Score:0

Server

ssh connection refused despite PermitRootLogin yes

Kalcifer

5/9/23, 7:15 PM

In /etc/ssh/sshd_config I changed and added the following:

PermitRootLogin no
Match Address 192.168.0.*
    PermitRootLogin yes

When I try to connect via ssh, however, I get Connection refused.

I know that its those lines affecting it because if I remove them and just leave it as

PermitRootLogin yes

I can connect just fine. What's going on here? It seems that SSH is ignoring the Match block.

0 + 0

ssh

Mrwut

5/9/23, 8:03 PM

Reading the [man](https://linux.die.net/man/5/sshd_config#:~:text=hmac%2Dmd5%2D96-,Match,-Introduces%20a%20conditional) it says you should define a network, so 192.168.0.0/24 (or whatever your network is) should work. But as @vidarlo mentioned, it should not return with a "connection refused". Maybe the sshd could not even start up due to config error.

Kalcifer

5/9/23, 8:10 PM

@Mrwut An error could be possible. Is there any error in what I typed above? That exact block is what is in my ssh config file. I have also tried with 192.168.0.0/22 to no avail.

Mrwut

5/9/23, 8:15 PM

You can verify the config file with `sshd -T` command, if it checks out it should be fine. Maybe you should add `Match all` to close the `Match Address` block

Score:4

Server

vidarlo

5/9/23, 7:56 PM

Connection refused indicates that something at the TCP/IP layer (e.g. L3) stopped you, not that the sshd daemon denied your login.

This is probably due to a firewall or similar somewhere in the path. As long as you get Connection refused the authentication settings are irrelevant; there's no communication between the ssh server and client at that stage.

0 + 0

Kalcifer

5/9/23, 7:59 PM

Then how come it works when I remove that block? It’s only the Match block that causes problems.

vidarlo

5/9/23, 8:11 PM

Probably because sshd fails to start due to config file faults.

Kalcifer

5/9/23, 8:12 PM

Is there an error in the aformentioned block?

vidarlo

5/9/23, 8:14 PM

Check the logs of `sshd` or start it with `sshd -D -f /etc/ssh/sshd_config` to see if it manages to start.

Score:2

Server

Kalcifer

5/9/23, 8:34 PM

As pointed out by @vidarlo, Connection refused indicates an issue at the TCP/IP layer; there is no communication between the server and the client occuring, regardless of the settings in the config file, so this indicates a separate problem.

Using sshd -T as pointed out by @Mrwut, it was found that there was an error in the sshd_config file. The error was that a Match block has to go at the end of the sshd_config file, and not in the middle of it. This is because a Match block cannot be manually terminated, so if something is stated after the Match block that cannot be in a Match block, it will throw an error causing the SSH server to be unable to start.

Since the SSH server could not start, a connection to the server could not be established, and thus Connection refused.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: ssh connection refused despite PermitRootLogin yes

TH: การเชื่อมต่อ ssh ถูกปฏิเสธแม้จะมี PermitRootLogin ใช่

RO: Conexiunea ssh a fost refuzată în ciuda PermitRootLogin da

RU: ssh-соединение отклонено, несмотря на PermitRootLogin да

VI: kết nối ssh bị từ chối mặc dù PermitRootLogin có

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.