I have been trying to access a computer with ssh and have had much
difficulty.
No matter what I do the connection is refused. I am able to ping between the
computers, and when I telnet the server computer, the server replies with an
Open SSH server on the port that I telnet.
I have read the man pages on ssh. ssh_config. sshd_config and many web page
tutorials,
including Peter Manis', and several books but I do not completely understand
the configuration.
I tried the ssh-copy-id from the client to the server, but the connection is
refused
every time. I 'cp' ed the files to the /home/user/.ssh file.
If anyone can analyze my files/issues and help me to solve this problem, I
would
greatly appreciate it. If anyone knows where to get templates for workable
ssh and sshd
config files, that would probably also be a great help.
(I am doing all this through a SMC switch which is plug and play)
Thanks
Paul
I will post my ssh files first, and then my config files, and finally some
error messages.
Here are the result of my ls commands: (the names of the computers have been
changed to protect the innocent)
clientr...@ubuntu:~# ls /home/clientpaul/.ssh
id_rsa id_rsa.pub
here is the clients /etc/ssh ls:
clientp...@ubuntu:/etc/ssh$ ls
moduli ssh_config ssh_config.orig.bkp
Here is the server root .ssh folder:
r...@serveruser-laptop:/home/serveruser/.ssh# ls
authorized_keys
(I know there are some id files that are missing from this file, and I do
not know how
to produce them. I have been trying to produce them with ssh-copy-id, and
ssh-agent.
I have been trying to use these scripts from the client machine, because
that is what
all the tutorials instruct. If anyone can tell me, or direct me to a
tutorial on how to produce
these files, please do so.)
Here is the server /etc/ssh ls:
p...@serverpaul-laptop:/etc/ssh$ ls
moduli ssh_host_dsa_key ssh_host_rsa_key.pub
ssh_config ssh_host_dsa_key.pub sshd_config
ssh_host_rsa_key
Here are my config files. First I will put ssh_config, and second I will put
sshd_config
ssh_config:
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
RhostsRSAAuthentication no
RSAAuthentication no
PasswordAuthentication yes
HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
Port 22
Protocol 2,1
# Cipher 3des
# Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# MACs hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
SendEnv LANG LC_*
HashKnownHosts no
GSSAPIAuthentication no
GSSAPIDelegateCredentials no
sshd_config:
# Package generated configuration file
# See the sshd(8) manpage for details
#AllowUsers no...@noemi-laptop
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsAuthentication no
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication yes
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
GSSAPIAuthentication no
GSSAPICleanupCredentials no
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
sshd_config: (a second config that did not work):
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
Error messages:
r...@ubuntu:~# sudo ssh-copy-id no...@192.168.0.100
/usr/bin/ssh-copy-id: ERROR: No identities found
p...@ubuntu:~$ ssh-copy-id no...@192.168.0.100
Read from socket failed: Connection reset by peer
r...@ubuntu:~# sudo ssh-copy-id no...@192.168.0.100
/usr/bin/ssh-copy-id: ERROR: No identities found
p...@ubuntu:~$ ssh 192.168.0.100
ssh: connect to host 192.168.0.100 port 22: Connection refused
r...@ubuntu:/home/paul# telnet 192.168.0.100 22
Trying 192.168.0.100...
Connected to 192.168.0.100.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
^C^C^^
Connection closed by foreign host.
p...@ubuntu:~$ ssh 192.168.0.100
ssh: connect to host 192.168.0.100 port 22: Connection refused
_______________________________________________
LinuxUsers mailing list
LinuxUsers@socallinux.org
http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
