LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-19-2006, 06:59 PM   #1
geek745
Member
 
Registered: Jul 2004
Location: Alton, IL
Distribution: Linux Mint; Slackware; Ubuntu; Slax
Posts: 172
Blog Entries: 2

Rep: Reputation: 34
Unhappy SSH on LAN - server disconnect


Trying to get ssh to connect on my lan at home; I have no firewall on the linux-based server (Slackware 10.2), but the Win2K box on the LAN, as well as a connection through the loopback device both fail - the server disconnects. From Win2K, I'm using PuTTY alone; I generated the private key in rsa (SSH2) format and added the public one to ~/.ssh/authorized_keys but it won't connect (Same process done in linux from the command line using ssh-keygen; I was able to connect exactly one time; I forgot how I managed to do it)

BTW: I can connect to the sourceforge.net project shell servers from the Win2K box.

Here's the verbose output from my connection attempt from linux, where "paul" is the domain I'm connecting to:
Code:
bash-3.00$ ssh -v paul
OpenSSH_4.2p1, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to paul [192.168.254.5] port 22.
debug1: Connection established.
debug1: identity file /home/lilmax88/.ssh/identity type -1
debug1: identity file /home/lilmax88/.ssh/id_rsa type 1
debug1: identity file /home/lilmax88/.ssh/id_dsa type -1
debug1: ssh_exchange_identification: sshd re-exec requires execution with an absolute path


ssh_exchange_identification: Connection closed by remote host
Thanks a bunch, do I just need to read a tutorial?
 
Old 02-19-2006, 10:07 PM   #2
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
Have you modified /etc/hosts.allow or /etc/hosts.deny?
 
Old 02-22-2006, 05:48 PM   #3
geek745
Member
 
Registered: Jul 2004
Location: Alton, IL
Distribution: Linux Mint; Slackware; Ubuntu; Slax
Posts: 172

Original Poster
Blog Entries: 2

Rep: Reputation: 34
no; haven't messed with them. here they are. /etc/HOSTNAME:
Code:
paul.paul.net
/etc/hosts:
Code:
#
# hosts		This file describes a number of hostname-to-address
#		mappings for the TCP/IP subsystem.  It is mostly
#		used at boot time, when no name servers are running.
#		On small systems, this file can be used instead of a
#		"named" name server.  Just add the names, addresses
#		and any aliases to this file...
#
# By the way, Arnt Gulbrandsen <agulbra@nvg.unit.no> says that 127.0.0.1
# should NEVER be named with the name of the machine.  It causes problems
# for some (stupid) programs, irc and reputedly talk. :^)
#

# For loopbacking.
127.0.0.1		localhost
192.168.254.5		paul.paul.net paul

# End of hosts.
/etc/hosts.allow:
Code:
#
# hosts.allow	This file describes the names of the hosts which are
#		allowed to use the local INET services, as decided by
#		the '/usr/sbin/tcpd' server.
#
# Version:	@(#)/etc/hosts.allow	1.00	05/28/93
#
# Author:	Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org
#
#

ftpd: all
comsat: all
sendmail: all
mail: all
imap: all

# End of hosts.allow.
/etc/hosts.deny:
Code:
#
# hosts.deny	This file describes the names of the hosts which are
#		*not* allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
#
# Version:	@(#)/etc/hosts.deny	1.00	05/28/93
#
# Author:	Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org
#
#

ALL:ALL

# End of hosts.deny.
/etc/hosts.equiv:
Code:
#
# hosts.equiv	This file describes the names of the hosts which are
#		to be considered "equivalent", i.e. which are to be
#		trusted enought for allowing rsh(1) commands.
#
# Version:	@(#)/etc/hosts.equiv	2.00	04/30/93
#
# Author:	Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org>
#
#

localhost

# End of hosts.equiv.
I think I see why you mentioned that!
 
Old 02-22-2006, 08:01 PM   #4
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
Did adding sshd: all to /etc/hosts.allow fix your problem?
 
Old 02-23-2006, 09:05 PM   #5
geek745
Member
 
Registered: Jul 2004
Location: Alton, IL
Distribution: Linux Mint; Slackware; Ubuntu; Slax
Posts: 172

Original Poster
Blog Entries: 2

Rep: Reputation: 34
No, I still get the exact same message. I did
Code:
kill -HUP (ps# of inetd)
after I added those changes. Still no results. Is there another daemon that manages that hosts access stuff? thx for your help
 
Old 02-23-2006, 09:25 PM   #6
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
I'm confused. Why are you hupping inetd to get sshd working?

Check the perms of your $HOME/.ssh directory; should be 700. Also, the private key files inside that directory need to be 600.
 
Old 02-26-2006, 04:21 PM   #7
geek745
Member
 
Registered: Jul 2004
Location: Alton, IL
Distribution: Linux Mint; Slackware; Ubuntu; Slax
Posts: 172

Original Poster
Blog Entries: 2

Rep: Reputation: 34
I don't know - I got rid of one of the error lines, the one about an absolute path. the last two arguments for ssh in /etc/inetd.conf needed to be "/usr/sbin/sshd /usr/sbin/sshd" However, I still get the error from ssh_exchange_identification. I verified that the permissions on the folder .ssh are 700 and that the contents are all 600. What else am I missing? hosts.deny has all:all and hosts.allow includes ssh:all and sshd:all I think I remember adding entries for smtp and sendmail, and I know those work, so my syntax is ok. (curious that there's no entry for proftpd, but there is for ftpd and FTP works under the proftpd according to inetd) I've followed all the tutorials so far... what have I missed?
 
Old 02-26-2006, 04:23 PM   #8
geek745
Member
 
Registered: Jul 2004
Location: Alton, IL
Distribution: Linux Mint; Slackware; Ubuntu; Slax
Posts: 172

Original Poster
Blog Entries: 2

Rep: Reputation: 34
side note: how do you like your rig? is the Athlon64 working out with FC4? thinking about adding FC to my boot configuration. (instead of the old mandrake that I have on there right now.)
 
Old 02-26-2006, 04:34 PM   #9
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
Quote:
Originally Posted by geek745
I don't know - I got rid of one of the error lines, the one about an absolute path. the last two arguments for ssh in /etc/inetd.conf needed to be "/usr/sbin/sshd /usr/sbin/sshd" However, I still get the error from ssh_exchange_identification. I verified that the permissions on the folder .ssh are 700 and that the contents are all 600. What else am I missing? hosts.deny has all:all and hosts.allow includes ssh:all and sshd:all I think I remember adding entries for smtp and sendmail, and I know those work, so my syntax is ok. (curious that there's no entry for proftpd, but there is for ftpd and FTP works under the proftpd according to inetd) I've followed all the tutorials so far... what have I missed?
I'm not familiar with Mandrake, but ordinarily I thought sshd runs standalone -- not in inetd. Maybe Mandrake is different. Have you tried running it standalone? Disable it in inetd and just fire it up from the command line. /usr/[s]bin/sshd and see if the indications change.
 
Old 02-26-2006, 04:39 PM   #10
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
Quote:
Originally Posted by geek745
side note: how do you like your rig? is the Athlon64 working out with FC4? thinking about adding FC to my boot configuration. (instead of the old mandrake that I have on there right now.)
I like it a lot. I have to run a 32-bit web browser because there's no 64-bit Sun Java plugin yet, nor is there a 64-bit Macromedia Flash plugin yet (and I like to have both available in my browser), but everything else is great. It runs 32- or 64-bit apps just fine.
 
Old 02-26-2006, 09:29 PM   #11
geek745
Member
 
Registered: Jul 2004
Location: Alton, IL
Distribution: Linux Mint; Slackware; Ubuntu; Slax
Posts: 172

Original Poster
Blog Entries: 2

Rep: Reputation: 34
I have tried to just run sshd, but it doesn't show up on "ps -x" or on "netstat -nlp" like various tutorials have recommended. I know that it is run on boot, because I threw a comment into the rc.sshd file that is run by rc.inet2 immediately before the command is given and so it must be executed. Here are some key files from ssh and a more detailed verbose output. I tried a dsa key this time.

Code:
lilmax88@paul:~/.ssh$ ssh -vvv paul
OpenSSH_4.2p1, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /home/lilmax88/.ssh/config
debug1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to paul [192.168.254.5] port 22.
debug1: Connection established.
debug1: identity file /home/lilmax88/.ssh/identity type -1
debug1: identity file /home/lilmax88/.ssh/id_rsa type -1
debug3: Not a RSA1 key file /home/lilmax88/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/lilmax88/.ssh/id_dsa type 2
ssh_exchange_identification: Connection closed by remote host

lilmax88@paul:~/.ssh$ cat ~/.ssh/config
Host *
#  IdentityFile ~/.ssh/id_rsa
  IdentitiesOnly yes
  Protocol 2,1
  RSAAuthentication yes
  ForwardX11 yes

lilmax88@paul:~/.ssh$ ls -l
total 28
-rw-------  1 lilmax88 users  294 2006-02-18 16:25 20060218_public_key_rsa.pub
-rw-------  1 lilmax88 users 1349 2006-02-26 17:26 authorized_keys
-rw-------  1 lilmax88 users  632 2006-02-18 17:07 authorized_keys~
-rw-------  1 lilmax88 users  114 2006-02-26 17:26 config
-rw-------  1 lilmax88 users 1264 2006-02-26 17:25 id_dsa
-rw-r--r--  1 lilmax88 users 1124 2006-02-26 17:25 id_dsa.pub
-rw-------  1 lilmax88 users  391 2006-02-25 12:43 known_hosts

lilmax88@paul:~$ ls -ld .ssh
drwx------  2 lilmax88 users 272 2006-02-26 17:26 .ssh/

root@paul:/etc/ssh# netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:901             0.0.0.0:*               LISTEN      2609/inetd
tcp        0      0 0.0.0.0:37              0.0.0.0:*               LISTEN      2609/inetd
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      2672/smbd
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      2651/sendmail: acce
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2603/rpc.portmap
tcp        0      0 192.168.254.5:80        0.0.0.0:*               LISTEN      2665/httpd
tcp        0      0 0.0.0.0:113             0.0.0.0:*               LISTEN      2609/inetd
tcp        0      0 192.168.254.5:53        0.0.0.0:*               LISTEN      2615/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2615/named
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      2609/inetd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2609/inetd
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      2633/cupsd
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      2651/sendmail: acce
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      2615/named
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      2672/smbd
udp        0      0 0.0.0.0:512             0.0.0.0:*                           2609/inetd
udp        0      0 0.0.0.0:32769           0.0.0.0:*                           2615/named
udp        0      0 192.168.254.5:137       0.0.0.0:*                           2675/nmbd
udp        0      0 0.0.0.0:137             0.0.0.0:*                           2675/nmbd
udp        0      0 192.168.254.5:138       0.0.0.0:*                           2675/nmbd
udp        0      0 0.0.0.0:138             0.0.0.0:*                           2675/nmbd
udp        0      0 0.0.0.0:37              0.0.0.0:*                           2609/inetd
udp        0      0 192.168.254.5:53        0.0.0.0:*                           2615/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           2615/named
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2603/rpc.portmap
udp        0      0 0.0.0.0:631             0.0.0.0:*                           2633/cupsd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     3403   2769/artsd          /tmp/mcop-lilmax88/paul_paul_net-0ad1-44024f17
unix  2      [ ACC ]     STREAM     LISTENING     3234   2747/kdeinit Runnin /tmp/ksocket-lilmax88/kdeinit-:0
unix  2      [ ACC ]     STREAM     LISTENING     3239   2750/kdeinit: dcops /tmp/.ICE-unix/dcop2750-1141002000
unix  2      [ ACC ]     STREAM     LISTENING     3105   2677/gpm            /dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     3387   2774/kdeinit: ksmse /tmp/.ICE-unix/2774
unix  2      [ ACC ]     STREAM     LISTENING     3259   2752/kdeinit: klaun /tmp/ksocket-lilmax88/klauncherx7K3bb.slave-socket
unix  2      [ ACC ]     STREAM     LISTENING     18278  3056/proftpd: lilma /var/run/proftpd/proftpd.sock
unix  2      [ ACC ]     STREAM     LISTENING     3117   2685/kdm            /var/run/xdmctl/dmctl/socket
unix  2      [ ACC ]     STREAM     LISTENING     3122   2687/X              /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     3126   2685/kdm            /var/run/xdmctl/dmctl-:0/socket
unix  2      [ ACC ]     STREAM     LISTENING     3232   2747/kdeinit Runnin /tmp/ksocket-lilmax88/kdeinit__0
 
Old 02-26-2006, 09:47 PM   #12
geek745
Member
 
Registered: Jul 2004
Location: Alton, IL
Distribution: Linux Mint; Slackware; Ubuntu; Slax
Posts: 172

Original Poster
Blog Entries: 2

Rep: Reputation: 34
I'm grabbing v4.3 of OpenSSH now - see if that solves it.
 
Old 02-27-2006, 08:22 PM   #13
jcliburn
Member
 
Registered: Dec 2003
Location: Mississippi, USA
Distribution: Fedora
Posts: 435

Rep: Reputation: 33
You might also look in /var/log/secure to see if any illuminating messages can be found. (I presume that's the log file for ssh in Mandriva. It is in Fedora.)
 
Old 02-28-2006, 05:28 PM   #14
geek745
Member
 
Registered: Jul 2004
Location: Alton, IL
Distribution: Linux Mint; Slackware; Ubuntu; Slax
Posts: 172

Original Poster
Blog Entries: 2

Rep: Reputation: 34
new version didn't help at all - exact same errors. the sourceforge server that works fine is using an earlier version like 4.1, I think. This isn't supposed to be that hard.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
running FTP server on a LAN for folks outside of the LAN johnMG Linux - Networking 4 12-23-2006 05:10 PM
Keep running a command when disconnect from SSH stuartornum Linux - General 3 02-17-2006 11:19 PM
ssh from outside my lan? danimal87 Linux - Newbie 4 09-04-2005 11:35 AM
problems about ssh and LAN franz77 Linux - Networking 3 01-09-2005 04:41 AM
all messenger msn yahoo disconnect on a linux platform server xnet_online Linux - Networking 0 03-30-2004 03:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration