ssh "Connection Refused" requires networking restart (?)
 

I have an openssh-server running on Ubuntu 7.04. Frequently, the server just suddenly becomes impossible to connect to; existing and new putty clients see "Network error: connection refused" messages.

I found that i need to do "/etc/init.d/networking restart" to get past this problem without restarting sshd (Restarting sshd doesn't help). The auth.log file does not contain any pointers.

Would greatly appreciate any suggestions for a remedy to avoid this issue or any tips as to where to start looking.

Thanks
Vish

No need to keep posting the same thread all over the place...

A couple ways I would think about troubleshooting this:

1) Is the output of /sbin/ifconfig showing any error packets on the box hosting sshd?

2) When things begin failing, do the connections even reach the listening sshd daemon? Not sure where to check this under Ubuntu -- perhaps /var/log/secure or /var/log/messages.

If it's necessary, you can turn on DEBUG logging level for sshd for a short time to try to get more information; again, this assumes the connections are reaching the listening sshd daemon. (See the manpages for sshd_config(5) under the LogLevel parm.)

it seems to be a network/connection prob..try to ping when the problem occurs..and /etc/init.d/network restart (if you are not able to ping)
/sbin/ifconfig eth0/ethn can be useful too.

Mysterious IPv6 router message
 

I upped the LogLevel for sshd to DEBUG3 (highest) but a connection attempt did not cause any output to the log (auth.log is the log configured in sshd_config). Seems like connections don't even reach the listening sshd daemon.

(Of course, when I do a networking restart, connections can once again be made successfully and the auth.log gets a lot of logging lines.)

I seem to get this abnormal condition within 10-15 minutes of a networking restart. But the output of /sbin/ifconfig does not indicate any error packets. And I can also successfully ping to and from the box when the "Connection Refused" message is seen.

I see only one mysterious clue in kern.log file:

Aug 6 03:08:00 abclinux01 kernel: [332548.338214] eth0: link up
Aug 6 03:08:10 abclinux01 kernel: [332548.338214] eth0: no IPv6 routers present


The two statements are 10 seconds apart. I wonder whether this has any bearing on my sshd problem.

So we can (probably) be pretty certain the problem does not lie with sshd. It appears that connections stop reaching the sshd daemon altogether, and it doesn't sound like you need to restart sshd at any time.

Apart from the obvious, I'm not sure what to make of that. Is it appearing at exactly the time the network connection seems to die?

Do you have a spare ethernet card and cable you can swap the originals with to see if the problem continues?

edit: typo.

problem is sporadic..
 

Today, I noticed once that the connection problem (with sshd and apache) seemed to rectify itself temporarily..

Some more info on the connection problems
 

Thanks for the helpful advice I've recd from anomie and sorrocoheaven.

Unfortunately I do not have another ethernet card to try out. One thing which is special in my situation is that I am running Ubuntu in a VMWare instance.

My connections problems do begin soon after (or as soon as) the "eth0: link up" message appears. I also looked at an apache webserver which I am running now. The webserver ALSO seems to be affected when I have the connect problems with sshd. But I can still do a local connection to ssh (from the same machine) even with the connection refused error that I see from other machines in the network.

After doing some research, I also did an iptables invocation to see if any firewall rules are active

iptables -L -n

The result was:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

which I'm told means no firewall running. Also did an "nmap -r localhost" which tells me that my ports are open.

Today, I noticed once that the connection problem (with sshd and apache) seemed to rectify itself temporarily also which has me completed foxed. Would greatly appreciate any other ideas/suggestions to debug the issue or track the network interface.

Thanks
Vish

This is not an SSH-only issue after all. Same problem happens with http and ftp but not with ping. A ping out from the server actually solves the connectivity issues instantly, though inexplicably. In retrospect my original post seems more apt in the linux-networking forum.

This is also sometimes connected with storage. I had full fs and it caused problems as you specified. So check your free space on HDD especially partition with OS and also SWAP part is important let me know if it helped.

In my case, ultimately the cause was an IP address conflict. My sshd was running on a virtual machine (running ubuntu). By mistake a Network Admin had doled out an IP address to my virtual machine which has already been pre-allocated to another (non-virtual) machine. Somehow a ping to my virtual machine would "clear a path" for the ssh-client (also on the pinger machine) to reach the SSHD server on my virtual machine. This would last temporarily, until perhaps one of two things happened (I'm not sure which): either the original owner of the IP address "reclaimed its IP address" or this "ssh-client" lost memory of the path to the SSHD on the virtual machine.

Hope this helps anyone else who may encounter this weird situation.