• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

SSH Connection Refused by TCP Wrapper

by admin

The Problem

Server failed to login through ssh with below errors.

From ssh client:

$ ssh -vvv root@10.131.12.10
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.131.12.10 port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yaozhenqiang/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
ssh_exchange_identification: read: Connection reset by peer

From ssh server:

# /usr/sbin/sshd -D -ddd
....snip....
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 583
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
debug1: Connection refused by tcp wrapper

The Solution

ssh connection was refused by tcp wrapper. To determine if a client machine is allowed to connect to SSH, TCP wrappers refer the following two files:

  • /etc/hosts.deny
  • /etc/hosts.allow

Please follow below steps to determine which IP address of ssh client was refused by TCP wrapper:

1. Comment out all lines in /etc/hosts.deny and /etc/hosts.allow

2. Now ssh login should be working normally:

$ ssh root@10.131.12.10
root@10.131.12.10's password:
Last login: Fri Mar 16 11:14:44 2018 from server1

3. Go to ssh server, open /var/log/secure and navigate to the messages around the time stamp “Last login: Fri Mar 16 11:14:44 2018” showing in step 2, then we can get the IP address of ssh client that was refused by TCP wrapper previously.

4. Restore /etc/hosts.deny and /etc/hosts.allow and add below line in /etc/hosts.allow (Let’s say, 192.168.1.2 is the IP address we get in step 3)

# vi /etc/hosts.allow
sshd:192.168.1.2:allow

5. Verify if ssh login is working.

Filed Under: Linux

Some more articles you might also be interested in …

  1. Oracle OS watcher (OSWatcher) – Understanding oswiostat
  2. Rpm: Error While Loading Shared Libraries: Libz.so.1: Cannot Open Shared Object File: No Such File
  3. swapoff: command not found
  4. What are Symbolic Links (Soft Links) and how to create them under Linux
  5. tac Command Examples in Linux
  6. rc-status Command Examples in Linux
  7. Slow SSH login due to unreachable rsyslog server
  8. dict: Command line dictionary using the DICT protocol
  9. Why Does “netstat” Output Show Many Connections in CLOSE_WAIT Status?
  10. Oracle Database Environment Variables and Their Functions

You May Also Like

Primary Sidebar

Recent Posts

  • diffstat: Create a histogram from the output of the diff command
  • diffoscope: Compare files, archives, and directories
  • diff-pdf: Tool for comparing two PDFs
  • dict: Command line dictionary using the DICT protocol

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright