[Freeipa-users] ssh_exchange_identification: Connection closed by remote host
Roberto Cornacchia
roberto.cornacchia at gmail.com
Fri Aug 28 15:48:45 UTC 2015
Hmm, please forgive me.
It appears that sshd was NOT running on hadron.
I HAD checked before, but ... I don't know... a big ball of wibbily wobbly
timey wimey...stuff must have happened.
Sorry for the waste of time.
On 28 August 2015 at 17:10, Roberto Cornacchia <roberto.cornacchia at gmail.com
> wrote:
> Hi,
>
> I have two hosts, "photon" and "hadron", and an LDAP user "roberto".
> The user can login successfully on both machines.
>
> The SSH pub key is uploaded
> .
> Running "sss_ssh_authorizedkeys roberto" from both clients returns the
> same key.
>
> Port 22 is open on both clients, sshd is running on both clients.
>
> On both client, /etc/ssh/ssh_config is:
> Host *
> GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
> PubkeyAuthentication yes
> ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
> GSSAPIAuthentication yes
>
> On both clients, /etc/ssh/sshs_config is:
> KerberosAuthentication no
> PubkeyAuthentication yes
> UsePAM yes
> AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
> GSSAPIAuthentication yes
> AuthorizedKeysCommandUser nobody
>
>
> However, ssh from hadron to photon works, the other way around doesn't:
>
> roberto at photon $ ssh -vv hadron
> OpenSSH_6.9p1, OpenSSL 1.0.1k-fips 8 Jan 2015
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 56: Applying options for *
> debug1: Executing proxy command: exec /usr/bin/sss_ssh_knownhostsproxy -p
> 22 hadron
> debug1: permanently_drop_suid: 1172000006
> debug1: identity file /home/roberto/.ssh/id_rsa type 1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/roberto/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/roberto/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/roberto/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/roberto/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/roberto/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/roberto/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/roberto/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_6.9
> *ssh_exchange_identification: Connection closed by remote host*
>
>
> If I include a few other cases, this is the summary:
> - photon to hadron FAILS
> - photon to photon SUCCEEDS
> - photon to ipa server SUCCEEDS
> - photon to (non-ipa-client) FAILS before asking password (no keypair
> suthentication expected here)
>
> - hadron to photon SUCCEEDS
> - hadron to hadron FAILS
> - hadron to ipa server SUCCEEDS
> - hadron to (non-ipa-client) FAILS before asking password (no keypair
> suthentication expected here)
>
> I know that the error above is quite generic, so I don't expect someone
> can point out the exact cause, but perhaps someone can help me debug this?
> What could I look at?
>
> Thanks,
> Roberto
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150828/f983ac45/attachment.htm>
More information about the Freeipa-users
mailing list