Can't connect thru ssh on port 54545 or any port other than default

[inkjetunit]

I am sure there has been a lot of discussion already on this topic but nothing has worked for me as yet.

I have configured my sshd_config correctly and listed port 54545, opened the port from firewall, generated rsa keys but I can't upload the keys.

The port is open as per lsof -
[CODE]> lsof -i | grep sshd
sshd 5645 root 3u IPv6 31166 0t0 TCP *:54545 (LISTEN)
[/CODE]

The error is below -

Code:

> ssh-copy-id apogee@apogee.suse.lst
ssh: connect to host apogee.suse.lst port 22: Connection refused

What do I do to get it to work?

[Knurpht]

You've probably made connections when port 22 was the default for the host. Remove ~/.ssh/known_hosts and try again. The connection to the host is probably known in there, but on port 22.

[nrickert]

The port is open as per lsof -
[CODE]> lsof -i | grep sshd
sshd 5645 root 3u IPv6 31166 0t0 TCP *:54545 (LISTEN)
[/CODE]

When I try that command (using port 22), I get lines for both IPv4 and IPv6.

The error is below -

Code:

> ssh-copy-id apogee@apogee.suse.lst
ssh: connect to host apogee.suse.lst port 22: Connection refused

It looks as if the command "ssh-copy-id" does not have an option for ports. So you may have to setup keys manually.

You should try connecting, with:

Code:

ssh -p 54545 apogee@apogee.suse.lst

[hcvv]

I am sure there has been a lot of discussion already on this topic but nothing has worked for me as yet.

I have configured my sshd_config correctly and listed port 54545, opened the port from firewall, generated rsa keys but I can't upload the keys.

The port is open as per lsof -
[CODE]> lsof -i | grep sshd
sshd 5645 root 3u IPv6 31166 0t0 TCP *:54545 (LISTEN)
[/CODE]

The error is below -

Code:

> ssh-copy-id apogee@apogee.suse.lst
ssh: connect to host apogee.suse.lst port 22: Connection refused

What do I do to get it to work?

Just a point for better posting. Do not alter the default fonts. We can all read the normal fonts and there is no need to irritate people by using larger fonts then usual. Also, while you did this a bit haphazard, one of you CODE parts did not work (font size changing in the midst of the tag).

[ab]

> > sshd 5645 root 3u IPv6 31166 0t0 TCP *:54545 (LISTEN)

Yes, that's fine.

> When I try that command (using port 22), I get lines for
> It looks as if the command "ssh-copy-id" does not have an option for
> ports. So you may have to setup keys manually.

This is, exactly, the problem. ssh-copy-id is great for every other case,
but stinks in this one case; adding an option to accept a port should
probably take about ten seconds, so if I can find the upstream repo I'll
go do that. In the meantime:

1. Put it back, copy the key, then restrict ports:
A. Change the port back to 22, or better yet add '22' as another port for
now. Restart sshe
B. ssh-copy-id as you were before; it'll work now.
C. Change back to just port 54545 and restart sshd.

2. Copy the key manually.
A. Copy contents of ~/.ssh/id_rsa.pub (or whatever you named it)
B. Paste on destination box's ~/.ssh/authorized_keys file; create if not
already there, but be sure permissions are set to 600 (rw-------) for the
file and 700 (rwx------) for the ~/.ssh directory or things may not work
later.
C. Try logging in.

The 'Connection Refused' means that the port is not listening (as you
configured, so okay) and that the default SUSE firewall is not blocking it
(odd... you should probably still be blocking TCP 22, but oh well... maybe
this is a result of your testing or previous configuration).

Good luck.

[robin_listas]

On 2013-01-01 11:56, inkjetunit wrote:
> The error is below -
>
> Code:
> --------------------
> linux-gu9x:~/.ssh # ssh-copy-id apogee@apogee.suse.lst
> ssh: connect to host apogee.suse.lst port 22: Connection refused
>
> --------------------

You forgot to tell the client to change the default port.

--
Cheers / Saludos,

Carlos E. R.
(from 11.4, with Evergreen, x86_64 "Celadon" (Minas Tirith))

[ab]

While I have not tried this, another option to get this script working may
include setting the ~/.ssh/config file with the following:

Port = 54545

so.....

echo 'Port = 54545' >> ~/.ssh/config

Doing that should allow ssh-copy-id to work for this system. Change ports
as needed when needing this script to work.

Good luck.

[ab]

And a patch for ssh-copy-id based on the current version in openSUSE 12.2,
which also appears to be the current version per openssh.org:

Code:
-------------
ab@mybox:~/code/openssh/contrib> diff ./ssh-copy-id.orig ./ssh-copy-id
37c37
< echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
---
> echo "Usage: $0 [-i [identity_file]] [user@]machine [-p ssh_port]" >&2
42a43
> shift
44c45,52
< { eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir
~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
---
> #If a port was specified, use it.
> if [[ ! -z ${1} && '-p' = ${1} && ! -z ${2} ]]; then
> SSHPORT="-p ${2}"
> shift
> shift
> fi
>
> { eval "$GET_ID" ; } | ssh ${SSHPORT} $host "umask 077; test -d ~/.ssh
|| mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
-------------

Basically it allows you to add a '-p portnum' option at the end of the
command, so:

ssh-copy-id remotebox

becomes:

ssh-copy-id remotebox -p 54545

Seems to be working on my systems, both for those with default ports as
well as non-default ones. Now if only I can figure out how to submit this....

Oh, and to apply this put the diff text above into 'ssh-copy-id.patch' and
run the following (with privileges if not using a copy of the original
file which is user-owned by 'root'):

patch `which ssh-copy-id` /path/to/ssh-copy-id.patch

Good luck.

[inkjetunit]

@ knurpht, been there done that but no luck.

@ nrickert, tried that too but didn't work.

@ hcvv, I am sorry if my thread caused inconvenience to you or offended you in any way. My terminal fonts are different and I had text similar to 'AA' 'AA' while pasting it in browser ( I ended up hand editing last tag, which actually worked).

@ ab #5, looks like it will work that way.

@ ab #7, I already altered ~/.ssh/config and made it read port 54545, that is mentioned in SDB for 'ssh'.

@ ab #8, thanks for the diff, I will work on it after finishing cpio on my production box.

[inkjetunit]

Now I can ssh at port 54545@localhost but I can't do it from other machines on network.

Code:

apogee:/home/apogee/.ssh # ssh -v 10.0.0.4
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to 10.0.0.4 [10.0.0.4] port 54545.
debug1: connect to address 10.0.0.4 port 54545: Connection refused
ssh: connect to host 10.0.0.4 port 54545: Connection refused

apogee:/home/apogee/.ssh # ssh -v apogee.suse.lst
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to apogee.suse.lst [127.0.0.2] port 54545.
debug1: connect to address 127.0.0.2 port 54545: Connection refused
ssh: connect to host apogee.suse.lst port 54545: Connection refused

apogee:/home/apogee/.ssh # ssh -v localhost
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 54545.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 6b:xx:da:xx:78:58:xx:00:ac:yy:ab:aa:55:d8:98:ad
debug1: checking without port identifier
The authenticity of host '[localhost]:54545 ([::1]:54545)' can't be established.
RSA key fingerprint is 6b:4f:da:d0:78:58:98:00:ac:b1:ab:1f:55:d8:98:ab.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:54545' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Next authentication method: keyboard-interactive
Password: 
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Password: 
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Password: 
debug1: Authentication succeeded (keyboard-interactive).
Authenticated to localhost ([::1]:54545).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last failed login: Tue Jan  1 12:33:13 PST 2013 from localhost on ssh:notty
There were 2 failed login attempts since the last successful login.
Have a lot of fun...
apogee:~ #

What am I missing here?