LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-11-2016, 03:44 AM   #1
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Rep: Reputation: 18
ssh_exchange_identification connection reset by peer


Hi

For some strange reason I cant login to my server from home, I used to login from my work to my server and it only allows me to login from work and if I try to use SSH from home I get this error:

ssh_exchange_identification connection reset by peer
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory

Any idea why this is?
 
Old 10-11-2016, 04:33 AM   #2
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,021
Blog Entries: 3

Rep: Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923
Which version of sshd are you running on your server?

And which version of the SSH client are you using from home and which type from work?
 
Old 10-11-2016, 04:36 AM   #3
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,021
Blog Entries: 3

Rep: Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923
Quote:
Originally Posted by nibraz View Post
debug1: identity file /home/root/.ssh/id_rsa-cert type -1
Also, it looks like you are trying to log in from a root account, perhaps also aiming to log in ot the remote server as root. Most new servers block that type of mistake by default. What happens when you try logging in from a normal user account, ideally the one which has the keys or certificates you are using to authenticate?
 
1 members found this post helpful.
Old 10-11-2016, 06:13 AM   #4
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by Turbocapitalist View Post
Also, it looks like you are trying to log in from a root account, perhaps also aiming to log in ot the remote server as root. Most new servers block that type of mistake by default. What happens when you try logging in from a normal user account, ideally the one which has the keys or certificates you are using to authenticate?
Hi

I am using Putty client on my laptop which is the same laptop i use to connect from my work.

I am not logging in as root, I am trying to login as a normal user but it would not let me connect at all.. i cant even get to the username prompt.

When I connect my laptop at work then use SSH i can connect to my server.. not sure why that is.
 
Old 10-11-2016, 06:27 AM   #5
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,021
Blog Entries: 3

Rep: Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923
PuTTY is a graphical client. Can you open a terminal and use OpenSSH's own SSH client?

Code:
ssh -v nibraz@server.example.com
The -v will give a little more debugging information about the attempted connection. Which distro (including version) are you running on your laptop?
 
Old 10-11-2016, 11:24 AM   #6
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by Turbocapitalist View Post
PuTTY is a graphical client. Can you open a terminal and use OpenSSH's own SSH client?

Code:
ssh -v nibraz@server.example.com
The -v will give a little more debugging information about the attempted connection. Which distro (including version) are you running on your laptop?
got this

Code:
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to xxxxxx.com [xx.xx.xx.xx] port 22.
debug1: Connection established.
Could not create directory '/cygdrive/q/.ssh'.
debug1: identity file /cygdrive/q/.ssh/identity type -1
debug1: identity file /cygdrive/q/.ssh/id_rsa type -1
debug1: identity file /cygdrive/q/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
 
Old 10-11-2016, 11:25 AM   #7
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
my work ip address changed, now i cant even connect using putty
 
Old 10-11-2016, 12:25 PM   #8
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
got this with -vv

debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3p1 Debian-1
ssh_exchange_identification: read: Connection reset by peer
 
Old 10-11-2016, 12:39 PM   #9
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
I can login as normal user with ftp no encrption but when i try root i am getting "can't login as root account disabled" i cant seem to do anything..
 
Old 10-11-2016, 12:43 PM   #10
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,021
Blog Entries: 3

Rep: Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923
Quote:
Originally Posted by nibraz View Post
I can login as normal user with ftp no encrption but when i try root i am getting "can't login as root account disabled" i cant seem to do anything..
I'm not clear on whether you are trying to log in as root or not. Your last post says you are and your excerpt of -vv output say you are. Try logging in as a regular, non-root user instead and you should get in. On the client side, you are using the latest portable version of OpenSSH. That is good. If you are using the same on the server then the default is for it to disallow root logins, on most distros.

However, if you have non-Anonymous FTP available then your machine will eventually become compromised. Maybe it has already happened.
 
Old 10-11-2016, 12:59 PM   #11
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
I was able to login earlier using root login after 17:00 i am not able to login to SSH at all now its saying "Network Error: Software caused connection abort"

I cant SSH at all now, wont let me in.

I can only use FTP as normal user with no encrption. But the user im login as no root permissions to modify any files..
 
Old 10-11-2016, 01:09 PM   #12
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,021
Blog Entries: 3

Rep: Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923
Quote:
Originally Posted by nibraz View Post
I can only use FTP as normal user with no encrption.
Then others on the network (and those in between you and it) can use that same account to log in and look around the system until they find a way to escalate privileges, or otherwise do what they want.

Anyway, back to SSH, what text is produced when you connect to the SSH port using the telnet client?

Code:
telnet server.example.com 22
Is it responding?
 
Old 10-11-2016, 01:14 PM   #13
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
im getting

Trying xx.xx.xx.xx..
Connected to mysite.com.
Escape character is '^]'.
Connection closed by foreign host.
 
Old 10-11-2016, 01:23 PM   #14
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,021
Blog Entries: 3

Rep: Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923Reputation: 1923
Quote:
Originally Posted by nibraz View Post
im getting

Trying xx.xx.xx.xx..
Connected to mysite.com.
Escape character is '^]'.
Connection closed by foreign host.
Hmm. Instead of closing the connection, it should have come back with an identification string showing the version of SSH it is using.

When will you next be able to log in via the console? A physical visit or use of another server with a connected keyboard-video-moust switch might be necessary.
 
Old 10-11-2016, 03:25 PM   #15
nibraz
Member
 
Registered: Oct 2008
Posts: 219

Original Poster
Rep: Reputation: 18
Quote:
Originally Posted by Turbocapitalist View Post
Hmm. Instead of closing the connection, it should have come back with an identification string showing the version of SSH it is using.

When will you next be able to log in via the console? A physical visit or use of another server with a connected keyboard-video-moust switch might be necessary.
Hi Turbo

Thanks for keeping up with this.

I am going to visit my server tomorrow after work at my dads house.

Is there any logs or anything i need to grab?

I dont think anyone hacked it, as my site is still up and running and its a social networking site.
 
  


Reply

Tags
putty


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh_exchange_identification: read: Connection reset by peer BCarey Slackware 4 12-12-2016 02:27 PM
NetBSD 7.0 ssh error:ssh_exchange_identification: read: Connection reset by peer jorton *BSD 0 11-25-2015 08:48 PM
ssh_exchange_identification: read: Connection reset by peer rblampain Linux - Networking 3 03-03-2014 02:51 AM
Help me.... why Connection reset by peer Connection to medusa closed. Cabellos-Quiroz-JL Linux - Newbie 1 06-04-2009 12:58 PM
eth0 going down (connection reset by peer, then connection refused) Astarath Slackware 1 09-05-2007 05:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration