Reputation: 31
Cygwin ssh: lost connection after accessing remote host with id_rsa, id_rsa.pub keys
My goal is to copy files programatically from remote server to local computer. Both running Windows with Cygwin (server) and computer Cygwin 64.
Before I create rsa or dsa keys I can copy files by entering Password
But after creation of these files, I have "connection closed by remote host. lost connection" error
I gave following rights: "chmod 600 .ssh/id_rsa" (on local computer) and chmod 600 ".ssh/authorized_keys2". What is the problem who can answer to me?
$ ssh login@hiddenhost
Connection to hiddenhost closed by remote host.
Connection to hiddenhost closed.
PC003370+procserver@ATMPROCSERVER ~
$ ssh -v login@hiddenhost
OpenSSH_7.2p2, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to hiddenhost [hiddenhost] port 22.
debug1: Connection established.
debug1: identity file /home/procserver/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/procserver/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/procserver/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/procserver/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/procserver/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/procserver/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/procserver/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/procserver/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1
debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to hiddenhost:22 as 'login'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit
> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit
> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:TS6tXfpxXyW/KeIWFnvxCsmEhHy8
8NyoBA3DdOHzjFw
debug1: Host 'hiddenhost' is known and matches the ECDSA host key.
debug1: Found key in /home/procserver/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/procserver/.ssh/id_rsa
debug1: Authentication succeeded (publickey).
Authenticated to hiddenhost ([hiddenhost]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: pledge: network
debug1: channel 0: free: client-session, nchannels 1
Connection to hiddenhost closed by remote host.
Connection to hiddenhost closed.
Transferred: sent 1944, received 1312 bytes, in 0.0 seconds
Bytes per second: sent 647995.5, received 437330.3
debug1: Exit status -1
PC003370+procserver@ATMPROCSERVER ~
$
Upvotes: 0
Views: 3050
Answers (3)
Reputation: 481
Here's what fixed the issue for me.
Run sshd in debug mode using below command
/usr/sbin/sshd.exe -D -dd
This gave me the below warnings
> $ /usr/sbin/sshd.exe -D -dd debug2: load_server_config: filename
> /etc/sshd_config debug2: load_server_config: done config len = 285
> debug2: parse_server_config: config /etc/sshd_config len 285 debug1:
> sshd version OpenSSH_7.5, OpenSSL 1.0.2k 26 Jan 2017
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
> WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0770 for '/etc/ssh_host_rsa_key' are too open. It is
> required that your private key files are NOT accessible by others.
> This private key will be ignored. key_load_private: bad permissions
> Could not load host key: /etc/ssh_host_rsa_key
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
> WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0770 for '/etc/ssh_host_dsa_key' are too open. It is
> required that your private key files are NOT accessible by others.
> This private key will be ignored. key_load_private: bad permissions
> Could not load host key: /etc/ssh_host_dsa_key
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
> WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0770 for '/etc/ssh_host_ecdsa_key' are too open. It is
> required that your private key files are NOT accessible by others.
> This private key will be ignored. key_load_private: bad permissions
> Could not load host key: /etc/ssh_host_ecdsa_key
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @
> WARNING: UNPROTECTED PRIVATE KEY FILE! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Permissions 0770 for '/etc/ssh_host_ed25519_key' are too open. It is
> required that your private key files are NOT accessible by others.
> This private key will be ignored. key_load_private: bad permissions
> Could not load host key: /etc/ssh_host_ed25519_key sshd: no hostkeys
> available -- exiting.
So I changed the permissions of the above files to 600
$ chmod 0600 /etc/ssh_host*
Then the debug command again.
SHA256:4yqAb/GiMfMJPmIXfKz+Zw4fWOCVN7E6vUDHEtokdHk /var/empty must be owned by root and not group or world-writable.
Then change the permission of this folder to 600.
$ chmod 600 /var/empty
This fixed the issue.
Upvotes: 0
Reputation: 17
I've got the same problem. The root cause is directory /var/empty is not the correct owner, so i've done this: chown $uid.$gid /var/empty The problem is fixed.
Upvotes: 0
Reputation: 31
HURRAY!!!!
We found a solution.
All the reason was in owning /var/empty/ folder. We tried to start server in debuggin mode... and then found this article:
" If you are debugging a SSH connection, you may need to run sshd by hand (instead of as a service) and enable debugging output. Doing so allows you to track exactly why a connection is failing to establish. However, if you try to run sshd by hand, you may get the following message.
% cygrunsrv.exe --stop sshd
% /usr/sbin/sshd.exe -D
Could not load host key: /etc/ssh_host_ecdsa_key /var/empty must be owned by root and not group or world-writable.
To fix this, make the user starting the sshd service the owner of /var/empty.
% ls -ld /var/empty
drwxr-xr-x+ 1 cyg_server root 0 May 7 2010 empty
% chown /var/empty
Now, start sshd again.
% /usr/sbin/sshd.exe -D
When you are done debugging and are ready to run sshd again as a service, change the owner of /var/empty to cyg_server.
% chown cyg_server /var/empty
% cygrunsrv.exe --start sshd
Note: you must have administrator privileges to run "
Upvotes: 1
Related Questions
- Raspberry Pi SSH permission denied
- git push ssh_exchange_identification: Connection closed by remote host
- SSH and SCP commands fail to execute after successful SSH key authentification with error message: Win32 error 1114
- Amazon ec2 show "Permission denied (publickey)"
- SSH : ssh-keygen generating rsa key, but not working
- ssh-host-config reset after reboot and shh -vvv localhost /ipaddress not working
- Why can I not clone repository from Github using Cygwin SSH on Windows 7?
- ssh from Linux to Windows cygwin