ssh_exchange_identification uClinux problem - SSH

This is a discussion on ssh_exchange_identification uClinux problem - SSH ; Hi all, I'm trying to run open sshd on an embedded sysyem, uClinux . It uses inetd to start it. I've googling for a few days and I'm stuck. 1) The daemon is running. 2) I get ssh_exchange_identification: Connection closed ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: ssh_exchange_identification uClinux problem

  1. ssh_exchange_identification uClinux problem

    Hi all,

    I'm trying to run open sshd on an embedded sysyem, uClinux . It uses
    inetd to start it. I've googling for a few days and I'm stuck.

    1) The daemon is running.
    2) I get ssh_exchange_identification: Connection closed by remote host
    trying to connect from a pc
    3) My inetd entry is:

    ssh stream tcp nowait root /bin/sshd -i

    4) I tried adding 'sshd: ALL' to /etc/hosts.allow
    5) I think there might be something about generating keys I'm missing
    6) I tried adduser and enabling PAM with no luck.

    Please help!
    Robert


  2. Re: ssh_exchange_identification uClinux problem


    robert wrote:

    > I'm trying to run open sshd on an embedded sysyem, uClinux . It uses
    > inetd to start it. I've googling for a few days and I'm stuck.
    >
    > 1) The daemon is running.
    > 2) I get ssh_exchange_identification: Connection closed by remote host
    > trying to connect from a pc
    > 3) My inetd entry is:
    >
    > ssh stream tcp nowait root /bin/sshd -i
    >
    > 4) I tried adding 'sshd: ALL' to /etc/hosts.allow
    > 5) I think there might be something about generating keys I'm missing
    > 6) I tried adduser and enabling PAM with no luck.


    The usual way to debug things is using "ssh -v ...", add more -v for
    more detail. The same goes for the server side.

    If that doesn't help start from the beginning, telnet to port 22, does
    it answer? if not then you may have a firewall, try from the server
    itself.

    About the keys, openssh documents how to set the host keys in the
    INSTALL file, something like: ssh-keygen -t dsa -f
    /etc/ssh/ssh_host_dsa_key -N ""; but the path may be different
    (/usr/local/etc) and usually rsa keys are also created. Each user's
    keys have to be created also. Some distributions include scripts to do
    both operations (something like ssh-host-config, ssh-user-config) but
    this varies.

    HTH
    --
    René Berber


  3. Re: ssh_exchange_identification uClinux problem


    René Berber wrote:
    > robert wrote:
    >
    > > I'm trying to run open sshd on an embedded sysyem, uClinux . It uses
    > > inetd to start it. I've googling for a few days and I'm stuck.
    > >


    > The usual way to debug things is using "ssh -v ...", add more -v for
    > more detail. The same goes for the server side.
    >
    > If that doesn't help start from the beginning, telnet to port 22, does
    > it answer? if not then you may have a firewall, try from the server
    > itself.


    This is what I get from the client - the servers only debug statement
    is when it loads sshd_config:

    /home/iksrazal/work/tweak/uClinux-dist> ssh -vvv -l root 10.101.42.101
    OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to 10.101.42.101 [10.101.42.101] port 22.
    debug1: Connection established.
    debug1: identity file /home/iksrazal/.ssh/identity type -1
    debug1: identity file /home/iksrazal/.ssh/id_rsa type -1
    debug1: identity file /home/iksrazal/.ssh/id_dsa type -1
    ssh_exchange_identification: Connection closed by remote host
    [linux(iksrazal)]
    /home/iksrazal/work/tweak/uClinux-dist> telnet 10.101.42.101 22
    Trying 10.101.42.101...
    Connected to 10.101.42.101.
    Escape character is '^]'.
    Connection closed by foreign host.

    These files did not exist when I ran the command:

    debug1: identity file /home/iksrazal/.ssh/identity type -1
    debug1: identity file /home/iksrazal/.ssh/id_rsa type -1
    debug1: identity file /home/iksrazal/.ssh/id_dsa type -1

    >
    > About the keys, openssh documents how to set the host keys in the
    > INSTALL file, something like: ssh-keygen -t dsa -f
    > /etc/ssh/ssh_host_dsa_key -N ""; but the path may be different
    > (/usr/local/etc) and usually rsa keys are also created. Each user's
    > keys have to be created also. Some distributions include scripts to do
    > both operations (something like ssh-host-config, ssh-user-config) but
    > this varies.


    I tried that on both the client and server side and got basically the
    same result, using several variations of keys.

    I think this is because of inetd somehow. Please help,
    Robert


  4. Re: ssh_exchange_identification uClinux problem


    robert wrote:
    [snip]
    > This is what I get from the client - the servers only debug statement
    > is when it loads sshd_config:
    >
    > /home/iksrazal/work/tweak/uClinux-dist> ssh -vvv -l root 10.101.42.101

    Problem
    ----------------------------------------------------------------^^^^^
    By default sshd does not let root login into a server.

    Are you using the default sshd_config?

    > OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
    > debug1: Reading configuration data /etc/ssh/ssh_config
    > debug1: Applying options for *
    > debug2: ssh_connect: needpriv 0
    > debug1: Connecting to 10.101.42.101 [10.101.42.101] port 22.
    > debug1: Connection established.
    > debug1: identity file /home/iksrazal/.ssh/identity type -1
    > debug1: identity file /home/iksrazal/.ssh/id_rsa type -1
    > debug1: identity file /home/iksrazal/.ssh/id_dsa type -1


    As you say, this means that the user has not been configured to use ssh
    (no keys for the user at the client computer).

    > ssh_exchange_identification: Connection closed by remote host


    Not the usual error response...

    > [linux(iksrazal)]
    > /home/iksrazal/work/tweak/uClinux-dist> telnet 10.101.42.101 22
    > Trying 10.101.42.101...
    > Connected to 10.101.42.101.
    > Escape character is '^]'.
    > Connection closed by foreign host.


    Also not the usual response.

    Something is listening on port 22, but it is not sshd and it could be
    inetd as you have configured but you'll have to see on the server if
    inetd started sshd or logged an error.

    Did the connection close fast?

    If you read the man page for sshd, the description of option -i says
    that it may take a long time to respond. I have never used it from
    inetd so I'm not sure if it is inetd closing the connection or
    something else (like a firewall).

    [snip]
    > I tried that on both the client and server side and got basically the
    > same result, using several variations of keys.


    First set the user's keys on the client, the ones that show above as
    non-existent.

    Second, set up a user on the server or, if you really want to use root,
    then change the server configuration, it's just one line that need to
    be changed.

    Then try to test on the server (i.e. ssh localhost) and see if sshd at
    least starts.

    Another test could be to run "sshd -De" on the server, without inetd
    starting it, and see if that way you can connect from the client.

    You may have to play with the parameters to finally make sshd work from
    inetd under that server.
    --
    René Berber


  5. Re: ssh_exchange_identification uClinux problem

    I've learned alot doing "sshd -De" from scatch. That should help me on
    the inetd part - which has to be that way because of resource issues on
    this embedded system. I'm continuing this thread in the context I end
    up hopefully with inetd working with sshd. I get:

    Bind to port 22 on 0.0.0.0 failed: Address already in use.

    Doing netstat shows nothing is listening on port 22. I tried starting
    on port 99 - nothing there - and got the same 0.0.0.0 bind message. I
    was, however, able to bind on the static address I gave the nic.
    Strange. Goggling shows a message about ipv6, but its disabled in this
    kernel.

    I can log in via -D. but only some of my keys are recognized:

    debug2: load_server_config: filename /etc/default/sshd_config
    debug2: load_server_config: done config len = 284
    debug2: parse_server_config: config /etc/default/sshd_config len 284
    debug1: sshd version OpenSSH_4.3p2
    debug1: private host key: #0 type 0 RSA1
    debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
    debug1: read PEM private key done: type RSA
    debug1: private host key: #1 type 1 RSA
    debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
    debug1: read PEM private key done: type DSA
    debug1: private host key: #2 type 2 DSA

    I think the permissions are right. Why is it trying to load my dsa key
    as RSA1 ? This is my config:

    # HostKey for protocol version 1
    HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key

    Thanks!
    Robert

    René Berber wrote:
    > robert wrote:
    > [snip]
    > > This is what I get from the client - the servers only debug statement
    > > is when it loads sshd_config:
    > >
    > > /home/iksrazal/work/tweak/uClinux-dist> ssh -vvv -l root 10.101.42.101

    > Problem
    > ----------------------------------------------------------------^^^^^
    > By default sshd does not let root login into a server.
    >
    > Are you using the default sshd_config?



    >
    > > OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
    > > debug1: Reading configuration data /etc/ssh/ssh_config
    > > debug1: Applying options for *
    > > debug2: ssh_connect: needpriv 0
    > > debug1: Connecting to 10.101.42.101 [10.101.42.101] port 22.
    > > debug1: Connection established.
    > > debug1: identity file /home/iksrazal/.ssh/identity type -1
    > > debug1: identity file /home/iksrazal/.ssh/id_rsa type -1
    > > debug1: identity file /home/iksrazal/.ssh/id_dsa type -1

    >
    > As you say, this means that the user has not been configured to use ssh
    > (no keys for the user at the client computer).
    >
    > > ssh_exchange_identification: Connection closed by remote host

    >
    > Not the usual error response...
    >
    > > [linux(iksrazal)]
    > > /home/iksrazal/work/tweak/uClinux-dist> telnet 10.101.42.101 22
    > > Trying 10.101.42.101...
    > > Connected to 10.101.42.101.
    > > Escape character is '^]'.
    > > Connection closed by foreign host.

    >
    > Also not the usual response.
    >
    > Something is listening on port 22, but it is not sshd and it could be
    > inetd as you have configured but you'll have to see on the server if
    > inetd started sshd or logged an error.
    >
    > Did the connection close fast?
    >
    > If you read the man page for sshd, the description of option -i says
    > that it may take a long time to respond. I have never used it from
    > inetd so I'm not sure if it is inetd closing the connection or
    > something else (like a firewall).
    >
    > [snip]
    > > I tried that on both the client and server side and got basically the
    > > same result, using several variations of keys.

    >
    > First set the user's keys on the client, the ones that show above as
    > non-existent.
    >
    > Second, set up a user on the server or, if you really want to use root,
    > then change the server configuration, it's just one line that need to
    > be changed.
    >
    > Then try to test on the server (i.e. ssh localhost) and see if sshd at
    > least starts.
    >
    > Another test could be to run "sshd -De" on the server, without inetd
    > starting it, and see if that way you can connect from the client.
    >
    > You may have to play with the parameters to finally make sshd work from
    > inetd under that server.
    > --
    > René Berber



  6. Re: ssh_exchange_identification uClinux problem

    robert wrote:
    > I can log in via -D. but only some of my keys are recognized:


    > debug2: load_server_config: filename /etc/default/sshd_config
    > debug2: load_server_config: done config len = 284
    > debug2: parse_server_config: config /etc/default/sshd_config len 284
    > debug1: sshd version OpenSSH_4.3p2
    > debug1: private host key: #0 type 0 RSA1
    > debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
    > debug1: read PEM private key done: type RSA
    > debug1: private host key: #1 type 1 RSA
    > debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
    > debug1: read PEM private key done: type DSA
    > debug1: private host key: #2 type 2 DSA


    Looks okay to me.

    > I think the permissions are right. Why is it trying to load my dsa key
    > as RSA1 ? This is my config:


    It's not. It's just debug output saying that it's not an RSA1 key
    (which it isn't).

    --
    Darren Dunham ddunham@taos.com
    Senior Technical Consultant TAOS http://www.taos.com/
    Got some Dr Pepper? San Francisco, CA bay area
    < This line left intentionally blank to confuse you. >

  7. Re: ssh_exchange_identification uClinux problem



    On Oct 4, 4:06 pm, "robert" wrote:

    > I've learned alot doing "sshd -De" from scatch. That should help me on
    > the inetd part - which has to be that way because of resource issues on
    > this embedded system. I'm continuing this thread in the context I end
    > up hopefully with inetd working with sshd. I get:
    >
    > Bind to port 22 on 0.0.0.0 failed: Address already in use.


    That probably means inetd is listening there, you have to comment the
    sshd line and restart inetd (killall -HUP inetd or similar command).

    [snip]

    Did ssh connect? ... is it then an inetd issue?
    --
    René Berber


  8. Re: ssh_exchange_identification uClinux problem

    On 2006-10-03, robert wrote:
    > Hi all,
    >
    > I'm trying to run open sshd on an embedded sysyem, uClinux . It uses
    > inetd to start it. I've googling for a few days and I'm stuck.
    >
    > 1) The daemon is running.
    > 2) I get ssh_exchange_identification: Connection closed by remote host
    > trying to connect from a pc
    > 3) My inetd entry is:
    >
    > ssh stream tcp nowait root /bin/sshd -i


    Sound like the sshd process is either not being spawned by inetd, or
    it's dying immediately afterward. Do you have all of the libraries
    sshd needs? Can you run it in debug (as a daemon, "/bin/sshd -ddd")
    or test mode ("/bin/sshd -t")? What logging facilities do you have?

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

+ Reply to Thread