I'm trying to connect to an AWS server with SSH. But for some reason I can't. When I run below:
ssh -i <keypair.pem> ec2-user#<ip> -vvv
I get:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "<ip>" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to <ip> [<ip>] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file <keypair.pem> type -1
debug1: key_load_public: No such file or directory
debug1: identity file <keypair.pem>-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4
I'm guessing this is a router ip ban configuration problem? What can I do?
Check the permissions and contents of your remote .ssh directory. Do have your public key in the authorized_keys file? See the following links
https://en.wikibooks.org/wiki/OpenSSH/Logging_and_Troubleshooting
http://www.oracle.com/technetwork/systems/unix/ssh-auth-keys-jsp-135687.html
https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server
Related
When trying to use reverse ssh to ssh into a non-port forwarded pc by using
ssh -R 2222:localhost:22 root#209.145.57.231 on the target,
and then doing the command
ssh localhost -p 2222 on the server, it gives me the error kex_exchange_identification: Connection closed by remote host no matter what I try
SSH Logs from -vvv:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "localhost" port 2222
debug2: ssh_connect_direct
debug1: Connecting to localhost [127.0.0.1] port 2222.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
kex_exchange_identification: Connection closed by remote host```
output on target's side when trying to connect with -v
```debug1: client_input_channel_open: ctype forwarded-tcpip rchan 2 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 2222, originator 127.0.0.1 port 38136
debug1: getsockopt TCP_NODELAY: Invalid argument
debug1: connect_next: host localhost ([::1]:22) in progress, fd=7
debug1: channel 1: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug1: channel 1: connected to localhost port 22
debug1: channel 1: free: 127.0.0.1, nchannels 2```
After searching the error message "getsockopt TCP_NODELAY: Invalid argument" I found out that there wasn't an ssh handler or server running on the target (or client, the one that was doing the original ssh tunneling). After running on a simple golang ssh server, the error disappeared.
I've reinstalled the QNX RTOS 6.5.0 on virtualbox of which I was able to ssh into using the following command: ssh root#127.0.0.1 -p 3022. The network settings inside my VirtualBox environment is set to NAT, and port forwarding set to:
When attempting to connect with -vvv flags:
$ ssh -vvv root#127.0.0.1 -p 3022
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/main/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "127.0.0.1" port 3022
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 3022.
debug1: Connection established.
debug1: identity file /home/main/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/main/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
ssh_exchange_identification: Connection closed by remote host
On QNX I have the following options modified in /etc/ssh/sshd_config:
PermitRootLogin yes
PermitEmptyPasswords yes
Subsystem sftpd /usr/libexec/sftp-server
I am also able to ssh into my laptop via the vm, however not the other way around. I also tried ssh'ing into my laptop which works, then ssh'ing back into the vm in the same vm session and am presented with the same error.
Solved. The solution was to generate new rsa and dsa keys with:
random -t
ssh-keygen -t rsa -f /etc/ssh/ssh_host_key -b 1024
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
and then add sshd to the /etc/group list: sshd:x:6:root
then re-run sshd: /usr/sbin/sshd
source: How do you install an ssh server on qnx?
To extend on the above sourced solution, I found that on reboot I was no longer able to ssh into the VM. This was solved by going into /etc/rc.d/ and adding the line /usr/sbin/sshd to the rc.local file.
Until recently I was able to SSH into my Vagrant machine without any problems. Now however:
$ ssh -vvv vagrant#127.0.0.1 -p 2222
OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "127.0.0.1" port 2222
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user1/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
ssh_exchange_identification: read: Connection reset by peer
I checked /etc/hosts.allow and /etc/hosts.deny in the guest. Nothing there. I'm almost sure this has something to do with someone rewriting the contents of /etc/resolv.conf. The contents are now:
nameserver 8.8.8.8
nameserver 8.8.4.4
The network seems to be fine on the host where I can ping google.com, but not on the guest, where I can't. But SSH to the Vagrant machine is no longer working. Any ideas?
The answer is not at all what I expected. In VirtualBox Settings > Network > Adapter 1 the Cable Connected option was disabled. After enabling it everything went back to normal.
After installing owncloud and running the MySQL secure setup I can not connect to the server anymore. I get the following error:
MacBook-Pro:~ username$ ssh -i ~/.ssh/authorized_keys2 root#x.x.x.x -v
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/.ssh/authorized_keys2 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/.ssh/authorized_keys2-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
ssh_exchange_identification: Connection closed by remote host
Whats going on and how can I fix it? I still have an active conneciton to the server
Check /var/log/messages file and see what the error message is. In many case it just a misconfiguration of permission.
if I try t connect to my remote server via SSH I get stuck to this, and I can't figure out how to going on.
tiziano#tiziano-HP ~ $ ssh -Tvvv -p 21 username#example.com
OpenSSH_6.2p2 Ubuntu-6ubuntu0.3, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to example.com [10.10.10.10] port 21.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/tiziano/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/tiziano/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/tiziano/.ssh/id_rsa-cert type -1
debug1: identity file /home/tiziano/.ssh/id_dsa type -1
debug1: identity file /home/tiziano/.ssh/id_dsa-cert type -1
debug1: identity file /home/tiziano/.ssh/id_ecdsa type -1
debug1: identity file /home/tiziano/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.3
debug1: ssh_exchange_identification: 220 (vsFTPd 2.0.5)
debug1: ssh_exchange_identification: 530 Please login with USER and PASS.
Obviusly the username and the domain(ip addres) showed above are fake, I changed them.
$ ssh -Tvvv -p 21 username#example.com
Port 21 is is the default port for FTP. You're connecting to an FTP server, not an SSH server. The "530 Please login with USER and PASS" message is a typical FTP server error message.
The default port for SSH is 22, not 21.