I have just upgraded my Debian server from Stretch (stable) to Buster (testing).
One strange thing I can't seem to resolve:
$ ssh [email protected] -p [censored] -o ConnectTimeout=5 -i /home/vlastimil/.ssh/id_rsa -vvv results in:
OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: resolving "192.168.0.102" port [censored] debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 192.168.0.102 [192.168.0.102] port [censored]. debug2: fd 3 setting O_NONBLOCK debug1: connect to address 192.168.0.102 port [censored]: Connection refused ssh: connect to host 192.168.0.102 port [censored]: Connection refused However, if I log in as that user locally (I can even log off then, it just needs one login), it does work.
I was able to log in as root. However, only from the one machine, in spite of having public key exchanged.
Further, only one root login from that one machine needed, and then it is possible to log in as root from the other machine.
Could anyone elaborate as to, how do I debug this issue?
Server's config:
# grep -v '#' /etc/ssh/sshd_config Port [censored] Protocol 2 SyslogFacility AUTH LogLevel INFO LoginGraceTime 120 StrictModes yes HostbasedAuthentication no IgnoreRhosts yes PermitEmptyPasswords no ChallengeResponseAuthentication no UsePAM yes X11Forwarding yes PrintMotd no PrintLastLog no Banner none AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server KeyRegenerationInterval 3600 ServerKeyBits 4096 Ciphers [email protected],[email protected] MACs [email protected] KexAlgorithms [email protected] FingerprintHash sha512 Match Address 192.168.0.* PermitRootLogin yes Match all PermitRootLogin no I just realized it did not ask me whether I wish to add the machine to known hosts.
I will have to do it manually probably.