While connecting the Linux server through putty, following error occurred. SSHD server unexpectedly closed network connection
Error log:
tail -f /var/log/audit/audit.log
type=USER_AUTH msg=audit(1292432614.589:14079): user pid=5965 uid=0 auid=0 ses=1 msg=’op=PAM:authentication acct=”user” exe=”/usr/sbin/sshd” hostname=192.168.1.5 addr=192.168.1.5 terminal=ssh res=success’
type=USER_ACCT msg=audit(1292432614.598:14080): user pid=5965 uid=0 auid=0 ses=1 msg=’op=PAM:accounting acct=”user” exe=”/usr/sbin/sshd” hostname=192.168.1.5 addr=192.168.1.5 terminal=ssh res=failed’
type=USER_LOGIN msg=audit(1292432614.600:14081): user pid=5965 uid=0 auid=0 ses=1 msg=’op=login acct=”user” exe=”/usr/sbin/sshd” hostname=? addr=192.168.1.5 terminal=sshd res=failed’
There may be several reasons for the error. Try the following trouble shoot methods.
Solution #1
Try
#touch /etc/environment
creates the file
Solution #2
Check /etc/hosts.deny file for any ip / host blocking.
Solution #3
Check the authentication method, After modifying the pam.d it started working.
#cd /etc/pam.d
#vim system-auth-ac
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth sufficient pam_smb_auth.so use_first_pass nolocal
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
#vim sshd
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke