LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   ssh_exchange_identification connection reset by peer (https://www.linuxquestions.org/questions/linux-security-4/ssh_exchange_identification-connection-reset-by-peer-4175591176/)

nibraz 10-11-2016 03:44 AM

ssh_exchange_identification connection reset by peer
 
Hi

For some strange reason I cant login to my server from home, I used to login from my work to my server and it only allows me to login from work and if I try to use SSH from home I get this error:

ssh_exchange_identification connection reset by peer
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory

Any idea why this is?

Turbocapitalist 10-11-2016 04:33 AM

Which version of sshd are you running on your server?

And which version of the SSH client are you using from home and which type from work?

Turbocapitalist 10-11-2016 04:36 AM

Quote:

Originally Posted by nibraz (Post 5616398)
debug1: identity file /home/root/.ssh/id_rsa-cert type -1

Also, it looks like you are trying to log in from a root account, perhaps also aiming to log in ot the remote server as root. Most new servers block that type of mistake by default. What happens when you try logging in from a normal user account, ideally the one which has the keys or certificates you are using to authenticate?

nibraz 10-11-2016 06:13 AM

Quote:

Originally Posted by Turbocapitalist (Post 5616402)
Also, it looks like you are trying to log in from a root account, perhaps also aiming to log in ot the remote server as root. Most new servers block that type of mistake by default. What happens when you try logging in from a normal user account, ideally the one which has the keys or certificates you are using to authenticate?

Hi

I am using Putty client on my laptop which is the same laptop i use to connect from my work.

I am not logging in as root, I am trying to login as a normal user but it would not let me connect at all.. i cant even get to the username prompt.

When I connect my laptop at work then use SSH i can connect to my server.. not sure why that is.

Turbocapitalist 10-11-2016 06:27 AM

PuTTY is a graphical client. Can you open a terminal and use OpenSSH's own SSH client?

Code:

ssh -v nibraz@server.example.com
The -v will give a little more debugging information about the attempted connection. Which distro (including version) are you running on your laptop?

nibraz 10-11-2016 11:24 AM

Quote:

Originally Posted by Turbocapitalist (Post 5616425)
PuTTY is a graphical client. Can you open a terminal and use OpenSSH's own SSH client?

Code:

ssh -v nibraz@server.example.com
The -v will give a little more debugging information about the attempted connection. Which distro (including version) are you running on your laptop?

got this

Code:

OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to xxxxxx.com [xx.xx.xx.xx] port 22.
debug1: Connection established.
Could not create directory '/cygdrive/q/.ssh'.
debug1: identity file /cygdrive/q/.ssh/identity type -1
debug1: identity file /cygdrive/q/.ssh/id_rsa type -1
debug1: identity file /cygdrive/q/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host


nibraz 10-11-2016 11:25 AM

my work ip address changed, now i cant even connect using putty :(

nibraz 10-11-2016 12:25 PM

got this with -vv

debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3p1 Debian-1
ssh_exchange_identification: read: Connection reset by peer

nibraz 10-11-2016 12:39 PM

I can login as normal user with ftp no encrption but when i try root i am getting "can't login as root account disabled" i cant seem to do anything..

Turbocapitalist 10-11-2016 12:43 PM

Quote:

Originally Posted by nibraz (Post 5616573)
I can login as normal user with ftp no encrption but when i try root i am getting "can't login as root account disabled" i cant seem to do anything..

I'm not clear on whether you are trying to log in as root or not. Your last post says you are and your excerpt of -vv output say you are. Try logging in as a regular, non-root user instead and you should get in. On the client side, you are using the latest portable version of OpenSSH. That is good. If you are using the same on the server then the default is for it to disallow root logins, on most distros.

However, if you have non-Anonymous FTP available then your machine will eventually become compromised. Maybe it has already happened.

nibraz 10-11-2016 12:59 PM

I was able to login earlier using root login after 17:00 i am not able to login to SSH at all now its saying "Network Error: Software caused connection abort"

I cant SSH at all now, wont let me in.

I can only use FTP as normal user with no encrption. But the user im login as no root permissions to modify any files..

Turbocapitalist 10-11-2016 01:09 PM

Quote:

Originally Posted by nibraz (Post 5616590)
I can only use FTP as normal user with no encrption.

Then others on the network (and those in between you and it) can use that same account to log in and look around the system until they find a way to escalate privileges, or otherwise do what they want.

Anyway, back to SSH, what text is produced when you connect to the SSH port using the telnet client?

Code:

telnet server.example.com 22
Is it responding?

nibraz 10-11-2016 01:14 PM

im getting

Trying xx.xx.xx.xx..
Connected to mysite.com.
Escape character is '^]'.
Connection closed by foreign host.

Turbocapitalist 10-11-2016 01:23 PM

Quote:

Originally Posted by nibraz (Post 5616601)
im getting

Trying xx.xx.xx.xx..
Connected to mysite.com.
Escape character is '^]'.
Connection closed by foreign host.

Hmm. Instead of closing the connection, it should have come back with an identification string showing the version of SSH it is using.

When will you next be able to log in via the console? A physical visit or use of another server with a connected keyboard-video-moust switch might be necessary.

nibraz 10-11-2016 03:25 PM

Quote:

Originally Posted by Turbocapitalist (Post 5616607)
Hmm. Instead of closing the connection, it should have come back with an identification string showing the version of SSH it is using.

When will you next be able to log in via the console? A physical visit or use of another server with a connected keyboard-video-moust switch might be necessary.

Hi Turbo

Thanks for keeping up with this.

I am going to visit my server tomorrow after work at my dads house.

Is there any logs or anything i need to grab?

I dont think anyone hacked it, as my site is still up and running and its a social networking site.


All times are GMT -5. The time now is 02:07 AM.