SSH to Panther

Discussion in 'Mac Apps and Mac App Store' started by firewire2001, Feb 18, 2005.

  1. firewire2001 macrumors 6502a

    Joined:
    Apr 2, 2002
    Location:
    Hong Kong
    #1
    Hey,

    I'm trying to SSH to my home machine from a windows machine, using PUTTY on Windows.

    I can't connect; I get an error that reads "Connection closed By remote host". I believe that all my forwarding is correct. (I can connect to my machine via FTP and HTTP protocols). Also, if I open an HTTP connection on port 22 I get a message "SSH-2.0-OpenSSH_3.6.1p1+CAN-2004-0175, Protocol mismatch."

    Any ideas? I'm wondering if I have PUTTY configured improperly.
     
  2. daveL macrumors 68020

    daveL

    Joined:
    Jun 18, 2003
    Location:
    Montana
    #2
    Seems like you would have this covered already, but did you open up the ssh port on your OS X firewall and turn on the remote login service? Also, my ISP has the standard ssh port blocked completely due to a huge number of hacker hits trying to exploit ssh (I guess there's some obscure hole in unpatched/old versions). Maybe you'll have to set ssh up to use a non-standard (normally port 22) port.
     
  3. firewire2001 thread starter macrumors 6502a

    Joined:
    Apr 2, 2002
    Location:
    Hong Kong
    #3
    Yea, I'll have to try that. The only odd thing is that if it is blocked, it is only partially blocked because again, I get this response from my machine: "SSH-2.0-OpenSSH_3.6.1p1+CAN-2004-0175, Protocol mismatch."

    Thanks,
    aryeh
     
  4. f-matic macrumors member

    Joined:
    Jan 6, 2003
    Location:
    brooklyn
    #4
    Try this...

    Under Putty, check the Connection settings (under the Category options on the left column) and try making sure the SSH protocol is set to 2. You can also try fiddling around with the Encryption cipher selection policy -- I've been using Blowfish because it seems to cause the least problems, but I'm using it to SSH to a Linux machine so YMMV.

    Hope that helps!
     
  5. daveL macrumors 68020

    daveL

    Joined:
    Jun 18, 2003
    Location:
    Montana
    #5
    I think I started my reply before your edit was posted; I didn't see the error message you posted. Here's what I got on my local machine using telnet to port 22:

    [david]> telnet localhost 22

    Trying ::1...
    Connected to localhost.
    Escape character is '^]'.
    SSH-1.99-OpenSSH_3.6.1p1+CAN-2004-0175

    Protocol mismatch.
    Connection closed by foreign host.

    The "Protocol mismatch." appeared when I hit <cr>. So, I'm not sure how much that tells you, although it does sound like you're getting into you remote machine.

    edit: Curious that you have a more recent SSH version than I do; I'm running 10.3.8.
     
  6. sparkleytone macrumors 68020

    sparkleytone

    Joined:
    Oct 28, 2001
    Location:
    Greensboro, NC
    #6
    Did you edit your /etc/sshd_config on your Mac? It could easily be a server configuration problem.

    Also...my SSH version (10.3.8) is indeed OpenSSH_3.6.1p1+CAN-2004-0175

    Also DaveL ... why would you try to telnet to an SSH connection?
     
  7. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #7
    You can't telnet or make an HTTP request to ssh, hence the protocol mismatch in both cases.

    firewire, try connecting to localhost in Terminal on the machine.

    ssh localhost

    I should ask for a password. If this works, sounds like an ISP or a firewall issue like others mentioned. Are you using a router on your network? If so, did you setup forwarding?
     
  8. varmit macrumors 68000

    varmit

    Joined:
    Aug 5, 2003
  9. daveL macrumors 68020

    daveL

    Joined:
    Jun 18, 2003
    Location:
    Montana
    #9
    Using telnet to any service port is a classic way to see if the port is being serviced on the other end. If telnet "connects" to the port, then there's a daemon running on the other end, if it times out with no response, you're either blocked by a firewall or the service (port) isn't active. With services like smtp, the protocol is ascii strings and, if you know what you are doing, you and telnet to an active smtp port and manually type in the smtp commands to address, comprise and send an email. This is one low level way of spoofing emails.
     
  10. sparkleytone macrumors 68020

    sparkleytone

    Joined:
    Oct 28, 2001
    Location:
    Greensboro, NC
    #10
    cool :) thats my one new thing learned for the day.
     
  11. firewire2001 thread starter macrumors 6502a

    Joined:
    Apr 2, 2002
    Location:
    Hong Kong
    #11
    Hye thanks so much for the replies you guys. In all my investigating remotely, I neglected to try connecting locally; and upon doing so, I got the same "Connection Refused" error.

    I enabled SSH through "System Preferences", so I didn't mess with any lower-level preferences.

    Any ideas? It could be very likely that the problem could be due to not doing a fresh install since OS 10.1. (I personally do clean installs every six months, but I can't since this isn't my computer to do that with)

    aryeh
     
  12. firewire2001 thread starter macrumors 6502a

    Joined:
    Apr 2, 2002
    Location:
    Hong Kong
    #12
    Hi again. I checked my console.log and noticed this output everytime after trying to SSH:

    Code:
    Feb 21 07:47:08 local-computer sshd[10987]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Feb 21 07:47:08 local-computer sshd[10987]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
    Feb 21 07:47:08 local-computer sshd[10987]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Feb 21 07:47:08 local-computer sshd[10987]: error: Permissions 0666 for '/etc/ssh_host_key' are too open.
    Feb 21 07:47:08 local-computer sshd[10987]: error: It is recommended that your private key files are NOT accessible by others.
    Feb 21 07:47:08 local-computer sshd[10987]: error: This private key will be ignored.
    Feb 21 07:47:08 local-computer sshd[10987]: error: bad permissions: ignore key: /etc/ssh_host_key
    Feb 21 07:47:08 local-computer sshd[10987]: error: Could not load host key: /etc/ssh_host_key
    Feb 21 07:47:08 local-computer sshd[10987]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Feb 21 07:47:08 local-computer sshd[10987]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
    Feb 21 07:47:08 local-computer sshd[10987]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Feb 21 07:47:08 local-computer sshd[10987]: error: Permissions 0666 for '/etc/ssh_host_rsa_key' are too open.
    Feb 21 07:47:08 local-computer sshd[10987]: error: It is recommended that your private key files are NOT accessible by others.
    Feb 21 07:47:08 local-computer sshd[10987]: error: This private key will be ignored.
    Feb 21 07:47:08 local-computer sshd[10987]: error: bad permissions: ignore key: /etc/ssh_host_rsa_key
    Feb 21 07:47:08 local-computer sshd[10987]: error: Could not load host key: /etc/ssh_host_rsa_key
    Feb 21 07:47:08 local-computer sshd[10987]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Feb 21 07:47:08 local-computer sshd[10987]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
    Feb 21 07:47:08 local-computer sshd[10987]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    Feb 21 07:47:08 local-computer sshd[10987]: error: Permissions 0666 for '/etc/ssh_host_dsa_key' are too open.
    Feb 21 07:47:08 local-computer sshd[10987]: error: It is recommended that your private key files are NOT accessible by others.
    Feb 21 07:47:08 local-computer sshd[10987]: error: This private key will be ignored.
    Feb 21 07:47:08 local-computer sshd[10987]: error: bad permissions: ignore key: /etc/ssh_host_dsa_key
    Feb 21 07:47:08 local-computer sshd[10987]: error: Could not load host key: /etc/ssh_host_dsa_key
    local-computer
    Looks like it could be a problem due to permissions and/or a nonexistant key-file?
     
  13. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #13
    Doubtful.

    netstat -an | grep LISTEN

    If you have *.22 listen in the output, then you have ssh enabled.
     
  14. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #14
    try taking write permissions away from others.

    sudo chmod o-w /etc/ssh_host_dsa_key
     

Share This Page