Results 1 to 8 of 8

Thread: SSH Failure

  1. #1

    Default SSH Failure

    Just installed Leap 42.2 on one workstation. Trying to connect from another Leap 42.2 workstation.

    No firewall on either workstation. Can ping both workstations from each other. sshd is running on both machines. This had worked before installing.

    The only change made to the default sshd_config is:

    Port 22
    #AddressFamily any
    ListenAddress 192.168.25.0
    #ListenAddress ::



    ssh -vvvvv mmontz@tower.zaphod
    OpenSSH_7.2p2, OpenSSL 1.0.2j-fips 26 Sep 2016
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 25: Applying options for *
    debug2: resolving "tower.zaphod" port 22
    debug2: ssh_connect_direct: needpriv 0
    debug1: Connecting to tower.zaphod [192.168.25.133] port 22.
    debug1: connect to address 192.168.25.133 port 22: Connection refused
    ssh: connect to host tower.zaphod port 22: Connection refused




  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,674
    Blog Entries
    1

    Default Re: SSH Failure

    [QUOTE=mmontz;2806620]Just installed Leap 42.2 on one workstation. Trying to connect from another Leap 42.2 workstation.

    No firewall on either workstation. Can ping both workstations from each other. sshd is running on both machines.[/CODE]
    Can you confirm this with the following on each machine?
    Code:
    sudo netstat -anp | grep sshd
    Code:
    sytsemctl status  sshd

  3. #3
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,674
    Blog Entries
    1

    Default Re: SSH Failure

    You can also check the validity of the config files using
    Code:
    sudo sshd -T

  4. #4

    Default Re: SSH Failure

    Here is the output of all three commands:

    sudo netstat -anp | grep sshd

    tcp 0 0 192.168.25.0:22 0.0.0.0:* LISTEN 31730/sshd
    unix 3 [ ] STREAM CONNECTED 209546 31730/sshd -

    sudo sshd -T
    port 22
    protocol 2
    addressfamily any
    listenaddress 192.168.25.0:22
    usepam yes
    serverkeybits 1024
    logingracetime 120
    keyregenerationinterval 3600
    x11displayoffset 10
    maxauthtries 6
    maxsessions 10
    clientaliveinterval 0
    clientalivecountmax 3
    streamlocalbindmask 0177
    kexdhmin 2048
    permitrootlogin yes
    ignorerhosts yes
    ignoreuserknownhosts no
    rhostsrsaauthentication no
    hostbasedauthentication no
    hostbasedusesnamefrompacketonly no
    rsaauthentication yes
    pubkeyauthentication yes
    kerberosauthentication no
    kerberosorlocalpasswd yes
    kerberosticketcleanup yes
    gssapiauthentication no
    gssapikeyexchange no
    gssapicleanupcredentials yes
    gssapistrictacceptorcheck no
    gssapistorecredentialsonrekey no
    passwordauthentication no
    kbdinteractiveauthentication yes
    challengeresponseauthentication yes
    printmotd yes
    printlastlog yes
    x11forwarding yes
    x11uselocalhost yes
    permittty yes
    permituserrc yes
    strictmodes yes
    tcpkeepalive yes
    permitemptypasswords no
    permituserenvironment no
    uselogin no
    compression delayed
    gatewayports no
    usedns no
    allowtcpforwarding yes
    allowagentforwarding yes
    allowstreamlocalforwarding yes
    useprivilegeseparation sandbox
    fingerprinthash SHA256
    pidfile /run/sshd.pid
    xauthlocation /usr/bin/xauth
    ciphers chacha20-poly1305@openssh.com,aes128...cm@openssh.com,aes256-gcm@openssh.
    com
    macs umac-64-etm@openssh.com,umac-128-etm...tm@openssh.com
    ,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
    versionaddendum none
    kexalgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellma
    n-group-exchange-sha256,diffie-hellman-group14-sha1
    hostbasedacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh...01@openssh.com,ecdsa
    -sha2-nistp521-cert-v01@openssh.com,...01@openssh.com,ssh-dss-cert-v0
    1@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,s
    sh-rsa,ssh-dss
    hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh...01@openssh.com,ecdsa-sha2-ni
    stp521-cert-v01@openssh.com,ssh-ed25...01@openssh.com,ssh-dss-cert-v01@openss
    h.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,s
    sh-dss
    pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh...01@openssh.com,ecdsa-sh
    a2-nistp521-cert-v01@openssh.com,ssh...01@openssh.com,ssh-dss-cert-v01@o
    penssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-
    rsa,ssh-dss
    loglevel INFO
    syslogfacility AUTH
    authorizedkeysfile .ssh/authorized_keys
    hostkey /etc/ssh/ssh_host_rsa_key
    hostkey /etc/ssh/ssh_host_dsa_key
    hostkey /etc/ssh/ssh_host_ecdsa_key
    hostkey /etc/ssh/ssh_host_ed25519_key
    acceptenv LANG
    acceptenv LC_CTYPE
    acceptenv LC_NUMERIC
    acceptenv LC_TIME
    acceptenv LC_COLLATE
    acceptenv LC_MONETARY
    acceptenv LC_MESSAGES
    acceptenv LC_PAPER
    acceptenv LC_NAME
    acceptenv LC_ADDRESS
    acceptenv LC_TELEPHONE
    acceptenv LC_MEASUREMENT
    acceptenv LC_IDENTIFICATION
    acceptenv LC_ALL
    subsystem sftp /usr/lib/ssh/sftp-server
    maxstartups 10:30:100
    permittunnel no
    ipqos lowdelay throughput
    rekeylimit 0 0
    permitopen any

    s systemctl status sshd -l
    sshd.service - OpenSSH Daemon
    Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled)
    Active: active (running) since Mon 2017-01-02 17:05:26 CST; 1h 44min ago
    Process: 31724 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
    Main PID: 31730 (sshd)
    Tasks: 1 (limit: 512)
    CGroup: /system.slice/sshd.service
    └─31730 /usr/sbin/sshd -D

    Jan 02 17:05:25 sony.suse systemd[1]: Starting OpenSSH Daemon...
    Jan 02 17:05:25 sony.suse sshd-gen-keys-start[31724]: Checking for missing server keys in /etc/ssh
    Jan 02 17:05:26 sony.suse sshd-gen-keys-start[31724]: ssh-keygen: generating new host keys: RSA1 RSA DSA ECDSA ED
    25519
    Jan 02 17:05:26 sony.suse systemd[1]: Started OpenSSH Daemon.
    Jan 02 17:05:26 sony.suse sshd[31730]: Server listening on 192.168.25.0 port 22.



  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,674
    Blog Entries
    1

    Default Re: SSH Failure

    This is the likely cause of your problem. The address needs to match IP address(es) assigned to the applicable interface(s) on the server if you use the option at all. So remove it, or edit it accordingly.
    Code:
    listenaddress 192.168.25.0:22
    There is no need to specifiy the port here either.

    If you want to restrict hosts, use /etc/hosts.allow and/or /etc/hosts.deny. Also investigate the AllowUsers and DenyUsers options in the man page...

    Code:
    man sshd_config

  6. #6

    Default Re: SSH Failure

    On 01/02/2017 04:16 PM, mmontz wrote:
    >
    > Just installed Leap 42.2 on one workstation. Trying to connect from
    > another Leap 42.2 workstation.
    >
    > No firewall on either workstation. Can ping both workstations from each
    > other. sshd is running on both machines. This had worked before
    > installing.
    >
    > The only change made to the default sshd_config is:
    >
    > Port 22
    > #AddressFamily any
    > ListenAddress 192.168.25.0
    > #ListenAddress ::


    The server, presumably, has 192.168.25.0 as a bound IP address; while a
    bit odd, that's not impossible, so if sshd starts on the server, that
    should be fine. However...

    > ssh -vvvvv mmontz@tower.zaphod
    > OpenSSH_7.2p2, OpenSSL 1.0.2j-fips 26 Sep 2016
    > debug1: Reading configuration data /etc/ssh/ssh_config
    > debug1: /etc/ssh/ssh_config line 25: Applying options for *
    > debug2: resolving "tower.zaphod" port 22
    > debug2: ssh_connect_direct: needpriv 0
    > debug1: Connecting to tower.zaphod [192.168.25.133] port 22.
    > debug1: connect to address 192.168.25.133 port 22: Connection refused
    > ssh: connect to host tower.zaphod port 22: Connection refused


    192.168.25.133 is not the same as 192.168.25.0. 'tower.zaphod' is not
    resolving to 192.168.25.0, so presumably fix that, or go to the IP address
    directly, and perhaps things will work.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  7. #7

    Default Re: SSH Failure

    This was my mistake. When I had this running before I rebuilt I must have used the default sshd_config.

    Thanks all who replied.

  8. #8
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,674
    Blog Entries
    1

    Default Re: SSH Failure

    Quote Originally Posted by mmontz View Post
    This was my mistake. When I had this running before I rebuilt I must have used the default sshd_config.

    Thanks all who replied.
    No worries. Glad to have been of assistance.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •