LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-18-2005, 05:29 PM   #1
lowpro2k3
Member
 
Registered: Oct 2003
Location: Canada
Distribution: Slackware
Posts: 340

Rep: Reputation: 30
SSH Connection Refused?


I took over as IT guy at my company and Im in charge of managing our webserver. An ex-employee (old IT guy) hacked our server and performed malicious deeds on it. When I found this out I cut the power to the server via our ISP and picked up the server today, now I have it in my house and I'm trying to perform a network backup of the data thats left.

The server used to run on a domain name and had a public IP. At my house I have a regular router with DHCP to assign IP's. I ran the "netconfig" tool and switched the computer to retrieve DHCP addresses, this worked fine and it picked up an address of 192.168.2.40 - just like I expected.

I had to change this entry in the /etc/ssh/sshd_config file, from:

Code:
ListenAddress public IP address
I changed it to this:

Code:
ListenAddress 127.0.0.1
because SSHD wouldn't start properly before I did that. So I restarted SSH and tried to log in from my windows machine through Putty, and I got a connection refused error. I restarted the computer and tried again - checked my IP, nmaped myself, all looked good so I tried again - connection refused.

No matter what I try I keep getting connection refused. I used to SSH into the server all the time when it had a domain name, so I dont know whats going on. I didnt set this server up myself, I assume it has iptables running and that might be causing my problems?

I ran these two commands:

Code:
$ service iptables stop
$ chkconfig iptables off
and they seemed to work, but my problem is still here. I also tried logging in via WinSCP3 by the way, same problem.

Last edited by lowpro2k3; 07-18-2005 at 05:33 PM.
 
Old 07-18-2005, 05:37 PM   #2
lowpro2k3
Member
 
Registered: Oct 2003
Location: Canada
Distribution: Slackware
Posts: 340

Original Poster
Rep: Reputation: 30
I did it again, solved my own problem 2 minutes after posting a huge message. I figured I would post the solution in case it might help someone in the future.

For some reason I worked on an old computer and was having ssh difficulties. I made some changes on the /etc/ssh/sshd_config file and it worked, so I thought I should try again. I added the entry above, this was actually a bad idea.

I removed the entry I added, and I had commented out the original entry (the "ListenAddress" entry). After this I restarted ssh with a "service sshd restart" and tried again, and it worked successfully.

I would love to tell you more details but I'm worried the hacker reads these forums, and I cant give away any more work detail. If you look closely you can probably guess the distro or family of distro's I'm using. I'm going to back up this data and perform a clean install with a completely different distro.

Dont trust ex-employees, delete all record of them after they leave.
 
Old 11-04-2009, 11:02 AM   #3
ananta.c
LQ Newbie
 
Registered: Aug 2008
Posts: 8

Rep: Reputation: 0
I had similar problem. I can ssh with root not any other account and was unable to list /home directory.

later I found the problem is WITH ldap CONFIGURATION, i REMOVED LDAP authentication and it worked fine.



Quote:
Originally Posted by lowpro2k3 View Post
I took over as IT guy at my company and Im in charge of managing our webserver. An ex-employee (old IT guy) hacked our server and performed malicious deeds on it. When I found this out I cut the power to the server via our ISP and picked up the server today, now I have it in my house and I'm trying to perform a network backup of the data thats left.

The server used to run on a domain name and had a public IP. At my house I have a regular router with DHCP to assign IP's. I ran the "netconfig" tool and switched the computer to retrieve DHCP addresses, this worked fine and it picked up an address of 192.168.2.40 - just like I expected.

I had to change this entry in the /etc/ssh/sshd_config file, from:

Code:
ListenAddress public IP address
I changed it to this:

Code:
ListenAddress 127.0.0.1
because SSHD wouldn't start properly before I did that. So I restarted SSH and tried to log in from my windows machine through Putty, and I got a connection refused error. I restarted the computer and tried again - checked my IP, nmaped myself, all looked good so I tried again - connection refused.

No matter what I try I keep getting connection refused. I used to SSH into the server all the time when it had a domain name, so I dont know whats going on. I didnt set this server up myself, I assume it has iptables running and that might be causing my problems?

I ran these two commands:

Code:
$ service iptables stop
$ chkconfig iptables off
and they seemed to work, but my problem is still here. I also tried logging in via WinSCP3 by the way, same problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH - Connection Refused eminence Linux - Networking 14 03-06-2012 12:22 AM
ssh in fedora: connection refused zwanzig Linux - Networking 8 06-11-2004 04:26 AM
ssh secure connection refused lugoteehalt Linux - Networking 2 03-19-2004 10:33 AM
ssh connection refused rguptatx Red Hat 4 11-13-2003 06:18 PM
SSH port...Connection....refused?? Miyamoto Mandriva 6 08-26-2003 04:03 PM


All times are GMT -5. The time now is 08:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration