LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-15-2010, 06:46 AM   #1
unixteam
LQ Newbie
 
Registered: Feb 2010
Posts: 4

Rep: Reputation: 0
SSH Problem RHEL -> AIX Connection closed by remote host


Hello,

I have a problem connectin via ssh from rhel5.4 server to aix5.3 server.
I searched and found a lot of people with familiar problem but not quite like mine.

I have a central red hat server, from which I'm accessing all my AIX\LINUX servers (ssh connection).
It been like this since a year ago.

Now, for couple of days I can't establish ssh connection from my red hat server to 2-3 AIX servers, and meanwhile I'm accessing via telnet.
the error I recieve is:

Code:
root@RHEL_server:~ > ssh AIX_server
Connection closed by ip_address
What can be the problem?
I tried to restart the sshd on the AIX servers, and checking for maxconnection config in sshd_conf (it was commented in # ).
There is a way to solve this problem?

It would be nice if i won't need to re-generat the ssh key, because if it will cange, i will need to change the autorized_keys files on all of my AIX\LINUX servers.

Thank you!
 
Old 02-15-2010, 07:08 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Try "ssh -vv AIX_server"

That will provide debug information. Also check the permissions of your ~/.ssh/ directory, the permissions of the private key and the permissions of your home directory. Also these permissions on the AIX_server. Lax permissions can cause ssh to not allow a connection.

Another problem could be if your IP address doesn't match a DNS lookup. I had a similar problem because I used "user@host" instead of "user@host.domain" in AllowUsers on the servers configuration. The difference from before was the order of the two forms in my /etc/hosts file.

Also check the logs on the AIX server. It may indicate exactly what the problem was.

I've been assuming that that features of ssh on the AIX server match openssh's.
 
Old 02-15-2010, 08:12 AM   #3
unixteam
LQ Newbie
 
Registered: Feb 2010
Posts: 4

Original Poster
Rep: Reputation: 0
Thank you for the quick reply!

I check the permissions, on both servers they are ok.
The ip address is correct. It dosn't work when the server is in the /etc/hosts, and it dosn't work when the servers ins't there

The logs in the AIX don't have anything relevant to this.

and the output of the ssh -vv command is:

Code:
root@RHEL_server:~ > ssh -vv AIX_server
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to AIX_server [ip_address] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 1.99, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 138/256
debug2: bits set: 509/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'AIX_server' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:120
debug2: bits set: 529/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa (0x807a7f8)
debug2: key: /root/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by ip_address
The last line
Code:
debug2: we sent a publickey packet, wait for reply"
didn't wait not even a second.
 
Old 02-15-2010, 08:23 AM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
This looks like the problem:
Connection closed by ip_address

Your IP address doesn't match the servers lookup for your host or a host with your IP address isn't allowed access.

access.conf or hosts.deny could be the reason as well as the dns lookup.
( assuming that AIX uses those )

Securetty might be the reason if logging in as root.

Last edited by jschiwal; 02-15-2010 at 08:24 AM.
 
Old 02-18-2010, 07:28 AM   #5
unixteam
LQ Newbie
 
Registered: Feb 2010
Posts: 4

Original Poster
Rep: Reputation: 0
The servers lookup is ok, or maybe the check that i'm doing ist right:
If I ping the hostname - it comes back with the right IP address.
Is there other check that i can do?

The aix isn't working with those files.
 
Old 02-18-2010, 10:18 AM   #6
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Check your public key entry for authorized_hosts on the AIX for a "from=" field at the beginning. Check the known_hosts file. If it lists the IP address, does it match.

For this example, from known_hosts, does the IP address of qosmio match the IP listed.
Code:
qosmio,192.168.1.100 ssh-rsa AAAA...
My client will not allow a connection if there is a bad entry in known_hosts, but will indicate which entry causes the problem.

The sshd manpage has some examples for authorized_keys entries:
Code:
from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
        AAAAB2...19Q== john@example.net
This example only allows connecting as john (local user on server) from the .sales.example.net domain (remote client host), but not from pc.sales.example.net.

Check what kind of ssh server software does the AIX ssh server run. A commercial server my expect slightly differently named files for authorized_keys and known_hosts.

If you can't find anything, maybe you need to post the AIX's sshd_config file. Someone may spot something.

Last edited by jschiwal; 02-18-2010 at 10:20 AM.
 
Old 03-03-2010, 11:29 PM   #7
unixteam
LQ Newbie
 
Registered: Feb 2010
Posts: 4

Original Poster
Rep: Reputation: 0
jschiwal thank you!

Well the problem is diffrences between openSSH versions.
The source (linux) server is OpenSSH_4.3p2, and the destination (aix) server is OpenSSH_5.2p1.
I managed not having the "connection closed by ip_address" massage by changing in the aix sshg_config file the parameter "Protocol" from 2 to 1.
Now it connects, but I can't configure login with no password.
I added the rsa public key of the linux server (source) to the authorizes_keys of the aix server (destination), with no success.

Is there a way to be able to login without passwort from low version of ssh to higher version of ssh?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't SSH to remote machine: Connection closed by remote host Avatar Linux - Networking 34 05-24-2013 09:28 AM
ssh_exchange_identification: Connection closed by remote host marafa Linux - Server 8 09-30-2008 05:06 AM
ssh_exchange_identification: Connection closed by remote host sailu_mvn Linux - Networking 5 07-09-2008 09:47 AM
ssh_exchange_identification: Connection closed by remote host jgray1978 *BSD 1 12-27-2007 10:22 PM
ssh_exchange_identification: Connection closed by remote host liguorir Linux - Software 3 09-18-2003 11:42 AM


All times are GMT -5. The time now is 06:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration