Bug#497455: marked as done (openssh-server: connection attempts fail with "Connection refused")

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 2 Sep 2008 13:00:17 +0100
with message-id <20080902120017.GH17016@riva.ucam.org>
and subject line Re: Bug#497455: openssh-server: connection attempts fail with "Connection refused"
has caused the Debian Bug report #497455,
regarding openssh-server: connection attempts fail with "Connection refused"
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
497455: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497455
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: openssh-server: connection attempts fail with "Connection refused"
• From: Christoph Groth <cwg@falma.de>
• Date: Mon, 01 Sep 2008 22:44:59 +0200
• Message-id: <[🔎] 20080901204459.8284.59047.reportbug@mimoid.lan>

Package: openssh-server
Version: 1:5.1p1-2
Severity: important


After openssh-server was upgraded from 1:4.7p1-12 to 1:5.1p1-2 all connection
attempts (from local and remote systems) fail, e.g.:

mimoid:~# ssh localhost
ssh: connect to host localhost port 22: Connection refused
mimoid:~# telnet localhost 22
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

Strangely, sshd appears to be listening:

mimoid:~# lsof | grep sshd | grep LISTEN
sshd      6422        root    3u     IPv6      38220                 TCP *:ssh (LISTEN)

The problem disappears when I downgrade openssh-server and openssh-client back
to 1:4.7p1-12.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  adduser               3.110              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.22             Debian configuration management sy
ii  dpkg                  1.14.20            Debian package management system
ii  libc6                 2.7-13             GNU C Library: Shared libraries
ii  libcomerr2            1.41.0-3           common error description library
ii  libkrb53              1.6.dfsg.4~beta1-4 MIT Kerberos runtime libraries
ii  libpam-modules        1.0.1-4            Pluggable Authentication Modules f
ii  libpam-runtime        1.0.1-4            Runtime support for the PAM librar
ii  libpam0g              1.0.1-4            Pluggable Authentication Modules l
ii  libselinux1           2.0.65-4           SELinux shared libraries
ii  libssl0.9.8           0.9.8g-13          SSL shared libraries
ii  libwrap0              7.6.q-16           Wietse Venema's TCP wrappers libra
ii  lsb-base              3.2-19             Linux Standard Base 3.2 init scrip
ii  openssh-blacklist     0.4.1              list of default blacklisted OpenSS
ii  openssh-client        1:5.1p1-2          secure shell client, an rlogin/rsh
ii  zlib1g                1:1.2.3.3.dfsg-12  compression library - runtime

Versions of packages openssh-server recommends:
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.3-2  X authentication utility

Versions of packages openssh-server suggests:
pn  molly-guard                   <none>     (no description available)
pn  rssh                          <none>     (no description available)
pn  ssh-askpass                   <none>     (no description available)

-- debconf information:
  ssh/insecure_rshd:
  ssh/vulnerable_host_keys:
  ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/encrypted_host_key_but_no_keygen:
  ssh/disable_cr_auth: false

--- End Message ---

--- Begin Message ---

• To: 497455-done@bugs.debian.org
• Subject: Re: Bug#497455: openssh-server: connection attempts fail with "Connection refused"
• From: Colin Watson <cjwatson@debian.org>
• Date: Tue, 2 Sep 2008 13:00:17 +0100
• Message-id: <20080902120017.GH17016@riva.ucam.org>
• In-reply-to: <[🔎] 87prnnjcgx.fsf@mimoid.lan>
• References: <[🔎] 20080901204459.8284.59047.reportbug@mimoid.lan> <[🔎] 20080901225831.GG17016@riva.ucam.org> <[🔎] 87prnnjcgx.fsf@mimoid.lan>

On Tue, Sep 02, 2008 at 08:20:14AM +0200, Christoph Groth wrote:
> Colin Watson <cjwatson@debian.org> writes:
> > Please attach /etc/ssh/sshd_config, and look for relevant entries around
> > sshd startup time in /var/log/auth.log.
> 
> After running /etc/init.d/ssh restart only two lines are appended to
> /var/log/auth.log:
> 
> Sep  2 08:08:28 mimoid sshd[3807]: Received signal 15; terminating.
> Sep  2 08:08:28 mimoid sshd[4422]: Server listening on :: port 22.
[...]
> # Use these options to restrict which interfaces/protocols sshd will bind to
> ListenAddress ::
> #ListenAddress 192.168.0.1

This isn't the default for ListenAddress in sshd_config (and hasn't ever
been, as far as I know), and it means to listen only on the local IPv6
interface; therefore attempts to connect by IPv4 fail. I think you must
have added this yourself, perhaps due to a bug in older versions of
sshd. Get rid of the 'ListenAddress ::' (either remove that line or
comment it out with a '#') and it will work.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

--- End Message ---