Hi,

I thought I successfully upgraded openssh from v 2.9 to v 3.5 but something funky is happening. When i type in rpm -q openssh-server it tells me openssh-server-3.5p1-1. I can connect to the box via ssh from my windows ssh client, however, nobody else can. The message that comes up is:

ssh_exchange_identification:connection closed by remote host.

When i log into a couple of the other linux servers running ssh and type in rpm -q openssh-server it also returns the appropriate response. Then as a backup I type in ssh -V to get the version number. When I type in ssh -V on the server I built it returns:

bash:ssh:command not found

There is obviously an issue somewhere. What i upgraded to on my redhat 7.2 server (2.4.7-10 i686) was openssh-server-3.5p1-1.i386.rpm and openssh-3.5p1-1.i386.rpm. I did not install the openssh-client-3.5p1-1.i386.rpm. Could this be the problem? The only other thing I can think of is that my redhat system is on an i686 box and the upgrades are i386.rpm. Is that the problem? I couldn't find openssh 3.5 for redhat i686 no matter where i went. If that is the problem can someone tell me where to find those packages? If that is the issue do I just simply upgrade again? The command I used to upgrade was:

rpm -Uvh openssh* (it seemed to work fine but i guess it didn't)

Should I use another command....maybe just rpm -U openssh*

Thanks for your help.

well seeing as ssh itself is a client program and you say yourself that you've not installed the client programs package, I think that's somethign of a safe bet...

ssh_exchange_identification:connection closed by remote host could mean you're running sshd with TCP wrappers enabled (libwrap, using /etc/hosts.{allow,deny}) but haven't enabled access to the sshd service for remote clients.

Yeah, I installed the client program right after I posted. That resloved one of the issues. From the box i built I was able to ssh to the other linux servers. But first there was a message saying:

the authenticity of host '1.2.3.4' can't be established
RSA key fingerprint is blah blah blah....
Are you sure you eant to continue connecting (yes/no)?

I typed in yes and then a warning came up:

Warning: Permanently added host '1.2.3.4' and i am prompted for the root password and I connect.

Now i can connect to the other linux servers from my server via ssh but when i try it the other way around i still get the message:

ssh_exchange_identification:connection closed by remote host

When I type in ssh -V on my box it no longer replies:

bash:ssh:command not found

it replies with the correct version of openssh. Also when i type in the command rpm -qa | grep openssh it responds with all 3 of the packages i installed.

Does anyone know what to do to solve the 'connection closed by remote host' message when i try to ssh to the linux server i just built from the other linux servers and windows clients?

Thanks.

If it's not libwrap, then check if you made and distributed your ssh key's public part between servers. Also root logins aren't recommended. Login as a regular user and sudo over to the coveted root account if really necessary.

You may be right about the TCP Wrappers. I did put my syslog server on a different subnet and i didn't modify hosts.allow and hosts.deny.

hosts.allow is sshd:LOCAL and hosts.deny is ALL:ALL.

Would i fix my problem by modifying hosts.deny to allow any ssh client from the the subnet I am on? Although, I do get the 'connection closed by remote host' message even when i try to connect to this box from other linux machines on the same subnet. I guess i have to modify both hosts.allow and hosts.deny. Can anybody suggest the proper syntax? I will try the man pages as well.

Thanks.

Last time I checked sshd didn't like /255 or /24 style subnet masks and the service name is not the IANA designated port service name, but the process name.
So, AFAIK the syntax is :"argv[0] process name: ipaddr, ipaddr, ipaddr".

Btw, you *did* propagate your keys, right?

Sorry, I'm new to the linux world and I kind of got lost on that last message. I didn't do anything with the keys. I'm not sure where to start with key authentication.

However, I did comment out the fields i added in both hosts.allow and hosts.deny and now i am able to ssh inbetween subnets and within the subnet i have the server setup in. I don't know how much security I have lost because of this.

Add your new entries to hosts.allow. It's best to leave hosts.deny just as you have it now.

...and the key thing is where you generate a "fingerprint" locally (ssh-keygen) and add the public part (<keyname>.pub) to your remote accounts ~/.ssh/authorized_keys file if you want to use public key authentication to access your remote account. Same goes for accessing your local account from the remote one.