LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Ubuntu (https://www.linuxquestions.org/questions/ubuntu-63/)
-   -   ssh connection (https://www.linuxquestions.org/questions/ubuntu-63/ssh-connection-772700/)

gdonwallace 12-01-2009 10:24 AM
ssh connection
 
I started having problems with ssh yesterday. Whenever I try to ssh from my machine (Ubuntu 9.10 64 bit) to another (Fedora 12 64 bit) I get the following error message:

OpenSSH_5.1p1 Debian-6ubuntu2, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.1.166 [192.168.1.166] port 22.
debug1: Connection established.
debug1: identity file /home/mingw/.ssh/identity type -1
debug1: identity file /home/mingw/.ssh/id_rsa type -1
debug1: identity file /home/mingw/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

After searching through google-linux, I finally figured out that it was the /etc/hosts.deny file on the machine I am trying to ssh into. I removed my IP from that machine and I was able to ssh in without a problem. However; I discovered that if I try to ssh into that machine a second time, my IP has been added to hosts.deny file again. I checked the hosts.allow and mine is the only IP address listed.

Anyone have any idea why my IP would be added to the hosts.deny file after I already connected to the machine?

thanks in advance for any help.

rweaver 12-01-2009 02:14 PM
It could be using some blacklisting program that examines the logs and based on failed attempts blacklists a particular ip. Could be the behavior of a specific root kit or script run by one. My first guess would be to look at any security software on the system that is configured to use the hosts.allow and .deny.

gdonwallace 12-01-2009 02:57 PM
I will check that, but I don't think that is what is happening. I was able to ssh into that machine last week. Nobody has been on that machine, other than me there is nobody else here that knows anything about linux. The guy that was on that machine is gone, working somewhere else. We have it running because there are several daily backups and processes that are run from that machine. I can easily walk over to it, but I want to get ssh working in case I need to get to it from home.

thanks for the advice.

gdonwallace 12-01-2009 05:28 PM
Moving this post to the networking forum, think it is more along those lines. Will mark this thread as solved.


All times are GMT -5. The time now is 01:16 AM.