• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

SSH Connection Refused by TCP Wrapper

By admin

The Problem

Server failed to login through ssh with below errors.

From ssh client:

$ ssh -vvv root@10.131.12.10
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.131.12.10 port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
ssh_exchange_identification: read: Connection reset by peer

From ssh server:

# /usr/sbin/sshd -D -ddd
....snip....
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 583
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
debug1: Connection refused by tcp wrapper

The Solution

ssh connection was refused by tcp wrapper. To determine if a client machine is allowed to connect to SSH, TCP wrappers refer the following two files:

  • /etc/hosts.deny
  • /etc/hosts.allow

Please follow below steps to determine which IP address of ssh client was refused by TCP wrapper:

1. Comment out all lines in /etc/hosts.deny and /etc/hosts.allow

2. Now ssh login should be working normally:

$ ssh root@10.131.12.10
root@10.131.12.10's password:
Last login: Fri Mar 16 11:14:44 2018 from server1

3. Go to ssh server, open /var/log/secure and navigate to the messages around the time stamp “Last login: Fri Mar 16 11:14:44 2018” showing in step 2, then we can get the IP address of ssh client that was refused by TCP wrapper previously.

4. Restore /etc/hosts.deny and /etc/hosts.allow and add below line in /etc/hosts.allow (Let’s say, 192.168.1.2 is the IP address we get in step 3)

# vi /etc/hosts.allow
sshd:192.168.1.2:allow

5. Verify if ssh login is working.

Filed Under: Linux

Some more articles you might also be interested in …

  1. CentOS / RHEL : How to move a Volume Group from one system to another
  2. How to Create An LVM Snapshot Of The Root Filesystem And Restore To An Earlier State
  3. Order of environment calls for different OS shells in Linux
  4. CentOS / RHEL 6 : How to limit memory resources for a specific user using cgroups
  5. Linux OS Service ‘portreserve’
  6. Swapon Fails To Mount Swap – Gives Invalid Argument Error
  7. How to Change Timezone from CST To EST in CentOS/RHEL 7 Server
  8. CentOS / RHEL 6,7 : How to delete an iSCSI Target on the initiator (iSCSI client)
  9. CentOS / RHEL : How to find free space in a Volume Group in LVM
  10. 6 Useful journalctl Command Examples in CentOS / RHEL 7 (Cheat Sheet)

You May Also Like

Primary Sidebar

Recent Posts

  • How to Disable IPv6 on Ubuntu 18.04 Bionic Beaver Linux
  • How to Capture More Logs in /var/log/dmesg for CentOS/RHEL
  • Unable to Start RDMA Services on CentOS/RHEL 7
  • How to rename a KVM VM with virsh
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary