SSH Server unexpectedly closed network connection

      No Comments on SSH Server unexpectedly closed network connection

While connecting the Linux server through putty, following error occurred. SSHD server unexpectedly closed network connection

Error log:

tail -f /var/log/audit/audit.log

type=USER_AUTH msg=audit(1292432614.589:14079): user pid=5965 uid=0 auid=0 ses=1 msg=’op=PAM:authentication acct=”user” exe=”/usr/sbin/sshd” hostname=192.168.1.5 addr=192.168.1.5 terminal=ssh res=success’
type=USER_ACCT msg=audit(1292432614.598:14080): user pid=5965 uid=0 auid=0 ses=1 msg=’op=PAM:accounting acct=”user” exe=”/usr/sbin/sshd” hostname=192.168.1.5 addr=192.168.1.5 terminal=ssh res=failed’
type=USER_LOGIN msg=audit(1292432614.600:14081): user pid=5965 uid=0 auid=0 ses=1 msg=’op=login acct=”user” exe=”/usr/sbin/sshd” hostname=? addr=192.168.1.5 terminal=sshd res=failed’

There may be several reasons for the error. Try the following trouble shoot methods.

Solution #1

Try
#touch /etc/environment
creates the file

Solution #2
Check /etc/hosts.deny file for any ip / host blocking.

Solution #3

Check the authentication method, After modifying the pam.d it started working.

#cd /etc/pam.d
#vim  system-auth-ac

auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        sufficient    pam_smb_auth.so use_first_pass nolocal
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so

#vim sshd

auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    include      system-auth
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke