Results 1 to 3 of 3

Thread: SSH - Suddenly can't connect...

  1. #1
    Join Date
    Mar 2014
    Posts
    78

    SSH - Suddenly can't connect...

    Hi,
    I can't connect to my SSH dedicated server via any user.... why? Yesterday and since may everything works fine...
    I have never had this problem and I didn't do anything in configuration (before this 'error').... what can I do if I can't connect via SSH.... how to check any logs? :/


    I just find something like this:
    Code:
    ssh -v root@xxxxxxxx
    OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 19: Applying options for *
    debug1: Connecting to xxxxxxx [xxxxxxx] port 22.
    debug1: Connection established.
    debug1: identity file /home/shinjii/.ssh/id_rsa type 1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/shinjii/.ssh/id_rsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/shinjii/.ssh/id_dsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/shinjii/.ssh/id_dsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/shinjii/.ssh/id_ecdsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/shinjii/.ssh/id_ecdsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/shinjii/.ssh/id_ed25519 type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/shinjii/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
    debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
    debug1: Authenticating to xxxxxxx:22 as 'root'
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256@libssh.org
    debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ecdsa-sha2-nistp256 SHA256:j9MHePcTp4iOtmPqFotFxef8aW6bGWe7UbuBKEeNVzs
    debug1: Host 'xxxxxxxx' is known and matches the ECDSA host key.
    debug1: Found key in /home/shinjii/.ssh/known_hosts:11
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
    debug1: Next authentication method: gssapi-keyex
    debug1: No valid Key exchange context
    debug1: Next authentication method: gssapi-with-mic
    debug1: Unspecified GSS failure.  Minor code may provide more information
    No Kerberos credentials available
    
    debug1: Unspecified GSS failure.  Minor code may provide more information
    No Kerberos credentials available
    
    debug1: Unspecified GSS failure.  Minor code may provide more information
    
    
    debug1: Unspecified GSS failure.  Minor code may provide more information
    No Kerberos credentials available
    
    debug1: Next authentication method: publickey
    debug1: Offering RSA public key: /home/shinjii/.ssh/id_rsa
    debug1: Authentication succeeded (publickey).
    Authenticated to xxxxxx ([xxxxxxxxx]:22).
    debug1: channel 0: new [client-session]
    debug1: Requesting no-more-sessions@openssh.com
    debug1: Entering interactive session.
    debug1: pledge: network
    debug1: channel 0: free: client-session, nchannels 1
    Connection to xxxxxx closed by remote host.
    Connection to xxxxxx closed.
    Transferred: sent 1952, received 1740 bytes, in 0.0 seconds
    Bytes per second: sent 38437940.9, received 34263328.5
    debug1: Exit status -1


    My /etc/ssh/sshd_config

    Code:
    #	$OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
    
    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.
    
    # This sshd was compiled with PATH=/usr/local/bin:/usr/bin
    
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented.  Uncommented options override the
    # default value.
    
    # If you want to change the port on a SELinux system, you have to tell
    # SELinux about this change.
    # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
    #
    #Port 22
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    
    HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    HostKey /etc/ssh/ssh_host_ecdsa_key
    HostKey /etc/ssh/ssh_host_ed25519_key
    
    # Ciphers and keying
    #RekeyLimit default none
    
    # Logging
    SyslogFacility AUTH
    SyslogFacility AUTHPRIV
    #LogLevel INFO
    
    # Authentication:
    
    #LoginGraceTime 2m
    #PermitRootLogin yes
    #StrictModes yes
    MaxAuthTries 3
    #MaxSessions 10
    
    #PubkeyAuthentication yes
    
    # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
    # but this is overridden so installations will only check .ssh/authorized_keys
    AuthorizedKeysFile	.ssh/authorized_keys
    
    #AuthorizedPrincipalsFile none
    
    #AuthorizedKeysCommand none
    #AuthorizedKeysCommandUser nobody
    
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    
    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no
    PasswordAuthentication yes
    
    # Change to no to disable s/key passwords
    ChallengeResponseAuthentication yes
    #ChallengeResponseAuthentication no
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    #KerberosUseKuserok yes
    
    # GSSAPI options
    GSSAPIAuthentication yes
    GSSAPICleanupCredentials no
    #GSSAPIStrictAcceptorCheck yes
    #GSSAPIKeyExchange no
    #GSSAPIEnablek5users no
    
    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication.  Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin yes
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    # WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
    # problems.
    UsePAM yes
    
    #AllowAgentForwarding yes
    #AllowTcpForwarding yes
    #GatewayPorts no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PermitTTY yes
    #PrintMotd yes
    #PrintLastLog yes
    TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation sandbox
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #ShowPatchLevel no
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10:30:100
    #PermitTunnel no
    #ChrootDirectory none
    #VersionAddendum none
    
    # no default banner path
    #Banner none
    
    # Accept locale-related environment variables
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
    AcceptEnv XMODIFIERS
    
    # override default of no subsystems
    Subsystem	sftp	/usr/libexec/openssh/sftp-server
    
    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    #	X11Forwarding no
    #	AllowTcpForwarding no
    #	PermitTTY no
    #	ForceCommand cvs server
    
    AllowUsers root
    AllowUsers admin
    Last edited by ShinJii; 10-16-2018 at 02:58 AM.

  2. #2
    Join Date
    Mar 2014
    Posts
    78
    I don't know what changed but I found that I have to edit in my computer file /etc/ssh/ssh_config and set
    Code:
    GSSAPIAuthentication no
    ... now it works...

  3. #3
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,314
    Hello,

    Just ideas... that you could change on the server side:

    increase?

    Code:
    MaxAuthTries 3
    or disable?

    Code:
    GSSAPIAuthentication yes
    uncoment
    Code:
    #PermitRootLogin yes
    or remove:

    Code:
    AllowUsers root
    Regards, Alex G.

    - Get the best commercial DirectAdmin support and hire me on poralix.com
    - Follow and like @Poralix on Facebook

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •