Bug 917

Summary: ssh_exchange_identification: Connection closed by remote host
Product: Portable OpenSSH Reporter: schneidz <henry.herold>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED INVALID    
Severity: normal    
Priority: P3    
Version: 3.6.1p2   
Hardware: ix86   
OS: Linux   
Attachments:
Description Flags
sshd_config none

Description schneidz 2004-08-20 10:35:43 AEST 
I can't ssh into my machine. i am able to ssh localhost and log in with a
password (i am also able to remotely http to it) but remotely i can't log in.
here is the debug output:

ssh -v -v -v -P pcp01417125pcs.umrion01.pa.comcast.net
OpenSSH_3.7p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7b 10 Apr 2003
debug1: Reading configuration data /usr/local/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to pcp01417125pcs.umrion01.pa.comcast.net [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /u/a173325/.ssh/identity type -1
debug1: identity file /u/a173325/.ssh/id_rsa type -1
debug1: identity file /u/a173325/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
debug1: Calling cleanup 0x2002ae54(0x0)

/etc/hosts.allow:
ALL: ALL

nothing in hosts.deny

/var/log secure:
Aug 19 07:28:44 pcp01417125pcs sshd[4782]: Server listening on x.x.x.x port 22.
Aug 19 18:45:17 pcp01417125pcs xinetd[4795]: START: sgi_fam pid=6508 from=<no
address>
--end--

[root@pcp01417125pcs etc]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Comment 1 schneidz 2004-08-20 10:40:24 AEST 
Created attachment 700 [details]
sshd_config
Comment 2 Damien Miller 2004-08-20 10:45:34 AEST 
A debug trace from the client isn't too helpful, can you attach a trace from the
server "sshd -ddd"?
Comment 3 schneidz 2004-08-21 07:37:29 AEST 
[root@pcp01417125pcs root]# sshd -ddd
debug1: sshd version OpenSSH_3.5p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on x.x.x.x.
Server listening on x.x.x.x port 22.
Generating 768 bit RSA key.
RSA key generation complete.


i tried multiple remote logins but could not get in.

nothing in the debug trace above or in /var/log/secure
Comment 4 Darren Tucker 2004-08-21 11:23:45 AEST 
The debug log shows no indication that you're even connecting to sshd.  Perhaps
the connection is being rejected by a firewall or NATed to another port?
Comment 5 schneidz 2004-08-21 12:14:14 AEST 
i have no firewall rules set up. (see iptables output)

i have no hardware firewall.

the server logs show no indication of a connection being made, but i'm confused
as to why the debug output of the client states that a connection is established
before i get the ssh_exchange_identification error.
Comment 6 Darren Tucker 2004-08-21 12:40:13 AEST 
You're connecting to something but it's not the sshd you've got running in debug
mode.  Try using "lsof -i :22" to see what's listening on port 22.  Check your
NAT table too ("iptables -t nat -L").

It's also possible your ISP is blocking/redirecting port 22.  Try "tcpdump tcp
port 22" while you're trying to connect and see if you're even getting packets.
Comment 7 schneidz 2004-08-22 09:48:50 AEST 
thanks for the effort. a lot of info i never knew i could look at. appended
below are the outputs to my lsof, iptables -nat, tcpdump (tcpdump is from my
host to a computer i no longer have an account on. i got the same
ssh_exchange_identification error where it didn't prompt me for a password):

[root@pcp01417125pcs alsa]# lsof -i :22
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
sshd    4791 root    3u  IPv4   4452       TCP
pcp01417125pcs.umrion01.pa.comcast.net:ssh (LISTEN)

[root@pcp01417125pcs alsa]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
 
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

tcpdump: listening on eth0
19:41:59.514613 pcp01417125pcs.umrion01.pa.comcast.net.35481 >
snowhite.cis.temple.edu.ssh: S 3155502819:3155502819(0) win 5840 <mss
1460,sackOK,timestamp 1364052 0,nop,wscale 0> (DF)
19:41:59.527604 snowhite.cis.temple.edu.ssh >
pcp01417125pcs.umrion01.pa.comcast.net.35481: S 1414673544:1414673544(0) ack
3155502820 win 33580 <mss 1460,nop,wscale 0> (DF)
19:41:59.527669 pcp01417125pcs.umrion01.pa.comcast.net.35481 >
snowhite.cis.temple.edu.ssh: . ack 1 win 5840 (DF)
19:42:04.854215 snowhite.cis.temple.edu.ssh >
pcp01417125pcs.umrion01.pa.comcast.net.35481: F 1:1(0) ack 1 win 33580 (DF)
19:42:04.854502 pcp01417125pcs.umrion01.pa.comcast.net.35481 >
snowhite.cis.temple.edu.ssh: F 1:1(0) ack 2 win 5840 (DF)
19:42:04.864586 snowhite.cis.temple.edu.ssh >
pcp01417125pcs.umrion01.pa.comcast.net.35481: . ack 2 win 33580 (DF)
 
6 packets received by filter
0 packets dropped by kernel
Comment 8 Darren Tucker 2004-08-22 10:10:26 AEST 
I suggest you kill off the running sshd that's listening on port 22 then re-run
the sshd -ddd test.
Comment 9 schneidz 2004-08-28 03:05:35 AEST 
I was able to ssh out to HBX networks luna machine, which came back online
recently. i was able to ssh back into my server from luna.

my workplace must have some filters/ firewalls in place which stops traffic from
certain ports.

thanks all for your help.