# ssh server refuses every login from LAN except the first one

## Amity88

Hi,

        I've been facing this issue since the last few days on my Raspberry Pi SSH server. It allows any number of ssh logins from the internet but doesn't allow LAN logins except the first one, I've tried to diagnose the issue, these are my observations:

1) If I restart the server, I can log in from the local network BUT only ONCE. After I exit, I cannot log in again till I restart the server once again.

2) My Iptable logs do not show any packets from my client computer being dropped yet the packet capture at my client shows that I get no responses from the server.

3) I've tried rebooting my client computer into a different OS, I've tried shutting down the firewall on both the client and the server and I still have this problem.

4) Despite all this, I am still able to log in from the internet and I can open any number of ssh sessions.

5) netstat shows that on the server, it's listening on all addresses.

6) The auth.log doesn't show any error or failed log in attempts.

7) I can ping the server, I can attempt access the httpd. Both of these packets are dropped by my firewall at the server and I can see it in the logs, so clearly the packets are being correctly routed to it. 

       I'm at loss on what could be the issue, if you guys could give me some pointers, I'd appreciate it  :Smile: 

----------

## gerdesj

On the server, enable debug logging. /etc/ssh/sshd_config, LogLevel DEBUG

Restart sshd and reproduce the problem.

What's in the log?

Cheers

Jon

----------

## Amity88

Okay, did that. Here is the snippet from auth.log

```
May 13 19:32:25 minimee sshd[8027]: Received signal 15; terminating.

May 13 19:32:25 minimee sshd[8166]: Set /proc/self/oom_score_adj from 0 to -1000

May 13 19:32:25 minimee sshd[8166]: debug1: Bind to port X on 0.0.0.0.

May 13 19:32:25 minimee sshd[8166]: Server listening on 0.0.0.0 port X.

May 13 19:32:25 minimee sshd[8166]: socket: Address family not supported by protocol

```

I've been looking over my firewall rules and I think ... I might.. have found the cause.

```

#ssh client

$IPTABLES -A INPUT -p tcp --dport X -j ACCEPT -m state --state ESTABLISHED -m recent --remove

$IPTABLES -A INPUT -p tcp --dport X -m state --state NEW -m recent --update --seconds 1800 --hitcount 6 -j DROP

$IPTABLES -A INPUT -p tcp --dport X -m state --state NEW -m recent --update --seconds 1800 --hitcount 5 -j LOGDROP

$IPTABLES -A INPUT -p tcp --dport X -j ACCEPT -m state  --state NEW -m recent --set

$IPTABLES -A OUTPUT -p tcp --sport X -j ACCEPT -m state --state ESTABLISHED

```

Commenting out the hitcount based rules seems to have fixed it but it still doesn't explain why flushing the iptables didn't fix the issue the last time. Neither does it explain why it only effected connections from the LAN and not the internet. My idea was to limit the number of new connections.

----------

## gentoo_lamb

I am not near a computer now so I apologise if this is a bit vague. Iptables is not the problem if the -F option does not fix it. I would recommend you take a look at sshd_config file and look at the maximum session's and max auth retry, you could find something.  Also take a look at the fail2ban and sshguard blocked lists to make sure your local ip is not in there.

----------

## Logicien

Hello,

if you cannot resolv the problem by configuring the /etc/ssh/sshd_config file, you may want to have a look at the files /etc/hosts.allow and /etc/hosts.deny and see the man pages hosts.allow and hosts.deny.

On my side, the file hosts.allow have only comment lines and hosts.deny do not exist. I can connect to my Gentoo sshd server from any machine on my local network. I have a very simple sshd_config configuration:

```
UsePAM yes

PrintMotd no

PrintLastLog no

Subsystem       sftp    /usr/lib64/misc/sftp-server

AcceptEnv LANG LC_*
```

Everything else is in comment.

----------

