You are not logged in.
- Topics: Active | Unanswered
#1 2024-03-15 12:16:30
- MAYBL8
- Member
- Registered: 2022-01-14
- Posts: 286
[SOLVED] ssh connection refused
This was working and now all i get is connection refused.
I am just trying this from internal network. Want to use it to edit local website files from a different computer on the network.
Here is some config files:
# Include drop-in configurations
Include /etc/ssh/sshd_config.d/*.conf
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Port 8087
AllowUsers demo danc
Basser /etc/issue
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#KbdInteractiveAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
#UsePAM no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server# Static table lookup for hostnames.
# See hosts(5) for details.
127.0.0.1 localhost
::1 localhost
127.0.1.1 arch-linux.localdomain arch-linux
sshd:192.168.68.33 # your remote box[demo@arch-linux ~]$ nmap -p 8087 192.168.68.33
Starting Nmap 7.94 ( https://nmap.org ) at 2024-03-15 08:03 EDT
Nmap scan report for arch-linux (192.168.68.33)
Host is up (0.000054s latency).
PORT STATE SERVICE
8087/tcp closed simplifymedia
Nmap done: 1 IP address (1 host up) scanned in 0.02 seconds
[demo@arch-linux ~]$ sudo systemctl restart sshd.service
[demo@arch-linux ~]$ ssh -p 8087 demo@192.168.68.33
ssh: connect to host 192.168.68.33 port 8087: Connection refused
[demo@arch-linux ~]$ ssh -vvv -p 8087 demo@192.168.68.33
OpenSSH_9.6p1, OpenSSL 3.2.1 30 Jan 2024
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 2: include /etc/ssh/ssh_config.d/*.conf matched no files
debug2: resolve_canonicalize: hostname 192.168.68.33 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/demo/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/demo/.ssh/known_hosts2'
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.68.33 [192.168.68.33] port 8087.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: connect to address 192.168.68.33 port 8087: Connection refused
ssh: connect to host 192.168.68.33 port 8087: Connection refusedLast edited by MAYBL8 (2024-03-16 21:50:53)
Online
#2 2024-03-15 13:36:04
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,896
Re: [SOLVED] ssh connection refused
The sshd on the local host is irrelevant and nothing is listening on 192.168.168.33:8087
The entry in your hosts is nonsense, thisould have belonged into hosts.allow before tcpwrappers were scrapped a decade ago.
Offline
#3 2024-03-15 13:55:53
- MAYBL8
- Member
- Registered: 2022-01-14
- Posts: 286
Re: [SOLVED] ssh connection refused
OK so I want to update html files from a different computer. If not sshd what would you suggest? I could try to install sftp?
Thanks
Online
#4 2024-03-15 14:03:42
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,896
Re: [SOLVED] ssh connection refused
Do you control the host w/ the IP 192.168.168.33?
Is sshd installed and running there?
Check the status of the service, whether it shows up in "ss -tulpen" and its config.
The host that you're trying to ssh *from* is in the same 192.168.168.0/24 segment? ("ip a")
Offline
#5 2024-03-16 01:45:56
- MAYBL8
- Member
- Registered: 2022-01-14
- Posts: 286
Re: [SOLVED] ssh connection refused
seth wrote:
Do you control the host w/ the IP 192.168.168.33?
Is sshd installed and running there?
Check the status of the service, whether it shows up in "ss -tulpen" and its config.
The host that you're trying to ssh *from* is in the same 192.168.168.0/24 segment? ("ip a")
Yes I control the host.
See below on sshd
see below on ss -tulpen
Right now I am just trying to make sure ssh is configured and safe to run.
But the computer I will run it on is on the same network.
[demo@arch-linux ~]$ ss -tulpen
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 224.0.0.251:5353 0.0.0.0:* users:(("opera",pid=728,fd=197)) uid:1000 ino:19319 sk:1 cgroup:/user.slice/user-1000.slice/session-2.scope <->
udp UNCONN 0 0 0.0.0.0:5353 0.0.0.0:* uid:975 ino:1453 sk:2 cgroup:/system.slice/systemd-resolved.service <->
udp UNCONN 0 0 0.0.0.0:5355 0.0.0.0:* uid:975 ino:1443 sk:3 cgroup:/system.slice/systemd-resolved.service <->
udp UNCONN 0 0 127.0.0.54:53 0.0.0.0:* uid:975 ino:1460 sk:4 cgroup:/system.slice/systemd-resolved.service <->
udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* uid:975 ino:1458 sk:5 cgroup:/system.slice/systemd-resolved.service <->
udp UNCONN 0 0 192.168.68.33%eth0:68 0.0.0.0:* uid:979 ino:62565 sk:6 cgroup:/system.slice/systemd-networkd.service <->
udp UNCONN 0 0 [::]:5353 [::]:* uid:975 ino:1454 sk:7 cgroup:/system.slice/systemd-resolved.service v6only:1 <->
udp UNCONN 0 0 [::]:5355 [::]:* uid:975 ino:1451 sk:8 cgroup:/system.slice/systemd-resolved.service v6only:1 <->
udp UNCONN 0 0 [fe80::3617:ebff:fed1:a74e]%eth0:546 [::]:* uid:979 ino:4924 sk:9 cgroup:/system.slice/systemd-networkd.service v6only:1 <->
tcp LISTEN 0 4096 0.0.0.0:5355 0.0.0.0:* uid:975 ino:1444 sk:1001 cgroup:/system.slice/systemd-resolved.service <->
tcp LISTEN 0 4096 127.0.0.54:53 0.0.0.0:* uid:975 ino:1461 sk:1002 cgroup:/system.slice/systemd-resolved.service <->
tcp LISTEN 0 80 0.0.0.0:3306 0.0.0.0:* uid:969 ino:6159 sk:1003 cgroup:/system.slice/mariadb.service <->
tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* uid:975 ino:1459 sk:1004 cgroup:/system.slice/systemd-resolved.service <->
tcp LISTEN 0 511 0.0.0.0:8080 0.0.0.0:* ino:5597 sk:1005 cgroup:/system.slice/nginx.service <->
tcp LISTEN 0 4096 [::]:5355 [::]:* uid:975 ino:1452 sk:1006 cgroup:/system.slice/systemd-resolved.service v6only:1 <->
tcp LISTEN 0 80 [::]:3306 [::]:* uid:969 ino:6160 sk:1007 cgroup:/system.slice/mariadb.service v6only:1 <->
[demo@arch-linux ~]$ sudo systemctl status sshd.service
× sshd.service - OpenSSH Daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Fri 2024-03-15 21:41:41 EDT; 1min 25s ago
Duration: 4ms
Process: 11003 ExecStart=/usr/bin/sshd -D (code=exited, status=255/EXCEPTION)
Main PID: 11003 (code=exited, status=255/EXCEPTION)
CPU: 4ms
Mar 15 21:41:41 arch-linux systemd[1]: sshd.service: Scheduled restart job, restart counter is at 5.
Mar 15 21:41:41 arch-linux systemd[1]: sshd.service: Start request repeated too quickly.
Mar 15 21:41:41 arch-linux systemd[1]: sshd.service: Failed with result 'exit-code'.
Mar 15 21:41:41 arch-linux systemd[1]: Failed to start OpenSSH Daemon.
[demo@arch-linux ~]$ Online
#6 2024-03-16 08:40:41
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,896
Re: [SOLVED] ssh connection refused
Well, the sshd service fails.
See whether "sudo sshd -De" reveals why (likely your sshd config?)
Offline
#7 2024-03-16 12:13:15
- MAYBL8
- Member
- Registered: 2022-01-14
- Posts: 286
Re: [SOLVED] ssh connection refused
[demo@arch-linux ~]$ sudo sshd -De
[sudo] password for demo:
sshd re-exec requires execution with an absolute pathOnline
#8 2024-03-16 12:24:43
- MAYBL8
- Member
- Registered: 2022-01-14
- Posts: 286
Re: [SOLVED] ssh connection refused
does this info help
[root@arch-linux demo]# /usr/bin/sshd
/etc/ssh/sshd_config: line 16: Bad configuration option: Basser
/etc/ssh/sshd_config: terminating, 1 bad configuration optionsOnline
#9 2024-03-16 12:34:23
- MAYBL8
- Member
- Registered: 2022-01-14
- Posts: 286
Re: [SOLVED] ssh connection refused
Found out that was a typo but i never modified that line
It should have read Banner
But that didn't solve the issue.
Online
#10 2024-03-16 12:46:52
- MAYBL8
- Member
- Registered: 2022-01-14
- Posts: 286
Re: [SOLVED] ssh connection refused
More info
[root@arch-linux demo]# sudo systemctl status sshdgenkeys.service
○ sshdgenkeys.service - SSH Key Generation
Loaded: loaded (/usr/lib/systemd/system/sshdgenkeys.service; static)
Active: inactive (dead)
Condition: start condition unmet at Sat 2024-03-16 08:39:57 EDT; 5min ago
├─ ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key was not met
├─ ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub was not met
├─ ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key was not met
├─ ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub was not met
├─ ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key was not met
└─ ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub was not met
Mar 16 08:32:20 arch-linux systemd[1]: SSH Key Generation was skipped because no trigger condition checks were met.
Mar 16 08:32:20 arch-linux systemd[1]: SSH Key Generation was skipped because no trigger condition checks were met.
Mar 16 08:32:21 arch-linux systemd[1]: SSH Key Generation was skipped because no trigger condition checks were met.
Mar 16 08:32:21 arch-linux systemd[1]: SSH Key Generation was skipped because no trigger condition checks were met.
Mar 16 08:39:56 arch-linux systemd[1]: SSH Key Generation was skipped because no trigger condition checks were met.
Mar 16 08:39:56 arch-linux systemd[1]: SSH Key Generation was skipped because no trigger condition checks were met.
Mar 16 08:39:56 arch-linux systemd[1]: SSH Key Generation was skipped because no trigger condition checks were met.
Mar 16 08:39:57 arch-linux systemd[1]: SSH Key Generation was skipped because no trigger condition checks were met.
Mar 16 08:39:57 arch-linux systemd[1]: SSH Key Generation was skipped because no trigger condition checks were met.
Mar 16 08:39:57 arch-linux systemd[1]: SSH Key Generation was skipped because no trigger condition checks were met.
[root@arch-linux demo]# Online
#11 2024-03-16 14:42:53
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,896
Re: [SOLVED] ssh connection refused
Please don't bump - edit your previous posts if nobody has yet replied.
sshdgenkeys isn't relevant here, does the sshd.service now start?
Does it listen on some port (22 or 8087)?
Does nmap see it as open?
What's the resulting client error then?
Offline
#12 2024-03-16 15:29:44
- MAYBL8
- Member
- Registered: 2022-01-14
- Posts: 286
Re: [SOLVED] ssh connection refused
seth wrote:
Please don't bump - edit your previous posts if nobody has yet replied.
sshdgenkeys isn't relevant here, does the sshd.service now start?
Does it listen on some port (22 or 8087)?
Does nmap see it as open?
What's the resulting client error then?
Since it is not running it doesn't look like it. I have it set per the config file to be on port 8087.
[root@arch-linux demo]# netstat -an | grep LISTEN
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8087 0.0.0.0:* LISTEN
tcp6 0 0 :::5355 :::* LISTEN
tcp6 0 0 :::3306 :::* LISTEN
tcp6 0 0 :::8087 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 4085 /tmp/sddm-auth-7f34bd1d-79e2-4241-bf42-0955cbb69248
unix 2 [ ACC ] STREAM LISTENING 6145 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 6171 /tmp/.wtdJgU/s
unix 2 [ ACC ] STREAM LISTENING 5662 /run/user/1000/systemd/private
unix 2 [ ACC ] STREAM LISTENING 5670 /run/user/1000/bus
unix 2 [ ACC ] STREAM LISTENING 5731 /tmp/.ICE-unix/535
unix 2 [ ACC ] STREAM LISTENING 5671 /run/user/1000/gnupg/S.dirmngr
unix 2 [ ACC ] STREAM LISTENING 5672 /run/user/1000/gnupg/S.gpg-agent.browser
unix 2 [ ACC ] STREAM LISTENING 5674 /run/user/1000/gnupg/S.gpg-agent.extra
unix 2 [ ACC ] STREAM LISTENING 1828 /tmp/ssh-XXXXXX2kJtyW/agent.571
unix 2 [ ACC ] STREAM LISTENING 5676 /run/user/1000/gnupg/S.gpg-agent.ssh
unix 2 [ ACC ] STREAM LISTENING 5678 /run/user/1000/gnupg/S.gpg-agent
unix 2 [ ACC ] STREAM LISTENING 5680 /run/user/1000/gnupg/S.keyboxd
unix 2 [ ACC ] STREAM LISTENING 5682 /run/user/1000/p11-kit/pkcs11
unix 2 [ ACC ] STREAM LISTENING 8262 /tmp/.org.chromium.Chromium.ZJc5ew/SingletonSocket
unix 2 [ ACC ] STREAM LISTENING 5717 /run/user/1000/at-spi/bus_0
unix 2 [ ACC ] STREAM LISTENING 1462 /run/systemd/resolve/io.systemd.Resolve
unix 2 [ ACC ] STREAM LISTENING 1463 /run/systemd/resolve/io.systemd.Resolve.Monitor
unix 2 [ ACC ] STREAM LISTENING 5315 /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 3476 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 3478 /run/systemd/userdb/io.systemd.DynamicUser
unix 2 [ ACC ] STREAM LISTENING 3479 /run/systemd/io.systemd.ManagedOOM
unix 2 [ ACC ] SEQPACKET LISTENING 3499 /run/systemd/coredump
unix 2 [ ACC ] STREAM LISTENING 3505 /run/systemd/journal/stdout
unix 2 [ ACC ] SEQPACKET LISTENING 3509 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 3578 /run/systemd/journal/io.systemd.journal
unix 2 [ ACC ] STREAM LISTENING 5325 /etc/pacman.d/gnupg/S.keyboxd
unix 2 [ ACC ] STREAM LISTENING 4287 /run/systemd/io.systemd.sysext
unix 2 [ ACC ] STREAM LISTENING 4748 /run/php-fpm/php-fpm.sock
unix 2 [ ACC ] STREAM LISTENING 6161 /run/mysqld/mysqld.sock
unix 2 [ ACC ] STREAM LISTENING 5316 /etc/pacman.d/gnupg/S.dirmngr
unix 2 [ ACC ] STREAM LISTENING 5321 /etc/pacman.d/gnupg/S.gpg-agent.ssh
unix 2 [ ACC ] STREAM LISTENING 5318 /etc/pacman.d/gnupg/S.gpg-agent.browser
unix 2 [ ACC ] STREAM LISTENING 5319 /etc/pacman.d/gnupg/S.gpg-agent.extra
unix 2 [ ACC ] STREAM LISTENING 5323 /etc/pacman.d/gnupg/S.gpg-agent
unix 2 [ ACC ] STREAM LISTENING 4096 @/tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 5730 @/tmp/.ICE-unix/535nmap
[root@arch-linux demo]# nmap 192.168.68.33
Starting Nmap 7.94 ( https://nmap.org ) at 2024-03-16 11:27 EDT
Nmap scan report for arch-linux (192.168.68.33)
Host is up (0.0000020s latency).
Not shown: 997 closed tcp ports (reset)
PORT STATE SERVICE
3306/tcp open mysql
8080/tcp open http-proxy
8087/tcp open simplifymedia
Nmap done: 1 IP address (1 host up) scanned in 0.10 secondsmaybe i got somewhere:
[root@arch-linux demo]# ssh -p 8087 demo@192.168.68.33
The authenticity of host '[192.168.68.33]:8087 ([192.168.68.33]:8087)' can't be established.
ED25519 key fingerprint is SHA256:MTjZmerrdhjl0jzFwxuu6cqYwgGtWYBvNnsdALsYya4.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[192.168.68.33]:8087' (ED25519) to the list of known hosts.
demo@192.168.68.33's password:
Last login: Wed Mar 13 19:28:58 2024 from 192.168.68.54
setleds: Unable to read keyboard flags: Inappropriate ioctl for deviceOnline
#13 2024-03-16 15:40:06
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,896
Re: [SOLVED] ssh connection refused
sshd is not running, listening and the port is open from the client AND you managed to login.
Is the setleds call actually fatal?
It's probably unconditionally in your bashrc or so.
Offline
#14 2024-03-16 16:55:53
- MAYBL8
- Member
- Registered: 2022-01-14
- Posts: 286
Re: [SOLVED] ssh connection refused
I don't know how this is working.
Here is my .bashrc
#
# ~/.bashrc
#
# If not running interactively, don't do anything
[[ $- != *i* ]] && return
alias ls='ls --color=auto'
alias grep='grep --color=auto'
PS1='[\u@\h \W]\$ 'Online
#15 2024-03-16 17:06:19
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,896
Re: [SOLVED] ssh connection refused
On 192.168.68.54 (is irrelevant) or 192.168.68.33?
Your bash_profile etc. might be relevant, too.
And that's only if you're using bash (resp. the "demo" user on the 192.168.68.33 is) and not eg. zsh or fish
seth wrote:
Is the setleds call actually fatal?
Offline
#16 2024-03-16 17:30:40
- MAYBL8
- Member
- Registered: 2022-01-14
- Posts: 286
Re: [SOLVED] ssh connection refused
I see the setleds is in the .bash_profile .
I am going to comment it out and see what happens.
Thanks
#
# ~/.bash_profile
#
[[ -f ~/.bashrc ]] && . ~/.bashrc
setleds -D +numHere is what I get now:
[demo@arch-linux ~]$ ssh -p 8087 demo@192.168.68.33
Arch Linux \r (\l)
demo@192.168.68.33's password:
Last login: Sat Mar 16 12:59:36 2024 from 192.168.68.33
[demo@arch-linux ~]$ Last edited by MAYBL8 (2024-03-16 17:34:30)
Online
#17 2024-03-16 21:25:19
- seth
- Member
- Registered: 2012-09-03
- Posts: 60,896
Re: [SOLVED] ssh connection refused
So you logged in via ssh … and?
Things originally failed because you have a bad sshd config on 192.168.68.33 so sshd failed to start and the connection got refused because there was nothing on the other end.
You can now also use sftp against that server or sshfs https://wiki.archlinux.org/title/SSHFS if you want to edit the filed w/ an editor on 192.168.68.54
If you want to keep setleds, condition it on the result of the "tty" output (might be available as $TTY, but the single invocation won't kill you) - it works on TTYs, not PTS.
Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.
Offline