# SSH not working in new BSD install



## fluffybonkers (Jan 15, 2014)

Hi!

I have just started using FreeBSD but have had some experience with various Linux flavours. I am aiming to use it for a variety of server tasks in a home environment. However I have already run into an immediate problem - I can't get SSH to work. 

When attempting to login locally or remotely (using Putty from a Windows box), I get the error message 
	
	



```
ssh_exchange_identification: Connection closed by remote host
```
 I am using the login command `ssh [email=user@192.168.1.1]user@192.168.1.1[/email]`.

I am not even sure how to go about diagnosing the cause of this and would appreciate any help.


----------



## DutchDaemon (Jan 15, 2014)

Some general ideas here. Check (or elevate verbosity for) debug output.


----------



## fluffybonkers (Jan 15, 2014)

Thanks for your help but I have tried all the suggestions other than the dependencies one on that page with no luck. When I use `lsof` I get 
	
	



```
lsof:command not found
```
 There are also no fingerprint files with those names. hosts.deny I believe has been deprecated but hosts.allow returns:


```
# Wrapping sshd(8) is not normally a good idea, but if you
#sshd:.evil.cracker.example.com:deny
sshd : /etc/hosts.denidssh : deny
sshd : ALL : allow
```

The error returned with maximum verbosity on trying to log in using SSH is:


```
OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.1.103 [192.168.1.103] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2_hpn13v11 FreeBSD-20130515
ssh_exchange_identification: Connection closed by remote host
```

Thanks again for your help.


----------



## Deleted member 9563 (Jan 15, 2014)

Did you put

```
sshd_enable="YES"
```
in your /etc/rc.conf file?
PS: I use the command: `ssh -l user server`


----------



## fluffybonkers (Jan 16, 2014)

I did add 
	
	



```
sshd_enable="YES"
```
 to my /etc/rc.conf

I tried using `ssh -1 user@server` and that didn't change the result. May I ask what the `-1` does?

This is the contents of my /etc/rc.conf:


```
vboxnet_enable="NO"
ifconfig_re0="DHCP"
ifconfig_re0_ipv6="inet6 accept_rtadv"
hostname="server"
zfs_enable="YES"
sshd_enable="YES"
```

Note: setup is DHCP but a static IP is assigned by MAC address by DD-WRT on my router.

Thanks.


----------



## scottro (Jan 16, 2014)

It looks as if you're using the numeral one, whereas @OJ suggested a lower case L.  The lower case L is for login, so that if I'm logged on as user scott and want to access a machine as scottro, I would do `ssh -l scottro myserver`, not `ssh -1 scottro myserver`.  
(The second one is the numeral one, which is what it appears you typed.)


----------



## fluffybonkers (Jan 16, 2014)

Thank you for the correction, it appears I am blind. However locally I just get:


```
ssh -l fluffybonkers@192.168.1.103:22
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-e escape_char] [-F configfile]
           [-I pkcs11] [-i identity_file]
           [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [-W host:port] [-w local_tun[:remote_tun]]
           [user@]hostname [command]
```

And from Putty on Windows I just get 
	
	



```
Network Error: Connection refused
```
 before I even get to a login prompt.

Thanks.


----------



## scottro (Jan 16, 2014)

That indicates there's a syntax error. (And believe me, many confuse some letters and numbers, zero and the letter o, as well as the numeral one and the letter L--it often depends upon your font.)

If the username is @fluffybonkers, you don't need the -l. A simple `ssh fluffy@bonkers@192.168.1.103` should be sufficient. 

For specifying a port with 22 (which should only be necessary if it's not the default port 22), a -p should work, e.g. `ssh -p 22 myremotehost`.  (And, if copying with the SCP command use an upper case -P, `scp -P 22 myfile myremotehost:`). Again, that should only be necessary when using a non-standard port.


----------



## nanotek (Jan 16, 2014)

I'm asking the obvious, but have you tried `ssh serverIP`, i.e. without the username@? For example:


```
ssh 123.45.67.89
```

What, if any, alterations have you made in /etc/ssh/sshd_config and /etc/ssh/ssh_config?


----------



## fluffybonkers (Jan 16, 2014)

`ssh 192.168.1.103` returns the same error.

In sshd_config some lines have been uncommented. Port 22 is forced, protocol 2 is forced, login grace time is set to 1 minute, root login is permitted, password authentication is used, empty passwords are not permitted, use pam is no, use dns is no. That is all.

Nothing has been changed in ssh_config. Everything is commented. All files have been edited using Midnight Commander in the root terminal.

Thanks.

P.S. keep coming with the obvious suggestions, I am completely new to BSD and could have easily missed something.


----------



## nanotek (Jan 17, 2014)

Strange. Issue: `tail -F /var/log/auth.log` on the server, then try `ssh` into it and share what is logged.


----------

