SSH connection failed, troubleshooting experience

First, the scene description

SSH connects to the server and discovers that the connection failed, but the IP of the corresponding server can ping.

Scene:

[[Email protected] ~] # ssh [email protected]  Connection Reset by Peer[[email protected]-web ~] # Ping 10.1.101.35 PING 10.1.101.35 (10.1.101.35)bytes of data.  from 10.1.101.35:icmp_seq=1 ttl=64 time=0.587 Ms from 10.1.101.35:icmp_seq=2 ttl=64 time= 0.722 Ms from 10.1.101.35:icmp_seq=3 ttl=64 time=0.475 ms

Ping is a network layer of protocol, but the surface of the network on the 3 layer is a pass;

SSH is the application-level protocol, or the reason is found on the host.

Second, the wrong 1, ssh-v

With Ssh-v to the server with the problem, there will be more detailed debugging information on the screen output, can help to determine which step is out of the question.

The main problem is to see whether it is a client or a server. If it is a client problem, it should be written in log. If there is no useful information, it could be a server-side problem.

[[Email protected] ~]#ssh-v [email protected]openssh_6.6.1, OpenSSL 1.0.1e-fips 2013debug1:reading Configuration Data/etc/ssh/SSH_CONFIGDEBUG1:/etc/ssh/ssh_config Line 56:applying Options for*debug1:connecting to10.1.101.35 [10.1.101.35] Port 22. Debug1:connection established.debug1:permanently_set_uid:0/0debug1:identity File/root/.ssh/id_rsa type-1debug1:identity File/root/.ssh/id_rsa-cert type-1debug1:identity File/ROOT/.SSH/ID_DSA type-1debug1:identity File/root/.ssh/id_dsa-cert type-1debug1:identity File/ROOT/.SSH/ID_ECDSA type-1debug1:identity File/root/.ssh/id_ecdsa-cert type-1debug1:identity File/root/.ssh/id_ed25519 type-1debug1:identity File/root/.ssh/id_ed25519-cert type-1debug1:enabling compatibility Mode forProtocol 2.0debug1:local version string SSH-2.0-openssh_6.6.1ssh_exchange_identification:read:Connection Reset by Peer

2. Connect to the server

Now seems to be a server problem, although not SSH to the server, but generally speaking, the host will provide some methods than to let you connect, such as through the physical terminal connected to the specific situation, in short, to connect to the server.

3, write a wrong detour, but also useful

If there is debug1: Connection refused by tcp wrapper such a log, refer to this step.

This means that your client IP may be banned by the server, Fail2ban or other programs may throw your client IP into the/etc/hosts.deny.

View by Vi/etc/hosts.allow

Add a line of Sshd:all.

Then restart SSH.

# Service sshd Restart

If the problem really happens when the IP is banned, it should be OK after the reboot.

Client ssh try again:

[[Email protected] ~] # ssh-v [email protected] openssh_6.6.1, OpenSSL 1.0.1e-fips-/etc/ssh/ for *10.1.101.35 [ 10.1.101.35] Port10.1.101.35 PortConnection refused

It means that my problem is not here.

4. Two useful commands

Execute the following command on the server to display all the logs of SSH.

The CentOS system is as follows:

# Service sshd Stop # /usr/sbin/sshd-d

If it is Ubuntu possible the order is: sudo service ssh stop , sudo /usr/sbin/sshd -d .

The problem arises: /var/empty/sshd must be owned by root and not group or world-writable.

is a matter of permissions, check it out.

My permissions have become 777, and the sshd directory

Normally, the permissions for this directory should be:

[[Email protected] ~] # ll/var/empty/ Total 0drwx--x--x. 2 root root 6 May 03:41 sshd

Modify Permissions:

Restart the sshd service "service sshd restart" After you have changed the permissions. The client then SSH on OK, done.

5. Introduction to Commands

The problem has been solved, but what does /usr/sbin/sshd-d mean?

# man sshd Look at these two parameters.

-D when the This option isspecified, sshd would notDetach andDoes notbecome a daemon.     This allows easy monitoring of sshd. -D Debug mode. The server sends verbose debug output to standard error, andDoes notPut itselfinchThe background. The server also would notFork andWould only process one connection. This option isOnly intended forDebugging forThe server.  multiple-d options increase the debugging level. Maximum is3.

-D is the debug mode, the server will output detailed debug information to the screen, the server can only have one SSH link.

Third, off-topic

Although the problem is solved, recall why this problem? Because I was yesterday in the resolution of a log permissions problem, the violence of each level of directory permissions are set to 777, want to test whether the directory read and write permissions, and then reduce the permissions, the results affect the SSH login.

To solve a problem if you don't know the principle, it's easy to zoom in and even get a new bug. It is important to be cautious in writing code, to be cautious in troubleshooting, and to know why.

Reference:

Connection Reset by Peer

The author starof, because the knowledge itself in the change, the author is also constantly learning and growth, the content of the article is not updated regularly, in order to avoid misleading readers, convenient tracing, please reprint annotated source: http://www.cnblogs.com/starof/p/4709805. HTML has a problem welcome to discuss with me, common progress.

SSH connection failed, troubleshooting experience