SSH Failure

mmontz · January 3, 2017, 12:15am

Just installed Leap 42.2 on one workstation. Trying to connect from another Leap 42.2 workstation.

No firewall on either workstation. Can ping both workstations from each other. sshd is running on both machines. This had worked before installing.

The only change made to the default sshd_config is:

Port 22
#AddressFamily any
ListenAddress 192.168.25.0
#ListenAddress ::

ssh -vvvvv mmontz@tower.zaphod
OpenSSH_7.2p2, OpenSSL 1.0.2j-fips 26 Sep 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 25: Applying options for *
debug2: resolving “tower.zaphod” port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to tower.zaphod [192.168.25.133] port 22.
debug1: connect to address 192.168.25.133 port 22: Connection refused
ssh: connect to host tower.zaphod port 22: Connection refused

deano_ferrari · January 3, 2017, 12:57am

[QUOTE=mmontz;2806620]Just installed Leap 42.2 on one workstation. Trying to connect from another Leap 42.2 workstation.

No firewall on either workstation. Can ping both workstations from each other. sshd is running on both machines.


Can you confirm this with the following on each machine?

sudo netstat -anp | grep sshd

sytsemctl status sshd

deano_ferrari · January 3, 2017, 12:59am

You can also check the validity of the config files using

sudo sshd -T

mmontz · January 3, 2017, 1:50am

Here is the output of all three commands:

sudo netstat -anp | grep sshd
tcp 0 0 192.168.25.0:22 0.0.0.0:* LISTEN 31730/sshd
unix 3 ] STREAM CONNECTED 209546 31730/sshd -

sudo sshd -T
port 22
protocol 2
addressfamily any
listenaddress 192.168.25.0:22
usepam yes
serverkeybits 1024
logingracetime 120
keyregenerationinterval 3600
x11displayoffset 10
maxauthtries 6
maxsessions 10
clientaliveinterval 0
clientalivecountmax 3
streamlocalbindmask 0177
kexdhmin 2048
permitrootlogin yes
ignorerhosts yes
ignoreuserknownhosts no
rhostsrsaauthentication no
hostbasedauthentication no
hostbasedusesnamefrompacketonly no
rsaauthentication yes
pubkeyauthentication yes
kerberosauthentication no
kerberosorlocalpasswd yes
kerberosticketcleanup yes
gssapiauthentication no
gssapikeyexchange no
gssapicleanupcredentials yes
gssapistrictacceptorcheck no
gssapistorecredentialsonrekey no
passwordauthentication no
kbdinteractiveauthentication yes
challengeresponseauthentication yes
printmotd yes
printlastlog yes
x11forwarding yes
x11uselocalhost yes
permittty yes
permituserrc yes
strictmodes yes
tcpkeepalive yes
permitemptypasswords no
permituserenvironment no
uselogin no
compression delayed
gatewayports no
usedns no
allowtcpforwarding yes
allowagentforwarding yes
allowstreamlocalforwarding yes
useprivilegeseparation sandbox
fingerprinthash SHA256
pidfile /run/sshd.pid
xauthlocation /usr/bin/xauth
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.
com
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
,hmac-sha1-etm@openssh.com ,umac-64@openssh.com ,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
versionaddendum none
kexalgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellma
n-group-exchange-sha256,diffie-hellman-group14-sha1
hostbasedacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa
-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v0
1@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,s
sh-rsa,ssh-dss
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-ni
stp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openss
h.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,s
sh-dss
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sh
a2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@o
penssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-
rsa,ssh-dss
loglevel INFO
syslogfacility AUTH
authorizedkeysfile .ssh/authorized_keys
hostkey /etc/ssh/ssh_host_rsa_key
hostkey /etc/ssh/ssh_host_dsa_key
hostkey /etc/ssh/ssh_host_ecdsa_key
hostkey /etc/ssh/ssh_host_ed25519_key
acceptenv LANG
acceptenv LC_CTYPE
acceptenv LC_NUMERIC
acceptenv LC_TIME
acceptenv LC_COLLATE
acceptenv LC_MONETARY
acceptenv LC_MESSAGES
acceptenv LC_PAPER
acceptenv LC_NAME
acceptenv LC_ADDRESS
acceptenv LC_TELEPHONE
acceptenv LC_MEASUREMENT
acceptenv LC_IDENTIFICATION
acceptenv LC_ALL
subsystem sftp /usr/lib/ssh/sftp-server
maxstartups 10:30:100
permittunnel no
ipqos lowdelay throughput
rekeylimit 0 0
permitopen any

s systemctl status sshd -l
● sshd.service - OpenSSH Daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2017-01-02 17:05:26 CST; 1h 44min ago
Process: 31724 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
Main PID: 31730 (sshd)
Tasks: 1 (limit: 512)
CGroup: /system.slice/sshd.service
└─31730 /usr/sbin/sshd -D

Jan 02 17:05:25 sony.suse systemd[1]: Starting OpenSSH Daemon…
Jan 02 17:05:25 sony.suse sshd-gen-keys-start[31724]: Checking for missing server keys in /etc/ssh
Jan 02 17:05:26 sony.suse sshd-gen-keys-start[31724]: ssh-keygen: generating new host keys: RSA1 RSA DSA ECDSA ED
25519
Jan 02 17:05:26 sony.suse systemd[1]: Started OpenSSH Daemon.
Jan 02 17:05:26 sony.suse sshd[31730]: Server listening on 192.168.25.0 port 22.

deano_ferrari · January 3, 2017, 5:54am

This is the likely cause of your problem. The address needs to match IP address(es) assigned to the applicable interface(s) on the server if you use the option at all. So remove it, or edit it accordingly.

listenaddress 192.168.25.0:22

There is no need to specifiy the port here either.

If you want to restrict hosts, use /etc/hosts.allow and/or /etc/hosts.deny. Also investigate the AllowUsers and DenyUsers options in the man page…

man sshd_config

ab · January 3, 2017, 6:36am

On 01/02/2017 04:16 PM, mmontz wrote:
>
> Just installed Leap 42.2 on one workstation. Trying to connect from
> another Leap 42.2 workstation.
>
> No firewall on either workstation. Can ping both workstations from each
> other. sshd is running on both machines. This had worked before
> installing.
>
> The only change made to the default sshd_config is:
>
> Port 22
> #AddressFamily any
> ListenAddress 192.168.25.0
> #ListenAddress ::

The server, presumably, has 192.168.25.0 as a bound IP address; while a
bit odd, that’s not impossible, so if sshd starts on the server, that
should be fine. However…

> ssh -vvvvv mmontz@tower.zaphod
> OpenSSH_7.2p2, OpenSSL 1.0.2j-fips 26 Sep 2016
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 25: Applying options for *
> debug2: resolving “tower.zaphod” port 22
> debug2: ssh_connect_direct: needpriv 0
> debug1: Connecting to tower.zaphod [192.168.25.133] port 22.
> debug1: connect to address 192.168.25.133 port 22: Connection refused
> ssh: connect to host tower.zaphod port 22: Connection refused

192.168.25.133 is not the same as 192.168.25.0. ‘tower.zaphod’ is not
resolving to 192.168.25.0, so presumably fix that, or go to the IP address
directly, and perhaps things will work.

–
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

mmontz · January 4, 2017, 1:50am

This was my mistake. When I had this running before I rebuilt I must have used the default sshd_config.

Thanks all who replied.

deano_ferrari · January 4, 2017, 1:58am

No worries. Glad to have been of assistance.