Re: Client connect without host service running?

• Previous message: Akop Pogosian: "Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?"
• In reply to: Stuart Lamble: "Re: Client connect without host service running?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "John Pokinpo" <nomail@nomail.com>
Date: Fri, 8 Feb 2002 00:48:27 -0500

> Yes. Incoming clients cannot connect via ssh unless openssh is running.
> Try doing an "lsof -i" (or "netstat -a") to check whether there is any
> process listening to port 22 (TCP).

Hmm. I just confirmed with netstat -an and firewall logs show that disabling
the Openssh service does not actually stop service. Sshd.exe kept listening
and connecting to port (in my case, 22222).

> >Shouldn't client have alerted me that host keys no longer match?
>
> Again, yes.
>
> Are you sure that the client is connecting to the right host? Are you
> sure that the client's connecting using the ssh protocol? Are you sure
> that the openssh service has been terminated, and that the keys have
> changed? (IIRC, openssh caches the keys in memory... I could be wrong,
> though.)....

*scratching my head*
With no public/private keys in the /ssh directory, I generated new ones
(ssh-keygen -t dsa -f name). I went to the ssh client and compared the host
keys - they were different. I then tried logging in and it was successful.

I deleted the host key from the client and tried to connect. This time I got
the "You are connecting for the first time..." message and the correct host
key was imported.

Lastly, I went back to the host computer and deleted the public/private host
keys. Again, I was able to connect from the client with mismatched host
keys.

Assuming that caching in being done, isn't this a really bad thing.

• Next message: Lucas Grijander: "Re: ssh.com and openssh publickey authentication problem"
• Previous message: Akop Pogosian: "Re: Anyone used Solaris Secure Shell, Sun's productized ssh for Solaris9?"
• In reply to: Stuart Lamble: "Re: Client connect without host service running?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How to configure dual SSH keys? ... client authentication keys normally used by the root account on the SSH ... client host. ... on the client, not the server, while the latter is on the server but ... (comp.security.ssh) ssh behavior changes after upgrade to 4.1-portable ... Hey all, I just upgraded to the latest 4.1-portable openssh, and now ... DSA key found for host prime.gushi.org ... The authenticity of host 'prime.gushi.org ' can't be ... but keys of different type are already known for this host. ... (freebsd-questions) OpenSSH 3.7 released ... OpenSSH 3.7 has just been released. ... implementation and includes sftp client and server support. ... Changed order that keys are tried in public key authentication. ... (SSH) Client connect without host service running? ... I am currently trying out Openssh 3.0.2 as host and ssh.com's Secure Shell ... Client 3.1.0 / 237 just to get a feel before implementing it for our office. ... I stopped the openssh service on the host and tried logging on from the ... (comp.security.ssh) OpenSSH 3.7.1 released ... OpenSSH 3.7.1 has just been released. ... implementation and includes sftp client and server support. ... Changed order that keys are tried in public key authentication. ... (SSH)