Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
ssh_exchange_identification: Connection closed by remote host (Solaris 10)
2,821 views
Skip to first unread message
underh20
Sep 27, 2011, 8:00:28 PM9/27/11
to
Hello Madam/Sir,
Our server is running Solaris 10. There was an usual incident where
user can't get to this server via ssh.
The following error appears when trying to ssh to the server :
# ssh us...@dive.borneo.com
ssh_exchange_identification: Connection closed by remote host
I ran the following command and got the output about ssh connection
errors.
# ssh -v dive.borneo.com
Sun_SSH_1.1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to dive.borneo.com [10.22.30.250] port 22.
debug1: Connection established.
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
debug1: Calling cleanup 0x34894(0x0)
There's no change in the server or in the ssh config files.
I had to do "svcadm refresh ssh" to restart the SSH process and allow
the remote ssh in the server again.
Any idea how this problem happened and how to resolve it once and for
all ?
Thx,
Bill
Our server is running Solaris 10. There was an usual incident where
user can't get to this server via ssh.
The following error appears when trying to ssh to the server :
# ssh us...@dive.borneo.com
ssh_exchange_identification: Connection closed by remote host
I ran the following command and got the output about ssh connection
errors.
# ssh -v dive.borneo.com
Sun_SSH_1.1.3, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to dive.borneo.com [10.22.30.250] port 22.
debug1: Connection established.
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
debug1: Calling cleanup 0x34894(0x0)
There's no change in the server or in the ssh config files.
I had to do "svcadm refresh ssh" to restart the SSH process and allow
the remote ssh in the server again.
Any idea how this problem happened and how to resolve it once and for
all ?
Thx,
Bill
hume.sp...@bofh.ca
Sep 28, 2011, 9:17:10 AM9/28/11
to
underh20 <underh20.s...@gmail.com> wrote:
> # ssh us...@dive.borneo.com
> ssh_exchange_identification: Connection closed by remote host
The SSH server on dive.borneo.com is crashing for some reason.
> # ssh us...@dive.borneo.com
> ssh_exchange_identification: Connection closed by remote host
> There's no change in the server or in the ssh config files.
> I had to do "svcadm refresh ssh" to restart the SSH process and allow
> Any idea how this problem happened and how to resolve it once and for
> all ?
the misbehaving sshd show?
--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/
Bruce D Porter
Sep 28, 2011, 1:16:51 PM9/28/11
to
--
Bruce
"The internet is a huge and diverse community and not every one is friendly"
http://www.ytc1.co.uk
Oscar del Rio
Sep 28, 2011, 4:41:50 PM9/28/11
to
On 09/28/11 01:16 PM, Bruce D Porter wrote:
> On Wed, 28 Sep 2011 13:17:10 +0000, hume.spamfilter wrote:
>
>> underh20<underh20.s...@gmail.com> wrote:
>>> Any idea how this problem happened and how to resolve it once and for
>>> all ?
>>
>> Are you able to cause the bad behaviour over again? What does 'truss' on
>> the misbehaving sshd show?
>
> You forgot to ask him to check the logs ..... :-)
>
Check for hacking attempts, trying to guess passwords, which would
> On Wed, 28 Sep 2011 13:17:10 +0000, hume.spamfilter wrote:
>
>> underh20<underh20.s...@gmail.com> wrote:
>>> Any idea how this problem happened and how to resolve it once and for
>>> all ?
>>
>> Are you able to cause the bad behaviour over again? What does 'truss' on
>> the misbehaving sshd show?
>
> You forgot to ask him to check the logs ..... :-)
>
trigger sshd's MaxStartups feature and stop accepting connections.
A workaround is to change MaxStartups option, or block the IPs that are
trying to hack into the server.
Restarting sshd would temporarily "fix" it as the counters would be reset.
Casper H.S. Dik
Sep 29, 2011, 3:31:12 AM9/29/11
to
hume.sp...@bofh.ca writes:
>underh20 <underh20.s...@gmail.com> wrote:
>> # ssh us...@dive.borneo.com
>> ssh_exchange_identification: Connection closed by remote host
>The SSH server on dive.borneo.com is crashing for some reason.
Or protected with tcp-wrappers (possibly issues with the nameservice)
>underh20 <underh20.s...@gmail.com> wrote:
>> # ssh us...@dive.borneo.com
>> ssh_exchange_identification: Connection closed by remote host
>The SSH server on dive.borneo.com is crashing for some reason.
Or an issue with the disk (typically connection will be accepted
but the first attempt to visit the disk will cause the deamon
to die)
Casper
--
0 new messages