Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

SSH to Panther

F

firewire2001

macrumors 6502a
Original poster
Apr 2, 2002
718
0
Hong Kong
Hey,

I'm trying to SSH to my home machine from a windows machine, using PUTTY on Windows.

I can't connect; I get an error that reads "Connection closed By remote host". I believe that all my forwarding is correct. (I can connect to my machine via FTP and HTTP protocols). Also, if I open an HTTP connection on port 22 I get a message "SSH-2.0-OpenSSH_3.6.1p1+CAN-2004-0175, Protocol mismatch."

Any ideas? I'm wondering if I have PUTTY configured improperly.
 
Seems like you would have this covered already, but did you open up the ssh port on your OS X firewall and turn on the remote login service? Also, my ISP has the standard ssh port blocked completely due to a huge number of hacker hits trying to exploit ssh (I guess there's some obscure hole in unpatched/old versions). Maybe you'll have to set ssh up to use a non-standard (normally port 22) port.
 
daveL said:
Seems like you would have this covered already, but did you open up the ssh port on your OS X firewall and turn on the remote login service? Also, my ISP has the standard ssh port blocked completely due to a huge number of hacker hits trying to exploit ssh (I guess there's some obscure hole in unpatched/old versions). Maybe you'll have to set ssh up to use a non-standard (normally port 22) port.
Click to expand...

Yea, I'll have to try that. The only odd thing is that if it is blocked, it is only partially blocked because again, I get this response from my machine: "SSH-2.0-OpenSSH_3.6.1p1+CAN-2004-0175, Protocol mismatch."

Thanks,
aryeh
 
Try this...

Under Putty, check the Connection settings (under the Category options on the left column) and try making sure the SSH protocol is set to 2. You can also try fiddling around with the Encryption cipher selection policy -- I've been using Blowfish because it seems to cause the least problems, but I'm using it to SSH to a Linux machine so YMMV.

Hope that helps!
 
firewire2001 said:
Yea, I'll have to try that. The only odd thing is that if it is blocked, it is only partially blocked because again, I get this response from my machine: "SSH-2.0-OpenSSH_3.6.1p1+CAN-2004-0175, Protocol mismatch."

Thanks,
aryeh
Click to expand...
I think I started my reply before your edit was posted; I didn't see the error message you posted. Here's what I got on my local machine using telnet to port 22:

[david]> telnet localhost 22

Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.6.1p1+CAN-2004-0175

Protocol mismatch.
Connection closed by foreign host.

The "Protocol mismatch." appeared when I hit <cr>. So, I'm not sure how much that tells you, although it does sound like you're getting into you remote machine.

edit: Curious that you have a more recent SSH version than I do; I'm running 10.3.8.
 
Did you edit your /etc/sshd_config on your Mac? It could easily be a server configuration problem.

Also...my SSH version (10.3.8) is indeed OpenSSH_3.6.1p1+CAN-2004-0175

Also DaveL ... why would you try to telnet to an SSH connection?
 
You can't telnet or make an HTTP request to ssh, hence the protocol mismatch in both cases.

firewire, try connecting to localhost in Terminal on the machine.

ssh localhost

I should ask for a password. If this works, sounds like an ISP or a firewall issue like others mentioned. Are you using a router on your network? If so, did you setup forwarding?
 
sparkleytone said:
Did you edit your /etc/sshd_config on your Mac? It could easily be a server configuration problem.

Also...my SSH version (10.3.8) is indeed OpenSSH_3.6.1p1+CAN-2004-0175

Also DaveL ... why would you try to telnet to an SSH connection?
Click to expand...
Using telnet to any service port is a classic way to see if the port is being serviced on the other end. If telnet "connects" to the port, then there's a daemon running on the other end, if it times out with no response, you're either blocked by a firewall or the service (port) isn't active. With services like smtp, the protocol is ascii strings and, if you know what you are doing, you and telnet to an active smtp port and manually type in the smtp commands to address, comprise and send an email. This is one low level way of spoofing emails.
 
daveL said:
Using telnet to any service port is a classic way to see if the port is being serviced on the other end. If telnet "connects" to the port, then there's a daemon running on the other end, if it times out with no response, you're either blocked by a firewall or the service (port) isn't active. With services like smtp, the protocol is ascii strings and, if you know what you are doing, you and telnet to an active smtp port and manually type in the smtp commands to address, comprise and send an email. This is one low level way of spoofing emails.
Click to expand...

cool :) thats my one new thing learned for the day.
 
Hye thanks so much for the replies you guys. In all my investigating remotely, I neglected to try connecting locally; and upon doing so, I got the same "Connection Refused" error.

I enabled SSH through "System Preferences", so I didn't mess with any lower-level preferences.

Any ideas? It could be very likely that the problem could be due to not doing a fresh install since OS 10.1. (I personally do clean installs every six months, but I can't since this isn't my computer to do that with)

aryeh
 
Hi again. I checked my console.log and noticed this output everytime after trying to SSH:

Code: 
Feb 21 07:47:08 local-computer sshd[10987]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 21 07:47:08 local-computer sshd[10987]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 21 07:47:08 local-computer sshd[10987]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 21 07:47:08 local-computer sshd[10987]: error: Permissions 0666 for '/etc/ssh_host_key' are too open.
Feb 21 07:47:08 local-computer sshd[10987]: error: It is recommended that your private key files are NOT accessible by others.
Feb 21 07:47:08 local-computer sshd[10987]: error: This private key will be ignored.
Feb 21 07:47:08 local-computer sshd[10987]: error: bad permissions: ignore key: /etc/ssh_host_key
Feb 21 07:47:08 local-computer sshd[10987]: error: Could not load host key: /etc/ssh_host_key
Feb 21 07:47:08 local-computer sshd[10987]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 21 07:47:08 local-computer sshd[10987]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 21 07:47:08 local-computer sshd[10987]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 21 07:47:08 local-computer sshd[10987]: error: Permissions 0666 for '/etc/ssh_host_rsa_key' are too open.
Feb 21 07:47:08 local-computer sshd[10987]: error: It is recommended that your private key files are NOT accessible by others.
Feb 21 07:47:08 local-computer sshd[10987]: error: This private key will be ignored.
Feb 21 07:47:08 local-computer sshd[10987]: error: bad permissions: ignore key: /etc/ssh_host_rsa_key
Feb 21 07:47:08 local-computer sshd[10987]: error: Could not load host key: /etc/ssh_host_rsa_key
Feb 21 07:47:08 local-computer sshd[10987]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 21 07:47:08 local-computer sshd[10987]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Feb 21 07:47:08 local-computer sshd[10987]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Feb 21 07:47:08 local-computer sshd[10987]: error: Permissions 0666 for '/etc/ssh_host_dsa_key' are too open.
Feb 21 07:47:08 local-computer sshd[10987]: error: It is recommended that your private key files are NOT accessible by others.
Feb 21 07:47:08 local-computer sshd[10987]: error: This private key will be ignored.
Feb 21 07:47:08 local-computer sshd[10987]: error: bad permissions: ignore key: /etc/ssh_host_dsa_key
Feb 21 07:47:08 local-computer sshd[10987]: error: Could not load host key: /etc/ssh_host_dsa_key
local-computer

Looks like it could be a problem due to permissions and/or a nonexistant key-file?
 
firewire2001 said:
Any ideas? It could be very likely that the problem could be due to not doing a fresh install since OS 10.1. (I personally do clean installs every six months, but I can't since this isn't my computer to do that with)
Click to expand...

Doubtful.

netstat -an | grep LISTEN

If you have *.22 listen in the output, then you have ssh enabled.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back