ssh_exchange identification: Connection closed by remote host.

dsmavani · 11-30-2008, 11:33 PM

Not able to ssh from different hosts to linux box running sshd. Not able to "service sshd restart"

.

Please guide...

billymayday · 11-30-2008, 11:40 PM

I would guess that either your firewall is blocking port 22 or the service isn't running.

You don't say what distro you use, or why you can't restart the service.

dsmavani · 12-03-2008, 03:35 AM

Thanks for the reply.

The distro is RHEL 5. There is no firewall and port 22 is open. The service ssh is running, when trying to ssh from other host getting following error:

[root@locahost]# ssh -vvv mainsrv1
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to mainsrv1 [192.168.1.5] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
ssh_exchange_identification: Connection closed by remote host
[root@localhost]#

Kindly guide.

chrism01 · 12-03-2008, 05:57 PM

These days most people disable remote root login via ssh, and I believe(!) RH sets it that way at install time. Its a security thing.
Check the sshd_config on the target box.

anomie · 12-03-2008, 10:49 PM

Check /var/log/secure on the sshd server after attempting a login.

dsmavani · 12-03-2008, 11:33 PM

Hi Chris, I have checked /etc/ssh/sshd_config file, there is no such restriction for root user. On restart of RHEL5 Server, we are able to ssh for around 10 to 15 hours, then it stops and output of ssh -vvv <RHEL5Server> is in my last post.

Thanks

billymayday · 12-03-2008, 11:35 PM

Are you able to connect as another user? I'm thinking of one without keys in place.

Also, is sshd still running when this problem occurs?

As per @anomie's post, what does the server log tell you?

judge312 · 12-04-2008, 12:29 AM

This error come when ssh key exchange failed. check /etc/hosts.deny and allow . and iptables -L

In most cases , this is due to network blockage at sshd server machine .

tcpdump can help a lot

dsmavani · 12-05-2008, 12:30 AM

Hi Billy,

No, we are not able ssh through any other user.

Yes, sshd is running when the problem occurs.

As suggested by anomie, checked /var/log/secure which do not have any entries of ssh connection success of time when were trying to ssh from different hosts and was not able to make connection.

Kindly guide.

dsmavani · 12-05-2008, 12:33 AM

Hi, Judge312,

There is nothing in /etc/hosts.allow and hosts.deny and iptables -L. As we are able to connection for initial 10 to 15 hours.

I am waiting for that error to come again (expected within 5 to 8 hours). Will take tcpdump at that time and will update.

Thanks

billymayday · 12-05-2008, 01:11 AM

I'd also try ssh'ing in from localhost, just to rule out a network problem

hasanatizaz · 12-05-2008, 02:59 AM

empty known_hosts file which is located ~/.ssh