Topic "SSH DISCONNECT HOST NOT ALLOWED TO CONNECT"

Author Message
cumbaacl
[View user's profile]

Joined: 2011-02-17
Posts: 2
I am able to connect to a local LAN SSH/SFTP (OpenSSH) server without issue. Remote network is unable to connect with same network/WinSCP settings, and I'm able to see the connection attempts through the firewall (unblocked). The remote client gets through DH key exchange, and exchanges RSA fingerprints. Then a message I can't find anything online about:
SSH DISCONNECT HOST NOT ALLOWED TO CONNECT

My login attempts are logged, but the remote user's are not. The remote user's IP is in hosts.allow, connections are allowed in iptables, SFTP works locally. The remote site is forced to use WinSCP v3.8.1 (non-negotiable), and that version works locally. An error pops up "Authentication Failed". Here is the error log from the remote host:

Code:

. 2011-02-17 09:33:37.604 --------------------------------------------------------------------------
. 2011-02-17 09:33:37.604 WinSCP Version 3.8.1 (Build 328) (OS 5.1.2600 Service Pack 3)
. 2011-02-17 09:33:37.604 Login time: Thursday, February 17, 2011 9:33:37 AM
. 2011-02-17 09:33:37.604 --------------------------------------------------------------------------
. 2011-02-17 09:33:37.620 Session name: session
. 2011-02-17 09:33:37.620 Host name: x.x.x.2 (Port: 22)
. 2011-02-17 09:33:37.620 User name: user (Password: Yes, Key file: No)
. 2011-02-17 09:33:37.620 Transfer Protocol: SFTP (SCP)
. 2011-02-17 09:33:37.620 SSH protocol version: 2; Compression: No
. 2011-02-17 09:33:37.620 Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2011-02-17 09:33:37.620 Ciphers: aes,blowfish,3des,WARN,des; Ssh2DES: No
. 2011-02-17 09:33:37.620 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2011-02-17 09:33:37.636 SSH Bugs: -,-,-,-,-,-,-,-
. 2011-02-17 09:33:37.636 SFTP Bugs: -,-,-
. 2011-02-17 09:33:37.636 Proxy: none
. 2011-02-17 09:33:37.636 Return code variable: Autodetect; Lookup user groups: Yes
. 2011-02-17 09:33:37.636 Shell: default, EOL: 0
. 2011-02-17 09:33:37.636 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2011-02-17 09:33:37.636 Cache directory changes: Yes, Permanent: Yes
. 2011-02-17 09:33:37.636 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2011-02-17 09:33:37.636 Alias LS: No, Ign LS warn: Yes, Scp1 Comp: No
. 2011-02-17 09:33:37.651 --------------------------------------------------------------------------
. 2011-02-17 09:33:37.651 Looking up host "x.x.x.2"
. 2011-02-17 09:33:37.651 Connecting to x.x.x.2 port 22
. 2011-02-17 09:33:37.792 Server version: SSH-2.0-OpenSSH_4.6
. 2011-02-17 09:33:37.792 We claim version: SSH-2.0-WinSCP_release_3.8.1
. 2011-02-17 09:33:37.792 Using SSH protocol version 2
. 2011-02-17 09:33:37.870 Doing Diffie-Hellman group exchange
. 2011-02-17 09:33:38.136 Doing Diffie-Hellman key exchange
. 2011-02-17 09:33:38.464 Host key fingerprint is:
. 2011-02-17 09:33:38.464 ssh-rsa 1024 55:5d:96:77:c2:d9:6e:91:e9:ef:c3:ad:b4:74:c5:a0
. 2011-02-17 09:33:38.464 Initialised AES-256 client->server encryption
. 2011-02-17 09:33:38.464 Initialised HMAC-SHA1 client->server MAC algorithm
. 2011-02-17 09:33:38.464 Initialised AES-256 server->client encryption
. 2011-02-17 09:33:38.464 Initialised HMAC-SHA1 server->client MAC algorithm
! 2011-02-17 09:33:38.651 Using username "user".
! 2011-02-17 09:33:38.714 Using keyboard-interactive authentication.
! 2011-02-17 09:33:38.714 The remote server has presented the following fingerprint:
! 2011-02-17 09:33:38.714 55:fc:aa:d1:fa:b7:0f:6f:fa:ef:2e:b9:9b:92:a7:d8
. 2011-02-17 09:33:38.714 Do you accept the key? (yes/NO): prompt from server
. 2011-02-17 09:33:38.729 Responding with stored password.
! 2011-02-17 09:33:38.729 Authenticating with pre-entered password.
. 2011-02-17 09:33:38.761 Received disconnect message (SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT)
. 2011-02-17 09:33:38.761 Disconnection message text: Connection to ths server is not allowed.
. 2011-02-17 09:33:38.761 Server sent disconnect message
. 2011-02-17 09:33:38.761 type 1 (SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT):
. 2011-02-17 09:33:38.761 "Connection to ths server is not allowed."
* 2011-02-17 09:33:38.776 (ESshFatal) Authentication failed.
* 2011-02-17 09:33:38.776 Authentication log (see session log for details):
* 2011-02-17 09:33:38.776 Using username "user".
* 2011-02-17 09:33:38.776 Using keyboard-interactive authentication.
* 2011-02-17 09:33:38.776 The remote server has presented the following fingerprint:
* 2011-02-17 09:33:38.776 55:fc:aa:d1:fa:b7:0f:6f:fa:ef:2e:b9:9b:92:a7:d8
* 2011-02-17 09:33:38.776 Authenticating with pre-entered password.
* 2011-02-17 09:33:38.776
* 2011-02-17 09:33:38.792 Server sent disconnect message
* 2011-02-17 09:33:38.792 type 1 (SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT):
* 2011-02-17 09:33:38.792 "Connection to ths server is not allowed."

This problem is killing me. Thanks for the help!
cumbaacl
[View user's profile]

Joined: 2011-02-17
Posts: 2
This is the only useful info I have found on that ssh protocol message (NOT_ALLOWED_TO_CONNECT) from Tectia.com:

Quote:
Disconnected: Host not allowed to connect
Disallowed connect from denied host. '<message>'

The server has disconnected the client because the client is not allowed to connect.

Facility: SSH_LOGFACILITY_DAEMON

Level: SSH_LOG_WARNING



I'm not seeing ANYTHING in the server log concerning the attempted connection, however.

Also, I am unable to recreate the issue locally, using same version, same IP, same OS (Windows XP, SP 3) to the same machine, same port.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25034
Location: Prague, Czechia
Well, the error comes from the server (or possibly, though unlikely, from some proxy/firewall on the way). So I do not know how to help you.
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License