#StackBounty: #ssh #12.04 ssh intermittent blocking connections

Bounty: 50

I’m having intermittent problems with ssh in an "old" server running Ubuntu 12.04. I am getting this error message ssh_exchange_identification: Connection closed by remote host in most attempts. But from time to time I can connect by using ssh -vvv.

This server (ventus) is part of a cluster whose nodes (ventus2-5) were configured with ssh-keygen to ssh without asking for a password, it was running fine until this week. Now I can ssh from the main node (ventus) to any of ventus2-5 but it is not possible to ssh from the other nodes to ventus.

This is the output of ssh -v from node 5 (ventus5) to the main node (ventus)

meteo@ventus5:~$ ssh -v ventus
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ventus [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/meteo/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/meteo/.ssh/id_rsa-cert type -1
debug1: identity file /home/meteo/.ssh/id_dsa type -1
debug1: identity file /home/meteo/.ssh/id_dsa-cert type -1
debug1: identity file /home/meteo/.ssh/id_ecdsa type -1
debug1: identity file /home/meteo/.ssh/id_ecdsa-cert type -1
ssh_exchange_identification: Connection closed by remote host

trying ssh -vvv I get the same error most times but from time to time is it possible to connect, both from cluster nodes or external IP (PINAR host trying to connect to ventus)

meteo@PINAR:~$ ssh -vvv ventus
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "ventus" port 22
debug2: ssh_connect_direct
debug1: Connecting to ventus [XXX.XXX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /home/meteo/.ssh/id_rsa type -1
debug1: identity file /home/meteo/.ssh/id_rsa-cert type -1
debug1: identity file /home/meteo/.ssh/id_dsa type -1
debug1: identity file /home/meteo/.ssh/id_dsa-cert type -1
debug1: identity file /home/meteo/.ssh/id_ecdsa type -1
debug1: identity file /home/meteo/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/meteo/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/meteo/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/meteo/.ssh/id_ed25519 type -1
debug1: identity file /home/meteo/.ssh/id_ed25519-cert type -1
debug1: identity file /home/meteo/.ssh/id_ed25519_sk type -1
debug1: identity file /home/meteo/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/meteo/.ssh/id_xmss type -1
debug1: identity file /home/meteo/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
kex_exchange_identification: Connection closed by remote host

from iptables -nL I found this

Chain sshguard (1 references)

DROP       all  --  192.168.1.1          0.0.0.0/0  

Have tried different options for iptables and removed this last line but the problem persists.

Any idea will be very welcome, thanks in advance


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.