Visit Our UNIX and Linux User Community


ssh connection closed by ip


 
Thread Tools Search this Thread
Operating Systems AIX ssh connection closed by ip
# 1  
Old 04-07-2011
MySQL ssh connection closed by ip

Hi i am trying to do ssh without password between 2 aix servers.

before i generate the keys, i am able to do the ssh & it is asking for password & i am able to login.
========================
Code:
# ssh 172.29.150.77
root@172.29.150.77's password:

========================
but when i generate rsa or dsa keys, i am not able to do ssh
========================
Code:
# ssh-keygen -t rsa
Generating public/private rsa key pair.

Enter file in which to save the key (//.ssh/id_rsa): Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in //.ssh/id_rsa.
Your public key has been saved in //.ssh/id_rsa.pub.
The key fingerprint is:
65:22:c8:eb:42:3e:8e:d9:a4:35:b6:77:79:e9:ad:74 root@STARINPRRAC01
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|   . .           |
|    o . . o      |
|     . . +       |
|  . .   S        |
| o .             |
|  O .  ...E      |
| X =. o.oo       |
|+ +. . oo..      |
+-----------------+
#
#
# ssh 172.29.150.77
Connection closed by 172.29.150.77

============================

Code:
# ssh -vvv 172.29.150.77
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so):   0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
        0509-026 System error: A file or directory in the path name does not exist.

debug1: Error loading Kerberos, disabling Kerberos auth.
debug2: ssh_connect: needpriv 0
debug1: Connecting to 172.29.150.77 [172.29.150.77] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /.ssh/identity type -1
debug3: Not a RSA1 key file /.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /.ssh/id_rsa type 1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 126/256
debug2: bits set: 516/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug1: Host '172.29.150.77' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:1
debug2: bits set: 481/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /.ssh/identity (0)
debug2: key: /.ssh/id_rsa (20052258)
debug2: key: /.ssh/id_dsa (0)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/identity
debug3: no such identity: /.ssh/identity
debug1: Offering public key: /.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
Connection closed by 172.29.150.77

===============================

Code:
# cat ssh_config
#       $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#PreferredAuthentications publickey,hostbased,keyboard-interactive,password

=========================

Code:
# cat sshd_config
#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
StrictModes no
#MaxAuthTries 6
#MaxSessions 10

RSAAuthentication no
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server

=====================

Code:
# ls -ld /
drwxr-xr-x   23 root     system         4096 Apr 07 09:54 /
# ls -ld /.ssh
drwx------    2 root     system          256 Apr 07 09:55 /.ssh
# ls -ld /.ssh/*
-rw-------    1 root     system         1675 Apr 07 09:55 /.ssh/id_rsa
-rw-r--r--    1 root     system          400 Apr 07 09:55 /.ssh/id_rsa.pub
-rw-r--r--    1 root     system          395 Apr 07 09:54 /.ssh/known_hosts

---------- Post updated at 10:11 AM ---------- Previous update was at 10:09 AM ----------

Guys, any help is appreciated.

for reference i have attached, permissions, ssh_config, sshd_config, verbose output of ssh.

its been 4 days stuck on same issue.

---------- Post updated at 01:45 PM ---------- Previous update was at 10:11 AM ----------

Finally came up with a workaround for the issue, as i needed the ssh without password for RAC configuration.

workaround:-
changes in sshd_config
Protocol 2

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
created keys using ssh-keygen -t rsa1
copied contents of .ssh/identity.pub to authorized_keys & restarted ssh service....walla

i knw ssh1 is less secured compared to ssh2, but desparate times needs desperate measures.

Hope this helps someone someday...
TC

---------- Post updated at 01:46 PM ---------- Previous update was at 01:45 PM ----------

Solved

Last edited by pludi; 04-07-2011 at 04:14 AM..
# 2  
Old 04-08-2011
Glad you solved it, share your solution!

Previous Thread | Next Thread
Test Your Knowledge in Computers #379
Difficulty: Medium
Solaris is UNIX V7, UNIX 03 and UNIX 98 compliant.
True or False?

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Server closed the connection unexpectedly

Hi, I have a bash script which connects HP Vertica DB and executes few sql files in sequential manner. One sql file has commands related to one table(stage , base schema tables)and contains 7-8 commands such as creating temp table, inserting data into tables etc. For few tables, which have high... (7 Replies)
Discussion started by: Dharmatheja
7 Replies

2. UNIX for Advanced & Expert Users

How keep running a program n an another computer via a connection ssh when the connection is closed?

Hi everybody, I am running a program on a supercomputer via my personal computer through a ssh connection. My program take more than a day to run, so when I left work with my PC I stop the connection with the supercomputer and the program stop. I am wondering if someone know how I can manage... (2 Replies)
Discussion started by: TomTomGre
2 Replies

3. HP-UX

Connection closed by foreign host

I am trying to connect to my HP server from remote machine. It gets connected but once credential are provided the connection is closed. adroit:/home/seo/hitendra 32 ] telnet myserv1 Trying... Connected to myserv1. Escape character is '^]'. Local flow control on Telnet TERMINAL-SPEED... (4 Replies)
Discussion started by: hiten.r.chauhan
4 Replies

4. Red Hat

Unable to SSH into machine - ssh_exchange_identification: Connection closed by remote host

For a few days now I have been experiencing issues when trying to SSH into 1 of my machine. I get the following output when running 'ssh -vvv': server1:/home/mymadq> ssh -l root -vvv server2 OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /etc/ssh/ssh_config... (3 Replies)
Discussion started by: jaapar
3 Replies

5. UNIX for Advanced & Expert Users

Tomcat Connection closed

Hi how can do why a process closed a connection? # lsof -i tcp:8080 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME java 5851 tomcat 29u IPv6 73216185 TCP *:webcache (LISTEN) # telnet localhost 8080 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1).... (0 Replies)
Discussion started by: lain
0 Replies

6. UNIX for Advanced & Expert Users

"Connection closed by remote host" while doing ssh to a solaris box

Hi All, When i try to do ssh from a linux to solaris box its throughing "Connection closed by remote host". Please not that this error is not occuring every time i do ssh, it occurs at random timing( Mostly ssh is successful) - unfortunately my script which is doing ssh is falling at this time... (4 Replies)
Discussion started by: pkumar7
4 Replies

7. HP-UX

ftp first connection closed

Hi, Have anyone seen this problem, there is one remote side where their ftp connection to our server will always fail with connection closed by remote host and the second connection will be working. is this an OS issue or network issue? Thanks Robert (4 Replies)
Discussion started by: robertngo
4 Replies

8. Solaris

Server unexpectedly closed network connection error in passwordless in ssh through

Hi , when i try to passwordless connection login in ssh through putty, i am getting the "Server unexpectedly closed network connection" error.i have already finished the public and private key settings for the particular user. thanks MaroV (1 Reply)
Discussion started by: vr_mari
1 Replies

9. UNIX for Dummies Questions & Answers

ssh_exchange_identification: Connection closed by remote host Connection closed

Hi Everyone, Good day. Scenario: 2 unix servers -- A (SunOS) and B (AIX) I have an ftp script to sftp 30 files from A to B which happen almost instantaneously i.e 30 sftp's happen at the same time. Some of these sftp's fail with the following error: ssh_exchange_identification: Connection... (1 Reply)
Discussion started by: jeevan_fimare
1 Replies

10. UNIX for Advanced & Expert Users

SFTP Connection Closed

Hey when trying to connect to a server using a key I get sftp -o 'Port=22' -o'IdentityFile=/home/datatel/.ssh/id_dsa_xei' becker_xei@host Connecting to host... ANGEL SFTP ServerConnection closed by host Connection closed Any ideas? (1 Reply)
Discussion started by: ed.browne
1 Replies

Featured Tech Videos