ssh_exchange_identification

0

0

Пытаюсь подключиться по ssh к хосту в моей локальной сети. ssh -l leha 192.168.0.1 (мой IP 192.168.0.36) вылетает следующая ошибка ssh_exxhange_identification С чем это может быть связано? Порты открыты. С хостом 192.168.0.3 оба хоста связываются нормально. Опции не менял(все по умолчанию). Сервисы sshd подняты, в initd разрешены.

Ссылка

←	Шифрование жёсткого диска

Думаю, стоит ли OUTPUT дропать или нет?

→

У меня такая ошибка возникала, когда ssh был мёртв, но connection denied по разным причинам не происходил. Проверьте связь, в т.ч. ping (смотреть на пропадающие пакеты).

birdie ★★★★★
(17.08.06 20:27:12 MSD)

Ссылка

hosts.deny hosts.allow ????? и конфиг ssh сервера пожалуйста

anonymous
(18.08.06 20:11:02 MSD)

Строчки Protocol в sshd_config на обех сторонах какие ?

hyde ★
(19.08.06 17:25:36 MSD)

Ответ на: комментарий от anonymous 18.08.06 20:11:02 MSD

# Package generated configuration file # See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: ListenAddress 192.168.0.36 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768

# Logging SyslogFacility AUTH #LogLevel INFO

# Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes

RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) #ChallengeResponseAuthentication yes

# Change to no to disable tunnelled clear text passwords PasswordAuthentication no

# Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes

# GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes

X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes KeepAlive yes #UseLogin no

#MaxStartups 10:30:60 #Banner /etc/issue.net

# Allow client to pass locale environment variables #AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

# /etc/hosts.allow: list of hosts that are allowed to access the system. # See the manual pages hosts_access(5), hosts_options(5) # and /usr/doc/netbase/portmapper.txt.gz # # Example: ALL: LOCAL @some_netgroup # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper, as well as for # rpc.mountd (the NFS mount daemon). See portmap(8), rpc.mountd(8) and # /usr/share/doc/portmap/portmapper.txt.gz for further information. # ALL:192.168.0.0/24

# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system. # See the manual pages hosts_access(5), hosts_options(5) # and /usr/doc/netbase/portmapper.txt.gz # # Example: ALL: some.host.name, .some.domain # ALL EXCEPT in.fingerd: other.host.name, .other.domain # # If you're going to protect the portmapper use the name "portmap" for the # daemon name. Remember that you can only use the keyword "ALL" and IP # addresses (NOT host or domain names) for the portmapper. See portmap(8) # and /usr/doc/portmap/portmapper.txt.gz for further information. # # The PARANOID wildcard matches any host whose name does not match its # address.

# You may wish to enable this to ensure any programs that don't # validate looked up hostnames still leave understandable logs. In past # versions of Debian this has been the default. # ALL: PARANOID

leha_the_best
(21.08.06 11:00:07 MSD) автор топика

Ссылка

Ответ на: комментарий от hyde 19.08.06 17:25:36 MSD

Protocol 2 на обеих машинах

leha_the_best
(21.08.06 11:02:42 MSD) автор топика

Ответ на: комментарий от leha_the_best 21.08.06 11:02:42 MSD

что показывает вывод с опциями -v, -vv, -vvv ?

hyde ★
(21.08.06 15:13:53 MSD)

Ответ на: комментарий от hyde 21.08.06 15:13:53 MSD

С одной стороны OpenSSH_4.2p1 Debian-5, OpenSSL 0.9.8a 11 Oct 2005 debug1: Reading cofiguration data /etc/ssh_sshconfig debug1: Applayin options for * debug1: Connestion to 192.168.0.1 [192.168.0.1] port 22 debug1: Connection established. debug1: identity file /home/leha/.ssh/identity type -1 debug1: identity file /home/leha/.ssh/id_rsa type 1 debug1: identity file /home/leha/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host

Со второй стороны: OpenSSH_4.2p1 Debian-5, OpenSSL 0.9.8a 11 Oct 2005 debug1: Reading cofiguration data /etc/ssh_sshconfig debug1: Applayin options for * debug2: ssh_connect: needpriv 0 debug1: Connestion to 192.168.0.1 [192.168.0.1] port 22 debug1: Connection established. debug1: identity file /home/leha/.ssh/identity type -1 debug1: identity file /home/leha/.ssh/id_rsa type -1 debug1: identity file /home/leha/.ssh/id_dsa type -1 debug1: ssh_exchange_identification: usage:ssh {-1246A...

leha_the_best
(22.08.06 13:10:21 MSD) автор топика