ssh issues
Hi,
I thought I successfully upgraded openssh from v 2.9 to v 3.5 but something funky is happening. When i type in rpm -q openssh-server it tells me openssh-server-3.5p1-1. I can connect to the box via ssh from my windows ssh client, however, nobody else can. The message that comes up is: ssh_exchange_identification:connection closed by remote host. When i log into a couple of the other linux servers running ssh and type in rpm -q openssh-server it also returns the appropriate response. Then as a backup I type in ssh -V to get the version number. When I type in ssh -V on the server I built it returns: bash:ssh:command not found There is obviously an issue somewhere. What i upgraded to on my redhat 7.2 server (2.4.7-10 i686) was openssh-server-3.5p1-1.i386.rpm and openssh-3.5p1-1.i386.rpm. I did not install the openssh-client-3.5p1-1.i386.rpm. Could this be the problem? The only other thing I can think of is that my redhat system is on an i686 box and the upgrades are i386.rpm. Is that the problem? I couldn't find openssh 3.5 for redhat i686 no matter where i went. If that is the problem can someone tell me where to find those packages? If that is the issue do I just simply upgrade again? The command I used to upgrade was: rpm -Uvh openssh* (it seemed to work fine but i guess it didn't) Should I use another command....maybe just rpm -U openssh* Thanks for your help. |
well seeing as ssh itself is a client program and you say yourself that you've not installed the client programs package, I think that's somethign of a safe bet...
|
ssh_exchange_identification:connection closed by remote host could mean you're running sshd with TCP wrappers enabled (libwrap, using /etc/hosts.{allow,deny}) but haven't enabled access to the sshd service for remote clients.
|
Yeah, I installed the client program right after I posted. That resloved one of the issues. From the box i built I was able to ssh to the other linux servers. But first there was a message saying:
the authenticity of host '1.2.3.4' can't be established RSA key fingerprint is blah blah blah.... Are you sure you eant to continue connecting (yes/no)? I typed in yes and then a warning came up: Warning: Permanently added host '1.2.3.4' and i am prompted for the root password and I connect. Now i can connect to the other linux servers from my server via ssh but when i try it the other way around i still get the message: ssh_exchange_identification:connection closed by remote host When I type in ssh -V on my box it no longer replies: bash:ssh:command not found it replies with the correct version of openssh. Also when i type in the command rpm -qa | grep openssh it responds with all 3 of the packages i installed. Does anyone know what to do to solve the 'connection closed by remote host' message when i try to ssh to the linux server i just built from the other linux servers and windows clients? Thanks. |
If it's not libwrap, then check if you made and distributed your ssh key's public part between servers. Also root logins aren't recommended. Login as a regular user and sudo over to the coveted root account if really necessary.
|
You may be right about the TCP Wrappers. I did put my syslog server on a different subnet and i didn't modify hosts.allow and hosts.deny.
hosts.allow is sshd:LOCAL and hosts.deny is ALL:ALL. Would i fix my problem by modifying hosts.deny to allow any ssh client from the the subnet I am on? Although, I do get the 'connection closed by remote host' message even when i try to connect to this box from other linux machines on the same subnet. I guess i have to modify both hosts.allow and hosts.deny. Can anybody suggest the proper syntax? I will try the man pages as well. Thanks. |
Last time I checked sshd didn't like /255 or /24 style subnet masks and the service name is not the IANA designated port service name, but the process name.
So, AFAIK the syntax is :"argv[0] process name: ipaddr, ipaddr, ipaddr". Btw, you *did* propagate your keys, right? |
Sorry, I'm new to the linux world and I kind of got lost on that last message. I didn't do anything with the keys. I'm not sure where to start with key authentication.
However, I did comment out the fields i added in both hosts.allow and hosts.deny and now i am able to ssh inbetween subnets and within the subnet i have the server setup in. I don't know how much security I have lost because of this. |
Quote:
|
...and the key thing is where you generate a "fingerprint" locally (ssh-keygen) and add the public part (<keyname>.pub) to your remote accounts ~/.ssh/authorized_keys file if you want to use public key authentication to access your remote account. Same goes for accessing your local account from the remote one.
|
All times are GMT -5. The time now is 05:28 AM. |