SSH Frequently Asked Questions
Access Control
- I'm trying to use TCP wrappers (libwrap), but it doesn't work.
- I want to require different forms of authentication based on the source address of the connection (where the user is coming from).
Authentication
- How do I get publickey user authentication to work?
- Password authentication doesn't work with OpenSSH.
- What the heck is "keyboard interactive" authentication?
- How do I get trusted-host (SSH-2 "hostbased", SSH-1 "RhostsRSA") authentication working?
- How do I arrange to log in without typing a password or passphrase?
Comparisons
What's the difference between...File Transfer (scp, sftp, FTP)
- I'm trying to
scp
using an OpenSSH client to an SSH2 server.ssh
works fine, butscp
returns this: - When I try to use sftp or scp2, I get a message like this:
Received message too long (or "Bad packet length") 1416586337
- I want to use sftp in a script, but it doesn't work — I can't use "here documents," and it keeps trying to prompt for stuff.
- How do I allow a user to use scp or sftp, but not allow regular ssh (i.e. forbid getting a shell or running other programs)?
Port Forwarding
X Forwarding
- With OpenSSH, X forwarding works for some applications, but not others!
- I'm using OpenSSH on the server side, and X forwarding is working fine for me... except that linuxconf won't forward, while other X clients will.
Miscellaneous
- How can I stop my SSH session from timing out after it's been inactive for a while?
- My SSH session hangs part way through logging on, when I generate a lot of output from my shell, try to scp or sftp a file, or attempt to run an X11 application. I have a firewall, NAT or packet filter.
- How do I debug SSH problems?
- When I connect to the SSH server port, I see a version announcement like
this:
% telnet SERVER 22 Trying 192.168.1.1... Connected to SERVER (192.168.1.1). Escape character is '^]'. SSH-1.99-OpenSSH_2.5.2p2
I don't like this — it's announcing the protocol and specific software package and version to the world, so the nasty hackers will know just what attacks to try. Can I turn this off? - How does ssh-agent work?
Bugs & Problems
- Sometimes my SSH connection hangs when exiting — the shell (or remote command) exits, but the connection remains open, doing nothing.
- When using SSH-2.3.0 with any other SSH implementation (in either client/server combination), the session dies after an hour. There are various error messages; OpenSSH, for example, says this:
- My SSH client connects, but the server seems to immediately close the
connection. I get "connection closed" or "connection lost," or with
OpenSSH:
ssh_exchange_identification: Connection closed by remote host
- My OpenSSH server keeps logging this message:
WARNING: /etc/primes does not exist, using old prime