2

I've been running this script for a few days:

while [ true ]; do ssh USER@SERVER echo -n . || date +"%s"; done

Obviously, my terminal is filled with dots, but sometimes (quite rarely) I get this

.......................................................................
.......................................................................
.......................................................................
.......................................................................
.......................................................................
..............ssh: connect to host SERVER port 22: Connection refused
1323454879
ssh: connect to host SERVER port 22: Connection refused
1323454879
ssh: connect to host SERVER port 22: Connection refused
[snip]
1323454879
ssh: connect to host SERVER port 22: Connection refused
1323454879
ssh: connect to host SERVER port 22: Connection refused
.......................................................................
.......................................................................
.......................................................................
.......................................................................
.......................................................................

I tried this with different server providers, source servers, target servers, time of day, geographic locations. Sooner or later that error comes up for a brief second or two.

Is this to be expected or do I have an issue?

pitr
  • 129
  • 1
  • 4
  • You're flooding ssh with connections. I am not surprised by this behavior at all. It could be any number of things. – user606723 Dec 09 '11 at 16:45
  • Is there some reason you haven't put at least a 1 second sleep in that loop? If you were doing something like that against my servers I would probably blacklist you in my firewall. – Zoredache Dec 09 '11 at 16:52
  • I wait for SSH connections to close, so I am not sure how this is a problem. – pitr Dec 09 '11 at 18:08
  • The problem is that you are filling the logs with junk, and probably wasting resources. Perhaps you can share why you are doing this? Because it looks extremely wasteful to me. – Zoredache Dec 09 '11 at 18:53
  • are you talking about syslog? How is THAT an issue? If anything, I am not logging enough. – pitr Dec 09 '11 at 18:59
  • Initially, the reason I started looking into this was the fact that Nagios would occasionally trigger error on check_ssh, always with different servers. – pitr Dec 09 '11 at 19:01
  • You may be triggering the sshd MaxStartups rate-limiter. See also: http://serverfault.com/questions/529812/intermittent-ssh-exchange-identification-connection-closed-by-remote-host – Henk Langeveld Sep 27 '15 at 21:55
  • People seem to have fixated on your loop, but of course a quick Google shows people run into random "Connection refused" from ssh in a wide variety of systems and situations. I'm writing a provisioning script for Ubuntu on Linode and get this about 10% of the time. It remains a mystery whether there is a single common cause for most of these, or if the ssh networking milieu is really just generally that fragile and too many things could go (intermittently) wrong. – Ron Burk Apr 14 '17 at 14:56

2 Answers2

1

This is likely not aberrant behavior but something to be expected.

You may want to check:

  • firewall rules

  • anti-brute force tools

  • ssh configuration

Firewall rules can rate limit SSH connections. I use this in many of my iptables-based firewalls to stifle brute force SSH attacks. The rules limit then nubmer of new connections to a specified port.

There are tools like fail2ban, denyhosts, and others that may block access after a number of attempts.

Lastly, SSH's configuration (sshd_config) may have a maxium number of servers specified. If you are rapidly hitting SSH, you may hit this limit.

jeffatrackaid
  • 4,112
  • 18
  • 22
  • I've tried with different servers (CentOS and Ubuntu) and with and without firewalls. All anti-brute force tools (I use bfd) are disabled. – pitr Dec 09 '11 at 18:05
  • ssh connections are NOT initialized in the background, so there is no more than one at a time. SSH limit shouldn't be an issue. – pitr Dec 09 '11 at 18:11
  • What is an option in sshd_config that would limit the number of servers? You can limit number of concurrent not yet authed connections, or limit the number of connections per ip, but those would result in "Connection closed by remote host" not "Connection refused" – stew Dec 09 '11 at 18:30
  • @pitr how it initializes is irrelevant. If the implemented something like [Evan suggested](http://serverfault.com/questions/17870/hundreds-of-failed-ssh-logins/17879#17879) then you would get failed connections. – Zoredache Dec 09 '11 at 18:55
0

This error means that the destination server is reachable, but the port 22 is closed (SSH daemon is not running or running on non-default port).

Another possibility is that you have a firewall between you and the destination server that translates the port 22 to something else not opened on the destination server.

You did not say whether you are getting this error always on the same server or not.

Khaled
  • 35,688
  • 8
  • 69
  • 98
  • In this case it would not be on a non standard port as he's looping the connection and it is known to work on port 22. – jeffatrackaid Dec 09 '11 at 16:41
  • This is for more general (hopefully useful) information! – Khaled Dec 09 '11 at 16:45
  • SSH server is constantly running. I tried it on different servers, initiating connection from different machines. – pitr Dec 09 '11 at 18:14
  • Can you run packet capturing tools like wireshark or tcpdump? This will confirm what you are receiving in both cases. – Khaled Dec 09 '11 at 18:38