Hi all,

I just did an FTP install for Mandriva 2006. However, I can't ssh to the server. I can ssh @localhost but can't from the outside. SSH is enabled in the firewall, and in the menu where one can choose services to run @ boot it's ticked on to start. Any tips?

Thanks.

When you attempt to ssh to the machine from another system, does the connection simply fail to connect, or are you just unable to authenticate?

Do you have physical access to the system in question? If so, do you have access to another system on the same network segment, can you ssh to this server from said system?

Happy Hunting,

From a SuSE box and from my XP box over PuTTY, I get a "Server unexpectedly closed connection".

Thanks.

I assume that their is no firewall between these clients and your server.

Are you accessing the system by host name or IP address? May I suggest that you attempt to establish the ssh connection using an account other than root?

Might I suggest using the -vvv switch and posting the results. (i.e. ssh -vvv user@1.1.1.1 )

Happy Hunting,

Thanks for the help.

No luck:

OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

I don't understand why Mandriva shuts it off. No firewall other than the one on Mandriva, SSH is ticked, and ps and netstat ssh is running and being listened for on 22.

Thanks again.

xxx is the server's ip address.

You may wish to take a look at:

http://www.snailbook.com/faq/libwrap-oops.auto.html

It refers to one possible solution being a modification to either the:

/etc/host.allow

or

/etc/host.deny

I also have heard people blame this error on an excess of hung ssh sessions, so it may be worth while to attemt to stop and start the sshd to see if this has any impact.

Happy Hunting,

Success! Much obliged, mate.

add sshd2 : All
or
sshd2 : x.x.x.x

where x.x.x.x is you winbox ip to your hosts.allow file

Thanks, I actually put x.x.x., for all the hosts on the LAN. Now I'm wondering, how tightly is Mandriva locked up?

you should know the answer for that more than us. also you can try

https://www.grc.com/x/ne.dll?bh0bkyd2

read the page for more info on how it checks your comp for any vulnerability and also any legal issues concerned.

Well,

For some reason, everytime I close emacs, the original line for sshd.deny overwrites any of my changes and reverts to the original below:

ALL:EXCEPT 127.0.0.1ENY

Any thoughts?

Thanks.

Make sure you edit the file as root, so you can save the changes.

Also, did you generate a key-pair on the server ( ssh-keygen ). Also, make sure that the service is running, and port 22 is open, unless you configured it to use a different port.

One thing that can cause this error is if you performed a fresh install on a host, and so the key pair is different then the last time you connected to the server. If this is the case, delete the entry from the ~/.ssh/known_hosts file. Or if the servers key pair is changed, delete the server's known_hosts entry from your remote hosts.

I would recommend that you always log in as a user and disable root login. If only one user logs into the server using ssh, then consider adding your username to the AllowUsers entry in /etc/ssh/sshd_config. This will forbid any other user from logging in. You can add more users to the end of this line, or use AllowGroups instead. If there is an AllowUsers entry, then this will trump any AllowGroups entry. If you use AllowUsers, you don't have to list each system user to deny.

Well mandriva has a security levels the Paranoic level is pretty locked up firewall.

DrakSec is a very nice description for the different levels.