Hi All,
i have built a couple sshd servers, and while doing keyscans to validate the responses im getting good response from one but not the other, any ideas on whats wrong , the configs al look similar at both ends....
failing one
MSU28:/u/msu28: >ssh-keyscan -vvv -t rsa ip.adddress
debug2: fd 3 setting O_NONBLOCK
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS0410 10.13.101.201: Connection closed by remote host
MSU28:/u/msu28: >
Working one
MSU28:/u/msu28: >ssh-keyscan -vvv -t rsa 10.1*******
debug2: fd 3 setting O_NONBLOCK
debug1: match: OpenSSH_5.0 pat OpenSSH*
# 10.13.105.201 SSH-2.0-OpenSSH_5.0
debug1: cipher_init: none from source OpenSSL
debug1: cipher_init: none from source OpenSSL
debug1: Enabling compatibility mode for protocol 2.0
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-g
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rij
ndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rij
ndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-g
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr
debug2: kex_parse_kexinit: hmac-sha1,hmac-ripemd160
debug2: kex_parse_kexinit: hmac-sha1,hmac-ripemd160
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: mac_setup_by_id: hmac-sha1 from source OpenSSL
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: mac_setup_by_id: hmac-sha1 from source OpenSSL
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 158/320
debug2: bits set: 1022/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
10.13.105.201 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1WWrY23gkqbJgc9CHreqUuNcLmuWIy
The server is pinging so there is no fw issue ,
ssh keyscan issue
Re: ssh keyscan issue
also the telnet to the failing system on port 22 says connection closed too, telnet on other ports work good
Re: ssh keyscan issue
ssh-keyscan needs to connect to the SSHD server and what you are seeing indicates that it can't.
Could be:
- the SSHD server is rejecting the request from this host/network/etc (see sshd_config)
- there is a firewall that is terminating the connection
Could be:
- the SSHD server is rejecting the request from this host/network/etc (see sshd_config)
- there is a firewall that is terminating the connection
Re: ssh keyscan issue
these systems that i am trying to and from are basically a same box, but differnt partitions
Re: ssh keyscan issue
What happens when you try to connect with: ssh -vvv to the same host?
You might check the server's sshd log file (in syslogd files). There may be some information there on why the request is rejected.
You might check the server's sshd log file (in syslogd files). There may be some information there on why the request is rejected.
Re: ssh keyscan issue
if i do within the same host i get te hsame issue , reckon its a non fw issue, tried changing teh port to 1022 as well , but no luck yet
MSU28:/u/msu28: >ssh-keyscan -vvv -t rsa -p 1022 1********
debug2: fd 3 setting O_NONBLOCK
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS0410 10.13.101.201: Connection closed by remote host
MSU28:/u/msu28: >ssh-keyscan -vvv -t rsa -p 1022 1********
debug2: fd 3 setting O_NONBLOCK
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS0410 10.13.101.201: Connection closed by remote host