Unable to ssh into server with password - ssh-connection method none

Question

I'm unable to SSH into server A, with any user running RHEL 8.4. It was working fine last week. Nothing shows up in /var/log/secure or in systemctl status sshd - the /etch/sshd_config is set to allow PasswordAuthentication. It never asks for any password - on PuTTY it closes immediately after putting in a username, and on command line it simply fails with a "connection closed by serverA"

When running ssh -v root@server, i get the following output:

OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to serverA [serverA] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\userA/.ssh/id_rsa type -1
debug1: identity file C:\\Users\\userA/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\userA/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\userA/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\userA/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\userA/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\userA/.ssh/id_ecdsa_sk type -1
debug1: identity file C:\\Users\\userA/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file C:\\Users\\userA/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\userA/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\userA/.ssh/id_ed25519_sk type -1
debug1: identity file C:\\Users\\userA/.ssh/id_ed25519_sk-cert type -1
debug1: identity file C:\\Users\\userA/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\userA/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug1: Authenticating to serverA:22 as 'root'
debug1: load_hostkeys: fopen C:\\Users\\userA/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: load_hostkeys: fopen C:\\Users\\userA/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'serverA' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\userA/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\userA/.ssh/id_rsa
debug1: Will attempt key: C:\\Users\\userA/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\userA/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\userA/.ssh/id_ecdsa_sk
debug1: Will attempt key: C:\\Users\\userA/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\userA/.ssh/id_ed25519_sk
debug1: Will attempt key: C:\\Users\\userA/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
Connection closed by serverA port 22

Running sshd -ddd on serverA, i see the following error:

userauth-request for user root service ssh-connection method none

full output:

debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 734
debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 734
debug3: /etc/ssh/sshd_config:22 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:24 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: /etc/ssh/sshd_config:37 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:43 setting PermitRootLogin yes
debug3: /etc/ssh/sshd_config:52 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:70 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:74 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:84 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:85 setting GSSAPICleanupCredentials no
debug3: /etc/ssh/sshd_config:101 setting UsePAM yes
debug3: /etc/ssh/sshd_config:106 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:113 setting PrintMotd no
debug3: /etc/ssh/sshd_config:132 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:133 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:134 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:135 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:138 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_8.0, OpenSSL 1.1.1k  FIPS 25 Mar 2021
debug1: private host key #0: ssh-rsa SHA256:GwaDpWqZk3FQrfNmD4GqWDEcd1zur+dXZsbArmzrcGs
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:3aAAv+pS/mxSCadlScgN8CD6bclzSfzyZ5re9Cb30h0
debug1: private host key #2: ssh-ed25519 SHA256:7lS8fhUowMoIC8/5DJ0k62I6fzK1eA5PTClqFR0g4HM
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-E'
debug1: rexec_argv[3]='/tmp/ssh.log'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 5 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 5 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 734
debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 734
debug3: /etc/ssh/sshd_config:22 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:24 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: /etc/ssh/sshd_config:37 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:43 setting PermitRootLogin yes
debug3: /etc/ssh/sshd_config:52 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:70 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:74 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:84 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:85 setting GSSAPICleanupCredentials no
debug3: /etc/ssh/sshd_config:101 setting UsePAM yes
debug3: /etc/ssh/sshd_config:106 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:113 setting PrintMotd no
debug3: /etc/ssh/sshd_config:132 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:133 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:134 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:135 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:138 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_8.0, OpenSSL 1.1.1k  FIPS 25 Mar 2021
debug1: private host key #0: ssh-rsa SHA256:GwaDpWqZk3FQrfNmD4GqWDEcd1zur+dXZsbArmzrcGs
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:3aAAv+pS/mxSCadlScgN8CD6bclzSfzyZ5re9Cb30h0
debug1: private host key #2: ssh-ed25519 SHA256:7lS8fhUowMoIC8/5DJ0k62I6fzK1eA5PTClqFR0g4HM
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-E'
debug1: rexec_argv[3]='/tmp/ssh.log'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 5 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 5 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug3: fd 6 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 9 config len 734
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config_depth: config rexec len 734
debug3: rexec:22 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: rexec:24 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: rexec:37 setting SyslogFacility AUTHPRIV
debug3: rexec:43 setting PermitRootLogin yes
debug3: rexec:52 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: rexec:70 setting PasswordAuthentication yes
debug3: rexec:74 setting ChallengeResponseAuthentication no
debug3: rexec:84 setting GSSAPIAuthentication yes
debug3: rexec:85 setting GSSAPICleanupCredentials no
debug3: rexec:101 setting UsePAM yes
debug3: rexec:106 setting X11Forwarding yes
debug3: rexec:113 setting PrintMotd no
debug3: rexec:132 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: rexec:133 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: rexec:134 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: rexec:135 setting AcceptEnv XMODIFIERS
debug3: rexec:138 setting Subsystem sftp    /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_8.0, OpenSSL 1.1.1k  FIPS 25 Mar 2021
debug1: private host key #0: ssh-rsa SHA256:GwaDpWqZk3FQrfNmD4GqWDEcd1zur+dXZsbArmzrcGs
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:3aAAv+pS/mxSCadlScgN8CD6bclzSfzyZ5re9Cb30h0
debug1: private host key #2: ssh-ed25519 SHA256:7lS8fhUowMoIC8/5DJ0k62I6fzK1eA5PTClqFR0g4HM
debug1: inetd sockets after dupping: 5, 5
Connection from ::1 port 56500 on ::1 port 22
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug2: fd 5 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 8363
debug3: preauth child monitor started
debug1: SELinux support enabled [preauth]
debug1: ssh_selinux_change_context: setting context from 'unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023' to 'unconfined_u:unconfined_r:sshd_net_t:s0-s0:c0.c1023' [preauth]
debug3: ssh_selinux_change_context: setcon unconfined_u:unconfined_r:sshd_net_t:s0-s0:c0.c1023 from unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 failed with Invalid argument [preauth]
debug3: privsep user:group 74:74 [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,[email protected] [preauth]
debug2: compression stoc: none,[email protected] [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c [preauth]
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
debug2: ciphers ctos: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc [preauth]
debug2: ciphers stoc: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc [preauth]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512 [preauth]
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512 [preauth]
debug2: compression ctos: none,[email protected],zlib [preauth]
debug2: compression stoc: none,[email protected],zlib [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
debug1: kex: curve25519-sha256 need=32 dh_need=32 [preauth]
debug3: mm_request_send entering: type 120 [preauth]
debug3: mm_request_receive_expect entering: type 121 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 120
debug3: mm_request_send entering: type 121
debug1: kex: curve25519-sha256 need=32 dh_need=32 [preauth]
debug3: mm_request_send entering: type 120 [preauth]
debug3: mm_request_receive_expect entering: type 121 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 120
debug3: mm_request_send entering: type 121
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: receive packet: type 30 [preauth]
debug3: mm_sshkey_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: hostkey proof signature 0x55639ba6a250(101)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: send packet: type 31 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey out after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: send packet: type 7 [preauth]
debug3: receive packet: type 21 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: rekey in after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug3: receive packet: type 5 [preauth]
debug3: send packet: type 6 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user root service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug2: parse_server_config_depth: config reprocess config len 734
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug2: input_userauth_request: setting up authctxt for root [preauth]
debug3: mm_start_pam entering [preauth]
debug3: mm_request_send entering: type 100 [preauth]
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug3: mm_inform_authrole entering [preauth]
debug3: mm_request_send entering: type 80 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 100
debug1: PAM: initializing for "root"
debug1: PAM: setting PAM_RHOST to "::1"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 100 used once, disabling now
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 1.235ms, delaying 4.731ms (requested 5.966ms) [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 80
debug3: mm_answer_authrole: role=
debug2: monitor_read: 80 used once, disabling now
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 8363

Interestingly enough, if I run an nmap on serverA, I also see this:

Host is up (0.00013s latency).

PORT   STATE SERVICE
22/tcp open  ssh
| ssh-auth-methods:
|_  Supported authentication methods: false

Attempting to ssh with PreferredAuthentications=passwrod and PubkeyAuthentication=no has the same results.

Copy of /etc/ssh/ssh_config

#   $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,[email protected]
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#
# This system is following system-wide crypto policy.
# To modify the system-wide ssh configuration, create a  *.conf  file under
#  /etc/ssh/ssh_config.d/  which will be automatically included below
Include /etc/ssh/ssh_config.d/*.conf

copy of /etc/ssh/sshd_config

#   $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# This system is following system-wide crypto policy. The changes to
# crypto properties (Ciphers, MACs, ...) will not have any effect here.
# They will be overridden by command-line options passed to the server
# on command line.
# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile  .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in RHEL and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes

# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
# as it is more configurable and versatile than the built-in version.
PrintMotd no

#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem   sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#   X11Forwarding no
#   AllowTcpForwarding no
#   PermitTTY no
#   ForceCommand cvs server

I'm unsure as to what's changed - the internal firewall is seeing traffic fine and has had no changes. nothing in the yum history implying any updates, and I'm able to ssh in with other servers fine. I feel like it's something blindly staring me in the face - what am I missing here?

Answer 1

1. You write:

the /etch/sshd_config is set to allow PasswordAuthentication

(you obvoulsy meant the file /etc/ssh/sshd_config)

but have the result

userauth-request for user root service ssh-connection method none

=> These statements are in contradiction.

2. You state that you have no entries in the servers logs.

=> This is consistent to the message ssh-connection method none above. Having no connection method is not an error but a state of configuration.

*In the result there is no configured authentication method configured at the ssh-server. So no authentication can be done and the login-communication ends by a regular disconnect before *

Else we would have seen a message like this in your debug log at the position and instead of Connection closed by serverA port 22:

debug1: Next authentication method: password

So the first thing to search for an error is to have a look at the ssh-server configuration in

/etc/ssh/sshd_config

Unfortunately your intended paste of that file ended in pasting /etc/ssh/ssh_config (without the d after ssh)

As you're not aware of disabling the password authentication, I think there must be a typo i.e. you accidentally deleted the commenting # (or a third party did change the sshd_config).

Please search the file for

PasswordAuthentication

1. Assure the value of this entry is set to yes and is not commented by #:

PasswordAuthentication yes

This should be default, but compiled defaults can also be changed...

2. Check the whole file for more entries of the keyword and disable or delete them.

3. After changing the sshd_config the sshd has to be restarted:

systemctl restart sshd

4. Also if you didn't change anything please restart the sshd as it might be possible that already applied changes of your testing have not yet been re-read by the sshd (by restarting it).

If the error persists you should update your question by the real /etc/ssh/sshd_config so we can have a look at it.