SSH Connection Refused?
 

I took over as IT guy at my company and Im in charge of managing our webserver. An ex-employee (old IT guy) hacked our server and performed malicious deeds on it. When I found this out I cut the power to the server via our ISP and picked up the server today, now I have it in my house and I'm trying to perform a network backup of the data thats left.

The server used to run on a domain name and had a public IP. At my house I have a regular router with DHCP to assign IP's. I ran the "netconfig" tool and switched the computer to retrieve DHCP addresses, this worked fine and it picked up an address of 192.168.2.40 - just like I expected.

I had to change this entry in the /etc/ssh/sshd_config file, from:

I changed it to this:

because SSHD wouldn't start properly before I did that. So I restarted SSH and tried to log in from my windows machine through Putty, and I got a connection refused error. I restarted the computer and tried again - checked my IP, nmaped myself, all looked good so I tried again - connection refused.

No matter what I try I keep getting connection refused. I used to SSH into the server all the time when it had a domain name, so I dont know whats going on. I didnt set this server up myself, I assume it has iptables running and that might be causing my problems?

I ran these two commands:

and they seemed to work, but my problem is still here. I also tried logging in via WinSCP3 by the way, same problem.

I did it again, solved my own problem 2 minutes after posting a huge message. I figured I would post the solution in case it might help someone in the future.

For some reason I worked on an old computer and was having ssh difficulties. I made some changes on the /etc/ssh/sshd_config file and it worked, so I thought I should try again. I added the entry above, this was actually a bad idea.

I removed the entry I added, and I had commented out the original entry (the "ListenAddress" entry). After this I restarted ssh with a "service sshd restart" and tried again, and it worked successfully.

I would love to tell you more details but I'm worried the hacker reads these forums, and I cant give away any more work detail. If you look closely you can probably guess the distro or family of distro's I'm using. I'm going to back up this data and perform a clean install with a completely different distro.

Dont trust ex-employees, delete all record of them after they leave.

I had similar problem. I can ssh with root not any other account and was unable to list /home directory.

later I found the problem is WITH ldap CONFIGURATION, i REMOVED LDAP authentication and it worked fine.