Hi all,

I'm trying to run open sshd on an embedded sysyem, uClinux . It uses
inetd to start it. I've googling for a few days and I'm stuck.

1) The daemon is running.
2) I get ssh_exchange_identification: Connection closed by remote host
trying to connect from a pc
3) My inetd entry is:

ssh stream tcp nowait root /bin/sshd -i

4) I tried adding 'sshd: ALL' to /etc/hosts.allow
5) I think there might be something about generating keys I'm missing
6) I tried adduser and enabling PAM with no luck.

Please !
Robert

robert wrote:

> I'm trying to run open sshd on an embedded sysyem, uClinux . It uses
> inetd to start it. I've googling for a few days and I'm stuck.
>
> 1) The daemon is running.
> 2) I get ssh_exchange_identification: Connection closed by remote host
> trying to connect from a pc
> 3) My inetd entry is:
>
> ssh stream tcp nowait root /bin/sshd -i
>
> 4) I tried adding 'sshd: ALL' to /etc/hosts.allow
> 5) I think there might be something about generating keys I'm missing
> 6) I tried adduser and enabling PAM with no luck.

The usual way to debug things is using "ssh -v ...", add more -v for
more detail. The same goes for the server side.

If that doesn't start from the beginning, telnet to port 22, does
it answer? if not then you may have a firewall, try from the server
itself.

About the keys, openssh documents how to set the host keys in the
INSTALL file, something like: ssh-keygen -t dsa -f
/etc/ssh/ssh_host_dsa_key -N ""; but the path may be different
(/usr/local/etc) and usually rsa keys are also created. Each user's
keys have to be created also. Some distributions include scripts to do
both operations (something like ssh-host-config, ssh-user-config) but
this varies.

HTH
--
René Berber

René Berber wrote:
> robert wrote:
>
> > I'm trying to run open sshd on an embedded sysyem, uClinux . It uses
> > inetd to start it. I've googling for a few days and I'm stuck.
> >

> The usual way to debug things is using "ssh -v ...", add more -v for
> more detail. The same goes for the server side.
>
> If that doesn't start from the beginning, telnet to port 22, does
> it answer? if not then you may have a firewall, try from the server
> itself.

This is what I get from the client - the servers only debug statement
is when it loads sshd_config:

/home/iksrazal/work/tweak/uClinux-dist> ssh -vvv -l root 10.101.42.101
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.101.42.101 [10.101.42.101] port 22.
debug1: Connection established.
debug1: identity file /home/iksrazal/.ssh/identity type -1
debug1: identity file /home/iksrazal/.ssh/id_rsa type -1
debug1: identity file /home/iksrazal/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
[linux(iksrazal)]
/home/iksrazal/work/tweak/uClinux-dist> telnet 10.101.42.101 22
Trying 10.101.42.101...
Connected to 10.101.42.101.
Escape character is '^]'.
Connection closed by foreign host.

These files did not exist when I ran the command:

debug1: identity file /home/iksrazal/.ssh/identity type -1
debug1: identity file /home/iksrazal/.ssh/id_rsa type -1
debug1: identity file /home/iksrazal/.ssh/id_dsa type -1

>
> About the keys, openssh documents how to set the host keys in the
> INSTALL file, something like: ssh-keygen -t dsa -f
> /etc/ssh/ssh_host_dsa_key -N ""; but the path may be different
> (/usr/local/etc) and usually rsa keys are also created. Each user's
> keys have to be created also. Some distributions include scripts to do
> both operations (something like ssh-host-config, ssh-user-config) but
> this varies.

I tried that on both the client and server side and got basically the
same result, using several variations of keys.

I think this is because of inetd somehow. Please ,
Robert

robert wrote:
[snip]
> This is what I get from the client - the servers only debug statement
> is when it loads sshd_config:
>
> /home/iksrazal/work/tweak/uClinux-dist> ssh -vvv -l root 10.101.42.101
Problem
----------------------------------------------------------------^^^^^
By default sshd does not let root login into a server.

Are you using the default sshd_config?

> OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to 10.101.42.101 [10.101.42.101] port 22.
> debug1: Connection established.
> debug1: identity file /home/iksrazal/.ssh/identity type -1
> debug1: identity file /home/iksrazal/.ssh/id_rsa type -1
> debug1: identity file /home/iksrazal/.ssh/id_dsa type -1

As you say, this means that the user has not been configured to use ssh
(no keys for the user at the client computer).

> ssh_exchange_identification: Connection closed by remote host

Not the usual error response...

> [linux(iksrazal)]
> /home/iksrazal/work/tweak/uClinux-dist> telnet 10.101.42.101 22
> Trying 10.101.42.101...
> Connected to 10.101.42.101.
> Escape character is '^]'.
> Connection closed by foreign host.

Also not the usual response.

Something is listening on port 22, but it is not sshd and it could be
inetd as you have configured but you'll have to see on the server if
inetd started sshd or logged an error.

Did the connection close fast?

If you read the man page for sshd, the description of option -i says
that it may take a long time to respond. I have never used it from
inetd so I'm not sure if it is inetd closing the connection or
something else (like a firewall).

[snip]
> I tried that on both the client and server side and got basically the
> same result, using several variations of keys.

First set the user's keys on the client, the ones that show above as
non-existent.

Second, set up a user on the server or, if you really want to use root,
then change the server configuration, it's just one line that need to
be changed.

Then try to test on the server (i.e. ssh localhost) and see if sshd at
least starts.

Another test could be to run "sshd -De" on the server, without inetd
starting it, and see if that way you can connect from the client.

You may have to play with the parameters to finally make sshd work from
inetd under that server.
--
René Berber

I've learned alot doing "sshd -De" from scatch. That should me on
the inetd part - which has to be that way because of resource issues on
this embedded system. I'm continuing this thread in the context I end
up hopefully with inetd working with sshd. I get:

Bind to port 22 on 0.0.0.0 failed: Address already in use.

Doing netstat shows nothing is listening on port 22. I tried starting
on port 99 - nothing there - and got the same 0.0.0.0 bind message. I
was, however, able to bind on the static address I gave the nic.
Strange. Goggling shows a message about ipv6, but its disabled in this
kernel.

I can log in via -D. but only some of my keys are recognized:

debug2: load_server_config: filename /etc/default/sshd_config
debug2: load_server_config: done config len = 284
debug2: parse_server_config: config /etc/default/sshd_config len 284
debug1: sshd version OpenSSH_4.3p2
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA

I think the permissions are right. Why is it trying to load my dsa key
as RSA1 ? This is my config:

# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

Thanks!
Robert

René Berber wrote:
> robert wrote:
> [snip]
> > This is what I get from the client - the servers only debug statement
> > is when it loads sshd_config:
> >
> > /home/iksrazal/work/tweak/uClinux-dist> ssh -vvv -l root 10.101.42.101
> Problem
> ----------------------------------------------------------------^^^^^
> By default sshd does not let root login into a server.
>
> Are you using the default sshd_config?


>
> > OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug1: Applying options for *
> > debug2: ssh_connect: needpriv 0
> > debug1: Connecting to 10.101.42.101 [10.101.42.101] port 22.
> > debug1: Connection established.
> > debug1: identity file /home/iksrazal/.ssh/identity type -1
> > debug1: identity file /home/iksrazal/.ssh/id_rsa type -1
> > debug1: identity file /home/iksrazal/.ssh/id_dsa type -1
>
> As you say, this means that the user has not been configured to use ssh
> (no keys for the user at the client computer).
>
> > ssh_exchange_identification: Connection closed by remote host
>
> Not the usual error response...
>
> > [linux(iksrazal)]
> > /home/iksrazal/work/tweak/uClinux-dist> telnet 10.101.42.101 22
> > Trying 10.101.42.101...
> > Connected to 10.101.42.101.
> > Escape character is '^]'.
> > Connection closed by foreign host.
>
> Also not the usual response.
>
> Something is listening on port 22, but it is not sshd and it could be
> inetd as you have configured but you'll have to see on the server if
> inetd started sshd or logged an error.
>
> Did the connection close fast?
>
> If you read the man page for sshd, the description of option -i says
> that it may take a long time to respond. I have never used it from
> inetd so I'm not sure if it is inetd closing the connection or
> something else (like a firewall).
>
> [snip]
> > I tried that on both the client and server side and got basically the
> > same result, using several variations of keys.
>
> First set the user's keys on the client, the ones that show above as
> non-existent.
>
> Second, set up a user on the server or, if you really want to use root,
> then change the server configuration, it's just one line that need to
> be changed.
>
> Then try to test on the server (i.e. ssh localhost) and see if sshd at
> least starts.
>
> Another test could be to run "sshd -De" on the server, without inetd
> starting it, and see if that way you can connect from the client.
>
> You may have to play with the parameters to finally make sshd work from
> inetd under that server.
> --
> René Berber

I've learned alot doing "sshd -De" from scatch. That should me on
the inetd part - which has to be that way because of resource issues on
this embedded system. I'm continuing this thread in the context I end
up hopefully with inetd working with sshd. I get:

Bind to port 22 on 0.0.0.0 failed: Address already in use.

Doing netstat shows nothing is listening on port 22. I tried starting
on port 99 - nothing there - and got the same 0.0.0.0 bind message. I
was, however, able to bind on the static address I gave the nic.
Strange. Goggling shows a message about ipv6, but its disabled in this
kernel.

I can log in via -D. but only some of my keys are recognized:

debug2: load_server_config: filename /etc/default/sshd_config
debug2: load_server_config: done config len = 284
debug2: parse_server_config: config /etc/default/sshd_config len 284
debug1: sshd version OpenSSH_4.3p2
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA

I think the permissions are right. Why is it trying to load my dsa key
as RSA1 ? This is my config:

# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

Thanks!
Robert

René Berber wrote:
> robert wrote:
> [snip]
> > This is what I get from the client - the servers only debug statement
> > is when it loads sshd_config:
> >
> > /home/iksrazal/work/tweak/uClinux-dist> ssh -vvv -l root 10.101.42.101
> Problem
> ----------------------------------------------------------------^^^^^
> By default sshd does not let root login into a server.
>
> Are you using the default sshd_config?


>
> > OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug1: Applying options for *
> > debug2: ssh_connect: needpriv 0
> > debug1: Connecting to 10.101.42.101 [10.101.42.101] port 22.
> > debug1: Connection established.
> > debug1: identity file /home/iksrazal/.ssh/identity type -1
> > debug1: identity file /home/iksrazal/.ssh/id_rsa type -1
> > debug1: identity file /home/iksrazal/.ssh/id_dsa type -1
>
> As you say, this means that the user has not been configured to use ssh
> (no keys for the user at the client computer).
>
> > ssh_exchange_identification: Connection closed by remote host
>
> Not the usual error response...
>
> > [linux(iksrazal)]
> > /home/iksrazal/work/tweak/uClinux-dist> telnet 10.101.42.101 22
> > Trying 10.101.42.101...
> > Connected to 10.101.42.101.
> > Escape character is '^]'.
> > Connection closed by foreign host.
>
> Also not the usual response.
>
> Something is listening on port 22, but it is not sshd and it could be
> inetd as you have configured but you'll have to see on the server if
> inetd started sshd or logged an error.
>
> Did the connection close fast?
>
> If you read the man page for sshd, the description of option -i says
> that it may take a long time to respond. I have never used it from
> inetd so I'm not sure if it is inetd closing the connection or
> something else (like a firewall).
>
> [snip]
> > I tried that on both the client and server side and got basically the
> > same result, using several variations of keys.
>
> First set the user's keys on the client, the ones that show above as
> non-existent.
>
> Second, set up a user on the server or, if you really want to use root,
> then change the server configuration, it's just one line that need to
> be changed.
>
> Then try to test on the server (i.e. ssh localhost) and see if sshd at
> least starts.
>
> Another test could be to run "sshd -De" on the server, without inetd
> starting it, and see if that way you can connect from the client.
>
> You may have to play with the parameters to finally make sshd work from
> inetd under that server.
> --
> René Berber

robert <robertlazarski@gmail.com> wrote:
> I can log in via -D. but only some of my keys are recognized:

> debug2: load_server_config: filename /etc/default/sshd_config
> debug2: load_server_config: done config len = 284
> debug2: parse_server_config: config /etc/default/sshd_config len 284
> debug1: sshd version OpenSSH_4.3p2
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA

Looks okay to me.

> I think the permissions are right. Why is it trying to load my dsa key
> as RSA1 ? This is my config:

It's not. It's just debug output saying that it's not an RSA1 key
(which it isn't).

--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >

robert <robertlazarski@gmail.com> wrote:
> I can log in via -D. but only some of my keys are recognized:

> debug2: load_server_config: filename /etc/default/sshd_config
> debug2: load_server_config: done config len = 284
> debug2: parse_server_config: config /etc/default/sshd_config len 284
> debug1: sshd version OpenSSH_4.3p2
> debug1: private host key: #0 type 0 RSA1
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #1 type 1 RSA
> debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #2 type 2 DSA

Looks okay to me.

> I think the permissions are right. Why is it trying to load my dsa key
> as RSA1 ? This is my config:

It's not. It's just debug output saying that it's not an RSA1 key
(which it isn't).

--
Darren Dunham ddunham@taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >

On Oct 4, 4:06 pm, "robert" <robertlazar...@gmail.com> wrote:

> I've learned alot doing "sshd -De" from scatch. That should me on
> the inetd part - which has to be that way because of resource issues on
> this embedded system. I'm continuing this thread in the context I end
> up hopefully with inetd working with sshd. I get:
>
> Bind to port 22 on 0.0.0.0 failed: Address already in use.

That probably means inetd is listening there, you have to comment the
sshd line and restart inetd (killall -HUP inetd or similar command).

[snip]

Did ssh connect? ... is it then an inetd issue?
--
René Berber

On 2006-10-03, robert <robertlazarski@gmail.com> wrote:
> Hi all,
>
> I'm trying to run open sshd on an embedded sysyem, uClinux . It uses
> inetd to start it. I've googling for a few days and I'm stuck.
>
> 1) The daemon is running.
> 2) I get ssh_exchange_identification: Connection closed by remote host
> trying to connect from a pc
> 3) My inetd entry is:
>
> ssh stream tcp nowait root /bin/sshd -i

Sound like the sshd process is either not being spawned by inetd, or
it's dying immediately afterward. Do you have all of the libraries
sshd needs? Can you run it in debug (as a daemon, "/bin/sshd -ddd")
or test mode ("/bin/sshd -t")? What logging facilities do you have?

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.