14, 2012 10:09 pm, m.r...@5-cent.us wrote: >> I'll try that as the server is reachable again. > > It's now reachable? No, it's not, sorry for the confusion. I meant to write "as soon as the server is reachable again" Marco ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
M. Fioretti wrote: > > On Fri, September 14, 2012 10:09 pm, m.r...@5-cent.us wrote: > >>> I'll try that as the server is reachable again. >> >> It's now reachable? > > No, it's not, sorry for the confusion. I meant to write "as soon as the > server is reachable again" > Have you spoken with support from the host/provider? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Fri, Sep 14, 2012 at 10:21:29PM +0200, M. Fioretti wrote: > No, it's not, sorry for the confusion. I meant to write "as soon as the > server is reachable again" I haven't seen lower level debugging, but I may have just missed it. 1) What happens if you run "telnet yourhost 22". (you might need to install "telnet" on your client machine) Do you see something like Trying 1.2.3.4... Connected to yourhost (1.2.3.4) Escape character is '^]'. SSH-2.0-OpenSSH_5.3 or do you see telnet: Unable to connect to remote host: Connection refused or do you see Trying 1.2.3.4... Connected to yourhost (1.2.3.4) Escape character is '^]'. Connection closed by foreign host. 2) How quickly does the "closed" occur? 3) What is the output of "ssh -v yourhost" ? -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
Stephen Harris wrote:
> On Fri, Sep 14, 2012 at 10:21:29PM +0200, M. Fioretti wrote:
>
>> No, it's not, sorry for the confusion. I meant to write "as soon as the
>> server is reachable again"
>>
> {snip}
>
> ?
>
>
Can you ssh from B to A?
:-) Ken
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Sep 14, 2012, at 3:21 PM, "M. Fioretti" wrote: > > On Fri, September 14, 2012 10:09 pm, m.r...@5-cent.us wrote: > >>> I'll try that as the server is reachable again. >> >> It's now reachable? > > No, it's not, sorry for the confusion. I meant to write "as soon as the > server is reachable again" > > Marco > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos Can you post the (sanitized ) output from "ssh -vv my mybadhost.com" ? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Fri, September 14, 2012 11:48 pm, Stephen Harris wrote: > 1) What happens if you run "telnet yourhost 22". this is what happens (with the proper IP of course): > Trying 1.2.3.4... > Connected to yourhost (1.2.3.4) > Escape character is '^]'. > Connection closed by foreign host. > > 2) How quickly does the "closed" occur? I'd say 4/5 seconds > 3) What is the output of "ssh -v yourhost" here it is, obviously with changed server name and IP # [marco@avalon ~]$ ssh -v -p xxx m...@example.com OpenSSH_5.8p2, OpenSSL 1.0.0j-fips 10 May 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to example.com [ip.of.example.com] port xxx. debug1: Connection established. debug1: identity file /home/marco/.ssh/id_rsa type -1 debug1: identity file /home/marco/.ssh/id_rsa-cert type -1 debug1: identity file /home/marco/.ssh/id_dsa type -1 debug1: identity file /home/marco/.ssh/id_dsa-cert type -1 ssh_exchange_identification: Connection closed by remote host ### I have informed the provider, and am waiting answers from them. Thanks, Marco ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Sat, September 15, 2012 12:10 am, Ken Smith wrote: > Stephen Harris wrote: >> On Fri, Sep 14, 2012 at 10:21:29PM +0200, M. Fioretti wrote: >> >>> No, it's not, sorry for the confusion. I meant to write "as soon as the >>> server is reachable again" >> > Can you ssh from B to A? very good question, thanks! I had not thought about such a test at all. However, doing that I get exactly the same result. Marco ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Sat, September 15, 2012 4:00 am, Paul Tader wrote: > Can you post the (sanitized ) output from "ssh -vv my mybadhost.com" ? Such output is exactly the same I get with only one "v" and already posted in an earlier reply this morning Thanks, Marco ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
M. Fioretti wrote:
> On Sat, September 15, 2012 12:10 am, Ken Smith wrote:
>
>> Stephen Harris wrote:
>>
>>> On Fri, Sep 14, 2012 at 10:21:29PM +0200, M. Fioretti wrote:
>>>
>>>
>>> {snip}
>> Can you ssh from B to A?
>>
> very good question, thanks! I had not thought about such a test at all.
> However, doing that I get exactly the same result.
>
> Marco
>
>
Which suggests that there is something about A you need to know more
about. As said earlier what happens if you run
telnet ip-of-a whatever-port-ssh-is -on--normally-22
:-) Ken
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Sat, September 15, 2012 7:44 am, Ken Smith wrote: > Which suggests that there is something about A you need to know more > about. As said earlier what happens if you run > > telnet ip-of-a whatever-port-ssh-is -on--normally-22 I had already answered to this: http://lists.centos.org/pipermail/centos/2012-September/129092.html If I use port 22 instead of the one sshd is listening on, I get a normal "telnet: connect to address ip-of-a: Connection refused" Marco ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Sat, Sep 15, 2012 at 07:01:03AM +0200, M. Fioretti wrote: > > On Fri, September 14, 2012 11:48 pm, Stephen Harris wrote: > > > 1) What happens if you run "telnet yourhost 22". > > this is what happens (with the proper IP of course): > > > Trying 1.2.3.4... > > Connected to yourhost (1.2.3.4) > > Escape character is '^]'. > > Connection closed by foreign host. This is important; it means the remote SSH server never says 'hello'. > > 2) How quickly does the "closed" occur? > > I'd say 4/5 seconds This is possibly indicative of resource starvation at the remote end; the connection is going into the listen queue, then being accepted but the process then fails. It might mean "out of memory" (for example) so the server can't fork() the new sshd process. If you mean "4 or 5s" then we might also be seeing swapping delays. There _are_ other reasons for this type of behaviour (eg firewalls, network) but that's the most common one that I've seen. > # > [marco@avalon ~]$ ssh -v -p xxx m...@example.com I assume the "xxx" here matches the port you tested with the telnet test. Otherwise the telnet test is useless. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On Saturday 15 September 2012 14:01:38 Stephen Harris wrote: > On Sat, Sep 15, 2012 at 07:01:03AM +0200, M. Fioretti wrote: > > On Fri, September 14, 2012 11:48 pm, Stephen Harris wrote: > > > 1) What happens if you run "telnet yourhost 22". > > > > this is what happens (with the proper IP of course): > > > Trying 1.2.3.4... > > > Connected to yourhost (1.2.3.4) > > > Escape character is '^]'. > > > Connection closed by foreign host. > > This is important; it means the remote SSH server never says > 'hello'. > > > > 2) How quickly does the "closed" occur? > > > > I'd say 4/5 seconds > > This is possibly indicative of resource starvation at the remote > end; the connection is going into the listen queue, then being > accepted but the process then fails. It might mean "out of > memory" (for example) so the server can't fork() the new sshd > process. If you mean "4 or 5s" then we might also be seeing > swapping delays. > > There _are_ other reasons for this typ > network) but that's the most common one that I've seen. > > > # > > [marco@avalon ~]$ ssh -v -p xxx m...@example.com > > I assume the "xxx" here matches the port yo[root@thomond ~]# ssh -l root tmlinux.csis.ul.ie > test. Otherwise the telnet test is useless. > As I said earlier in this thread that error can come from problems with the hosts.allow file on the machine you are trying to connect to. I've just reproduced the error on my own systems. Log in to tmlinux from thomond, everything ok. edit the /etc/hosts.allow file on tmlinux to disallow sshd access from thomond. Log out. Login to tmlinux from thomond. Error. . [root@thomond ~]# ssh -l root tmlinux.csis.ul.ie ssh_exchange_identification: Connection closed by remote host Since you changed your ISP you changed your IP address. If you had used the hosts.allow file to control access to ssh then that could be your problem. Same holds for telnet and any other network connection. Regards, Tony ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh_exchange_identification: Connection closed by remote host
On 14/09/2012 17:06, M. Fioretti wrote: of course I can't do it right now, exactly because... I can't connect to the server. But I will pass along these and all other similar suggestions to the VPS provider help desk, since they will surely save time, so thanks for these and any other tips that may come! Well you can... ssh into B and then try to ssh from B to A... -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
