Подключения по ssh к доменному имени

[farex]

Собстно не могу понять почему не могу подключится к линуксу по ssh...
Возможно причина в клиенте dyndns.com.
Скачал клиента, как написано в ридми сделал:

Код: Выделить всё

INSTALLATION:

  cp ddclient /usr/sbin/
  mkdir /etc/ddclient
  cp sample-etc_ddclient.conf /etc/ddclient/ddclient.conf
  vi /etc/ddclient/ddclient.conf
  -- and change hostnames, logins, and passwords appropriately

  ## For those using Redhat style rc files and using daemon-mode:
  cp sample-etc_rc.d_init.d_ddclient /etc/rc.d/init.d/ddclient
  ## enable automatic startup when booting
  /sbin/chkconfig --add ddclient
  ## start the first time by hand
  /etc/rc.d/init.d/ddclient start

  ## If you are not using daemon-mode, configure cron and dhcp or ppp
  ## as described below.

Устанавливаю.

Код: Выделить всё

cp ddclient /usr/sbin/
mkdir /etc/ddclient
cp sample-etc_ddclient.conf /etc/ddclient/ddclient.conf
vi /etc/ddclient/ddclient.conf

Запускаю клиента.

bash-3.1# /etc/rc.d/init.d/ddclient start
Starting ddclient:
bash-3.1#

Смотрю работает ли:

bash-3.1# ps aux | grep ddclient
root 4332 0.0 0.1 6572 3820 pts/2 S 20:24 0:00 ddclient - sleeping for 150 seconds
root 4369 0.0 0.1 6572 3816 pts/2 S 20:24 0:00 ddclient - sleeping for 170 seconds
root 4425 0.0 0.1 6572 3820 pts/2 S 20:25 0:00 ddclient - sleeping for 240 seconds
root 4490 0.0 0.1 6572 3812 pts/2 S 20:26 0:00 ddclient - sleeping for 300 seconds

Собстно подилитесь опытом настройки ddclient'a

[moog]

Код: Выделить всё

/etc/ddclient/ddclient.conf
daemon=300
syslog=yes
mail=usermail
mail-failure=usermail
ssl=yes
pid=/var/run/ddclient.pid
use=if, if=ppp0
login=mylogin
password=mypassword
server=members.dyndns.org,      \
protocol=dyndns2                \
myhostname

[farex]

Угу понятно..
Тут другая проблема нарисовалась.
Пробую соединится со своим ip

Код: Выделить всё

ssh root@farex.bla.net
ssh_exchange_identification: Connection closed by remote host

ssh root@ip.адрес
ssh_exchange_identification: Connection closed by remote host

Код: Выделить всё

Not shown: 994 closed ports
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
23/tcp   open     telnet
80/tcp   open     http
1720/tcp filtered H.323/Q.931
5431/tcp open     unknown

Где что посмотреть можно.

[ivan2ksusr]

смотри в сторону hosts.allow и hosts.deny, т.е. надо добавить свой ip и маску подсети

[farex]

Так вот.
Делаю пинг на свой ip пинг проходит.
Далее пробую подключится

Код: Выделить всё

ssh_exchange_identification: Connection closed by remote host

Поделитесь настроенным sshd_conf
А то я уже с настройками понакрутил...

[rm_]

Попробуйте логиниться не под root'ом, если получится - читайте man sshd_config по опции PermitRootLogin.

[farex]

Да пробывал уже подключатся поразному.
ssh farex@ip
ssh root@ip
ssh nobady@ip
ssh ip

Код: Выделить всё

ssh_exchange_identification: Connection closed by remote host

[serzh-z]

Да пробывал уже подключатся поразному.

"ssh -vvv" даст полную картину происходящего.

А "Connection closed by remote host" - это отказ сервера принять, по какой-то причине, подключения. Т.е. он принимает запрос на подключение и высылает отказ на подключение.

[farex]

"ssh -vvv" даст полную картину происходящего.

Код: Выделить всё

usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-e escape_char] [-F configfile]
           [-i identity_file] [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [-w local_tun[:remote_tun]] [user@]hostname [command]

[ivan2ksusr]

я же вам написал: смотрите в сторону hosts.allow и hosts.deny
что трудно свой ip и свю маску подсети занести ???
cat /etc/hosts.allow

Код: Выделить всё

...

# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny


...

вы даже не попробовали, а проигнорировали мое сообщение



example:

ssh -vvv ivan@192.168.0.222

Код: Выделить всё

OpenSSH_5.1p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.222 [192.168.0.222] port 22.
debug1: Connection established.
debug1: identity file /Users/nb-bv/.ssh/identity type -1
debug1: identity file /Users/nb-bv/.ssh/id_rsa type -1
debug1: identity file /Users/nb-bv/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 139/256
debug2: bits set: 516/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /Users/nb-bv/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 13
debug1: Host '192.168.0.222' is known and matches the RSA host key.
debug1: Found key in /Users/nb-bv/.ssh/known_hosts:13
debug2: bits set: 526/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/nb-bv/.ssh/identity (0x0)
debug2: key: /Users/nb-bv/.ssh/id_rsa (0x0)
debug2: key: /Users/nb-bv/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/nb-bv/.ssh/identity
debug3: no such identity: /Users/nb-bv/.ssh/identity
debug1: Trying private key: /Users/nb-bv/.ssh/id_rsa
debug3: no such identity: /Users/nb-bv/.ssh/id_rsa
debug1: Trying private key: /Users/nb-bv/.ssh/id_dsa
debug3: no such identity: /Users/nb-bv/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:

[moog]

смотри в сторону hosts.allow и hosts.deny, т.е. надо добавить свой ip и маску подсети

Скорее всего проблема не в этом, более того - проблема скорее всего именно в настройках ssh.

Поделитесь настроенным sshd_conf
А то я уже с настройками понакрутил...

Код: Выделить всё

#    $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 777
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey ~/.ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey ~/.ssh/id_rsa
#HostKey ~/.ssh/id_dsa
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel DEBUG

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 4
#MaxSessions 10

RSAAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile    .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts yes
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
Banner "Welcome to goomhost!"

# override default of no subsystems
Subsystem    sftp    /usr/lib/ssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#    X11Forwarding no
#    AllowTcpForwarding no
#    ForceCommand cvs server

[farex]

я же вам написал: смотрите в сторону hosts.allow и hosts.deny
что трудно свой ip и свю маску подсети занести ???
cat /etc/hosts.allow

В далбнейшем я планирую использовать доменное имя, я не IP
Если занести доменное имя то это будет робить.?

[ivan2ksusr]

Скорее всего проблема не в этом, более того - проблема скорее всего именно в настройках ssh.

как вариант то проходит же может и ssh криво настроен

я же вам написал: смотрите в сторону hosts.allow и hosts.deny
что трудно свой ip и свю маску подсети занести ???
cat /etc/hosts.allow

В далбнейшем я планирую использовать доменное имя, я не IP
Если занести доменное имя то это будет робить.?

да должно работать

[farex]

а синтаксис какой можно поинтересоваться, только в man не посылаете., на сегодня с man'ами завязал.

Код: Выделить всё

root@liza-laptop:/home/liza# ssh -vvv farex@95.190.118.218
OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 95.190.118.218 [95.190.118.218] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

[moog]

Всё-же ознакомьтесь с man hosts.allow.

[ivan2ksusr]

а синтаксис какой можно поинтересоваться, только в man не посылаете., на сегодня с man'ами завязал.

а что там не понятно? открываем файл hosts.allow и смотрим, там же все расписано

[farex]

Код: Выделить всё

  GNU nano 2.0.9                                 Файл: /etc/hosts.allow

#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided by
#               the '/usr/sbin/tcpd' server.
#
# Version:      @(#)/etc/hosts.allow    1.00    05/28/93
#
# Author:       Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org
#
#

# End of hosts.allow.

[ivan2ksusr]

O_o

example

Код: Выделить всё

#
# hosts.allow access control file for "tcp wrapped" applications.
# $FreeBSD: src/etc/hosts.allow,v 1.23.8.1 2009/04/15 03:14:26 kensmith Exp $
#
# NOTE: The hosts.deny file is deprecated.
#       Place both 'allow' and 'deny' rules in the hosts.allow file.
#    See hosts_options(5) for the format of this file.
#    hosts_access(5) no longer fully applies.

#     _____                                      _          _
#    | ____| __  __   __ _   _ __ ___    _ __   | |   ___  | |
#    |  _|   \ \/ /  / _` | | '_ ` _ \  | '_ \  | |  / _ \ | |
#    | |___   >  <  | (_| | | | | | | | | |_) | | | |  __/ |_|
#    |_____| /_/\_\  \__,_| |_| |_| |_| | .__/  |_|  \___| (_)
#                       |_|
# !!! This is an example! You will need to modify it for your specific
# !!! requirements!


# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a "First match wins" basis.
ALL : ALL : allow

# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny

# Protect against simple DNS spoofing attacks by checking that the
# forward and reverse records for the remote host match. If a mismatch
# occurs, access is denied, and any positive ident response within
# 20 seconds is logged. No protection is afforded against DNS poisoning,
# IP spoofing or more complicated attacks. Hosts with no reverse DNS
# pass this rule.
ALL : PARANOID : RFC931 20 : deny

# Allow anything from localhost.  Note that an IP address (not a host
# name) *MUST* be specified for rpcbind(8).
ALL : localhost 127.0.0.1 : allow
# Comment out next line if you build libwrap without IPv6 support.
ALL : [::1] : allow
#ALL : my.machine.example.com 192.0.2.35 : allow

# To use IPv6 addresses you must enclose them in []'s
#ALL : [fe80::%fxp0]/10 : allow
#ALL : [fe80::]/10 : deny
#ALL : [2001:db8:2:1:2:3:4:3fe1] : deny
#ALL : [2001:db8:2:1::]/64 : allow

# Sendmail can help protect you against spammers and relay-rapers
sendmail : localhost : allow
#sendmail : .nice.guy.example.com : allow
#sendmail : .evil.cracker.example.com : deny
sendmail : ALL : allow

# Exim is an alternative to sendmail, available in the ports tree
exim : localhost : allow
#exim : .nice.guy.example.com : allow
#exim : .evil.cracker.example.com : deny
exim : ALL : allow

# Rpcbind is used for all RPC services; protect your NFS!
# (IP addresses rather than hostnames *MUST* be used here)
#rpcbind : 192.0.2.32/255.255.255.224 : allow
#rpcbind : 192.0.2.96/255.255.255.224 : allow
rpcbind : ALL : deny

# NIS master server. Only local nets should have access
# (Since this is an RPC service, rpcbind needs to be considered)
ypserv : localhost : allow
#ypserv : .unsafe.my.net.example.com : deny
#ypserv : .my.net.example.com : allow
ypserv : ALL : deny

# Provide a small amount of protection for ftpd
ftpd : localhost : allow
#ftpd : .nice.guy.example.com : allow
#ftpd : .evil.cracker.example.com : deny
ftpd : ALL : allow

# You need to be clever with finger; do _not_ backfinger!! You can easily
# start a "finger war".
fingerd : ALL \
    : spawn (echo Finger. | \
     /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \
    : deny

# The rest of the daemons are protected.
ALL : ALL \
    : severity auth.info \
    : twist /bin/echo "You are not welcome to use %d from %h."

тебе нужна строчка sshd

[serzh-z]

farex
Для начала спасёт это: echo 'sshd : ALL : allow' >> /etc/hosts.allow

[farex]

Добавил IP в hosts.allow
Тоже самое...

[ivan2ksusr]

как вариант еще почистить файл клиента known_hosts
cd ~/.ssh

[serzh-z]

Добавил IP в hosts.allow

Это нужно делать на серверной стороне.

[farex]

Код: Выделить всё

bash-3.1# cd ~/.ssh && ls -a
.  ..
bash-3.1#

Это нужно делать на серверной стороне.

Ну разумеется..

[farex]

Давайте поробуем еще раз все сначало и попарялку.... Не может такого быть чтобы это не работало., наверника я чтото не допилил.
Для начала давайте составим минимальный sshd_conf в котором бы было разрешено все...
Далее минимальный hosts.allow

[moog]

Покажите ваш sshd_config. Ключи вы генерировали?

[farex]

Покажите ваш sshd_config. Ключи вы генерировали?

нет не генирировал. как?
/etc/ssh/sshd_config

Код: Выделить всё

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

Port 22
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey ~/.ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey ~/.ssh/id_rsa
#HostKey ~/.ssh/id_dsa
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel DEBUG

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 4
#MaxSessions 10

RSAAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile    .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts yes
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
Banner "Welcome to goomhost!"

# override default of no subsystems
Subsystem    sftp    /usr/lib/ssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#    X11Forwarding no
#    AllowTcpForwarding no
#    ForceCommand cvs server

[serzh-z]

Для начала давайте составим минимальный sshd_conf в котором бы было разрешено все...

Судя по всему - это не проблема sshd. Если заглянуть в логи SSH-сервера, то там, вероятно, даже не будет информации о коннекте. Если так, то стоит продолжать копать в сторону hosts.allow

[moog]

С этим конфигом уже должна работать авторизация по паролю, даже в отсутствии ключей. Попробуйте ещё раз ssh -vvv и напишите суда результат. Кстати да, кусок /var/log/auth.log тоже хотелось бы увидеть.

[farex]

Ok, сейчас будет. ток найду кто со мной приконектится., а то уже всех достал..
Люди добрые стукните в _farex_@jabber.ru ,контакты onlain кончились.

[ivan2ksusr]

на клиенте попробуй сделать так:
$ cd ~/.ssh/
$ mv known_hosts known_hosts.tmp
потом на сервере:
в конфиге в строчке #MaxStartups 10 снять коментарий и увеличить параметр до 30-40, т.е. привести к виду:
MaxStartups 30
далее перезапустить sshd на сервере, и выполнить вход с клиента