Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

"Connection closed by remote host"

2,840 views
Skip to first unread message

Kristian

unread,
Oct 5, 2009, 9:50:58 PM10/5/09
to
Hello Everybody,

I'm having a very strange issue when trying to connect to an OpenSSH
server running on my Debian box (used as a firewall/nat). When I
connect from my laptop (Windows XP, putty) I get the following
message: "Server unexpectedly closed network connection." When I use
the ssh in mingw or cygwin i get "Connection closed by remote host."
I can connect fine from my main desktop (Windows 7, putty), and from
my mother's laptop (Ubuntu).

The following line shows up in my /var/log/auth.log when I try to
connect:
Oct 5 21:41:06 ***** sshd[8693]: refused connect from 192.168.0.51
(192.168.0.51)

This issue occurs no matter where I connect from (within the network
or from another location).

Am I missing something obvious? Did I trigger a block by typing my
password in wrong one too many times? Any help or a point in the right
direction would be much appreciated.

Thanks

Unruh

unread,
Oct 5, 2009, 10:31:31 PM10/5/09
to
Kristian <kristi...@gmail.com> writes:

>Hello Everybody,

/etc/hosts.allow
sshd:192.168.0.:allow


>Thanks

Kristian

unread,
Oct 6, 2009, 9:06:59 AM10/6/09
to
On Oct 5, 10:31 pm, Unruh <unruh-s...@physics.ubc.ca> wrote:

Thank you for your fast response, I tried what you said, and I also
realized that my ip was in the hosts.deny file for some reason, so I
removed it. It still doesn't work though, now I get a "Did not receive
identification string from" in the server log and a "Connection closed
by 192.168.0.1" message on the laptop.

How come I ended up on the hosts.deny list, and why aren't I sending
an identification string?

Nico Kadel-Garcia

unread,
Oct 6, 2009, 4:39:59 PM10/6/09
to

Do you have some monitoring software that detects failed connections
and temporarily blocks them?

Kristian

unread,
Oct 6, 2009, 4:56:11 PM10/6/09
to

I myself don't, but connecting internally works now, which leads me to
believe that there's something in between me and my home computer
that's blocking the connections. How would I go about testing for
something like that?

Nico Kadel-Garcia

unread,
Oct 6, 2009, 7:36:14 PM10/6/09
to
On Oct 6, 4:56 pm, Kristian <kristianpi...@gmail.com> wrote:

> I myself don't, but connecting internally works now, which leads me to
> believe that there's something in between me and my home computer
> that's blocking the connections. How would I go about testing for
> something like that?

Well, I would start by using 'netcat' or 'nc' (as it's sometimes
called) to simply connect to port 22 on the target server, and see
what you get.

Kristian

unread,
Oct 7, 2009, 9:07:09 PM10/7/09
to

Is netcat a linux command? I'm running windows on my laptop and it
doesn't seem to want to nc, or netcat. I downloaded a windows nt
version of nc and tried with that. I get the following:
SSH-2.0-OpenSSH_5.1p1 Debian-5

So apparently I can contact the SSH server, I just can't log in in to
it?

Nico Kadel-Garcia

unread,
Oct 7, 2009, 11:26:20 PM10/7/09
to

Bingo. Is your Putty up to date? Can you use CygWin to use 'ssh -v -v'
and get more verbosity?

Kristian

unread,
Oct 8, 2009, 8:58:12 AM10/8/09
to

One would hope that my putty is up to date considering the most recent
version was released in 2007, but I checked and it is. Mingw ssh gives
me the following with the -v -v command:

OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 500 anon 1
debug1: Connecting to pool-96-232-115-56.nycmny.fios.verizon.net
[96.232.115.56] port 22.
debug1: temporarily_use_uid: 500/544 (e=500)
debug1: restore_uid
debug1: temporarily_use_uid: 500/544 (e=500)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /home/****/.ssh/identity type -1
debug1: identity file /home/****/.ssh/id_rsa type -1
debug1: identity file /home/****/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.1p1 Debian-5
debug1: match: OpenSSH_5.1p1 Debian-5 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.9p2
debug1: SSH2_MSG_KEXINIT sent
Connection closed by 96.232.115.56
debug1: Calling cleanup 0x41bcc4(0x0)

It doesn't look like there's anything weird there.

Nico Kadel-Garcia

unread,
Oct 8, 2009, 12:22:10 PM10/8/09
to

Interesting: I'm out of practice directly reading 'ssh -v' output, but
can you connect to it from itself? Connecting to its actual external
IP address, as well as to the 'localhost' IP address of 127.0.0.1?

Kristian

unread,
Oct 8, 2009, 5:03:46 PM10/8/09
to

Yes, it can connect to itself, and I can connect to it from within the
network. The problem is connecting to it from the internet.

mikea

unread,
Oct 8, 2009, 5:53:20 PM10/8/09
to
Kristian <kristi...@gmail.com> wrote in <efc2fb0e-0369-40f1...@b18g2000vbl.googlegroups.com>:
> On Oct 8, 12:22?pm, Nico Kadel-Garcia <nka...@gmail.com> wrote:
>> On Oct 8, 8:58?am, Kristian <kristianpi...@gmail.com> wrote:
>>
>>
>>
>> > On Oct 7, 11:26?pm, Nico Kadel-Garcia <nka...@gmail.com> wrote:
>>
>> > > On Oct 7, 9:07?pm, Kristian <kristianpi...@gmail.com> wrote:
>>
>> > > > On Oct 6, 7:36?pm, Nico Kadel-Garcia <nka...@gmail.com> wrote:

I just tried

ssh pool-96-232-115-56.nycmny.fios.verizon.net

and got a response:

: $ ssh pool-96-232-115-56.nycmny.fios.verizon.net
: The authenticity of host 'pool-96-232-115-56.nycmny.fios.verizon.net
: (96.232.115.56)' can't be established.
: DSA key fingerprint is 1d:04:bd:e6:e4:f7:8b:fa:17:fa:3e:e1:a9:ec:d5:12.
: +--[ DSA 1024]----+
: | .o. |
: | .. |
: | .. |
: | .+. |
: | S=. E |
: | o . oo |
: | . +o+.|
: | ..o*. |
: | .+*=+o |
: +-----------------+
: Are you sure you want to continue connecting (yes/no)? ^C$

So it is visible from the big-I Internet.

--
Perl's spec is a printout of Larry's source code, which looks the same
in ascii, ebcdic, and gzipped binary form. --Steve Yegge
(shamelessly stolen from a post to alt.sysadmin.recovery by someone else)

Kristian

unread,
Oct 8, 2009, 10:28:55 PM10/8/09
to
On Oct 8, 5:53 pm, mikea <mi...@mikea.ath.cx> wrote:

Hmm. Would it be safe for me to set up an account on the box with no
privileges and ask you to log into it? The part that I get blocked at
is the login.

mikea

unread,
Oct 9, 2009, 8:56:29 AM10/9/09
to
Kristian <kristi...@gmail.com> wrote in <01fd0b0e-c6e1-434d...@m1g2000vbi.googlegroups.com>:

> Hmm. Would it be safe for me to set up an account on the box with no
> privileges and ask you to log into it? The part that I get blocked at
> is the login.

You have to make the decision about the safety; I affirm that I'll do no
more than to attempt to log in, to log out immediately if I'm successful,
and to report the success or failure to you by E-mail. I have no objection
to you running a packet trace on the attempt, since it's your machine. I'll
be trying from this machine.

If I can remember to do so, I'll run inside an instance of script, and
mail you the typescript file.

--
About a deceased operator:
I'm still more than a bit surprised that he was able to operate
the weapon in such a fashion that it would fire. This is grossly
inconsistent with _my_ experience of his abilities.

0 new messages