Koozali.org: home of the SME Server

can not login with ssh error is "ssh_exchange_identification: read: Connecti....

Offline oldtony

  • **
  • 58
  • +0/-0
    • http://www.ynotsoftware.com
can not login using ssh. get the following error. "ssh_exchange_identification: read: Connection reset by peer"
i login a few times then the above message starts.
i have been able top login for years using sshpass -p [EDITED] ssh -o StrictHostKeyChecking=no root@192.168.3.53 for lots of login's.
i also use ssh root@192.168.3.53  then i enter my password. works great. but now it fails.
also when i try other users i now get the  "ssh_exchange_identification: read: Connection reset by peer" error.

what do i look for?
thanks - Old Tony
just tried to login in on the console. I can not log in as root.  When i try to login as admin, the normal admin screen flashed, then the screen goes back to login. i am currently logged in twice. If i lose power then i will not be able to login again. i had this happen the same way before 2 day ago.  Help!! :(
« Last Edit: February 14, 2019, 03:09:38 AM by Jean-Philippe Pialasse »
...

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Hi,

First you will need to change your pass, as it seems to have been copied in your message before i edited it.


To help us helping you, what is the version of the server. What did you do just before it started no working as expected?  Any update wihtout issuing signal-even post-upgrade and signal-event reboot?

Are you able to access server manager ?

While you have stil an openned terminal what says
config show sshd

There is always a way to get the hand back as long as you have physicial access.

Offline JohnG

  • ***
  • 88
  • +0/-0
Autoblock might be happening as well if too many attempts are made within 15 mins. 

Offline oldtony

  • **
  • 58
  • +0/-0
    • http://www.ynotsoftware.com
Thank you for replying - ** mark my reply's
First you will need to change your pass, as it seems to have been copied in your message before i edited it.
**OK

To help us helping you, what is the version of the server.
**9.2
 What did you do just before it started no working as expected?
** i did a lot of logins - had a lot to do
  Any update wihtout issuing signal-even post-upgrade and signal-event reboot?
** none that i am aware of
Are you able to access server manager ?
**YES
[root@ynota ~]# config show sshd

While you have stil an openned terminal what says
config show sshd
**[root@ynota ~]# config show sshd
sshd=service
    AutoBlock=enabled
    AutoBlockTime=900
    AutoBlockTries=4
    LoginGraceTime=600
    MaxAuthTries=2
    MotdStatus=enabled
    PasswordAuthentication=yes
    PermitRootLogin=yes
    TCPPort=22
    UsePAM=yes
    access=private
    status=enabled

There is always a way to get the hand back as long as you have physicial access.
** have 1 terminal open now - i do have good backup & i can reinstall
thanks for your help
...

Online ReetP

  • *
  • 3,722
  • +5/-0
Please use keys rather than passwords.

It is much more secure.

https://wiki.contribs.org/SSH_Public-Private_Keys

You can also add the login details/settings to your ~/.ssh/config file

Have a read online how to do that.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline oldtony

  • **
  • 58
  • +0/-0
    • http://www.ynotsoftware.com
Thank you all for helping.  I really appreciate the help.  I had a good backup & reinstalled & restored all data. All is good.
 I know i should use  ssh keys for logging in. What i did wrong was, i think,  is i logged-in  to may times.
I still have more questions?
If i login using passwords, what is the limit of how many times i can log in?
Is there a way to increase or turn off the limit of the number of logins allowed?

Thanks for any help - Old Tony

...

Online ReetP

  • *
  • 3,722
  • +5/-0
Thank you all for helping.  I really appreciate the help.  I had a good backup & reinstalled & restored all data. All is good.
 I know i should use  ssh keys for logging in. What i did wrong was, i think,  is i logged-in  to may times.
I still have more questions?
If i login using passwords, what is the limit of how many times i can log in?
Is there a way to increase or turn off the limit of the number of logins allowed?

Thanks for any help - Old Tony

https://unix.stackexchange.com/questions/127077/number-of-ssh-connections-on-a-single-linux-machine

In a word, practically no limit.

Either way, use keys.

And set up your ssh config file

Code: [Select]
host mybox
    Hostname 192.168.100.1
    Port 2244
    User root
    PasswordAuthentication yes

host anotherbox
    Hostname 192.168.100.2
    Port 2244
    User root
    IdentityFile ~/.ssh/id_rsa.anotherkey

Then you can just do

Code: [Select]
ssh mybox
It is particularly helpful if you have multiple keys and a restricted number of login attempts.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline JohnG

  • ***
  • 88
  • +0/-0

In a word, practically no limit.


As a default, Autoblock limits it to 3 tries within 15 minutes.

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
In a quick word autoblock might have been the one blocking you as you did a lot of loging.   

Reinstalla was not necessary, could have set again admin password using manage, should have sync root and admin pass, then set a rsa key using your terminal.
Then trying to log with your new key, what Reetp explain is valid using a linux client, but from windows alternative could be using putty.

Also better to set the key with a passphrase, then use sshagent to type the passphrase only once per session.  And as a passphrase you can set something long and easy to remember, instead of girblish you need write an store to reuse


And when all this is workin, disable password login using ssh please

Online ReetP

  • *
  • 3,722
  • +5/-0
As a default, Autoblock limits it to 3 tries within 15 minutes.

I think you will find it limits on failed attempts.

It will allow any number of good attempts.

One good reason to use keys. You can't mis type them.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline JohnG

  • ***
  • 88
  • +0/-0
I think you will find it limits on failed attempts.

It will allow any number of good attempts.

One good reason to use keys. You can't mis type them.
No. Unless it's changed then https://wiki.contribs.org/AutoBlock says it's based on requests and https://bugs.contribs.org/show_bug.cgi?id=8257 says that it's regardless of success or failure. That's been my experience as well. It's why Affa doesn't like Autoblock.

Online ReetP

  • *
  • 3,722
  • +5/-0
You are correct indeed.

Been so long since I used it.... !!
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
that is why I suggested this

https://bugs.contribs.org/show_bug.cgi?id=9893

the proposed patch have still some bug, need to refine.

Offline JohnG

  • ***
  • 88
  • +0/-0
that is why I suggested this

https://bugs.contribs.org/show_bug.cgi?id=9893

the proposed patch have still some bug, need to refine.

Excellent suggestion, that would be a nice enhancement.

Maybe another change might be to only count fails. Also if a request is successful then the fail count gets reset.