SSH Server unexpectedly closed network connection

While connecting the Linux server through putty, following error occurred. SSHD server unexpectedly closed network connection

Error log:

tail -f /var/log/audit/audit.log

type=USER_AUTH msg=audit(1292432614.589:14079): user pid=5965 uid=0 auid=0 ses=1 msg=’op=PAM:authentication acct=”user” exe=”/usr/sbin/sshd” hostname=192.168.1.5 addr=192.168.1.5 terminal=ssh res=success’
type=USER_ACCT msg=audit(1292432614.598:14080): user pid=5965 uid=0 auid=0 ses=1 msg=’op=PAM:accounting acct=”user” exe=”/usr/sbin/sshd” hostname=192.168.1.5 addr=192.168.1.5 terminal=ssh res=failed’
type=USER_LOGIN msg=audit(1292432614.600:14081): user pid=5965 uid=0 auid=0 ses=1 msg=’op=login acct=”user” exe=”/usr/sbin/sshd” hostname=? addr=192.168.1.5 terminal=sshd res=failed’

There may be several reasons for the error. Try the following trouble shoot methods.

Solution #1

Try
#touch /etc/environment
creates the file

Solution #2
Check /etc/hosts.deny file for any ip / host blocking.

Solution #3

Check the authentication method, After modifying the pam.d it started working.

#cd /etc/pam.d
#vim  system-auth-ac

auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        sufficient    pam_smb_auth.so use_first_pass nolocal
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so

#vim sshd

auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    include      system-auth
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke

Leave a Reply

Your email address will not be published. Required fields are marked *