LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   ssh: Connection reset by peer (http://www.linuxquestions.org/questions/linux-security-4/ssh-connection-reset-by-peer-523852/)

Lotharster 01-29-2007 04:45 PM

ssh: Connection reset by peer
 
Hello,

I have a strange problem logging into my machine via ssh. Some time ago it worked perfectly, but now it doesn't.

I'm connected to thze Internet with a router, so I use NAT.
When I login via ssh using my local IP 192.168.2.100, it works. But when I try to login using the public IP 84.123.3.12 or so, I get the following error:
Code:

me@mymachine:~/.ssh$ ssh -p 1007 84.125.31.36 -vvvv
OpenSSH_4.2p1 Debian-7ubuntu3.1, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 84.125.31.36 [84.125.31.36] port 1007.
debug1: Connection established.
debug1: identity file /home/lo/.ssh/identity type -1
debug1: identity file /home/lo/.ssh/id_rsa type -1
debug1: identity file /home/lo/.ssh/id_dsa type -1
ssh_exchange_identification: read: Connection reset by peer

(I use 1007 as my public port; the problem persists if i switch to port 22)

I appreciate any advice,
Lotharster

acid_kewpie 01-29-2007 04:57 PM

well more than likely you're getting notihng more than a rst packet back from the server... i guess your sshd is configured to only lsten on one interface? or you have a firewall rejecting connections to that port on the internet side?

Lotharster 01-29-2007 05:05 PM

Quote:

Originally Posted by acid_kewpie
well more than likely you're getting notihng more than a rst packet back from the server...

But why would it say "Connection established" then?
Quote:

i guess your sshd is configured to only lsten on one interface?
I only have one network card.
Quote:

Or you have a firewall rejecting connections to that port on the internet side?
How can I detect if the connection "got through" to my machine?

acid_kewpie 01-29-2007 05:27 PM

if you sit on the server and run "tcpdump -vn port 22" you'll see all the ins and outs as far as the server is concerned.

Lotharster 01-29-2007 05:36 PM

With tcpdump, I see incoming packages for port 22. So the problem lies with my server. Any ideas?

acid_kewpie 01-29-2007 05:39 PM

list your firewall with "iptables -L" check /etc/ssh/sshd_config for listnening addresses, check /etc/hosts.allow and /etc/hosts.deny for tcpwrapper based restrcitions. also check /var/log/secure for logs if there are any.

Lotharster 01-29-2007 05:54 PM

Quote:

list your firewall with "iptables -L"
Seems I don't have iptablkes installed.
Quote:

check /etc/ssh/sshd_config for listnening addresses
that looks OK:
Code:

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2

Quote:

check /etc/hosts.allow and /etc/hosts.deny for tcpwrapper based restrcitions.
I already did that...
Quote:

also check /var/log/secure for logs if there are any.
There's no /var/log/secure on my machine. syslog and auth.log doesn't show anything ssh-related.

Thanks acid_kewpie. I have to leave for now, I'm gonna check for suggestions tomorrow.
regards,
Lotharster


All times are GMT -5. The time now is 01:10 PM.