Skip to main content
Welcome guest. | Register | Login | Post

ssh problem

4 replies [Last post]
a thing's picture
Offline
Joined: 2005-12-20
notroot[0:~]& ssh 192.168.1.111
ssh_exchange_identification: Connection closed by remote host

I have no idea what made this happen, ssh used to work. My sshd_config:

http://outdated

dylunio's picture
Offline
Joined: 2005-12-20

I'm not sure, but of what I've read on the subject it may be that you have the key set in /etc/hosts.deny or not set in /etc/hosts.allow.

dylunio

a thing's picture
Offline
Joined: 2005-12-20

Added sshd:192.168.1.110 to hosts.allow and:

notroot[0:~]& ssh 192.168.1.111
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
44:c4:5a:e7:4f:ce:54:46:6a:b0:4a:d4:e1:ce:49:a3.
Please contact your system administrator.
Add correct host key in /home/notroot/.ssh/known_hosts to get rid of this message.
Offending key in /home/notroot/.ssh/known_hosts:1
RSA host key for 192.168.1.111 has changed and you have requested strict checking.
Host key verification failed.
notroot[0:~]& cd .ssh
notroot[0:.ssh]& ls
known_hosts
notroot[0:.ssh]& nano known_hosts
notroot[0:.ssh]& rm known_hosts
notroot[0:.ssh]& cd ..
notroot[0:~]& ssh 192.168.1.111
The authenticity of host '192.168.1.111 (192.168.1.111)' can't be established.
RSA key fingerprint is 44:c4:5a:e7:4f:ce:54:46:6a:b0:4a:d4:e1:ce:49:a3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.111' (RSA) to the list of known hosts.
Permission denied (publickey,gssapi-with-mic).
notroot[0:~]& ssh 192.168.1.111
Permission denied (publickey,gssapi-with-mic).

ALL:ALL is in hosts.deny, but I tried commenting that out and it made no difference.

dylunio's picture
Offline
Joined: 2005-12-20

I diffed your conf file agains mine, the main difference seems to be in the fact you havn't got PubkeyAuthentication yes and GSSAPIAuthentication yes commented out, but I don't know what difference this makes.

This is the contents of a patch file of differences if you want to look at it (this is the patch file which changes your file into mine):

1c1
< #     $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
---
> #     $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $
6c6
< # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
---
> # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
14d13
< #Protocol 2,1
31c30
< #obsoletes QuietMode and FascistLogging
---
> # obsoletes QuietMode and FascistLogging
33d31
< #SyslogFacility AUTHPRIV
41c39
< MaxAuthTries 6
---
> #MaxAuthTries 6
43,44c41,42
< RSAAuthentication yes
< PubkeyAuthentication yes
---
> #RSAAuthentication yes
> #PubkeyAuthentication yes
58d55
< PermitEmptyPasswords no
59a57
> #PermitEmptyPasswords no
63d60
< ChallengeResponseAuthentication no
73d69
< GSSAPIAuthentication yes
75d70
< GSSAPICleanupCredentials yes
85d79
< #UsePAM no
88,91d81
< # Accept locale-related environment variables
< AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
< AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
< AcceptEnv LC_IDENTIFICATION LC_ALL
95d84
< X11Forwarding yes
107d95
< #ShowPatchLevel no
111d98
< #PermitTunnel no
117c104
< Subsystem     sftp    /usr/libexec/openssh/sftp-server
---
> Subsystem     sftp    /usr/lib/misc/sftp-server

I have no idea if this will help at all;

dylunio

a thing's picture
Offline
Joined: 2005-12-20
I found the problem. No

I found the problem. No tutorial was straightforward with this at all. How I did it.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.