ssh - connection refused

ssh - connection refused

[Jerry T]

I have sshd running on a Redhat 7.2 box. Am able to telnet & ftp the box 
from a win2000 box. To try ssh I set up the following: On the win2000 box 
under Cygwin I ran "ssh-keygen -t rsa" to generate my key and used ftp to 
move the id_rsa.pub file to my Linux box. (I copied the file to 
.ssh/authorized_keys). From Cygwin on win2000 I tried to use slogin to get 
to my Linux box but I get "Connection Refused."

Also tried to rename authorized_keys to authorized_keys2.

The sshd process starts up when I boot up.

Also tried Putty instead of Cygwin. Same "connection refused" error.

Any ideas on what I am missing?

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: ssh - connection refused

[Richard Adams]

On Saturday 13 April 2002 03:59, Jerry T wrote:
> I have sshd running on a Redhat 7.2 box. Am able to telnet & ftp the box
> from a win2000 box. To try ssh I set up the following: On the win2000 box
> under Cygwin I ran "ssh-keygen -t rsa" to generate my key and used ftp to
> move the id_rsa.pub file to my Linux box. (I copied the file to
> .ssh/authorized_keys). From Cygwin on win2000 I tried to use slogin to get
> to my Linux box but I get "Connection Refused."
>
> Also tried to rename authorized_keys to authorized_keys2.
>
> The sshd process starts up when I boot up.
>
> Also tried Putty instead of Cygwin. Same "connection refused" error.
>
> Any ideas on what I am missing?
>

You say you use 'slogin' however with putty.exe you type in the approriate 
hostname or IP# choose SSH from the 4 options below the hostname box and 
click on open at the bottom of putty's window, it will then attempt to 
connect to the remote host on port 22 which is the port ssh uses.

On another note you should not need to copy any key files from/to anywhere, 
new keys should begernated upon a new connection if no key is found.

-- 
Regards Richard
pa3gcu@zeelandnet.nl
http://people.zeelandnet.nl/pa3gcu/

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: ssh - connection refused

[Steven Smith]

[-- Attachment #1: Type: text/plain, Size: 671 bytes --]

> From Cygwin on win2000 I tried to use slogin to get 
> to my Linux box but I get "Connection Refused."
Have you tried sshing in from the Linux box?

ssh username@localhost

That's probably less error-prone, and at least confirms that the daemon
is running.

> The sshd process starts up when I boot up.
Is it listening? netstat -at should include a line something like:

tcp 0 0 *:ssh *:* LISTEN

If that's not present, it usually means the sshd has shut down, or is
configured not to listen to the network.

If it is present, look at your packet filtering/firewalling rules
(iptables -L for recent distributions).

Steven Smith,
sos22@cam.ac.uk.

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: ssh - connection refused

[DFW II]

Next question.... does anyone know of a way to sync Star Mail with your 
Visor Delux handheld computer.  If there is a way, please let me know...

At 03:59 AM 4/13/02 +0000, Jerry T wrote:




>I have sshd running on a Redhat 7.2 box. Am able to telnet & ftp the box 
>from a win2000 box. To try ssh I set up the following: On the win2000 box 
>under Cygwin I ran "ssh-keygen -t rsa" to generate my key and used ftp to 
>move the id_rsa.pub file to my Linux box. (I copied the file to 
>.ssh/authorized_keys). From Cygwin on win2000 I tried to use slogin to get 
>to my Linux box but I get "Connection Refused."
>
>Also tried to rename authorized_keys to authorized_keys2.
>
>The sshd process starts up when I boot up.
>
>Also tried Putty instead of Cygwin. Same "connection refused" error.
>
>Any ideas on what I am missing?
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>Please read the FAQ at http://www.linux-learn.org/faqs

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: ssh - connection refused

[Ray Olszewski]

From what you wrote, it is difficult to pinpoint the problem. sshd may not
be running correctly, or you may have made a mistake with the key generation
and installation. (Richard - he's talking here about a replacement for
userid/password authentication, not a session key.)

The "connection refused" message *usually* indicates that no daemon is
running on the port in question. So the first thing to do is to verify that
sshd really is running on the Linux host and is set up to listen on port 22.
After that ...

... I'd suggest taking it one step at a time. Set your sshd up to accept
userid/password logins (see below), then see if you can use putty or
whatever to connect that way. If you cannot, you have a problem with the
actual running of sshd that you need to troubleshoot. If you can, then we
can take a closer look at the key problem.

To use userid/password authentication, change /etc/ssh/sshd_config (or
wherever Red Hat puts this file) to include this line:

        PasswordAuthentication yes


BTW, a quick check for your problem is to verify that the config file
includes this line:

        RSAAuthentication yes

(I'm assuming in all of this that RH uses OpenSSH, the most common ssh/sshd
package on Linux systems. But there are others, and if you use a different
one, the configuration details may be different.)

Also check if the Linux host can start an ssh session to itself (as
localhost -OR- as its hostname). If it can, we might suspect some Windows
weirdness. (For example, the RSA key still needs userids that match at both
ends, and I'm a bit hazy about how putty and the CygWin stuff provide the
userid portion of the authentication.)

At 03:59 AM 4/13/02 +0000, Jerry T wrote:
>
>
>
>
>I have sshd running on a Redhat 7.2 box. Am able to telnet & ftp the box 
>from a win2000 box. To try ssh I set up the following: On the win2000 box 
>under Cygwin I ran "ssh-keygen -t rsa" to generate my key and used ftp to 
>move the id_rsa.pub file to my Linux box. (I copied the file to 
>.ssh/authorized_keys). From Cygwin on win2000 I tried to use slogin to get 
>to my Linux box but I get "Connection Refused."
>
>Also tried to rename authorized_keys to authorized_keys2.
>
>The sshd process starts up when I boot up.
>
>Also tried Putty instead of Cygwin. Same "connection refused" error.
>
>Any ideas on what I am missing?



--
------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA           	 	         ray@comarre.com        
----------------------------------------------------------------

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: ssh - connection refused

[Richard Adams]

On Saturday 13 April 2002 15:04, Ray Olszewski wrote:

> Also check if the Linux host can start an ssh session to itself (as
> localhost -OR- as its hostname). If it can, we might suspect some Windows
> weirdness. (For example, the RSA key still needs userids that match at both
> ends, and I'm a bit hazy about how putty and the CygWin stuff provide the
> userid portion of the authentication.)

Putty.exe asks you upon a firsttime connection if you want to store the key 
into the windows register.
I belive most windows ssh stuuf does simalar as well, penguinet is another i 
use but its copmplately different to putty.

-- 
Regards Richard
pa3gcu@zeelandnet.nl
http://people.zeelandnet.nl/pa3gcu/

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: ssh - connection refused

[Jerry T]

To answer your more recent question first: I use port forwarding *to* the 
Linux box.

Now to address the questions as stated below...

It is clear from your response (and that of others) that a typical ssh 
connection should be fairly painless and requires little setup. The fact 
that I never receive a log in screen and quickly get a "Connection refused" 
is becoming more of a concern.

On my Linux box I have uncovered these issues:

When I tried to check ipchains using "ipchains -nVL" as you suggested, I 
receieved "ipchains: Incompatile with this kernel" and when I tried 
"iptables -L" I received /lib/modules.../netfilter/iptables.o: unresolvable 
symbol nf_unregister_sockopt.

Now I have no idea what state my firewall is in. I did rebuild my kernel 
from the 2.4.18 kernel directly from www.kernel.org. Now my questions are 
growing in number. Does the fact that ipchains and iptables are not working 
keep me from connecting through ssh? Are there other kernel settings that 
would directly effect ssh but not telnet or ftp? Could my firewall be in an 
undefined state where it allows some access but not others?

When I try to run the firewall tool "lokkit", it errors out with an 
"end-of-file" error at the end when it tries to test the mail relay.

Is all of this another problem for another day, or (i'm afraid to ask) is 
this all probably related to my ssh connectivity problem?



>From: Ray Olszewski <ray@comarre.com>
>To: "Jerry T" <linuxl1@hotmail.com>
>CC: linux-newbie@vger.kernel.org
>Subject: Re: Fwd: Re: ssh - connection refused
>Date: Sat, 13 Apr 2002 09:23:03 -0700
>
>At 03:18 PM 4/13/02 +0000, Jerry T wrote:
> >The /etc/ssh/sshd_config file already had the lines in it that you have
> >listed.
> >
> >I have been able to successfully ssh from my Linux box back to itself. 
>sshd
> >seems to be running fine. (sshd appears in the list of services that you 
>see
> >during bootup, sshd comes on just before xinetd)
>
>Good. So sshd is actually running. Now try the *next* thing I already
>suggested; use putty to do a normal userid/password login. To do this, load
>your connection profile in putty, then check to make sure all 
>authentication
>options (in Connection ->SSH) are unchecked (so it won't even attempt RSA
>authentication). Start the session, and putty should display first a prompt
>for userid, then one for password. Enter values for a valid account with a
>real login shell (typically bash) on the Linux host and see if that lets 
>you
>connect. Don't use root for this test unless you've enabled root logins in
>sshd_config.
>
>If you CAN connect this way, then your problem is specific to the RSA key
>generation, so please post again with ALL the details of how you did it 
>(you
>told us some of this, but you left out stuff like what userid is involved,
>the full path to the key file, and the keyfile's mode ... and what sshd
>daemon you are running). With this sort of configuration problem, the devil
>is in the details, so we need to know the details if you want anything more
>than wild guesses.
>
>If you CANNOT connect this way, then something is blocking access from your
>workstation to port 22 on the Linux host. You say you are running no
>firewall (you can verify this with the command, for 2.2.x kernels, 
>"ipchains
>-nVL", or the corresponding commands for other kernels), so that's not it.
>Check if entries in /etc/hosts.allow and /etc/hosts.deny are consistent 
>with
>the access you want to get. Make sure the putty settings are right (I can't
>tell you what "right" is without knowing more about the sshd you are 
>running
>... basics are making sure the SSH radio button is selected and that the
>right preferred SSH protocol is chosen).
>
>What still troubles me here is the "Connection Refused" message you report
>getting. That almost always means nothing is listening on the target port.
>If I try to ssh to my Linux system with an invalid userid/password combo, I
>get "access denied" (then another password: prompt), not "Connection
>Refused". If I'm using the wrong protocol (SSH1 on a system that wants
>SSH2), I get an error about packet length. This makes me lean toward either
>sshd not running (apparently the wrong answer, since you report checking
>this) or blocking via the hosts.deny file. Or a connectivity problem 
>between
>the two systems ... but if you CAN telnet and ftp, we've eliminated that
>possibility too.
>
>
>--
>------------------------------------"Never tell me the odds!"---
>Ray Olszewski                                        -- Han Solo
>Palo Alto, CA           	 	         ray@comarre.com
>----------------------------------------------------------------
>




_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: ssh - connection refused

[Ray Olszewski]

At 04:27 AM 4/14/02 +0000, Jerry T wrote:
>
>To answer your more recent question first: I use port forwarding *to* the 
>Linux box.

So, taking this added info along with your previous reports, here is what I
*think* we know.

A. If you make an ssh connection to the Linux host from on its LAN, it
works. (You only tested this with the trivial case of the host ssh'ing to
itself, though.)

B. If you try to ssh to the Linux host from outside the LAN, through the
Linksys router, you get a "Connection Refused" response.

From this info, I'd *guess* from the "Connection Refused" message that the
ssh connection is never getting to your Linux host. I'd sus[ect that there
is a problem in the port-forwarding settings in your Linksys NAT'ing router. 

Though I've looked at these devices (and their equivalents from other
manufacturers), I really have no expertise with them. (We use a Linux host
here as a NAT'ing rotuer for the LAN.) I'd suggest you pursue this with
Linksys support.

On the Linux side, first try making an ssh connection to the Linux host from
another machine on the same LAN (if that is possible). If it works, then the
problem is definitely in the port forwarding. If it doesn't, then you should
get a more informative error message that COnnection Refused.

>Now to address the questions as stated below...
>
>It is clear from your response (and that of others) that a typical ssh 
>connection should be fairly painless and requires little setup. The fact 
>that I never receive a log in screen and quickly get a "Connection refused" 
>is becoming more of a concern.
>
>On my Linux box I have uncovered these issues:
>
>When I tried to check ipchains using "ipchains -nVL" as you suggested, I 
>receieved "ipchains: Incompatile with this kernel" and when I tried 
>"iptables -L" I received /lib/modules.../netfilter/iptables.o: unresolvable 
>symbol nf_unregister_sockopt.
>
>Now I have no idea what state my firewall is in. I did rebuild my kernel 
>from the 2.4.18 kernel directly from www.kernel.org. Now my questions are 
>growing in number. Does the fact that ipchains and iptables are not working 
>keep me from connecting through ssh? Are there other kernel settings that 
>would directly effect ssh but not telnet or ftp? Could my firewall be in an 
>undefined state where it allows some access but not others?
>
>When I try to run the firewall tool "lokkit", it errors out with an 
>"end-of-file" error at the end when it tries to test the mail relay.
>
>Is all of this another problem for another day, or (i'm afraid to ask) is 
>this all probably related to my ssh connectivity problem?

If you built your own kernel, you presumably know if you compiled in
ipchains or netfilter (iptables) support. If you didn't, you have no
firewalling abilities on the host itself. This should not interfere with an
ssh connection.

I'm not familiar with "lokkit" (never even heard of it) so cannot comment on
that part. But as I said above, I increasingly doubt that the problem is on
your Linux system.


--
------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA           	 	         ray@comarre.com        
----------------------------------------------------------------

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs