Originally Posted by unSpawn
- In what way does your system and user setup differ from the standard? (In other words: what modifications did you make?)
- What does syslog (and wherever SSH is configured to log to) say around the time of the login?
- What does running your ssh session in verbose mode (add "-vvv") say? (Attach as plain text?)
The setting comes with a clean debian squeeze installation. The only change is the config in /etc/ssh/sshd_config where PermitRootLogin was changed from yes to no avoiding rkhunter reports warning.
In /var/log/syslog or /var/log/message I do not discover any ssh message reported; I open files content to read and use e.g. `grep -i ssh /var/log/message' or `grep -i ssh /var/log/syslog' do not show any ssh message. Maybe I may use the wrong key word. With which key word I need to check in the log file?
In /etc/ssh/sshd_config, the logging level is as below
The client side running `ssh -vvv user@ssh_host' shows
OpenSSH_5.5p1 Debian-5+b1, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to ssh_host [aaa.bbb.ccc.ddd] port 22.
debug1: connect to address aaa.bbb.ccc.ddd port 22: Connection refused
ssh: connect to host aaa.bbb.ccc.ddd port 22: Connection refused
But the server executing `netstat -tulp' can see ssh port is opened.
tcp 0 0 *:ssh *:* LISTEN pid_number/sshd
Also, after broken pipe occurs, unless to do reboot, the client can not get in even restarting sshd service e.g. `/etc/init.d/ssh restart'
What might be the root cause and how to fix it?
Thanks for the help.