zphinx/tai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
Files
feature/output-file-and-fixes
tai/runbooks/ssh.md
zphinx 57f4c0efaa
Some checks failed
CI / test (push) Failing after 15s
Details
feat: complete RAG runbook workflow and release docs
2026-05-06 04:48:41 +02:00

101 lines
2.2 KiB
Markdown
Raw Permalink Blame History

---
service: ssh
symptoms: connection refused, authentication failed, host key mismatch, permission denied, timeout connecting, no route to host
tags: ssh, sshd, openssh, authentication, network, connectivity
---
## Symptoms
- `ssh: connect to host <hostname> port 22: Connection refused`
- `Permission denied (publickey)` — key not accepted or wrong user
- `WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!` — host key mismatch
- `Connection timed out` — firewall blocking or host unreachable
- `No route to host` — routing issue or host is down
## Diagnostics
### Is sshd running?
```
systemctl status sshd
systemctl status ssh
```
A stopped or failed sshd is the most common cause of "connection refused".
### Check sshd configuration
```
sshd -t
cat /etc/ssh/sshd_config
```
Look for: `PasswordAuthentication`, `PubkeyAuthentication yes`, `AuthorizedKeysFile`.
### Check authorised keys
```
ls -la ~/.ssh/
cat ~/.ssh/authorized_keys
```
Permissions must be: `~/.ssh``700`, `authorized_keys``600`.
Wrong permissions cause silent auth failure even with the correct key.
### Check sshd logs
```
journalctl -u sshd -n 100
journalctl -u ssh -n 100
grep sshd /var/log/auth.log | tail -50
```
Look for: `Invalid user`, `Failed publickey`, `Connection reset by peer`, `Too many authentication failures`.
### Check listening port
```
ss -tlnp | grep sshd
netstat -tlnp | grep :22
```
If sshd is running but not listening on the expected port, check `Port` in `/etc/ssh/sshd_config`.
### Firewall rules
```
iptables -L INPUT -n -v
nft list ruleset
ufw status verbose
```
A DROP rule on port 22 causes silent timeouts, not "connection refused".
## Remediation
**sshd not running:**
```
systemctl enable --now sshd
```
**Wrong permissions on authorized_keys:**
```
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chown -R $USER:$USER ~/.ssh
```
**sshd config error:**
Fix the error reported by `sshd -t`, then:
```
systemctl restart sshd
```
**Host key mismatch (expected after reinstall/reprovisioning):**
Remove the old key from the client:
```
ssh-keygen -R <hostname>
```
Only do this if you are certain the host was intentionally reprovisioned.
If the key change is unexpected, treat as a potential MITM and investigate before connecting.
Reference in New Issue View Git Blame Copy Permalink