One of my ec2 servers has stopped receiving ssh connections. The OS is Ubuntu server 8.04, and the ssh server is the standard openssh-server.
After months of uptime, I tried to connet to it today, and got the following message:
ssh_exchange_identification: Connection closed by remote host
Any idea what could have went wrong?
Update: After a reboot, the server started receiving new connections. Disks are below 50% usage.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Now that you once again have access, check the log to determine what, if any, clues there are as to why you were blocked.
tail -n300 /var/log/auth.log | grep ssh <sup>1</sup>
The other thing to remember is that, if it happens again, you can run ssh in verbose mode with the -vvv option, which will return more detailed diagnostic information. From man ssh:
-v Verbose mode. Causes ssh to print debugging messages about its progress. This is helpful in debugging connection, authentication, and configuration problems. Multiple -v options increase the verbosity. The maximum is 3.
[1] You may need to increase/decrease the amount you tail by (-n) to identify the relevant entries.
Method 2
This is a normal situation if multiple clients try to authenticate in the same time. This is configured by the MaxStartups option in /etc/ssh/sshd_config.
If MaxStartups=3, and 4 clients try to connect, the last client will display your message, it is rejected by the server because of too many authentications pending on the server side.
sshd behaves like this to prevent bruteforce attack.
Method 3
It could be caused by time skew. Make sure that all machines are getting time from an internet time server.
Method 4
Are you using some sort of automatic blocking? I have denyhosts isntalled, which will block the IP address after several failed login attempts, and I have locked myself out like this a few times.
Method 5
Unlikely is a failed automatic package update.
Likely is a hardware failure, software failure (kernel resources leak), temporary routing failure, or hacking attempt gone awry.
I’m assuming a local managed user database for EC2.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0