sshd 'Fssh_kex_exchange_identification: banner line 0: You are not welcome to use sshd'

S

sko

I have a 12.3-RELEASE-p6 server that I can no longer connect to via ssh from any host. output from ssh -v host:

Code: 
 % ssh -v stor1
OpenSSH_8.8p1, OpenSSL 1.1.1o-freebsd  3 May 2022
debug1: Reading configuration data /home/sko/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to stor1.mgmt.a.<redacted>.lan [10.50.50.101] port 22.
debug1: Connection established.
debug1: identity file /home/sko/.ssh/id_rsa type 0
debug1: identity file /home/sko/.ssh/id_rsa-cert type -1
debug1: identity file /home/sko/.ssh/id_dsa type -1
debug1: identity file /home/sko/.ssh/id_dsa-cert type -1
debug1: identity file /home/sko/.ssh/id_ecdsa type -1
debug1: identity file /home/sko/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/sko/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/sko/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/sko/.ssh/id_ed25519 type -1
debug1: identity file /home/sko/.ssh/id_ed25519-cert type -1
debug1: identity file /home/sko/.ssh/id_ed25519_sk type -1
debug1: identity file /home/sko/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/sko/.ssh/id_xmss type -1
debug1: identity file /home/sko/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8 FreeBSD-20211221
debug1: Fssh_kex_exchange_identification: banner line 0: You are not welcome to use sshd from 10.50.50.98.
Fssh_kex_exchange_identification: Connection closed by remote host
Connection closed by 10.50.50.101 port 22

Even when using another host than my 13.1-RELEASE workstation (e.g. my jumphost running OpenBSD 7.1 or Laptop running 12.3-RELEASE) I always get the same error, so definately server side and not linked to my hosts IP as hinted from the error message...
That server isn't running PF, no changes regarding sshd for the last few months. I can still ping the host and all services, jails and bhyve VMs are running fine, I can even ssh into the jails that are running sshd, but not into the host.

The behaviour didn't change after a reboot, so thanks to broken IPMI on that host I'll have to drag a screen and keyboard to the server room in the basement tomorrow...
 
check your /etc/hosts.allow on 10.50.50.101

The message came from "twist /bin/echo "You are not welcome to use %d from %h."
 
  • Thanks
Reactions: sko
VladiBG said:
check your hosts.allow on 10.50.50.101

The message came from "twist /bin/echo "You are not welcome to use %d from %h."
Click to expand...
Thanks for that hint; I'll check that tomorrow. Although I can't remember changing that file for well over a year when I set up tftp...
 
Small update:
it was /etc/hosts.allow

strangely though, that file was last modified 6 weeks ago, yet the problem only arose 2 days ago...

I had a bunch of entries containing subnets with CIDR-notation (e.g. 10.50.50.0/24), which don't (no longer?) seem to work.
Changed everything to decimal masks (10.50.50.0/255.255.255.0) and everything worked again.

Thanks again VladiBG, you saved me quite some time down there!
 
bgroper said:
Does the /etc/hosts.allow file use cidr notation, eg 10.0.0.1/24 ?
Click to expand...
hosts_access(5):
Code: 
       •      An expression of the form `n.n.n.n/m.m.m.m´ is interpreted as a
              `net/mask´ pair. A host address is matched if `net´ is equal to
              the bitwise AND of the address and the `mask´. For example, the
              net/mask pattern `131.155.72.0/255.255.254.0´ matches every
              address in the range `131.155.72.0´ through `131.155.73.255´.
 
Thanks for replies above, and finding this reference for me.
I obvioulsy missed (or mis-understood) those vital details when reading the fine manual.
 
You must log in or register to reply here.
Back
Top