Re: sshd refuses ssh connections

[Chris Taylor <chris at equate dot dyndns dot org>]

Top-posting reformatted.

> > Marc Jourdeuil wrote:
> >
> > > I am trying to setup sshd on cygwin, so ssh works.....
> > >
> > > i followed all instructions from:
> > > http://pigtail.net/LRP/printsrv/cygwin-sshd.html
> > >
> > > the important ones being to set
> > >
> > > variable name is CYGWIN
> > > variable value is ntsec tty
> > >
> > > as an env variable in windows,  and
> > >
> > > to append ;c:\cygwin\bin to the win2k Path var.
> > >
> > > ssh -vvv localhost
> > > p4-3000:marcj:{/home/marcj}198 % ssh -vvv localhost
> > > OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
> > > debug1: Reading configuration data /etc/ssh_config
> > > debug2: ssh_connect: needpriv 0
> > > debug1: Connecting to localhost [127.0.0.1] port 22.
> > > debug1: connect to address 127.0.0.1 port 22: Connection refused
> > > ssh: connect to host localhost port 22: Connection refused
> > >
> > >
> > > The process is running:
> > > p4-3000:marcj:{/home/marcj}160 % ps -ef
> > >     UID     PID    PPID TTY     STIME COMMAND
> > >   marcj    1948       1 con  00:43:18 /usr/bin/bash
> > >  SYSTEM     728       1   ?  00:48:33 /usr/bin/cygrunsrv
> > >  SYSTEM     480     728   ?  00:48:33 /usr/sbin/sshd
> > >   marcj    1748    1948 con  00:53:03 /usr/bin/sh
> > >   marcj    2076    1748 con  00:53:03 /usr/X11R6/bin/XWin
> > >   marcj    1840    1748 con  00:53:04 /usr/X11R6/bin/wmaker
> > >   marcj    1648    1840 con  00:53:04 /usr/X11R6/bin/wmaker
> > >   marcj    1600    1648   ?  00:53:17 /usr/bin/xterm
> > >   marcj    1564    1600   0  00:53:18 /usr/bin/tcsh
> > >   marcj    2148       1   0  00:53:25 /usr/bin/xterm
> > >   marcj    2164    2148   1  00:53:25 /usr/bin/tcsh
> > >   marcj    2196    2164   1  00:53:44 /usr/bin/ps
> > >
> > >
> > > and the port 22 is listening:
> > > p4-3000:marcj:{/etc}183 % netstat -an
> > >
> > > Active Connections
> > >
> > >  Proto  Local Address          Foreign Address        State
> > >  TCP    0.0.0.0:22             0.0.0.0:0              LISTENING
> > >
> > > Yet I always get connection refused:
> > >
> > > ssh marcj@127.0.0.1
> > > ssh connect to host 127.0.0.1 port 22: connection refused
> > > ssh localhost
> > > ssh: connect to host localhost port 22: Connection refused
> > >
> > > ssh marcj@192.168.1.204
> > > ssh: connect to host 192.168.1.204 port 22: Connection refused
> > >
> > > I only have 1 copy of cygwin1.dll - in c:\cygwin\bin
> > > I installed the openssh pkg at the same time that I did the initial
>
> cygwin
>
> > > install. I am just trying
> > > to get sshd working now.
> > >
> > > I have 2 old copies of cygwin: c:\cygwin-old and
> > > H:\Program-Files2\cygwin-not used anymore
> > >
> > > I can't edit
> > > /etc/ssh_config file using cygwin or win2k even though I have admin
>
> rights
>
> > > on pc.
> >
> > <snip sshd config>
> >
> > > I have looked at FAQs, google, archives....
> > >
> > > Not sure where to go from here.
> > >
> > > Marc
> >
> > Could you stop the service, as described on the page you mention, and
> > then start it manually by doing the following:
> >
> > sshd -D -dd
> >
> >
> > Once this is running, try to ssh to it from another cygwin window.
> > The instance of sshd should process one connection - failed or not.
> > Post the output from sshd so that we can get a better idea of what's
> > happening.
> >
> > As a thought though.. Running any firewalls on that machine? (They
> > /shouldn't/ affect localhost connections, but I don't trust them...
> >
> >
> > Chris

Marc Jourdeuil wrote:
> I successfully stopped sshd.
>
> /usr/sbin/sshd -D -dd
> debug2: load_server_config: filename /etc/sshd_config
> debug2: load_server_config: done config len = 187
> debug2: parse_server_config: config /etc/sshd_config len 187
> debug1: sshd version OpenSSH_3.9p1
> Could not load host key: /etc/ssh_host_key
> Could not load host key: /etc/ssh_host_rsa_key
> Could not load host key: /etc/ssh_host_dsa_key
> Disabling protocol version 1. Could not load host key
> Disabling protocol version 2. Could not load host key
> sshd: no hostkeys available -- exiting.

Well, this is definitely why it's not working.

>
> ran this again
> ssh-host-config
> Overwrite existing /etc/ssh_config file? (yes/no) yes
> Generating /etc/ssh_config file
> Overwrite existing /etc/sshd_config file? (yes/no) yes
> Privilege separation is set to yes by default since OpenSSH 3.3.
> However, this requires a non-privileged account called 'sshd'.
> For more info on privilege separation read
> /usr/share/doc/openssh/README.privsep.
>
> Should privilege separation be used? (yes/no) yes
> Generating /etc/sshd_config file
>
> Host configuration finished. Have fun!
>

Hrm.. I'm sure this is supposed to generate the host keys... (I'm sure 
someone will correct me if I'm wrong, but I could have sworn that it did 
for me..)


> p4-3000:marcj:{/usr/sbin}230 % /usr/sbin/sshd -D -dd
> debug2: load_server_config: filename /etc/sshd_config
> debug2: load_server_config: done config len = 187
> debug2: parse_server_config: config /etc/sshd_config len 187
> debug1: sshd version OpenSSH_3.9p1
> Could not load host key: /etc/ssh_host_key
> Could not load host key: /etc/ssh_host_rsa_key
> Could not load host key: /etc/ssh_host_dsa_key
> Disabling protocol version 1. Could not load host key
> Disabling protocol version 2. Could not load host key
> sshd: no hostkeys available -- exiting.
>
> /etc/
> -rwxr-xr-x   1 marcj  None    1159 Oct 19 13:57 ssh_config
> -rw-------   1 SYSTEM None     668 Oct 19 00:43 ssh_host_dsa_key
> -rw-r--r--   1 SYSTEM None     603 Oct 19 00:43 ssh_host_dsa_key.pub
> -rw-------   1 SYSTEM None     528 Oct 19 00:43 ssh_host_key
> -rw-r--r--   1 SYSTEM None     332 Oct 19 00:43 ssh_host_key.pub
> -rw-------   1 SYSTEM None     883 Oct 19 00:43 ssh_host_rsa_key
> -rw-r--r--   1 SYSTEM None     223 Oct 19 00:43 ssh_host_rsa_key.pub
> -rw-r--r--   1 marcj  None    2807 Oct 19 13:58 sshd_config
>

The host key permissions seem fine to me.. Though for me the configs are 
owned by SYSTEM as well - that said, that may be related to an 
incomplete user list on the machine I checked - it doesn't seem all that 
keen on pulling the full list from our domain server, but that's another 
issue.

>
> inetd is not running, should it? I have ssh in /etc/services. I have no
> /etc/inetd.conf file. Should I?
> telnet localhost does nothing.

No, you don't need identd. /etc/services is just a list of what services 
use what ports.
Telnet shouldn't work regardless - you should never run telnet anymore.

>
> I wasn't running any firewall before. I restarted zonealarm, but that
> doesn't seem to be a factor right now.
> It might be later, when I try from another PC.
>

It probably would, unless you tell ZA to allow all incoming traffic on 
port 22, but at the moment that won't help.

Try this (though I give no guarantee's that it will fix anything)

rm /etc/ssh_host*
ssh-host-config

It *should* regenerate the host keys if you do this (and should say as 
much right away).

Assuming it does, try the same as above afterwards.
If it works, then you'll be able to do:
cygrunsrv --start sshd

at which point you'll be sorted.


Chris

--

Spinning complacently in the darkness, covered and blinded by a blanket
of little lives, false security has lulled the madness of this world
into a slumber. Wake up! An eye is upon you, staring straight down and
keenly through, seeing all that you are and everything that you will
never be. Yes, an eye is upon you, an eye ready to blink. So face
forward, with arms wide open and mind reeling. Your future has
arrived... Are you ready to go?

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/