Networking on Much Ado About IT

SSH Error: "ssh_exchange_identification: Connection closed by remote host"

Julian Knight — Sat, 05 May 2012 21:20:56 +0000

Fixing up an SSH login error after moving to a new ISP. "ssh_exchange_identification: Connection closed by remote host" is caused by the lack of a reverse DNS entry.

At home, we’ve just switched from a slow (2mbps) ADSL connection to a wonderfully fast 40mbps connection provided by the excellent Origin Broadband using the South Yorkshire fibre network provided by Digital Region.

I did have a small problem though that has taken some searching to resolve so I’ll detail it here in case others find it useful.

As soon as we switched over, I couldn’t connect to my VPS over SSH. I was getting the message:

It turns out that this is due to the fact that the server contains the following entry in /etc/hosts.deny:

The OS does a Reverse DNS Lookup to check for bad domains and this line tells the system to reject connection requests to SSHd that don’t have a reverse DNS address. So it seems that my new ISP hasn’t (yet?) registered a reverse DNS address whereas my previous ISP (PlusNet) did.

You can remove that entry but that has a security implication. The better fix is to add a line to /etc/hosts.allow:

Where 1.2.3.4 should be replaced by the fixed IP address your ISP gives you. Visit WhatsMyIP.com to find out your address. If you don’t have a fixed address, you’ll probably have to do the alternative fix. The “ALL” keyword ensures that your location can access all services on the server.

I’ve made the change and it works fine. I’ve also raised a ticket to see if I will be getting a reverse DNS entry.

Update 2012-07-13: Annoyingly, I’ve had no response to my ticket with Origin Broadband. However, the fix works fine.

Monitoring a Broadband Router

Julian Knight — Wed, 01 Dec 2010 20:00:59 +0000

Just been asked this question by an ex-colleague so I thought it would be good to do a write up.

How do I monitor my broadband router?

There are a number of measurements that you can do to see the health of your router.

External Monitoring

Firstly, you can measure whether the outside world can “see” your router. This does mean that you have to allow “pings” from the Internet which does slightly reduce your router security and so this feature is often turned off by default. I use some external services to monitor the availability of both my web sites and my router:

[basicstate.com][1]
[mon.itor.us][2]
[servermojo.com][3] Each of these have both free and paid services. It is [servermojo.com][3] that I mainly use to ping my router.

Internal Monitoring

Secondly, you may be able to turn on something called SNMP (Simple Network Management Protocol) in your router. This is a standard that allows monitoring of all sorts of information regarding servers, routers, etc. You will need to give the router an IP address of a PC within your network that will receive the information. There are a number of free tools that allow you to monitor SNMP To monitor from within your home network, you can use [PRTG][4] or the free version of [Kiwi Syslog Server][5]. SNMP will allow you not only to see that the router is alive but whether it is connected to the outside world (the WAN port), what speed communications it is using, how long since the connection came alive and many other parameters.

The key parameters to measure are:

When the WAN connection went up and down
What the download speed is
The Signal to Noise Ratio (SNR)
The Attenuation If you are having intermittent router problems, these tools will give you the kind of ammunition you need to take to your ISP to encourage them to take you seriously and get the fault resolved. [1]: http://basicstate.com/ [2]: http://mon.itor.us/ [3]: http://servermojo.com/ [4]: http://www.paessler.com/prtg/ [5]: http://www.kiwisyslog.com/

Bridged networking in OpenSUSE 10.3 & 11.0 (For VirtualBox)

Julian Knight — Wed, 02 Jul 2008 01:34:00 +0000

I prefer to use VirtualBox rather than VMware as it seems to be rather faster and less resource hungry than VMware Server (the only free version of VMware with a GUI). Also VirtualBox seems to have better Linux host support (sound, etc.).

However, there is one thing that VMware is better at – setting up the guest network on the same network as the host.

Under VirtualBox this is called “Host Interface Networking” and, with a Linux host anyway, is a right royal pain to set up. This is because VirtualBox uses the powerful and flexible bridging capabilities of Linux – but they have no easy GUI setup!

So here is my summary of getting host interface working on my OpenSUSE 10.3 desktop. Firstly though, note that I have two network cards. I am not going to mess with eth0 as this is the card I use for the main network from my desktop. Instead I am going to configure eth1.

Install the package “bridge-utils”
Follow the instructions at the OpenSUSE web site to set up a basic bridge. You will end up with a new file in /etc/sysconfig/network called ifcfg-br0 containing something like:

```
## Bridge 0 config - to allow VirtualBox to use
## Host Interface Networking mode with eth1
STARTMODE='auto'
BOOTPROTO='static'
# Change the above to dhcp to use your networks
# dhcp server to assign an address
# (the next 2 lines are then ignored)
IPADDR=192.168.3.1
NETMASK=255.255.0.0
# Note that the above puts the bridge onto a different
# subnet to my main network but that I use class B
# addressing to ensure everything can talk
NETWORK=
BROADCAST=
STARTMODE=auto
USERCONTROL=no
NAME='Bridge 0'
NM_CONTROLLED=no
BRIDGE='yes'
BRIDGE_PORTS='eth1'
BRIDGE_AGEINGTIME='300'
BRIDGE_FORWARDDELAY='0'
BRIDGE_HELLOTIME='2'
BRIDGE_MAXAGE='20'
BRIDGE_PATHCOSTS='19'
BRIDGE_PORTPRIORITIES=
BRIDGE_PRIORITY=
BRIDGE_STP='on'
```
I think that you may also need to tell the bridge where your default router is. Create a file in the same place as above called `ifroute-br0` containing:
```
default 192.168.1.1 -
```
(or whatever your router is).
Then, when you've done a `/etc/rc.d/network restart` as sudo, you should see that `eth1` and `br0` both come back up.
Note that it is possible that you have to change eth1 to give it a manual IP address of `0.0.0.0`, netmask `0.0.0.0` for it to work correctly (as per the instructions in section 6.7.1.2 of the VirtualBox manual &#8211; note that some of the rest of those instructions seem to be incorrect). Note that SUSE 11.0 at least has a setting for this in YAST (edit the card config and select none for address assignment).
The ethernet card eth1 is now _indirectly_ used via the bridge br0.
Here is my `ifcfg-eth1`.
```
BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='0.0.0.0'
MTU=''
NAME='ASUSTeK Marvell 88E8001 Gigabit Ethernet Controller (Asus)'
NETMASK=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='hotplug'
USERCONTROL='no'
```
**UPDATE 2008-07-18**: In addition to the above, you _must_ create a default route &#8211; but don't do it via YAST! YAST has a bug that often deletes the default route. Instead, put the following line in the file `/etc/sysconfig/network/routes`:
```
default 192.168.1.1 - -
```
Note the two dashes at the end
* Create a permanent interface for VirtualBox to use (also called a "tap" interface) with the command:
`sudo VBoxAddIF vbox0 <user> br0`
Where &lt;user> is the VirtualBox user running the VM - I guess you have to do this for every user who might run the VM.
If you run the command `ifconfig` you will now see a new network interface called `vbox0` which will reappear along with `br0`,
`ethx`, etc. every time you reboot.
Note that these VirtualBox interfaces can only be used once so if you have two VM&#8217;s, you will need two interfaces. Also note that VirtualBox has a method of creating dynamic interfaces (that only appear when you want them) but that is more complex to set up.
* Now tell your VM configuration to use this interface.
You can do this via the GUI by putting the required name (vbox0) into the network settings box &#8220;Interface Name&#8221; under the HIS section. Or you can do it with the command:
`VBoxManage modifyvm "My VM" -hostifdev1 vbox0`
* Make sure that the guest OS is running the network connection with DHCP so that it gets the correct address, gateway, DNS, etc.
* You might need to set a default gateway in the host OS.</ol>
Job is done!! After some years of attempting this on and off, it has finally come together and all works. Hopefully this little list is enough to get you going.
Regards, J.
**UPDATE 2008-08-12**: It seems that there is something slightly amis with the above instructions. On reboot, the network is not quite left in the correct state and you have to do a &#8220;`/etc/rc.d/network restart`&#8221; before host networking will actually work.
**UPDATE 2008-08-22**: Oops, sorry but I got the `addif` command wrong, it was missing the userid bit. Rats! Blogger keeps eating the < symbol.
**UPDATE 2018-05-04**: Tidy markup after conversion from WordPress to Hugo/Netlify