Greetings,
I have accounts on two Centos servers, A and B, each hosted on a remote VPS by a different provider/datacenter.
Until yesterday night, I could connect without problems via SSH to both servers from my home Fedora 16 desktop.
Yesterday I completed (fingers crossed) the switch to a different ADSL provider. From the moment I turned on the modem on the new ADSL line, I became unable to ssh into server A. All attempts abort with this message:
ssh_exchange_identification: Connection closed by remote host
I know that server A is still up and running, because the websites and email services it runs are still up. Server B is still reachable via ssh, no problem. The only difference between the two servers is that A runs Centos 4.something, while B runs Centos 6.1
I have already done some online search on this problem, but all the pages I have found discuss how to diagnose and fix it working on the server (*), which is exactly what I can't do right now...
Any clues on what may have happened, and if it could be related in any way to differences (whatever they may be) between ADSL providers, instead of a bizarre coincidence?
Of course, I can and will ask the VPS provider to reboot the machine, but I would also like to know your opinion on what exactly may have happened, and how to prevent it in the future (also to pass your suggestions to the provider).
TIA, Marco
(*) except remove the server entry from .ssh/known_hosts in my home desktop. I did it and nothing changed
M. Fioretti wrote:
I have accounts on two Centos servers, A and B, each hosted on a remote VPS by a different provider/datacenter.
Until yesterday night, I could connect without problems via SSH to both servers from my home Fedora 16 desktop.
Yesterday I completed (fingers crossed) the switch to a different ADSL provider. From the moment I turned on the modem on the new ADSL line, I became unable to ssh into server A. All attempts abort with this message:
ssh_exchange_identification: Connection closed by remote host
<snip> This would be obnoxious, but have you checked with your ADSL provider, to see if they're blocking ssh traffic?
mark
on 9/14/2012 8:26 AM m.roth@5-cent.us spake the following:
M. Fioretti wrote:
I have accounts on two Centos servers, A and B, each hosted on a remote VPS by a different provider/datacenter.
Until yesterday night, I could connect without problems via SSH to both servers from my home Fedora 16 desktop.
Yesterday I completed (fingers crossed) the switch to a different ADSL provider. From the moment I turned on the modem on the new ADSL line, I became unable to ssh into server A. All attempts abort with this message:
ssh_exchange_identification: Connection closed by remote host
<snip> This would be obnoxious, but have you checked with your ADSL provider, to see if they're blocking ssh traffic?
mark
Also. Could the server A have a firewall that had allow ranges for your original ip range? Or denyhosts... something like that
On Friday 14 September 2012 16:32:18 Scott Silva wrote:
on 9/14/2012 8:26 AM m.roth@5-cent.us spake the
following:
M. Fioretti wrote:
I have accounts on two Centos servers, A and B, each hosted on a remote VPS by a different provider/datacenter.
Until yesterday night, I could connect without problems via SSH to both servers from my home Fedora 16 desktop.
Yesterday I completed (fingers crossed) the switch to a different ADSL provider. From the moment I turned on the modem on the new ADSL line, I became unable to ssh into server A. All attempts abort with this message:
ssh_exchange_identification: Connection closed by remote host
<snip> This would be obnoxious, but have you checked with your ADSL provider, to see if they're blocking ssh traffic?
markAlso. Could the server A have a firewall that had allow ranges for your original ip range? Or denyhosts... something like that
From memory the only time I've seen that error message was due to entries in the /etc/hosts.allow file specifying what IP addresses are allowed ssh in. Changing your ISP would change your address.
Tony
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, September 14, 2012 5:32 pm, Scott Silva wrote:
Could the server A have a firewall that had allow ranges for your original ip range? Or denyhosts... something like that
No, there are no such settings.
Answering to other questions:
have you checked with your ADSL provider, to see if they're blocking ssh traffic?
no, because as I said in my original message, I **can** do ssh traffic. I am doing it right now, on the other Centos server. It is only one of them that became unreachable.
Check the /var/log/secure log Check your tcp_wrapper configuration
of course I can't do it right now, exactly because... I can't connect to the server. But I will pass along these and all other similar suggestions to the VPS provider help desk, since they will surely save time, so thanks for these and any other tips that may come!
Marco
On 14/09/2012 17:06, M. Fioretti wrote:
of course I can't do it right now, exactly because... I can't connect to the server. But I will pass along these and all other similar suggestions to the VPS provider help desk, since they will surely save time, so thanks for these and any other tips that may come!
Well you can... ssh into B and then try to ssh from B to A...
On 09/14/2012 05:09 PM, M. Fioretti wrote:
Greetings,
I have accounts on two Centos servers, A and B, each hosted on a remote VPS by a different provider/datacenter.
Until yesterday night, I could connect without problems via SSH to both servers from my home Fedora 16 desktop.
Yesterday I completed (fingers crossed) the switch to a different ADSL provider. From the moment I turned on the modem on the new ADSL line, I became unable to ssh into server A. All attempts abort with this message:
ssh_exchange_identification: Connection closed by remote host
I know that server A is still up and running, because the websites and email services it runs are still up. Server B is still reachable via ssh, no problem. The only difference between the two servers is that A runs Centos 4.something, while B runs Centos 6.1
I have already done some online search on this problem, but all the pages I have found discuss how to diagnose and fix it working on the server (*), which is exactly what I can't do right now...
Any clues on what may have happened, and if it could be related in any way to differences (whatever they may be) between ADSL providers, instead of a bizarre coincidence?
Of course, I can and will ask the VPS provider to reboot the machine, but I would also like to know your opinion on what exactly may have happened, and how to prevent it in the future (also to pass your suggestions to the provider).
Check the /var/log/secure log. It could be that some bot is trying to brute force your server and the daemon is hitting the session limit.
Regards, Dennis
Am 14.09.2012 um 17:09 schrieb M. Fioretti:
Greetings,
I have accounts on two Centos servers, A and B, each hosted on a remote VPS by a different provider/datacenter.
Until yesterday night, I could connect without problems via SSH to both servers from my home Fedora 16 desktop.
Yesterday I completed (fingers crossed) the switch to a different ADSL provider. From the moment I turned on the modem on the new ADSL line, I became unable to ssh into server A. All attempts abort with this message:
ssh_exchange_identification: Connection closed by remote host
Check your tcp_wrapper configuration (/etc/hosts.allow, /etc/hosts.deny).
-- LF
On Fri, 14 Sep 2012 17:09:46 +0200 (CEST), "M. Fioretti" mfioretti@nexaima.net said:
M> Yesterday I completed (fingers crossed) the switch to a different ADSL M> provider. From the moment I turned on the modem on the new ADSL line, I M> became unable to ssh into server A. All attempts abort with this M> message: M> ssh_exchange_identification: Connection closed by remote host
This is in the "grasping at straws" category, but have you tried connecting with a different cipher, like "blowfish" or "3des-cbc"?
If/as/when you get access to the server, can you disable TCP checksum offloading?
root# ethtool -K eth0 tx off rx off root# ethtool -t eth0 offline # adapter self-test
On Fri, September 14, 2012 9:06 pm, Karl Vogel wrote:
On Fri, 14 Sep 2012 17:09:46 +0200 (CEST), "M. Fioretti" mfioretti@nexaima.net said:
M> Yesterday I completed (fingers crossed) the switch to a different ADSL M> provider. From the moment I turned on the modem on the new ADSL line, I M> became unable to ssh into server A. All attempts abort with this M> message: M> ssh_exchange_identification: Connection closed by remote host
This is in the "grasping at straws" category, but have you tried connecting with a different cipher, like "blowfish" or "3des-cbc"?
I confess I had forgotten that this option existed. However, I just tried both cyphers and there is no difference. Thanks for the other suggestion, I'll try that as the server is reachable again.
Marco
M. Fioretti wrote:
On Fri, September 14, 2012 9:06 pm, Karl Vogel wrote:
On Fri, 14 Sep 2012 17:09:46 +0200 (CEST), "M. Fioretti" mfioretti@nexaima.net said:
M> Yesterday I completed (fingers crossed) the switch to a different ADSL M> provider. From the moment I turned on the modem on the new ADSL
line,
M> I became unable to ssh into server A. All attempts abort with this M> message: M> ssh_exchange_identification: Connection closed by remote host
<snip>
both cyphers and there is no difference. Thanks for the other suggestion, I'll try that as the server is reachable again.
It's now reachable? Sounds to me as though your provider, or hosting provider, had something screwed up and just fixed it.
mark
On Fri, September 14, 2012 10:09 pm, m.roth@5-cent.us wrote:
I'll try that as the server is reachable again.
It's now reachable?
No, it's not, sorry for the confusion. I meant to write "as soon as the server is reachable again"
Marco
M. Fioretti wrote:
On Fri, September 14, 2012 10:09 pm, m.roth@5-cent.us wrote:
I'll try that as the server is reachable again.
It's now reachable?
No, it's not, sorry for the confusion. I meant to write "as soon as the server is reachable again"
Have you spoken with support from the host/provider?
mark
On Fri, Sep 14, 2012 at 10:21:29PM +0200, M. Fioretti wrote:
No, it's not, sorry for the confusion. I meant to write "as soon as the server is reachable again"
I haven't seen lower level debugging, but I may have just missed it.
1) What happens if you run "telnet yourhost 22". (you might need to install "telnet" on your client machine) Do you see something like Trying 1.2.3.4... Connected to yourhost (1.2.3.4) Escape character is '^]'. SSH-2.0-OpenSSH_5.3 or do you see telnet: Unable to connect to remote host: Connection refused or do you see Trying 1.2.3.4... Connected to yourhost (1.2.3.4) Escape character is '^]'. Connection closed by foreign host.
2) How quickly does the "closed" occur?
3) What is the output of "ssh -v yourhost"
?
Stephen Harris wrote:
On Fri, Sep 14, 2012 at 10:21:29PM +0200, M. Fioretti wrote:
No, it's not, sorry for the confusion. I meant to write "as soon as the server is reachable again"
{snip}
?
Can you ssh from B to A?
:-) Ken
On Sat, September 15, 2012 12:10 am, Ken Smith wrote:
Stephen Harris wrote:
On Fri, Sep 14, 2012 at 10:21:29PM +0200, M. Fioretti wrote:
No, it's not, sorry for the confusion. I meant to write "as soon as the server is reachable again"
Can you ssh from B to A?
very good question, thanks! I had not thought about such a test at all. However, doing that I get exactly the same result.
Marco
M. Fioretti wrote:
On Sat, September 15, 2012 12:10 am, Ken Smith wrote:
Stephen Harris wrote:
On Fri, Sep 14, 2012 at 10:21:29PM +0200, M. Fioretti wrote:
{snip}
Can you ssh from B to A?
very good question, thanks! I had not thought about such a test at all. However, doing that I get exactly the same result.
Marco
Which suggests that there is something about A you need to know more about. As said earlier what happens if you run
telnet ip-of-a whatever-port-ssh-is -on--normally-22
:-) Ken
On Sat, September 15, 2012 7:44 am, Ken Smith wrote:
Which suggests that there is something about A you need to know more about. As said earlier what happens if you run
telnet ip-of-a whatever-port-ssh-is -on--normally-22
I had already answered to this:
http://lists.centos.org/pipermail/centos/2012-September/129092.html
If I use port 22 instead of the one sshd is listening on, I get a normal "telnet: connect to address ip-of-a: Connection refused"
Marco
On Fri, September 14, 2012 11:48 pm, Stephen Harris wrote:
- What happens if you run "telnet yourhost 22".
this is what happens (with the proper IP of course):
Trying 1.2.3.4... Connected to yourhost (1.2.3.4) Escape character is '^]'. Connection closed by foreign host.
- How quickly does the "closed" occur?
I'd say 4/5 seconds
- What is the output of "ssh -v yourhost"
here it is, obviously with changed server name and IP
##################################################### [marco@avalon ~]$ ssh -v -p xxx me@example.com OpenSSH_5.8p2, OpenSSL 1.0.0j-fips 10 May 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to example.com [ip.of.example.com] port xxx. debug1: Connection established. debug1: identity file /home/marco/.ssh/id_rsa type -1 debug1: identity file /home/marco/.ssh/id_rsa-cert type -1 debug1: identity file /home/marco/.ssh/id_dsa type -1 debug1: identity file /home/marco/.ssh/id_dsa-cert type -1 ssh_exchange_identification: Connection closed by remote host ###########################################################
I have informed the provider, and am waiting answers from them.
Thanks, Marco
On Sat, Sep 15, 2012 at 07:01:03AM +0200, M. Fioretti wrote:
On Fri, September 14, 2012 11:48 pm, Stephen Harris wrote:
- What happens if you run "telnet yourhost 22".
this is what happens (with the proper IP of course):
Trying 1.2.3.4... Connected to yourhost (1.2.3.4) Escape character is '^]'. Connection closed by foreign host.
This is important; it means the remote SSH server never says 'hello'.
- How quickly does the "closed" occur?
I'd say 4/5 seconds
This is possibly indicative of resource starvation at the remote end; the connection is going into the listen queue, then being accepted but the process then fails. It might mean "out of memory" (for example) so the server can't fork() the new sshd process. If you mean "4 or 5s" then we might also be seeing swapping delays.
There _are_ other reasons for this type of behaviour (eg firewalls, network) but that's the most common one that I've seen.
##################################################### [marco@avalon ~]$ ssh -v -p xxx me@example.com
I assume the "xxx" here matches the port you tested with the telnet test. Otherwise the telnet test is useless.
On Saturday 15 September 2012 14:01:38 Stephen Harris wrote:
On Sat, Sep 15, 2012 at 07:01:03AM +0200, M. Fioretti wrote:
On Fri, September 14, 2012 11:48 pm, Stephen Harris wrote:
- What happens if you run "telnet yourhost 22".
this is what happens (with the proper IP of course):
Trying 1.2.3.4... Connected to yourhost (1.2.3.4) Escape character is '^]'. Connection closed by foreign host.This is important; it means the remote SSH server never says 'hello'.
- How quickly does the "closed" occur?
I'd say 4/5 seconds
This is possibly indicative of resource starvation at the remote end; the connection is going into the listen queue, then being accepted but the process then fails. It might mean "out of memory" (for example) so the server can't fork() the new sshd process. If you mean "4 or 5s" then we might also be seeing swapping delays.
There _are_ other reasons for this typ network) but that's the most common one that I've seen.
#####################################################
[marco@avalon ~]$ ssh -v -p xxx me@example.com
I assume the "xxx" here matches the port yo[root@thomond ~]# ssh -l
root tmlinux.csis.ul.ie
test. Otherwise the telnet test is useless.
As I said earlier in this thread that error can come from problems with the hosts.allow file on the machine you are trying to connect to.
I've just reproduced the error on my own systems.
Log in to tmlinux from thomond, everything ok.
edit the /etc/hosts.allow file on tmlinux to disallow sshd access from thomond.
Log out.
Login to tmlinux from thomond. Error. . [root@thomond ~]# ssh -l root tmlinux.csis.ul.ie ssh_exchange_identification: Connection closed by remote host
Since you changed your ISP you changed your IP address. If you had used the hosts.allow file to control access to ssh then that could be your problem. Same holds for telnet and any other network connection.
Regards,
Tony
ssssssss
On Sep 14, 2012, at 3:21 PM, "M. Fioretti" mfioretti@nexaima.net wrote:
On Fri, September 14, 2012 10:09 pm, m.roth@5-cent.us wrote:
I'll try that as the server is reachable again.
It's now reachable?
No, it's not, sorry for the confusion. I meant to write "as soon as the server is reachable again"
Marco _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Can you post the (sanitized ) output from "ssh -vv my mybadhost.com" ?
On Sat, September 15, 2012 4:00 am, Paul Tader wrote:
Can you post the (sanitized ) output from "ssh -vv my mybadhost.com" ?
Such output is exactly the same I get with only one "v" and already posted in an earlier reply this morning
Thanks, Marco
-
Dennis Jacobfeuerborn -
Giles Coochey -
Ken Smith -
Leon Fauster -
M. Fioretti -
m.roth@5-cent.us -
Paul Tader -
Scott Silva -
Stephen Harris -
Tony Molloy -
vogelke+centos@pobox.com