Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 1345 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSH Stopped working

u8o41
Hi,

I am currently running ASL 3.209 (but the problem also happened on ASL 3.217)

I am not sure what happened to SSH on my firewall. I have SSH enabled through webadmin, and I was able to connect to my firewall through SSH then. Then something happened so when I tried to connect to my Firewall PuTTy (My SSH client) returns an error saying Connection refused.

This struct me as odd, so I logged onto my firewall to see if sshd was running, it wasn't and when I tried to restart it i get the following messge:

/usr/loca/etc/sshd_config line 15: Deprecated option CheckMail
Disabling protocol version2. Could not load host key

I tried reinstalling ASL, and importing backups from when ssh still worked, and I still get the same messages. 

Any idea? Has this ever happened to anyone else?
   


This thread was automatically locked due to age.
  • 0
    Your error suggests it is having problems with the ssh host keys, so you could try this:

    Log on at the console, and remove (or backup) the following files :

    To remove:

    rm /etc/ssh/ssh_host_key*
    rm /etc/ssh/ssh_host_dsa_key*

    To backup (to root home directory):

    cp /etc/ssh/ssh_host_key* /root
    cp /etc/ssh/ssh_host_dsa_key* /root

    Then either restart ssh, or restart the firewall (your preference). The ssh startup script has the following in it :

    ======= SNIP ===========
    if [ ! -s /etc/ssh/ssh_host_key ] ; then
                            echo "   generate SSH RSA key"
                            rm -f /etc/ssh/ssh_host_key*
                            /sbin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -P "" >/dev/null 2>&1 || ret_code=1
                    fi
                    if [ ! -s /etc/ssh/ssh_host_dsa_key ] ; then
                            echo "   generate SSH DSA key"
                            rm -f /etc/ssh/ssh_host_dsa_key*
                            /sbin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -P "" >/dev/null 2>&1|| ret_code=1
                    fi
    ======= SNIP ===========

    This basically means it will regenerate the files if they don't exist, *or* if they exist, but are truncated to zero bytes.

    Hope this helps,

    Karl