-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
This was confirmed as a configuration issue: > andrew@a68n:~$ ssh user@detst > ssh: connect to host detst port 22: Connection refused > andrew@a68n:~$ ssh root@detst > ssh: connect to host detst port 22: Connection refused > andrew@a68n:~$ ssh user@detst > Linux detst 4.19.0-1-amd64 #1 SMP Debian 4.19.12-1 (2018-12-22) x86_64 > > The programs included with the Debian GNU/Linux system are free software; > the exact distribution terms for each program are described in the > individual files in /usr/share/doc/*/copyright. > > Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent > permitted by applicable law. > Last login: Fri Dec 21 11:16:42 2018 from 192.168.0.58 > user@detst:~$ cat /etc/ssh/sshd_config > # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ > > # This is the sshd server system-wide configuration file. See > # sshd_config(5) for more information. > > # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin > > # The strategy used for options in the default sshd_config shipped with > # OpenSSH is to specify options with their default value where > # possible, but leave them commented. Uncommented options override the > # default value. > > #Port 22 > #AddressFamily any > #ListenAddress 0.0.0.0 > #ListenAddress :: > > #HostKey /etc/ssh/ssh_host_rsa_key > #HostKey /etc/ssh/ssh_host_ecdsa_key > #HostKey /etc/ssh/ssh_host_ed25519_key > > # Ciphers and keying > #RekeyLimit default none > > # Logging > #SyslogFacility > AUTH #LogLevel > INFO > # > Authentication: > #LoginGraceTime > 2m PermitRootLogin > without-password #StrictModes > yes #MaxAuthTries > 6 #MaxSessions > 10 > #PubkeyAuthentication yes > > # Expect .ssh/authorized_keys2 to be disregarded by default in future. > #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 > > #AuthorizedPrincipalsFile none > > #AuthorizedKeysCommand none > #AuthorizedKeysCommandUser nobody > > # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts > #HostbasedAuthentication no > # Change to yes if you don't trust ~/.ssh/known_hosts for > # HostbasedAuthentication > #IgnoreUserKnownHosts no > # Don't read the user's ~/.rhosts and ~/.shosts files > #IgnoreRhosts yes > > # To disable tunneled clear text passwords, change to no here! > #PasswordAuthentication yes > #PermitEmptyPasswords no > > # Change to yes to enable challenge-response passwords (beware issues with > # some PAM modules and threads) > ChallengeResponseAuthentication no > > # Kerberos options > #KerberosAuthentication no > #KerberosOrLocalPasswd yes > #KerberosTicketCleanup yes > #KerberosGetAFSToken no > > # GSSAPI options > #GSSAPIAuthentication no > #GSSAPICleanupCredentials yes > #GSSAPIStrictAcceptorCheck yes > #GSSAPIKeyExchange no > > # Set this to 'yes' to enable PAM authentication, account processing, > # and session processing. If this is enabled, PAM authentication will > # be allowed through the ChallengeResponseAuthentication and > # PasswordAuthentication. Depending on your PAM configuration, > # PAM authentication via ChallengeResponseAuthentication may bypass > # the setting of "PermitRootLogin without-password". > # If you just want the PAM account and session checks to run without > # PAM authentication, then enable this but set PasswordAuthentication > # and ChallengeResponseAuthentication to 'no'. > UsePAM yes > > #AllowAgentForwarding yes > #AllowTcpForwarding yes > #GatewayPorts no > X11Forwarding yes > #X11DisplayOffset 10 > #X11UseLocalhost yes > #PermitTTY yes > PrintMotd no > #PrintLastLog yes > #TCPKeepAlive yes > #PermitUserEnvironment no > #Compression delayed > #ClientAliveInterval 0 > #ClientAliveCountMax 3 > #UseDNS no > #PidFile /var/run/sshd.pid > #MaxStartups 10:30:100 > #PermitTunnel no > #ChrootDirectory none > #VersionAddendum none > > # no default banner path > #Banner none > > # Allow client to pass locale environment variables > AcceptEnv LANG LC_* > > # override default of no subsystems > #Subsystem sftp /usr/lib/openssh/sftp-server > > # Example of overriding settings on a per-user basis > #Match User anoncvs > # X11Forwarding no > # AllowTcpForwarding no > # PermitTTY no > # ForceCommand cvs server > user@detst:~$ Particularly this: > > # override default of no subsystems > > #Subsystem sftp /usr/lib/openssh/sftp-server -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQTF9uNaslvnJpWt8kXn6sEfJS3nCwUCXD8YAwAKCRDn6sEfJS3n C8TAAJ0Zj0e3mpjwWXx1dnCJ7JF30brU+QCfTKc4M7U+AJhy2FGm0Ychn5QIojI= =B0h8 -----END PGP SIGNATURE-----
