Ubuntu sshd configuration WTF

Post #289,330 by inthane-chan 7/18/07 12:46:30 PM Reply	Ubuntu sshd configuration WTF Trying to set up a nonstandard incoming sshd port on a Ubuntu 6.06 box, all latest patches. sudo nano /etc/ssh/sshd_config Change "Port 22" to "Port xx" (where xx is an actual numeric port, less than 22000, higher than 20000, and not currently in use by any other service. sudo /etc/init.d/ssh restart ssh -p xx boxname Connection reset by peer. sudo nano /etc/ssh/sshd_config Change "Port xx" to "Port 22" sudo /etc/init.d/ssh restart ssh boxname Works like a charm, but not on the desired port. :P Am I missing something? Odoru aho ni miru aho! Onaji aho nara odoranya son son!
Post #289,331 by boxley 7/18/07 1:03:11 PM Reply	is any other service blocking hiports? Quantum materiae materietur marmota monax si marmota monax materiam possit materiari? Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 51 years. meep reach me at [link\|mailto:bill.oxley@cox.net\|mailto:bill.oxley@cox.net]
Post #289,333 by inthane-chan 7/18/07 1:08:52 PM Reply	Not that I know of. iptables has nothing in it at all, and I get the "connection reset by peer" error even when ssh'ing from the local box back to itself. Doesn't mean it couldn't be something exotic in the sshd_config file that I don't know about. Basically, I installed a LAMP server, updated all patches, added ssh, added ntp, added syslog_ng, and that's about it. Odoru aho ni miru aho! Onaji aho nara odoranya son son!
Post #289,334 by crazy 7/18/07 1:53:00 PM Reply	There is a very specific series of steps when debugging ssh Be on the box. In 1 window, execute sshd using the -D option so it goes into non-deamon mode, and start adding adding -d (again and again) to increase the debug level, also using the -f to point to your test config file. In another window (on the same box), use ssh with the -v option (again and again for more stuff), and go against localhost. This will give a LOT of information about what it is trying to do. If it simply works, you have an off-box network block that you need to resolve. Then, go to another box, and run the client side with the -v (etc) The "connection reset by peer" sounds like a firewall in the middle killing the connection.
Post #289,335 by inthane-chan 7/18/07 2:02:13 PM Reply	Pretty certain it's not an external firewall issue. I cannot ssh from the box to itself on port xx. I'll hit the debug mode and see what happens. Odoru aho ni miru aho! Onaji aho nara odoranya son son!
Post #289,348 by Andrew Grygus 7/18/07 6:52:45 PM Reply	I got "Connection reset by peer" last week . . . . . . anytime hosts.deny/hosts.allow was set up wrong. [link\|http://www.aaxnet.com\|AAx]
Post #289,337 by a6l6e6x 7/18/07 3:02:16 PM Reply	You don't mean >>Change "Port xx" to "Port 22"<<. Alex Nobody has a more sacred obligation to obey the law than those who make the law. -- Sophocles (496? - 406 BCE)
Post #289,340 by inthane-chan 7/18/07 3:25:27 PM Reply	I meant I changed it back to 22. Basically, I was testing if I horked something else up. Changing the port back to 22, it all started working again. I've been following Crazy's suggestion of doing the max debug level and ramping down. Something VERY strange has happened... sshd -Dddd WORKED on port xx. sshd DID NOT WORK on port xx. Go figure. Odoru aho ni miru aho! Onaji aho nara odoranya son son!
Post #289,341 by inthane-chan 7/18/07 3:28:38 PM Reply	-D switch seems to make it work. Basically, no matter the debug level, if I start sshd with the -D switch, I can connect to port xx. If not, I can't connect to either xx OR 22. Time to figure out exactly what the -D switch does. Odoru aho ni miru aho! Onaji aho nara odoranya son son!
Post #289,342 by folkert 7/18/07 3:28:49 PM Reply	Also don't forget... /etc/defaults/ssh add the option to the proper location. But don't forget to remove them when done... else you get full partitions from the /var/log area. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* `PGP key: 1024D/B524687C 2003-08-05 Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C Alternate Fingerprint: 09F9 1102 9D74 E35B D841 56C5 6356 88C0 Alternate Fingerprint: 455F E104 22CA 29C4 933F 9505 2B79 2AB2`
Post #289,339 by folkert 7/18/07 3:12:49 PM Reply	One thing from a long time ago... I remember that one particular line in sshd_config not being able to have ANY characters (spaces or what not) except for newline after it. I am not sure if this is still the case but... you never know. Also, a restart in Ubuntu sometimes is just a config re-load. If that is the case... you might also want to consider a stop then start. This might explain the pseudo open port... One last item, did you try port 22 when it was supposed to be on the new port? Me thinks it may have answered. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* `PGP key: 1024D/B524687C 2003-08-05 Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C Alternate Fingerprint: 09F9 1102 9D74 E35B D841 56C5 6356 88C0 Alternate Fingerprint: 455F E104 22CA 29C4 933F 9505 2B79 2AB2`

Welcome to IWETHEY!