I was trying to configure SFTP on Centos server. I edited /etc/ssh/sshd_config file and restarted service. There was an error on Chroot line. After a while connection broke with server and from then, no one is ever able to login to server. Obviously, unable to correct sshd configuration as unable to login to server.
I have root details. Plesk is configured to the server to manage domains. Still not able to do much.
Below is error log when trying for ssh login:
debug1: Authentication succeeded (publickey).
Authenticated to *.*.*.* ([*.*.*.*]:*).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: channel 0: free: client-session, nchannels 1
Connection to *.*.*.* closed by remote host.
Connection to *.*.*.* closed.
Transferred: sent 3412, received 2164 bytes, in 0.1 seconds
Bytes per second: sent 54190.6, received 34369.4
debug1: Exit status -1
If your entire SSH config is just messed up, you may just want to uninstall it and then reinstall it.
From root or using sudo:
Erase:
# chkconfig sshd off
# service sshd stop
# yum erase openssh-server
Install:
# yum –y install openssh-server openssh-clients
# systemctl start sshd
That's a really broad solution, if you have more details I may be able to help you further.
Related
I have my github keys working on port 22, a simple test like
ssh -T git#github.com
Returns,
"You've successfully authenticated, but GitHub does not provide shell
access"
However, when I try the same with port 443, which I believe it should work,
ssh -vvvT git#github.com -p 443
I get,
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data ~/.ssh/config
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolving "github.com" port 443
debug2: ssh_connect_direct
debug1: Connecting to github.com [140.82.112.3] port 443.
debug1: Connection established.
debug1: identity file ~/.ssh/id_rsa type 0
debug3: Failed to open ~/.ssh/id_rsa-cert error:2
debug3: Failed to open ~/.ssh/id_rsa-cert.pub error:2
debug1: identity file ~/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
kex_exchange_identification: Connection closed by remote host
I have tried many forums and online searches, but it hasn't resolved. Am I missing something? Thanks.
In past I have successfully used ssh over 443 for github pulls/pushes. Github has documention on how to use 443 for ssh here: https://docs.github.com/en/authentication/troubleshooting-ssh/using-ssh-over-the-https-port
The documentation that you linked to indicates that you can connect to a hostname of "ssh.github.com" on port 443:
$ ssh -T -p 443 git#ssh.github.com
^^^^^^^^^^^^^^-- Note "ssh.github.com"
According to your debug output, you're connecting to "github.com", not "ssh.github.com":
ssh -T git#github.com
...
debug1: Connecting to github.com [140.82.112.3] port 443.
^^^^^^^^^^-- Note no "ssh"
The second part of the page describes how you can configure your ssh client so that when you tell it to connect to "github.com", it will connect to "ssh.github.com" instead. As it describes, you could add the following four lines to the end of your local .ssh/config file:
Host github.com
Hostname ssh.github.com
Port 443
User git
Once you've done that, running a command like ssh -T git#github.com would actually connect to the hostname "ssh.github.com"
I just added a second ssh key in my .ssh folder on my mac to access the repo of my client.
The second repo I want to access is github.
I prepared my config file like:
Host github.com
IdentyFile ~/.ssh/id_github
Host xyz.*
IdentyFile ~/.ssh/id_xyz
Now I am able to access my clients repository, but not github anymore.
I also tried it with hostName entry but it did not work.
When I try ssh -vvv git#github.com I receive
OpenSSH_8.6p1, LibreSSL 2.8.3
debug1: Reading configuration data /Users/name/.ssh/config
debug1: /Users/name/.ssh/config line 1: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/name/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/name/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to github.com port 22.
debug1: Connection established.
debug1: identity file /Users/name/.ssh/id_ed25519 type 3
debug1: identity file /Users/name/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
But when I pull, nothing happen.
Can anybody help me?
Kind regards, nullpointer
Your configuration has a typo. The configuration option is IdentityFile, and it needs to be used in conjunction with IdentitiesOnly.
How to configure this correctly can be seen in the Git FAQ.
Well, I fixed it. After I found out that ssh -vT git#github.com established a connection and ssh git#github.com did not, I removed my vpn from my client and all worked fine. The problem was a running vpn.
Thanks
I am using manjaro linux. I've managed to setup ssh key before, but after i reinstall the OS, i failed after i've done all things with github ssh documents. my github commands are just waiting forever and generates this error: ssh: connect to host github.com port 22: Connection timed out, Example;
[maviay#manjaro ~]$ ssh -T git#github.com
ssh: connect to host github.com port 22: Connection timed out
While a firewall issue could be a common cause for port 22 blocked, check this thread for a wifi chipset driver issue.
Said issue would not affect HTTPS (443), which is why your workaround is working:
# ~/.ssh/config
Host github.com
Hostname ssh.github.com
Port 443
I am, for the first time, attempting to set up an application on a remote/cloud VPS (I am using Digital Ocean if it matters). I am attempting to create an SSH tunnel from my client to the remote database. As this is not something I have attempted before, I referenced this, this, and this.
After looking over the articles, I ran the following on my client/local machine:
ssh -L 5433:localhost:5432 user#REMOTE_IP
then I tried to connect:
psql -h localhost -p 5433 postgres;
However, I receive the following error:
psql: could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5433?
To my knowledge, my pg_hba.conf (on the remote server) is the default:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
I changed "listen_addresses" in postgresql.conf to *
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
I also tried substituting 127.0.0.1 forlocalhost with no success.
Any advice would be appreciated; SSH tunnels and the like are not something I am familiar with.
Thanks.
EDIT:
Per #drdaeman excellent advice, I ran the following:
sudo ssh -N -vvv -L 5433:localhost:5432 user#host
The last few debug lines are as follows:
debug1: Local forwarding listening on 127.0.0.1 port 5433.
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [port listener]
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug1: Requesting no-more-sessions#openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
Output from sudo netstat -ltpn | grep 5432
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 5835/postgres
It stops there, unresponsive to any commands.
Thanks for any direction.
Based on your description, everything looks OK to me - don't see where the problem is, but the commands you're running and your configuration looks correct. Here are the general steps you can take to diagnose the issue:
First, check if your PostgreSQL server is actually listening. On your server, run this:
$ sudo netstat -ltpn | grep 5432
(Or you can use ss -ltpn from iproute2 instead of older netstat)
If you don't see anything, it means no process is listening on tcp/5432. You can try to see if PostgreSQL is listening anywhere at all:
$ sudo netstat -lpn | grep postgre
If it doesn't - check whenever your server is actually running (depends on the OS and distribution, but check ps aux output first) and check your server logs (probably in /var/log) if you see any problems there.
Then, make sure you don't accidentally run psql on your server (when you SSH, it also opens the shell session unless you specify the -N flag). You need to run it on your local machine ;)
Then, you may also consider adding -v (or even -vvv) to your ssh command - it'll spew a lot of useful debug information, e.g. a normal operation looks like this:
debug1: Connection to port 5433 forwarding to localhost port 5432 requested.
debug1: channel 3: new [direct-tcpip]
debug1: channel 3: free: direct-tcpip: listening port 5433 for localhost port 5432, connect from ::1 port 60039 to ::1 port 5433, nchannels 4
If you see something like channel 3: open failed: connect failed: Connection refused instead, this means PostgreSQL had refused the connection - and you need to check its logs for the reasoning - possibly, after enabling log_connections and log_disconnections in the config (don't forget to reload the configuration).
I have a droplet on DigitalCloud with Ubuntu 14.04 and PostgreSQL 9.3. On local machine i have the same configuration.
My ssh connection is working so there is no problem with it. It must be somewhere in my Postgres connection or environment settings.
So what i have already done on the server is:
changed the listening port in /etc/ssh/sshd_config
Port 4321
enabled remote connections in /etc/postgresql/9.3/main/pg_hba.conf
host all all 0.0.0.0/0 md5
added listening addresses in /etc/postgresql/9.3/main/postgresql.conf
listen_addresses = '*'
And here is my local connection settings:
Here is my Properties tab screen
Here is my SSH Tunnel tab screen
I use just the same (and only) id_rsa.pub file which i used to establish my ssh connection before. Which is working. And this is an error that i get upon trying to connect:
SSH error: Authentication by identify file failed with error code -16
[Unable to extract public key from private key file: Wrong passphrase
or invalid/unrecognized private key file format]
My passphrase was set to empty.
If i try to connect without SSH tunnel there is another error:
Error connecting to the server: SSL error: unknown protocol expected
authentication request from server, but received S
I'm a complete newbie to it and I may have missed something important. So tell me if you want me to provide any other info on this matter.
EDIT 1:
If i use correct id_rsa file (without pub) then i get this same error:
Error connecting to the server: SSL error: unknown protocol expected
authentication request from server, but received S
I use just the same (and only) id_rsa.pub file
The first issue is that this is the wrong file. See if you have a file in the same place named "id_rsa" without the ".pub" extension. That is the file you should use as the identity file.
RSA ssh keys come in two files: "id_rsa" contains the private key, while "id_rsa.pub" contains the public key. id_rsa.pub is installed onto the server that you are connecting to, while id_rsa is used by the client that is making the connection to the server.
(Key files can be named something other than "id_rsa", of course. The point is that the private key is in foobar, while the public key is in foobar.pub.)
If you don't have an id_rsa file, then you should generate a new key and keep both files this time.
The second issue is that you have the wrong port on the Properties tab. The port number on the properties tab is the port that the PG server is running on. You should set this to 5432 or whatever port your server is actually listening on. It seems you should also set the "host" on the properties tab to "localhost", but I don't know if this is required.
Error connecting to the server: SSL error: unknown protocol expected authentication request from server, but received S
What is happening now is that your tunneled PG connection is going to port 4321 on the remote host, which is the SSH server. It happens that the first thing an SSH server sends to a new client is a version string, which looks like "SSH-2.0-OpenSSH_6.9" I don't know the PG protocol, but apparently your client reads the "S" in the SSH string and immediately knows it's not connected to a PG server.