1

When I tried to log into my remote Ubuntu server today, I got:

ssh: connect to host <ip> port 22: Connection refused

So I rebooted the server, thinking sshd might have crashed.

After the boot I could connect via ssh, but after 1 or 2 minutes the server closed the connection:

Connection to <ip> closed by remote host.

Trying to reconnect, the server refuses the connection again.

Manually doing

/etc/init.d/sshd restart

didn't help, /etc/hosts.deny seems ok.

This is extremely annoying, since I have so little time to diagnose or fix the problem. Help or ideas are greatly appreciated!

Anselm Eickhoff
  • 111
  • 2
  • 2
    How about a firewall that starts some time after boot? Does that block your connection? Is the sshd still listening on port 22 when you can't connect? Are there any log messages in the system log? – mailq Jul 20 '11 at 16:06
  • Please take a brief excursion through your log files looking for things that seem abnormal or indicative of a problem -- We will be better able to help you with that information. – voretaq7 Jul 20 '11 at 16:27
  • I did an `grep -ir ssh /var/log/*` and found nothing interesting or related, but some people seem to be spamming my ssh like crazy (ddos style) trying to log in as root (the events are usually some weeks apart) WTF! – Anselm Eickhoff Jul 20 '11 at 17:02
  • @Anselm that's normal, sadly: http://serverfault.com/q/244614/65089 – Michael Lowman Jul 20 '11 at 19:51

1 Answers1

1

When the error message is "Connection refused" it means that sshd is no longer listening on your ssh port. If it was your firewall, you would have received a "Timeout". In either case, do ssh with verbose option and see exactly at what step the connection is getting dropped.

SparX
  • 1,924
  • 12
  • 10
  • Connection refused is likely to be iptables as well, if the "-j reject" is used. – Rilindo Jul 20 '11 at 21:01
  • Thats a good catch :) – SparX Jul 21 '11 at 01:11
  • sparx.me: with the verbose option ssh gives me: `OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to [] port 22. debug1: connect to address port 22: Connection refused ssh: connect to host port 22: Connection refused` – Anselm Eickhoff Jul 21 '11 at 10:40
  • Rilindo: I will find out what -j reject does for iptables and report back (I'm a noob admin so I have to learn) – Anselm Eickhoff Jul 21 '11 at 10:43
  • Can you connect locally inside the server itself? Like this: ssh localhost – Rilindo Jul 21 '11 at 14:18
  • Yes, but of course when the parent (remote) connection is closed by the server, the ssh to localhost gets killed (I guess?). – Anselm Eickhoff Jul 22 '11 at 22:03