Unable to SSH into server
I'm trying to SSH into a server and I'm receiving a Connection closed
message every time. I've tried changing MTU settings on both server and client side without success.
Here are the server side logs:
-> /usr/sbin/sshd -e -p 27 -D -d -e -o StrictModes=no -o SyslogFacility=DAEMON -o PermitRootLogin=prohibit-password
debug1: sshd version OpenSSH_8.4, OpenSSL 1.1.1j 16 Feb 2021
debug1: private host key #0: ssh-rsa SHA256:Q76xVI+MO2LQky0e582943UWrAYfdTh0Q5hj9YpAMPY
debug1: private host key #1: ssh-dss SHA256:Lnp91+XIE3NVI4KLmk8Ara28s9qwX3+k4PY0iVYIgXY
debug1: private host key #2: ecdsa-sha2-nistp521 SHA256:QHUFHadquHxJYJ7qB4F2K+aJEoIysOJda2vY8lP5mVY
debug1: private host key #3: ssh-ed25519 SHA256:Y2YjbYM14maKA+09EvCfq+oJ5nfqQ5RAxo9xUJ6ByFM
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-e'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='27'
debug1: rexec_argv[4]='-D'
debug1: rexec_argv[5]='-d'
debug1: rexec_argv[6]='-e'
debug1: rexec_argv[7]='-o'
debug1: rexec_argv[8]='StrictModes=no'
debug1: rexec_argv[9]='-o'
debug1: rexec_argv[10]='SyslogFacility=DAEMON'
debug1: rexec_argv[11]='-o'
debug1: rexec_argv[12]='PermitRootLogin=prohibit-password'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 27 on 0.0.0.0.
Server listening on 0.0.0.0 port 27.
debug1: Bind to port 27 on ::.
Server listening on :: port 27.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_8.4, OpenSSL 1.1.1j 16 Feb 2021
debug1: private host key #0: ssh-rsa SHA256:Q76xVI+MO2LQky0e582943UWrAYfdTh0Q5hj9YpAMPY
debug1: private host key #1: ssh-dss SHA256:Lnp91+XIE3NVI4KLmk8Ara28s9qwX3+k4PY0iVYIgXY
debug1: private host key #2: ecdsa-sha2-nistp521 SHA256:QHUFHadquHxJYJ7qB4F2K+aJEoIysOJda2vY8lP5mVY
debug1: private host key #3: ssh-ed25519 SHA256:Y2YjbYM14maKA+09EvCfq+oJ5nfqQ5RAxo9xUJ6ByFM
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.172 port 54044 on 192.168.1.227 port 27
debug1: Local version string SSH-2.0-OpenSSH_8.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.5
debug1: match: OpenSSH_8.5 pat OpenSSH* compat 0x04000000
debug1: permanently_set_uid: 1001/1001 [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp521,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ssh-ed25519 [preauth]
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey out after 134217728 blocks [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: Killing privsep child 404
255
iex(48)> Toolshed.cmd("/usr/sbin/sshd -e -p 27 -D -d -e -o StrictModes=no -o SyslogFacility=DAEMON -o PermitRootLogin=prohibit-password")
debug1: sshd version OpenSSH_8.4, OpenSSL 1.1.1j 16 Feb 2021
debug1: private host key #0: ssh-rsa SHA256:Q76xVI+MO2LQky0e582943UWrAYfdTh0Q5hj9YpAMPY
debug1: private host key #1: ssh-dss SHA256:Lnp91+XIE3NVI4KLmk8Ara28s9qwX3+k4PY0iVYIgXY
debug1: private host key #2: ecdsa-sha2-nistp521 SHA256:QHUFHadquHxJYJ7qB4F2K+aJEoIysOJda2vY8lP5mVY
debug1: private host key #3: ssh-ed25519 SHA256:Y2YjbYM14maKA+09EvCfq+oJ5nfqQ5RAxo9xUJ6ByFM
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-e'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='27'
debug1: rexec_argv[4]='-D'
debug1: rexec_argv[5]='-d'
debug1: rexec_argv[6]='-e'
debug1: rexec_argv[7]='-o'
debug1: rexec_argv[8]='StrictModes=no'
debug1: rexec_argv[9]='-o'
debug1: rexec_argv[10]='SyslogFacility=DAEMON'
debug1: rexec_argv[11]='-o'
debug1: rexec_argv[12]='PermitRootLogin=prohibit-password'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 27 on 0.0.0.0.
Server listening on 0.0.0.0 port 27.
debug1: Bind to port 27 on ::.
Server listening on :: port 27.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_8.4, OpenSSL 1.1.1j 16 Feb 2021
debug1: private host key #0: ssh-rsa SHA256:Q76xVI+MO2LQky0e582943UWrAYfdTh0Q5hj9YpAMPY
debug1: private host key #1: ssh-dss SHA256:Lnp91+XIE3NVI4KLmk8Ara28s9qwX3+k4PY0iVYIgXY
debug1: private host key #2: ecdsa-sha2-nistp521 SHA256:QHUFHadquHxJYJ7qB4F2K+aJEoIysOJda2vY8lP5mVY
debug1: private host key #3: ssh-ed25519 SHA256:Y2YjbYM14maKA+09EvCfq+oJ5nfqQ5RAxo9xUJ6ByFM
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.1.172 port 54250 on 192.168.1.227 port 27
debug1: Local version string SSH-2.0-OpenSSH_8.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.5
debug1: match: OpenSSH_8.5 pat OpenSSH* compat 0x04000000
debug1: permanently_set_uid: 1001/1001 [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp521,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ssh-ed25519 [preauth]
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: rekey out after 134217728 blocks [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: Killing privsep child 409
Here are the client side logs:
✗ ssh -p 27 [email protected] -v
OpenSSH_8.5p1, OpenSSL 1.1.1k 25 Mar 2021
debug1: Reading configuration data /home/eric/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.227 [192.168.1.227] port 27.
debug1: Connection established.
debug1: identity file /home/eric/.ssh/id_rsa type -1
debug1: identity file /home/eric/.ssh/id_rsa-cert type -1
debug1: identity file /home/eric/.ssh/id_dsa type -1
debug1: identity file /home/eric/.ssh/id_dsa-cert type -1
debug1: identity file /home/eric/.ssh/id_ecdsa type -1
debug1: identity file /home/eric/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/eric/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/eric/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/eric/.ssh/id_ed25519 type 3
debug1: identity file /home/eric/.ssh/id_ed25519-cert type -1
debug1: identity file /home/eric/.ssh/id_ed25519_sk type -1
debug1: identity file /home/eric/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/eric/.ssh/id_xmss type -1
debug1: identity file /home/eric/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4
debug1: compat_banner: match: OpenSSH_8.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.227:27 as 'root'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 192.168.1.227 port 27
Any additional flags that would help in debugging? I've verified that I'm able to ssh to other servers.
Thanks
Solution 1:
Your main issue can like be identified by the line where it says expecting SSH2_MSG_KEY_ECDH_REPLY
. A similar issue happened to someone a while ago from the post found here.
The accepted solution by @shgnInc was to perform one of the following commands:
sudo ip li set mtu 1200 dev wlan0
or
sudo ifconfig wlan0 mtu 1200
An alternative solution if those didn't work can be found in the next answer here or to try any of the later ones to see if they work for you