Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Computers are like air conditioners. Both stop working, if you open windows. -- Adam Heath


computers / alt.os.linux.mint / host name

SubjectAuthor
* host nameyossarian
`* Re: host namejeorge
 `* Re: host nameyossarian
  +* Re: host nameMike Easter
  |`* Re: host nameyossarian
  | +- Re: host nameDan Purgert
  | `- Re: host nameMike Easter
  `* Re: host namePaul
   `- Re: host nameyossarian

1
host name

<20231001121425.42ffc346@white>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6888&group=alt.os.linux.mint#6888

 copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Newsgroups: alt.os.linux.mint
Subject: host name
Date: Sun, 1 Oct 2023 12:14:25 +0200
Lines: 10
Message-ID: <20231001121425.42ffc346@white>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Trace: individual.net rku1k85N2WAATrY8eTCO1ActqdHfb4Y434WbsKvREPU/oavspm
Cancel-Lock: sha1:uexNbOONWcjKVy3OjtigLjF8ApI= sha256:LVF5ZLqIcnlc+yp1yQfmtqu7w3ECUk8X+r9yVqd0Has=
X-Newsreader: Claws Mail 4.0.0 (GTK+ 3.24.33; x86_64-pc-linux-gnu)
 by: yossarian - Sun, 1 Oct 2023 10:14 UTC

Every 5 minutes I have error i my log file.
error: kex_exchange_identification: Connection closed by remote host
How to find host name or network address?

--

Mint 21.2 Victoria, kernel 6.2.0-33-generic, Cinnamon 5.8.4
AMD Ryzen 7 5700G with Radeon Vega Graphics, 32GB of DRAM.

Re: host name

<ufbib9$1rlf$1@nnrp.usenet.blueworldhosting.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6889&group=alt.os.linux.mint#6889

 copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!nnrp.usenet.blueworldhosting.com!.POSTED!not-for-mail
From: some...@invalid.invalid (jeorge)
Newsgroups: alt.os.linux.mint
Subject: Re: host name
Date: Sun, 1 Oct 2023 04:40:41 -0600
Organization: Ministry of Madness
Message-ID: <ufbib9$1rlf$1@nnrp.usenet.blueworldhosting.com>
References: <20231001121425.42ffc346@white>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 1 Oct 2023 10:40:41 -0000 (UTC)
Injection-Info: nnrp.usenet.blueworldhosting.com;
logging-data="61103"; mail-complaints-to="usenet@blueworldhosting.com"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.15.1
Cancel-Lock: sha1:E9DXJ34NGFq27Hv/zMTgzKahQjc= sha256:l0j0dW9QS3QtgAt+MWRy/5cyrTE8fwBfRjhIKjuBqE0=
sha1:vfbBFRAD1DVQ7AFnkUd6fAA+6JQ= sha256:uQS5bEq0F2kSKj3rJawKlhFtTUdS2HzaYYaNUys7ZWA=
In-Reply-To: <20231001121425.42ffc346@white>
Content-Language: en-US
 by: jeorge - Sun, 1 Oct 2023 10:40 UTC

On 10/1/23 4:14 AM, yossarian wrote:
> Every 5 minutes I have error i my log file.
> error: kex_exchange_identification: Connection closed by remote host
> How to find host name or network address?

There are a couple ways:
- open a terminal and type 'hostname'
- check the upper left hand corner of the login screen
- look in the /etc/hostname file

The hostname(1) command can be used to change the computer's hostname:

ex. (in terminal)

$ hostname
minty
$ hostname sofresh
$ hostname
sofresh

Open terminal and type 'man hostname' for full documentation.

Re: host name

<20231001134537.5faf58f5@white>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6890&group=alt.os.linux.mint#6890

 copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Newsgroups: alt.os.linux.mint
Subject: Re: host name
Date: Sun, 1 Oct 2023 13:45:37 +0200
Lines: 23
Message-ID: <20231001134537.5faf58f5@white>
References: <20231001121425.42ffc346@white>
<ufbib9$1rlf$1@nnrp.usenet.blueworldhosting.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Trace: individual.net cVZhho250O2+hmUd/xPEKAikzEDhsPiXfeOw835rfMu1FQ2x/l
Cancel-Lock: sha1:risAK827n17aTly05LTNu/rKHmU= sha256:WeO838Ot3EnLOC5k3woSF7tZ8qKdlSPtotXNxZAKok4=
X-Newsreader: Claws Mail 4.0.0 (GTK+ 3.24.33; x86_64-pc-linux-gnu)
 by: yossarian - Sun, 1 Oct 2023 11:45 UTC

On Sun, 1 Oct 2023 04:40:41 -0600
jeorge <someone@invalid.invalid> wrote:

> On 10/1/23 4:14 AM, yossarian wrote:
> > Every 5 minutes I have error i my log file.
> > error: kex_exchange_identification: Connection closed by remote host
> > How to find host name or network address?
>
> There are a couple ways:
> - open a terminal and type 'hostname'
> - check the upper left hand corner of the login screen
> - look in the /etc/hostname file
>
> The hostname(1) command can be used to change the computer's hostname:
>
To rephrase my question. I am interested in the remote host name or address.
I know my hostname.

--

Mint 21.2 Victoria, kernel 6.2.0-33-generic, Cinnamon 5.8.4
AMD Ryzen 7 5700G with Radeon Vega Graphics, 32GB of DRAM.

Re: host name

<knttp1FoscvU1@mid.individual.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6891&group=alt.os.linux.mint#6891

 copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Mik...@ster.invalid (Mike Easter)
Newsgroups: alt.os.linux.mint
Subject: Re: host name
Date: Sun, 1 Oct 2023 11:57:36 -0700
Lines: 24
Message-ID: <knttp1FoscvU1@mid.individual.net>
References: <20231001121425.42ffc346@white>
<ufbib9$1rlf$1@nnrp.usenet.blueworldhosting.com>
<20231001134537.5faf58f5@white>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net rFdEJYg4o6z4vgijgqhKmQIZGxUP1DGZHf05w7OIt8jywPbfsI
Cancel-Lock: sha1:Qd10RjFmC4RPQ2oMOfUXCtmA1l0= sha256:BZPfMtTN+IhkTvZkhyb2CpaeOSbx2HyukeCXefYNovE=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.10.0
In-Reply-To: <20231001134537.5faf58f5@white>
Content-Language: en-US
 by: Mike Easter - Sun, 1 Oct 2023 18:57 UTC

yossarian wrote:
>> yossarian wrote:
>>> Every 5 minutes I have error i my log file.
>>> error: kex_exchange_identification: Connection closed by remote host
>>> How to find host name or network address?
>>
> To rephrase my question. I am interested in the remote host name or address.
> I know my hostname.
>
Here is a discussion of the error msg:

https://serverfault.com/questions/1015547/what-causes-ssh-error-kex-exchange-identification-connection-closed-by-remote
What causes SSH error: kex_exchange_identification: Connection closed
by remote host?

The questioner posted a log obtained from:
# journalctl SYSLOG_IDENTIFIER=sshd <+time frame>

He also got plenty of answers and possibilities. The hostname & IP are
'less important' than the actual *cause*.

--
Mike Easter

Re: host name

<ufco8q$2gt04$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6893&group=alt.os.linux.mint#6893

 copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nos...@needed.invalid (Paul)
Newsgroups: alt.os.linux.mint
Subject: Re: host name
Date: Sun, 1 Oct 2023 17:27:53 -0400
Organization: A noiseless patient Spider
Lines: 30
Message-ID: <ufco8q$2gt04$1@dont-email.me>
References: <20231001121425.42ffc346@white>
<ufbib9$1rlf$1@nnrp.usenet.blueworldhosting.com>
<20231001134537.5faf58f5@white>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 1 Oct 2023 21:27:54 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="a8822cec6aecb9e09aa9eb752d209e12";
logging-data="2651140"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19/QAELtJ3XBgqbGPdbjH8BN6WXTqlbhnE="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:3ZDHbh7lFpeqp5PlnIfitpNN9oc=
In-Reply-To: <20231001134537.5faf58f5@white>
Content-Language: en-US
 by: Paul - Sun, 1 Oct 2023 21:27 UTC

On 10/1/2023 7:45 AM, yossarian wrote:
> On Sun, 1 Oct 2023 04:40:41 -0600
> jeorge <someone@invalid.invalid> wrote:
>
>> On 10/1/23 4:14 AM, yossarian wrote:
>>> Every 5 minutes I have error i my log file.
>>> error: kex_exchange_identification: Connection closed by remote host
>>> How to find host name or network address?
>>
>> There are a couple ways:
>> - open a terminal and type 'hostname'
>> - check the upper left hand corner of the login screen
>> - look in the /etc/hostname file
>>
>> The hostname(1) command can be used to change the computer's hostname:
>>
> To rephrase my question. I am interested in the remote host name or address.
> I know my hostname.
>

Wireshark packet tracer, may help identify the remote device
your machine is trying to reach. Don't forget to tick the
three translation boxes in Wireshark, so the IP addresses
are converted to symbolic for you. Saves time.

[Picture]

https://i.postimg.cc/ZYN8gLbn/wireshark.gif

Paul

Re: host name

<20231002122538.0aec585e@white>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6894&group=alt.os.linux.mint#6894

 copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Newsgroups: alt.os.linux.mint
Subject: Re: host name
Date: Mon, 2 Oct 2023 12:25:38 +0200
Lines: 47
Message-ID: <20231002122538.0aec585e@white>
References: <20231001121425.42ffc346@white>
<ufbib9$1rlf$1@nnrp.usenet.blueworldhosting.com>
<20231001134537.5faf58f5@white>
<knttp1FoscvU1@mid.individual.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Trace: individual.net BeJy8qJhwZ9tqHQ2FMVD8AsQ8J+W0HrC+JIcMRu+5U2+aXuFAo
Cancel-Lock: sha1:AmloaT3j/1dSGuAaB5zQ59pTJOE= sha256:sLzpuPKbcWCrubZWOlSEdJyrLaxYCjlW7P3651J9D1M=
X-Newsreader: Claws Mail 4.0.0 (GTK+ 3.24.33; x86_64-pc-linux-gnu)
 by: yossarian - Mon, 2 Oct 2023 10:25 UTC

On Sun, 1 Oct 2023 11:57:36 -0700
Mike Easter <MikeE@ster.invalid> wrote:

> yossarian wrote:
> [...]
> [...]
> [...]
> > To rephrase my question. I am interested in the remote host name or address.
> > I know my hostname.
> >
> Here is a discussion of the error msg:
>
> https://serverfault.com/questions/1015547/what-causes-ssh-error-kex-exchange-identification-connection-closed-by-remote

I was looking at same post, but didn't pay attention on his log

> What causes SSH error: kex_exchange_identification: Connection closed
> by remote host?
>
> The questioner posted a log obtained from:
> # journalctl SYSLOG_IDENTIFIER=sshd <+time frame>

Yes that shows my remote host
>
> He also got plenty of answers and possibilities. The hostname & IP are
> 'less important' than the actual *cause*.

Now, everything become little bit complicated. I managed to expand log little more and here it is

11:50:23:529 sshd error: kex_exchange_identification: Connection closed by remote host
11:50:23:529 sshd Connection closed by 192.168.5.5 port 44258
11:53:38:033 postfix/anvil statistics: max connection rate 1/60s for (smtp:192.168.5.5) at Oct 2 11:50:17
11:53:38:042 postfix/anvil statistics: max connection count 1 for (smtp:192.168.5.5) at Oct 2 11:50:17
11:53:38:042 postfix/anvil statistics: max cache size 1 at Oct 2 11:50:17
11:55:17:808 postfix/smtpd connect from _gateway[192.168.5.5]
11:55:17:811 postfix/smtpd lost connection after EHLO from _gateway[192.168.5.5]
11:55:17:811 postfix/smtpd disconnect from _gateway[192.168.5.5] ehlo=1 commands=1
11:55:23:530 sshd error: kex_exchange_identification: Connection closed by remote host
192.168.5.5 is my Mikrotik router. Can you decipher anything from this log? I don't know who is calling postfix
and why? Who wants to send email and why?
--

Mint 21.2 Victoria, kernel 6.2.0-33-generic, Cinnamon 5.8.4
AMD Ryzen 7 5700G with Radeon Vega Graphics, 32GB of DRAM.

Re: host name

<20231002122826.6ece61cc@white>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6895&group=alt.os.linux.mint#6895

 copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Newsgroups: alt.os.linux.mint
Subject: Re: host name
Date: Mon, 2 Oct 2023 12:28:26 +0200
Lines: 32
Message-ID: <20231002122826.6ece61cc@white>
References: <20231001121425.42ffc346@white>
<ufbib9$1rlf$1@nnrp.usenet.blueworldhosting.com>
<20231001134537.5faf58f5@white>
<ufco8q$2gt04$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Trace: individual.net mSnjgAtv0Cqc6hbJQkuTUwnwuI3BTXebUXrThOZudxVxCuyamO
Cancel-Lock: sha1:kknO9WMVi2TcaRVHpoeTdUN83OA= sha256:a/pbVsVGN9pANVR1QK9l8sMo8tHfFMy9DKC/B6/fBII=
X-Newsreader: Claws Mail 4.0.0 (GTK+ 3.24.33; x86_64-pc-linux-gnu)
 by: yossarian - Mon, 2 Oct 2023 10:28 UTC

On Sun, 1 Oct 2023 17:27:53 -0400
Paul <nospam@needed.invalid> wrote:

> On 10/1/2023 7:45 AM, yossarian wrote:
> > On Sun, 1 Oct 2023 04:40:41 -0600
> > jeorge <someone@invalid.invalid> wrote:
> >
> [...]
> [...]
> [...]
> > To rephrase my question. I am interested in the remote host name or address.
> > I know my hostname.
> >
>
> Wireshark packet tracer, may help identify the remote device
> your machine is trying to reach. Don't forget to tick the
> three translation boxes in Wireshark, so the IP addresses
> are converted to symbolic for you. Saves time.
>
> [Picture]
>
> https://i.postimg.cc/ZYN8gLbn/wireshark.gif
>
> Paul

I found what I wanted another way. Thanks anyway.

--

Mint 21.2 Victoria, kernel 6.2.0-33-generic, Cinnamon 5.8.4
AMD Ryzen 7 5700G with Radeon Vega Graphics, 32GB of DRAM.

Re: host name

<slrnuhlarj.cui.dan@djph.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6896&group=alt.os.linux.mint#6896

 copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: dan...@djph.net (Dan Purgert)
Newsgroups: alt.os.linux.mint
Subject: Re: host name
Date: Mon, 2 Oct 2023 11:35:58 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 43
Message-ID: <slrnuhlarj.cui.dan@djph.net>
References: <20231001121425.42ffc346@white>
<ufbib9$1rlf$1@nnrp.usenet.blueworldhosting.com>
<20231001134537.5faf58f5@white> <knttp1FoscvU1@mid.individual.net>
<20231002122538.0aec585e@white>
Injection-Date: Mon, 2 Oct 2023 11:35:58 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="841ade83985cea2eab6dad7f25c7196b";
logging-data="3085055"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+NjNu2VRmJSbAgCr0UVmdeGgpPjnzvjTI="
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:c6sEYFDTV+eox0fK00eTAY56T6I=
 by: Dan Purgert - Mon, 2 Oct 2023 11:35 UTC

On 2023-10-02, yossarian wrote:
> [...]
> Now, everything become little bit complicated. I managed to expand log
> little more and here it is
>
> 11:50:23:529 sshd error: kex_exchange_identification: Connection
> closed by remote host
> 11:50:23:529 sshd Connection closed by 192.168.5.5 port 44258

This is your localhost's sshd (openssh-server) process telling you that
the remote host (in this case, 192.168.5.5) hung up during the
kex_exchange_identification phase of the ssh handshaking process.

As I recall, that one's caused when the server doesn't support the key
exchange ciphers the client offers (usually when the client or server is
"too secure" for the other -- e.g. disallowing ssh-rsa).

You'll need to login to 192.168.5.5 to see why it's trying to SSH into
your localhost, and also check what kex ciphers it supports.

> 11:53:38:033 postfix/anvil statistics: max connection rate 1/60s for
> (smtp:192.168.5.5) at Oct 2 11:50:17
> 11:53:38:042 postfix/anvil statistics: max connection count 1 for
> (smtp:192.168.5.5) at Oct 2 11:50:17
> 11:53:38:042 postfix/anvil statistics: max cache size 1 at Oct 2
> 11:50:17
> 11:55:17:808 postfix/smtpd connect from _gateway[192.168.5.5]
> 11:55:17:811 postfix/smtpd lost connection after EHLO from
> _gateway[192.168.5.5]
> 11:55:17:811 postfix/smtpd disconnect from _gateway[192.168.5.5]
> ehlo=1 commands=1

This bit is postfix receiving an EHLO ("Extended HELO") from your
"_gateway" host at 192.168.5.5. But 5.5 drops the connection after
sending the EHLO. Most likely this is a misconfiguration of the email
tool on the 'tik (IIRC it's for automated exports of the config backups,
and a few other admin type things)

--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860

Re: host name

<ko0hf6F7cb8U1@mid.individual.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=6897&group=alt.os.linux.mint#6897

 copy link   Newsgroups: alt.os.linux.mint
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Mik...@ster.invalid (Mike Easter)
Newsgroups: alt.os.linux.mint
Subject: Re: host name
Date: Mon, 2 Oct 2023 11:45:57 -0700
Lines: 32
Message-ID: <ko0hf6F7cb8U1@mid.individual.net>
References: <20231001121425.42ffc346@white>
<ufbib9$1rlf$1@nnrp.usenet.blueworldhosting.com>
<20231001134537.5faf58f5@white> <knttp1FoscvU1@mid.individual.net>
<20231002122538.0aec585e@white>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net NqHF+OLwyYClW8q3ciTUFQ9/3gznDZmuXUOaBqpEmZ98hq6/UY
Cancel-Lock: sha1:XdhXrV852W7bRAfIZiuCWqU4hr0= sha256:7cKyvGEG+3ThG96vvYRBWIeutxkBKbOFNijp3nxhYS4=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.10.0
In-Reply-To: <20231002122538.0aec585e@white>
Content-Language: en-US
 by: Mike Easter - Mon, 2 Oct 2023 18:45 UTC

yossarian wrote:
> Now, everything become little bit complicated. I managed to expand log little more and here it is
>
> 11:50:23:529 sshd error: kex_exchange_identification: Connection closed by remote host
> 11:50:23:529 sshd Connection closed by 192.168.5.5 port 44258
> 11:53:38:033 postfix/anvil statistics: max connection rate 1/60s for (smtp:192.168.5.5) at Oct 2 11:50:17
> 11:53:38:042 postfix/anvil statistics: max connection count 1 for (smtp:192.168.5.5) at Oct 2 11:50:17
> 11:53:38:042 postfix/anvil statistics: max cache size 1 at Oct 2 11:50:17
> 11:55:17:808 postfix/smtpd connect from _gateway[192.168.5.5]
> 11:55:17:811 postfix/smtpd lost connection after EHLO from _gateway[192.168.5.5]
> 11:55:17:811 postfix/smtpd disconnect from _gateway[192.168.5.5] ehlo=1 commands=1
> 11:55:23:530 sshd error: kex_exchange_identification: Connection closed by remote host
>
> 192.168.5.5 is my Mikrotik router. Can you decipher anything from this log? I don't know who is calling postfix
> and why? Who wants to send email and why?

My understanding is that postfix anvil is your postfix defense against
bots & ddos.

I don't know your LAN network topology, but generally the *gateway* is
the .1 where the NAT address translation takes place. I wouldn't think
that 'stuff' should be getting past the .1 to the .5 but then I don't
know much about all of the network security responsibilities if you are
trying to show a server to the WAN at large.

It just seems to me that something is getting in 'a little ways' before
it is stopped.

--
Mike Easter

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor