[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Help a sshd newbie!



> I am starting to explore the server sides of linux. I just installed
> Mandrake 10.0 on a machine that I hope to be a webserver among other
> things. I set the security level to "Higher" which is only one level
> down from the strictest security setting. I have opened up only two
> services in Shorewall (mandrake's firewall), Web and SSH.
>
> I would like to do an ssh from my laptop to this system. However
> whenever I ssh the system, I get:
> ssh_exchange_identification: Connection closed by remote host
>
> I went to the server itself and tried to ssh itself. It worked when I
> used 127.0.0.1, but not when I tried the IP of the ethernet card,
> 192.168.1.29. When I tried the IP of eth0, I got the same message of
> Connection closed by remote host.

First off, how is sshd being run? I'm not sure of the default, but it is
normally ran in one of two ways: through inetd or xinetd or as a
standalone process.

Next, you need to look at where it is listening. This can be set in
various places depending on how you are running it. If sshd is running in
standalone mode (ie, if sshd is started when you enter a specific
runlevel) you'll want to look in /etc/ssh/*. If you're running it via
xinetd or inetd you need to make sure /etc/hosts.allow or /etc/hosts.deny
is set. You'll also want to check /etc/inetd.conf or /etc/xinetd.conf
(possibly the /etc/xinetd.d/ directory, or something similiar).

If this doesn't work, check the firewall. Shorewall may be blocking tcp
connections to port 22 (ssh) from everything except localhost (127.0.0.1).
I'm not very familiar with iptables or shorewall, so maybe someone else
can help you there. (Off-topic: I'm waiting for someone to port PF to
linux.)

>
> Any ideas?
>
> Thanks ahead of time,
> Ken Keefe
>
> PS, I am not sure if this info helps, but I was able to connect to the
> Apache server from my laptop. It seems to only be blocking ssh
> connections.
>

Brandon Joseph Adams
Fresh I, Kettering University
bja@metawire.org

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.