8

While there are many questions on this site and others addressing this very issue, I haven't yet found one that seems to address what I'm experiencing.

When trying to ssh a linux box from a MBpro running Lion, I get the following error:

gjohnson5@Gentrys-MacBook-Pro:~$ ssh -v user@server_name
OpenSSH_5.6p1, OpenSSL 0.9.8y 5 Feb 2013
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to server_name[ip_address] port 22.
debug1: Connection established.
debug1: identity file /Users/gjohnson5/.ssh/id_rsa type -1
debug1: identity file /Users/gjohnson5/.ssh/id_rsa-cert type -1
debug1: identity file /Users/gjohnson5/.ssh/id_dsa type -1
debug1: identity file /Users/gjohnson5/.ssh/id_dsa-cert type -1
ssh_exchange_identification: Connection closed by remote host

The strange thing is that I get this error intermittently. Sometimes rebooting my machine and trying again will get me into the server no problem. Other times, the error persists. Occasionally, I will successfully log on, close the connection, try to reconnect a few seconds later, and then receive the error.

Now, I've tried clearing the ~/.ssh/known_hosts file, and I've found that trying to log on as a different user on my same machine still throws the error. I cannot check /etc/hosts.allow and /etc/hosts.deny since I cannot access the server and my employer's IT is, unfortunately, being unresponsive. I can't imagine that would be the issue, however, as I am occasionally able to log into the server using my machine. It seems like the problem might be with some configuration on my machine (??), though I'm relatively inexperienced with this and wouldn't know where to start looking.

EDIT: As per request, this is the result of checking MaxStartups:

grep MaxStartups /etc/ssh/sshd_config
#MaxStartups 10:30:60
Improve this question

4 Answers 4

Reset to default
6

Possibly, the issue seems to occur if it happens to have more number of incoming requests.

Once the number of unauthenticated connections goes over the sshd:MaxStartUps parameter, sshd starts rejecting those connections.

So preferably increase the MaxStartups in sshd_config

HTH!

Improve this answer
12
  • That's an interesting suggestion, however it's a scarcely-used server (there could only be a handful of people trying to access it at any one time). Could this still be the case? In any event, I'm unable to alter the sshd_config on the server.
    – thagzone
    Commented Sep 22, 2014 at 19:42
  • Possibly, can you paste the output of? #cat /etc/ssh/sshd_config | grep MaxStartups
    – BDRSuite
    Commented Sep 22, 2014 at 20:26
  • Done, hopefully that's helpful!
    – thagzone
    Commented Sep 22, 2014 at 21:19
  • Believe your issue is resolved?
    – BDRSuite
    Commented Sep 22, 2014 at 21:21
  • 2
    "scarcely-used server" but maybe the server is getting brute-forced some way. so the ssh connections are in use this way. In this case MaxStartups would only lead to more bandwith usage and higher server load. You should think about a non default port in high port range and something like fail2ban
    – xx4h
    Commented Feb 27, 2015 at 14:32
1

Please check the rules defined in /etc/hosts.allow and /etc/hosts.deny files. There may be some rules defined over there to allow/block connections from system.

It may happen that your IP address is changing after rebooting system and sometimes IP which is denied on server is getting assigned to system.

Improve this answer
2
0

What do the log say? Connection established. followed by ssh_exchange_identification: Connection closed by remote host means the connection between the client and the server was established but ssh couldn't start.

In my humble experience this is often caused by whether

TCP_wrapper blocking SSH: check that the rules in the files /etc/hosts.{allow,deny} on the server host allow connection to the SSH daemon,

or by a typo in the server's SSH daemon configuration that prevents it to answer as expected. log will tell, eg sshd[6652]: fatal: /etc/ssh/sshd_config line 134: Directive 'Port' is not allowed within a Match block

Improve this answer
2
  • … the opening poster "… cannot check /etc/hosts.allow and /etc/hosts.deny since I cannot access the server …"
    – Graham Perrin
    Commented Sep 20, 2015 at 2:10
  • @GrahamPerrin which let the typo in sshd_config as well as vembutech proposal. Also, listing the most possible causes to an issue, and being unable to act on one of these are two different things I believe.
    – tuk0z
    Commented Sep 21, 2015 at 21:03
-1

Try

lsof -n | grep ssh | grep DEL
Improve this answer
1
  • While this code might be useful for resolving the issue, it isn’t clear that this is the case. Explaining how and why it solves the problem would improve the usefulness and long-term value of the answer.
    – Anthony Geoghegan
    Commented Sep 11, 2017 at 9:31

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .