sshd refuses ssh connections

René Berber rberber@prodigy.net.mx
Wed Oct 19 22:02:00 GMT 2005


Marc Jourdeuil wrote:

> If the mode of the host keys is readable by other, sshd won't start.
> /var/log/sshd.log
> 
> chmod g+r ssh_host_dsa_key
> chmod g+r ssh_host_rsa_key
> chmod g+r ssh_host_key

Whoa there!  I never said "change them", don't touch that.

[snip]
> /usr/sbin/sshd -D -dd
> debug2: load_server_config: filename /etc/sshd_config
> debug2: load_server_config: done config len = 187
> debug2: parse_server_config: config /etc/sshd_config len 187
> debug1: sshd version OpenSSH_3.9p1
> debug1: private host key: #0 type 0 RSA1
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA
> /var/empty must be owned by root and not group or world-writable.

Check /var/empty, it should be created by the script and look like:
$ ll /var/empty
total 0
drwxr-xr-x+  2 SYSTEM  None 0 May 20  2004 ./

> Like this, ssh starts.

I don't follow, like this means...

> when you run ssh-host-config, if the keys already exist, it leaves them as
> is, which is fine.
> netstat -abn -> b is not a vaild option

In Windows XP it's a valid option...
$ netstat /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]

  -a            Displays all connections and listening ports.
  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
...

Anyway you can also use tcpview from www.sysinternals.com if needed.

[snip]
> sshd is running again.
> The password file is correct for W2K, according to
> /usr/share/doc/Cygwin/login.README
> 
> p4-3000:marcj:{/etc}224 % ps -ef
>      UID     PID    PPID TTY     STIME COMMAND
...
>   SYSTEM    1156       1   ?  15:04:57 /usr/bin/cygrunsrv
>   SYSTEM    1716    1156   ?  15:04:57 /usr/sbin/sshd
...
> I have turned off the firewall.
> 
> ssh marcj@127.0.0.1
> ssh_exchange_identification: Connection closed by remote host

[Rant: stop repeating the same thing]

> p4-3000:marcj:{/etc}225 % ssh -vvv localhost
> OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
> debug1: Reading configuration data /etc/ssh_config
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to localhost [127.0.0.1] port 22.
> debug1: Connection established.
> debug1: identity file /home/marcj/.ssh/identity type -1
> debug1: identity file /home/marcj/.ssh/id_rsa type -1
> debug1: identity file /home/marcj/.ssh/id_dsa type -1
> ssh_exchange_identification: Connection closed by remote host

Your user "marcj" doesn't have keys.

Read /usr/share/doc/Cygwin/openssh.README, run ssh-user-config (additional info
in man ssh-keygen and ssh_config).
-- 
René Berber


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list