Re: [expert] OpenSSH won't accept connections?
What do you make of that? Nothing's open on port 22??? Yet I have the "ListenAdress" variable set to "63.196.197.0", and now I've even set hosts.allow to ALL:ALL, and hosts.deny to null. Not to mention that /etc/rc.d/init.d/sshd status == running... Hi Steven, Specify your special listening address in /etc/hosts.allow as such: ssh:63.196.197.0/255.255.255.0 I noticed earlier that you had specified sshd in hosts.allow. I think that ssh should be used instead. In /etc/ssh/sshd_config reset your ListenAddress to 0.0.0.0 SSH is a great tool that you'll want to master. Joe Baker - Digital Communications Research, Inc. www.dcresearch.com 414-427-6140 Office / Cell 707-313-0165 Fax
Re: [expert] OpenSSH won't accept connections?
On Fri, 21 Jul 2000, you wrote: What do you make of that? Nothing's open on port 22??? Yet I have the "ListenAdress" variable set to "63.196.197.0", and now I've even set hosts.allow to ALL:ALL, and hosts.deny to null. Not to mention that /etc/rc.d/init.d/sshd status == running... ListenAddress 63.196.197.0 means only guys with an ip that matches 64.196.197.x can get in. I'm sure you would want 0.0.0.0 (everyone) for that line. That is how I have mine set up, seems to work on any machine. Well, actually no, I'm only interested in nodes on that network having access. So that is by design. Also, try to "ssh localhost" on that box. This also comes back with the same connection refused. At this point I'm wondering if for some reason I shouldn't try to run sshd from inetd? Could it be that now it wants to have its' own entry in inetd.conf??? It can't hurt to try... One other thing... I can still enable telnet access, and have been using that instead (albeit temporarily)...
Re: [expert] OpenSSH won't accept connections?
On Thu, 20 Jul 2000, Steven Boothe wrote: Date: Thu, 20 Jul 2000 16:32:24 -0700 From: Steven Boothe [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [expert] OpenSSH won't accept connections? On Thu, 13 Jul 2000, you wrote: On Thu, 13 Jul 2000, Steven Boothe wrote: Hello everyone. I am having a bit of trouble getting openssh to accept connections. Can anyone help by either direct comment or either pointing me where to look for additional information? So far I have installed sshd on other RedHat machines without issues. But since I have began using LM7.1 I - have been running into this error message: "ssh_exchange_identification: Connection closed by remote host" Things I have done so far include: - checked /etc/inetd.conf for appropriate uncommented entries for sshd - checked /etc/hosts.deny to ensure proper clearance for my hosts - checked /etc/ssh/sshd_config for appropiate entry in the "ListenAddress" - field. This exact problem bit me big time a while back. If hosts.allow or hosts.deny exists, add to hosts.allow: sshd : ALL You need this even of you are not running sshd from inetd. First, thank you to all who read and replied. I was doing quite well due to this last great tip. However, as soon as I changed the "ListenAddress" value to work for a different internal network, everything went back to broken again??? This is very strange. Now I can't even seem to reverse the issue. When I now attempt to connect I get a "Secure connection to network addr refused"??? I have checked: - /etc/hosts.allow ALL:ALL - /etc/hosts.deny#ALL:ALL - /etc/ssh/sshd_config ListenAddress: network addr Is there anything I am missing? I haven't setup ipchains with any rules either... I just can't figure what the problem could be? (I've never had any of this trouble with Redhat 6.2, though admittedly because Redhat comes out of box much less secure... ) Steven Sorry for writing so low, but did you try ssh -v to get verbosity on, that is how I debugged mine to work... -- Regards, Ellick Chan [EMAIL PROTECTED] Jul 20
Re: [expert] OpenSSH won't accept connections?
On Fri, 21 Jul 2000, you wrote: ... ... but in your case, when I ssh to the IP your logs show, it seems to wait for a long time. That's probably because that IP address is behind a firewall... I gotta run out for dinner soon, could you run an nmap on your system? Wow, running nmap was an awsome idea (thanks)! Just look at this output: " Starting nmap V. 2.30BETA17 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) Interesting ports on (63.196.197.254): Port State Service 25/tcp opensmtp 113/tcpopenauth TCP Sequence Prediction: Class=random positive increments Difficulty=1562052 (Good luck!) Remote operating system guess: Linux 2.1.122 - 2.2.14 Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds " What do you make of that? Nothing's open on port 22??? Yet I have the "ListenAdress" variable set to "63.196.197.0", and now I've even set hosts.allow to ALL:ALL, and hosts.deny to null. Not to mention that /etc/rc.d/init.d/sshd status == running... This is really odd...?
Re: [expert] OpenSSH won't accept connections?
You probably have already tried this however.. I didn't use an actual init script to execute ssh. See if you can start the daemon manually (usually something like /usr/local/sbin/sshd) just do a whereis sshd and execute it...run nmap afterwards and see if it shows he daemon listening on the port. Lonny
Re: [expert] OpenSSH won't accept connections?
On Fri, 21 Jul 2000, Steven Boothe wrote: Date: Fri, 21 Jul 2000 15:00:24 -0700 From: Steven Boothe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [expert] OpenSSH won't accept connections? On Fri, 21 Jul 2000, you wrote: ... ... but in your case, when I ssh to the IP your logs show, it seems to wait for a long time. That's probably because that IP address is behind a firewall... Nope, I can ssh outta here fine to at least 2 machines not behind firewalls. I gotta run out for dinner soon, could you run an nmap on your system? Wow, running nmap was an awsome idea (thanks)! Just look at this output: " your're welcome Starting nmap V. 2.30BETA17 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) Interesting ports on (63.196.197.254): Port State Service 25/tcp opensmtp 113/tcpopenauth TCP Sequence Prediction: Class=random positive increments Difficulty=1562052 (Good luck!) Remote operating system guess: Linux 2.1.122 - 2.2.14 Maybe sshd isn't running, check by running "ps ax" Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds " What do you make of that? Nothing's open on port 22??? Yet I have the "ListenAdress" variable set to "63.196.197.0", and now I've even set hosts.allow to ALL:ALL, and hosts.deny to null. Not to mention that /etc/rc.d/init.d/sshd status == running... This is really odd...? Either sshd is not running, or due to some error. Try to look at the sshd logs, maybe in /var/log/messages. Also, if you can, stop sshd, then run it on a terminal windows/console. This allows you to interactively see any errors present, run "sshd -d" to enable debugging to get the logging of what is happening as the client tries to connect to the daemon. This should help quite a bit. If none of these seem to work, change your mandrake security level using msec, "msec 0" I think. But do remember to change it back later. Another problem I had before was that firewalling was turned on in linuxconf, and that disabled all outside services, it essentially locked me out of remote usage of my machine. That may be also a possible cause. Good luck! -- Regards, Ellick Chan [EMAIL PROTECTED] Jul 21
Re: [expert] OpenSSH won't accept connections?
On Fri, 21 Jul 2000, Steven Boothe wrote: Date: Fri, 21 Jul 2000 15:00:24 -0700 From: Steven Boothe [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [expert] OpenSSH won't accept connections? On Fri, 21 Jul 2000, you wrote: ... ... but in your case, when I ssh to the IP your logs show, it seems to wait for a long time. That's probably because that IP address is behind a firewall... I gotta run out for dinner soon, could you run an nmap on your system? Wow, running nmap was an awsome idea (thanks)! Just look at this output: " Starting nmap V. 2.30BETA17 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) Interesting ports on (63.196.197.254): Port State Service 25/tcp opensmtp 113/tcpopenauth TCP Sequence Prediction: Class=random positive increments Difficulty=1562052 (Good luck!) Remote operating system guess: Linux 2.1.122 - 2.2.14 Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds " What do you make of that? Nothing's open on port 22??? Yet I have the "ListenAdress" variable set to "63.196.197.0", and now I've even set hosts.allow to ALL:ALL, and hosts.deny to null. Not to mention that /etc/rc.d/init.d/sshd status == running... ListenAddress 63.196.197.0 means only guys with an ip that matches 64.196.197.x can get in. I'm sure you would want 0.0.0.0 (everyone) for that line. That is how I have mine set up, seems to work on any machine. Also, try to "ssh localhost" on that box. Sorry, missed the part about sshd running last time. This is really odd...? -- Regards, Ellick Chan [EMAIL PROTECTED] Jul 21
Re: [expert] OpenSSH won't accept connections?
On Thu, 13 Jul 2000, Steven Boothe wrote: - Hello everyone. I am having a bit of trouble getting openssh to accept - connections. Can anyone help by either direct comment or either pointing me - where to look for additional information? So far I have installed sshd on - other RedHat machines without issues. But since I have began using LM7.1 I - have been running into this error message: - - "ssh_exchange_identification: Connection closed by remote host" - - Things I have done so far include: - - - checked /etc/inetd.conf for appropriate uncommented entries for sshd - - checked /etc/hosts.deny to ensure proper clearance for my hosts - - checked /etc/ssh/sshd_config for appropiate entry in the "ListenAddress" - field. This exact problem bit me big time a while back. If hosts.allow or hosts.deny exists, add to hosts.allow: sshd : ALL You need this even of you are not running sshd from inetd. -- Stephen Carville http://www.heronforge.net/~stephen/gnupgkey.txt He prayeth best that loveth best, All things both great and small. The streptococcus is the test, I love him best of all.
Re: [expert] OpenSSH won't accept connections?
On Thu, 13 Jul 2000, you wrote: initial Linux Mandrake installation security option: High This may be the reason. I've seen a lot of reports that the "high" security level is TOO tight -- it won't let ANYTHING in (remotely.) You might see if you can reduce the security level and / or double-check the host.allow file. I know you said you checked hosts.deny. What about specifying machine IP's you want to let IN in your hosts.allow? I had to specify the machines I wanted to let ssh into my machine using "real" ssh. John
