[CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread M. Fioretti
Greetings,

I have accounts on two Centos servers, A and B, each hosted on a remote
VPS by a different provider/datacenter.

Until yesterday night, I could connect without problems via SSH to both
servers from my home Fedora 16 desktop.

Yesterday I completed (fingers crossed) the switch to a different ADSL
provider. From the moment I turned on the modem on the new ADSL line, I
became unable to ssh into server A. All attempts abort with this message:

ssh_exchange_identification: Connection closed by remote host

I know that server A is still up and running, because the websites and
email services it runs are still up. Server B is still reachable via ssh,
no problem. The only difference between the two servers is that A runs
Centos 4.something, while B runs Centos 6.1

I have already done some online search on this problem, but all the pages
I have found discuss how to diagnose and fix it working on the server (*),
which is exactly what I can't do right now...

Any clues on what may have happened, and if it could be related in any way
to differences (whatever they may be) between ADSL providers, instead of a
bizarre coincidence?

Of course, I can and will ask the VPS provider to reboot the machine, but
I would also like to know your opinion on what exactly may have happened,
and how to prevent it in the future (also to pass your suggestions to the
provider).

TIA,
Marco

(*) except remove the server entry from .ssh/known_hosts in my home
desktop. I did it and nothing changed
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread m . roth
M. Fioretti wrote:
>
> I have accounts on two Centos servers, A and B, each hosted on a remote
> VPS by a different provider/datacenter.
>
> Until yesterday night, I could connect without problems via SSH to both
> servers from my home Fedora 16 desktop.
>
> Yesterday I completed (fingers crossed) the switch to a different ADSL
> provider. From the moment I turned on the modem on the new ADSL line, I
> became unable to ssh into server A. All attempts abort with this message:
>
> ssh_exchange_identification: Connection closed by remote host

This would be obnoxious, but have you checked with your ADSL provider, to
see if they're blocking ssh traffic?

  mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread Scott Silva
on 9/14/2012 8:26 AM m.r...@5-cent.us spake the
following:
> M. Fioretti wrote:
>>
>> I have accounts on two Centos servers, A and B, each hosted on a remote
>> VPS by a different provider/datacenter.
>>
>> Until yesterday night, I could connect without problems via SSH to both
>> servers from my home Fedora 16 desktop.
>>
>> Yesterday I completed (fingers crossed) the switch to a different ADSL
>> provider. From the moment I turned on the modem on the new ADSL line, I
>> became unable to ssh into server A. All attempts abort with this message:
>>
>> ssh_exchange_identification: Connection closed by remote host
> 
> This would be obnoxious, but have you checked with your ADSL provider, to
> see if they're blocking ssh traffic?
> 
>   mark
> 
Also. Could the server A have a firewall that had allow ranges for your
original ip range? Or denyhosts... something like that

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread Dennis Jacobfeuerborn
On 09/14/2012 05:09 PM, M. Fioretti wrote:
> Greetings,
> 
> I have accounts on two Centos servers, A and B, each hosted on a remote
> VPS by a different provider/datacenter.
> 
> Until yesterday night, I could connect without problems via SSH to both
> servers from my home Fedora 16 desktop.
> 
> Yesterday I completed (fingers crossed) the switch to a different ADSL
> provider. From the moment I turned on the modem on the new ADSL line, I
> became unable to ssh into server A. All attempts abort with this message:
> 
> ssh_exchange_identification: Connection closed by remote host
> 
> I know that server A is still up and running, because the websites and
> email services it runs are still up. Server B is still reachable via ssh,
> no problem. The only difference between the two servers is that A runs
> Centos 4.something, while B runs Centos 6.1
> 
> I have already done some online search on this problem, but all the pages
> I have found discuss how to diagnose and fix it working on the server (*),
> which is exactly what I can't do right now...
> 
> Any clues on what may have happened, and if it could be related in any way
> to differences (whatever they may be) between ADSL providers, instead of a
> bizarre coincidence?
> 
> Of course, I can and will ask the VPS provider to reboot the machine, but
> I would also like to know your opinion on what exactly may have happened,
> and how to prevent it in the future (also to pass your suggestions to the
> provider).

Check the /var/log/secure log. It could be that some bot is trying to brute
force your server and the daemon is hitting the session limit.

Regards,
  Dennis

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread Tony Molloy
On Friday 14 September 2012 16:32:18 Scott Silva wrote:
> on 9/14/2012 8:26 AM m.r...@5-cent.us spake the
> 
> following:
> > M. Fioretti wrote:
> >> I have accounts on two Centos servers, A and B, each hosted on a
> >> remote VPS by a different provider/datacenter.
> >>
> >> Until yesterday night, I could connect without problems via SSH
> >> to both servers from my home Fedora 16 desktop.
> >>
> >> Yesterday I completed (fingers crossed) the switch to a
> >> different ADSL provider. From the moment I turned on the modem
> >> on the new ADSL line, I became unable to ssh into server A. All
> >> attempts abort with this message:
> >>
> >> ssh_exchange_identification: Connection closed by remote host
> >
> > 
> > This would be obnoxious, but have you checked with your ADSL
> > provider, to see if they're blocking ssh traffic?
> >
> >   mark
> 
> Also. Could the server A have a firewall that had allow ranges for
>  your original ip range? Or denyhosts... something like that

>From memory the only time I've seen that error message was due to 
entries in the /etc/hosts.allow file specifying what IP addresses are 
allowed ssh in. Changing your ISP would change your address.

Tony
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread Leon Fauster
Am 14.09.2012 um 17:09 schrieb M. Fioretti:
> Greetings,
> 
> I have accounts on two Centos servers, A and B, each hosted on a remote
> VPS by a different provider/datacenter.
> 
> Until yesterday night, I could connect without problems via SSH to both
> servers from my home Fedora 16 desktop.
> 
> Yesterday I completed (fingers crossed) the switch to a different ADSL
> provider. From the moment I turned on the modem on the new ADSL line, I
> became unable to ssh into server A. All attempts abort with this message:
> 
> ssh_exchange_identification: Connection closed by remote host



Check your tcp_wrapper configuration (/etc/hosts.allow, /etc/hosts.deny).

--
LF




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread M. Fioretti

On Fri, September 14, 2012 5:32 pm, Scott Silva wrote:

> Could the server A have a firewall that had allow ranges for your
> original ip range? Or denyhosts... something like that

No, there are no such settings.

Answering to other questions:

> have you checked with your ADSL provider, to
> see if they're blocking ssh traffic?

no, because as I said in my original message, I **can** do ssh traffic. I
am doing it right now, on the other Centos server. It is only one of them
that became unreachable.

> Check the /var/log/secure log
> Check your tcp_wrapper configuration

of course I can't do it right now, exactly because... I can't connect to
the server. But I will pass along these and all other similar suggestions
to the VPS provider help desk, since they will surely save time, so thanks
for these and any other tips that may come!

Marco

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread Karl Vogel
>> On Fri, 14 Sep 2012 17:09:46 +0200 (CEST), 
>> "M. Fioretti"  said:

M> Yesterday I completed (fingers crossed) the switch to a different ADSL
M> provider. From the moment I turned on the modem on the new ADSL line, I
M> became unable to ssh into server A. All attempts abort with this
M> message:
M>ssh_exchange_identification: Connection closed by remote host

   This is in the "grasping at straws" category, but have you tried
   connecting with a different cipher, like "blowfish" or "3des-cbc"?

   If/as/when you get access to the server, can you disable TCP checksum
   offloading?

   root# ethtool -K eth0 tx off rx off
   root# ethtool -t eth0 offline # adapter self-test

-- 
Karl Vogel  I don't speak for the USAF or my company
A sum of accountants --collective nouns, June 1999 LINGUIST
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread M. Fioretti

On Fri, September 14, 2012 9:06 pm, Karl Vogel wrote:
>>> On Fri, 14 Sep 2012 17:09:46 +0200 (CEST),
>>> "M. Fioretti"  said:
>
> M> Yesterday I completed (fingers crossed) the switch to a different ADSL
> M> provider. From the moment I turned on the modem on the new ADSL line, I
> M> became unable to ssh into server A. All attempts abort with this
> M> message:
> M>ssh_exchange_identification: Connection closed by remote host
>
>This is in the "grasping at straws" category, but have you tried
>connecting with a different cipher, like "blowfish" or "3des-cbc"?

I confess I had forgotten that this option existed. However, I just tried
both cyphers and there is no difference. Thanks for the other suggestion,
I'll try that as the server is reachable again.

Marco

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread m . roth
M. Fioretti wrote:
>
> On Fri, September 14, 2012 9:06 pm, Karl Vogel wrote:
 On Fri, 14 Sep 2012 17:09:46 +0200 (CEST),
 "M. Fioretti"  said:
>>
>> M> Yesterday I completed (fingers crossed) the switch to a different
>> ADSL M> provider. From the moment I turned on the modem on the new ADSL
line,
>> M> I became unable to ssh into server A. All attempts abort with this
>> M> message:
>> M>ssh_exchange_identification: Connection closed by remote host
>>

> both cyphers and there is no difference. Thanks for the other suggestion,
> I'll try that as the server is reachable again.

It's now reachable? Sounds to me as though your provider, or hosting
provider, had something screwed up and just fixed it.

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread M. Fioretti

On Fri, September 14, 2012 10:09 pm, m.r...@5-cent.us wrote:

>> I'll try that as the server is reachable again.
>
> It's now reachable?

No, it's not, sorry for the confusion. I meant to write "as soon as the
server is reachable again"

Marco
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread m . roth
M. Fioretti wrote:
>
> On Fri, September 14, 2012 10:09 pm, m.r...@5-cent.us wrote:
>
>>> I'll try that as the server is reachable again.
>>
>> It's now reachable?
>
> No, it's not, sorry for the confusion. I meant to write "as soon as the
> server is reachable again"
>
Have you spoken with support from the host/provider?

 mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread Stephen Harris
On Fri, Sep 14, 2012 at 10:21:29PM +0200, M. Fioretti wrote:
> No, it's not, sorry for the confusion. I meant to write "as soon as the
> server is reachable again"

I haven't seen lower level debugging, but I may have just missed it.

1) What happens if you run "telnet yourhost 22".
   (you might need to install "telnet" on your client machine)
   Do you see something like
 Trying 1.2.3.4...
 Connected to yourhost (1.2.3.4)
 Escape character is '^]'.
 SSH-2.0-OpenSSH_5.3
   or do you see
 telnet: Unable to connect to remote host: Connection refused
   or do you see
 Trying 1.2.3.4...
 Connected to yourhost (1.2.3.4)
 Escape character is '^]'.
 Connection closed by foreign host.

2) How quickly does the "closed" occur?

3) What is the output of "ssh -v yourhost"

?

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread Ken Smith
Stephen Harris wrote:
> On Fri, Sep 14, 2012 at 10:21:29PM +0200, M. Fioretti wrote:
>
>> No, it's not, sorry for the confusion. I meant to write "as soon as the
>> server is reachable again"
>>  
> {snip}
>
> ?
>
>
Can you ssh from B to A?

:-) Ken

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread Paul Tader
On Sep 14, 2012, at 3:21 PM, "M. Fioretti"  wrote:

> 
> On Fri, September 14, 2012 10:09 pm, m.r...@5-cent.us wrote:
> 
>>> I'll try that as the server is reachable again.
>> 
>> It's now reachable?
> 
> No, it's not, sorry for the confusion. I meant to write "as soon as the
> server is reachable again"
> 
> Marco
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

Can you post the (sanitized ) output from "ssh -vv my mybadhost.com" ?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread M. Fioretti

On Fri, September 14, 2012 11:48 pm, Stephen Harris wrote:

> 1) What happens if you run "telnet yourhost 22".

this is what happens (with the proper IP of course):

>  Trying 1.2.3.4...
>  Connected to yourhost (1.2.3.4)
>  Escape character is '^]'.
>  Connection closed by foreign host.
>
> 2) How quickly does the "closed" occur?

I'd say 4/5 seconds

> 3) What is the output of "ssh -v yourhost"

here it is, obviously with changed server name and IP

#
[marco@avalon ~]$ ssh -v -p xxx m...@example.com
OpenSSH_5.8p2, OpenSSL 1.0.0j-fips 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to example.com [ip.of.example.com] port xxx.
debug1: Connection established.
debug1: identity file /home/marco/.ssh/id_rsa type -1
debug1: identity file /home/marco/.ssh/id_rsa-cert type -1
debug1: identity file /home/marco/.ssh/id_dsa type -1
debug1: identity file /home/marco/.ssh/id_dsa-cert type -1
ssh_exchange_identification: Connection closed by remote host
###

I have informed the provider, and am waiting answers from them.

Thanks,
Marco

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread M. Fioretti

On Sat, September 15, 2012 12:10 am, Ken Smith wrote:
> Stephen Harris wrote:
>> On Fri, Sep 14, 2012 at 10:21:29PM +0200, M. Fioretti wrote:
>>
>>> No, it's not, sorry for the confusion. I meant to write "as soon as the
>>> server is reachable again"
>>
> Can you ssh from B to A?

very good question, thanks! I had not thought about such a test at all.
However, doing that I get exactly the same result.

Marco
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread M. Fioretti

On Sat, September 15, 2012 4:00 am, Paul Tader wrote:

> Can you post the (sanitized ) output from "ssh -vv my mybadhost.com" ?

Such output is exactly the same I get with only one "v" and already posted
in an earlier reply this morning

Thanks,
Marco
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-14 Thread Ken Smith
M. Fioretti wrote:
> On Sat, September 15, 2012 12:10 am, Ken Smith wrote:
>
>> Stephen Harris wrote:
>>  
>>> On Fri, Sep 14, 2012 at 10:21:29PM +0200, M. Fioretti wrote:
>>>
>>>
>>> {snip}
>> Can you ssh from B to A?
>>  
> very good question, thanks! I had not thought about such a test at all.
> However, doing that I get exactly the same result.
>
> Marco
>
>
Which suggests that there is something about A you need to know more 
about. As said earlier what happens if you run

telnet  ip-of-a  whatever-port-ssh-is -on--normally-22

:-) Ken

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-15 Thread M. Fioretti

On Sat, September 15, 2012 7:44 am, Ken Smith wrote:

> Which suggests that there is something about A you need to know more
> about. As said earlier what happens if you run
>
> telnet  ip-of-a  whatever-port-ssh-is -on--normally-22

I had already answered to this:

http://lists.centos.org/pipermail/centos/2012-September/129092.html

If I use port 22 instead of the one sshd is listening on, I get a normal
"telnet: connect to address ip-of-a: Connection refused"

Marco

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-15 Thread Stephen Harris
On Sat, Sep 15, 2012 at 07:01:03AM +0200, M. Fioretti wrote:
> 
> On Fri, September 14, 2012 11:48 pm, Stephen Harris wrote:
> 
> > 1) What happens if you run "telnet yourhost 22".
> 
> this is what happens (with the proper IP of course):
> 
> >  Trying 1.2.3.4...
> >  Connected to yourhost (1.2.3.4)
> >  Escape character is '^]'.
> >  Connection closed by foreign host.

This is important; it means the remote SSH server never says 'hello'.

> > 2) How quickly does the "closed" occur?
> 
> I'd say 4/5 seconds

This is possibly indicative of resource starvation at the remote end;
the connection is going into the listen queue, then being accepted but
the process then fails.  It might mean "out of memory" (for example)
so the server can't fork() the new sshd process.  If you mean "4 or 5s"
then we might also be seeing swapping delays.

There _are_ other reasons for this type of behaviour (eg firewalls, network)
but that's the most common one that I've seen.

> #
> [marco@avalon ~]$ ssh -v -p xxx m...@example.com

I assume the "xxx" here matches the port you tested with the telnet
test.  Otherwise the telnet test is useless.

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-15 Thread Tony Molloy
On Saturday 15 September 2012 14:01:38 Stephen Harris wrote:
> On Sat, Sep 15, 2012 at 07:01:03AM +0200, M. Fioretti wrote:
> > On Fri, September 14, 2012 11:48 pm, Stephen Harris wrote:
> > > 1) What happens if you run "telnet yourhost 22".
> >
> > this is what happens (with the proper IP of course):
> > >  Trying 1.2.3.4...
> > >  Connected to yourhost (1.2.3.4)
> > >  Escape character is '^]'.
> > >  Connection closed by foreign host.
> 
> This is important; it means the remote SSH server never says
>  'hello'.
> 
> > > 2) How quickly does the "closed" occur?
> >
> > I'd say 4/5 seconds
> 
> This is possibly indicative of resource starvation at the remote
>  end; the connection is going into the listen queue, then being
>  accepted but the process then fails.  It might mean "out of
>  memory" (for example) so the server can't fork() the new sshd
>  process.  If you mean "4 or 5s" then we might also be seeing
>  swapping delays.
> 
> There _are_ other reasons for this typ
>  network) but that's the most common one that I've seen.
> 
> > 
#
> > [marco@avalon ~]$ ssh -v -p xxx m...@example.com
> 
> I assume the "xxx" here matches the port yo[root@thomond ~]# ssh -l 
root tmlinux.csis.ul.ie
> test.  Otherwise the telnet test is useless.
> 

As I said earlier in this thread that error can come from problems 
with the hosts.allow file on the machine you are trying to connect to.

I've just reproduced the error on my own systems.

Log in to tmlinux from thomond, everything ok.

edit the /etc/hosts.allow file on tmlinux  to disallow sshd access from 
thomond.

Log out.

Login to tmlinux from thomond. Error.
.
[root@thomond ~]# ssh -l root tmlinux.csis.ul.ie
ssh_exchange_identification: Connection closed by remote host

Since you changed your ISP you changed your IP address. If you had 
used the hosts.allow file to control access to ssh then that could be 
your problem. Same holds for telnet and any other network connection.

Regards,

Tony




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] ssh_exchange_identification: Connection closed by remote host

2012-09-18 Thread Giles Coochey

On 14/09/2012 17:06, M. Fioretti wrote:


of course I can't do it right now, exactly because... I can't connect to
the server. But I will pass along these and all other similar suggestions
to the VPS provider help desk, since they will surely save time, so thanks
for these and any other tips that may come!



Well you can... ssh into B and then try to ssh from B to A...

--
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos