No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

SSH Remote Login to the Centos7.4 Cloud Host Fails

Publication Date:  2019-04-23 Views:  21 Downloads:  0
Issue Description

Login to the Centos7.4 cloud host in SSH mode fails.

The error message is as follows:

Connection closed by foreign host.

Disconnected from remote host...

Alarm Information

The error message is as follows:

Connection closed by foreign host.

Disconnected from remote host…

Handling Process

Check whether the fault is caused by the firewall. The firewall is disabled on the local host. Therefore, the fault is not caused by the firewall.

In addition, if the firewall is enabled, the following error message is displayed during remote SSH connection:

no route to host

The reported error differs from this error message.

Run service sshd status to check whether the sshd service is enabled.

The nestat -lntp |sshd port is also in the listening state.

If the sshd server is not enabled, the following error is reported during remote connection:

connect refused (The port is not enabled and the login is rejected.)

Check whether the IP address is restricted in the /etc/hosts.deny file. The following information is displayed:

#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
sshd:124.67.110.27

Based on the information, the remote public IP address of the customer is restricted.

After the /var/log/secure and /etc/hosts.deny file is cleared, exit the save mode, and remotely log in to the server using SSH. If the connection fails, the previous error message will be displayed.

Check the /etc/hosts.deny file. It is found that the IP address is locked by DenyHosts again.

Stop the DenyHosts service.

# service denyhosts stop

Clear the /var/log/secure and /etc/hosts.deny file, and then remotely log in to the server using SSH. The connection is successful.

 

Root Cause

DenyHosts locks the public IP address used for remote connection.

Solution

Stop the DenyHosts.

# service denyhosts stop

Find and delete the IP address record in the following files:

/var/log/secure             
/etc/hosts.deny             

cat /dev/null > /var/log/secure

cat /dev/null > /etc/hosts.deny

 

Then, restart the DenyHosts service.
# service denyhosts start

Restart the ssdh service.

#service sshd restart

Suggestions

The reasons why SSH remote login is restricted are as follows:

1. firewall: The firewall intercepts the message and reports "no route to host."

2. The sshd service is not enabled. The error message "connect refused" is displayed. The port is not enabled, and remote login is rejected.

3. In the /etc/hosts.deny file, the IP address is restricted. In the /etc/sshd_config file of the sshd service, the IP address with six failed logins is added.

4. The number of connections allowed by the sshd service reaches the maximum. The default value is 10.

Solution:

1.    Enable IP address bypaas for the firewall.

2.    Modify the /etc/ssh/sshd_config file to allow the root user to log in and restart the sshd service.

3.    Modify the /etc/hosts.allow and /etc/hosts.deny files to allow the access of the corresponding host, and restart the sshd service.

4.    Modify the number of client connections. An error may occur if the number of connections exceeds the maximum limit.

a. Change #MaxStartups 10 to MaxStartups 10/100 in each /etc/ssh/sshd_config, and restart the sshd service.

b. Exit the SSH mode after each SSH connection so that the connection is released.

END