Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-03-2005, 04:37 AM   #1
Registered: Mar 2005
Location: Netherlands
Distribution: Fedora Core 5 x86_64
Posts: 48

Rep: Reputation: 15
Question ssh login problem RedHat AS3 ("Did not receive identification string from")

Hi all,

I have a very strange problem. In my network i am configuring a communication server.


I have three servers
Server 1: Solaris 8 server with SSH client: OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
Server 2: Solaris 8 server with SSH Client: OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6g 9 Aug 2002
Server 3: RedHat AS3 with ssh deamon: OpenSSH_3.6.1p2

The sshd has the following configuration file:
# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
#ShowPatchLevel no

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
#Banner /etc/motd.ssh

When i login to the server via ssh from server 1 to server 3 everything works fine:
But when i login from server 2 to server 3 i get nothing:
See output of ssh -vv below:

OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6g 9 Aug 2002
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to x.x.x.5 [x.x.x.5] port 22.

In the logging of /var/log/secure on the server (sshd with debugging on) i see the following:
Jun 2 16:04:33 Server3 sshd[10152]: Did not receive identification string from x.x.x.9
Jun 2 16:04:33 Server3 sshd[10152]: debug1: Calling cleanup 0x806f000(0x0)
Jun 2 16:04:33 Server3 sshd[10153]: Connection from x.x.x.9 port 56678

These message normally are shown when someone does a port scan or something else nasty to your server,
but since i am the only nasty guy connecting to server3 that should not be the problem

I have checked the source of sshd ( thats a place i don't normally come, but OK) and have found this":
374 if (client_version_string == NULL) {
375 /* Send our protocol version identification. */
376 if (atomicio(write, sock_out, server_version_string,
377 strlen(server_version_string))
378 != strlen(server_version_string)) {
379 log("Could not write ident string to %s", get_remote_ipaddr());
380 fatal_cleanup();
381 }
383 /* Read other sides version identification. */
384 memset(buf, 0, sizeof(buf));
385 for (i = 0; i < sizeof(buf) - 1; i++) {
386 if (atomicio(read, sock_in, &buf[i], 1) != 1) {
387 log("Did not receive identification string from %s",
388 get_remote_ipaddr());
389 fatal_cleanup();
390 }
391 if (buf[i] == '\r') {
392 buf[i] = 0;
393 /* Kludge for F-Secure Macintosh < 1.0.2 */
394 if (i == 12 &&
395 strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
396 break;
397 continue;
398 }
399 if (buf[i] == '\n') {
400 buf[i] = 0;
401 break;
402 }
403 }
404 buf[sizeof(buf) - 1] = 0;
405 client_version_string = xstrdup(buf);
406 }

It looks to me that the sshd exits in line 380. So i have isolated the problem (i Think)
I need server 2 to connect to server 3 and i dont have the luxury of just updating everything to the highest version.
Impact on other service is very big!!

The question now remains: HOW DO I SOLVE IT?

Anyone have some ideas?
Old 07-03-2005, 07:50 AM   #2
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596
If this still is a problem (else please post your solution):
I need server 2 to connect to server 3 and i dont have the luxury of just updating everything to the highest version.
Impact on other service is very big!!

If these boxen are in any way connected to the Internet, then you'll have to update both daemon and client to the latest stable version. There can be no mistake about that. I can not *imagine* what "big" impact this would have on other services, so please tell us. If there are no "real" objections the obvious way would be to update, else please post the log from 'sshd -d -d -d'. I'm certain it can output much more debugging than you showed now.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
No UTMPX entry, You must EXEC "login" for the lowest "shell" ooihc Solaris / OpenSolaris 7 03-12-2007 03:09 PM
SSH "Connection Refused" problem when there is no firewall/router involved in Fedora4 d2army Linux - Networking 5 10-04-2005 06:01 PM
"e100_wait_exec_simple: failed" - Redhat AS3.0 rfrancis Red Hat 1 03-23-2005 01:34 PM
RedHat AS3 problem :: "lease broken - owner pid = ####" dmoorhouse Red Hat 1 09-24-2004 01:45 PM
Howto disable "Graphical Login" or "Standard Login?" the_gripmaster Red Hat 1 07-08-2004 03:55 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:47 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration