Unable to ssh into server with password - ssh-connection method none

I'm unable to SSH into server A, with any user running RHEL 8.4. It was working fine last week. Nothing shows up in /var/log/secure or in systemctl status sshd - the /etch/sshd_config is set to allow PasswordAuthentication. It never asks for any password - on PuTTY it closes immediately after putting in a username, and on command line it simply fails with a "connection closed by serverA"

When running ssh -v root@server, i get the following output:

OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3 debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling debug1: Connecting to serverA [serverA] port 22. debug1: Connection established. debug1: identity file C:\\Users\\userA/.ssh/id_rsa type -1 debug1: identity file C:\\Users\\userA/.ssh/id_rsa-cert type -1 debug1: identity file C:\\Users\\userA/.ssh/id_dsa type -1 debug1: identity file C:\\Users\\userA/.ssh/id_dsa-cert type -1 debug1: identity file C:\\Users\\userA/.ssh/id_ecdsa type -1 debug1: identity file C:\\Users\\userA/.ssh/id_ecdsa-cert type -1 debug1: identity file C:\\Users\\userA/.ssh/id_ecdsa_sk type -1 debug1: identity file C:\\Users\\userA/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file C:\\Users\\userA/.ssh/id_ed25519 type -1 debug1: identity file C:\\Users\\userA/.ssh/id_ed25519-cert type -1 debug1: identity file C:\\Users\\userA/.ssh/id_ed25519_sk type -1 debug1: identity file C:\\Users\\userA/.ssh/id_ed25519_sk-cert type -1 debug1: identity file C:\\Users\\userA/.ssh/id_xmss type -1 debug1: identity file C:\\Users\\userA/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0 debug1: compat_banner: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000 debug1: Authenticating to serverA:22 as 'root' debug1: load_hostkeys: fopen C:\\Users\\userA/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: load_hostkeys: fopen C:\\Users\\userA/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory debug1: Host 'serverA' is known and matches the ED25519 host key. debug1: Found key in C:\\Users\\userA/.ssh/known_hosts:1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 134217728 blocks debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory debug1: Will attempt key: C:\\Users\\userA/.ssh/id_rsa debug1: Will attempt key: C:\\Users\\userA/.ssh/id_dsa debug1: Will attempt key: C:\\Users\\userA/.ssh/id_ecdsa debug1: Will attempt key: C:\\Users\\userA/.ssh/id_ecdsa_sk debug1: Will attempt key: C:\\Users\\userA/.ssh/id_ed25519 debug1: Will attempt key: C:\\Users\\userA/.ssh/id_ed25519_sk debug1: Will attempt key: C:\\Users\\userA/.ssh/id_xmss debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug1: SSH2_MSG_SERVICE_ACCEPT received Connection closed by serverA port 22 

Running sshd -ddd on serverA, i see the following error:

userauth-request for user root service ssh-connection method none 

full output:

debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 734 debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 734 debug3: /etc/ssh/sshd_config:22 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:24 setting HostKey /etc/ssh/ssh_host_ed25519_key debug3: /etc/ssh/sshd_config:37 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:43 setting PermitRootLogin yes debug3: /etc/ssh/sshd_config:52 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /etc/ssh/sshd_config:70 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:74 setting ChallengeResponseAuthentication no debug3: /etc/ssh/sshd_config:84 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:85 setting GSSAPICleanupCredentials no debug3: /etc/ssh/sshd_config:101 setting UsePAM yes debug3: /etc/ssh/sshd_config:106 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:113 setting PrintMotd no debug3: /etc/ssh/sshd_config:132 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:133 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:134 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:135 setting AcceptEnv XMODIFIERS debug3: /etc/ssh/sshd_config:138 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug1: sshd version OpenSSH_8.0, OpenSSL 1.1.1k FIPS 25 Mar 2021 debug1: private host key #0: ssh-rsa SHA256:GwaDpWqZk3FQrfNmD4GqWDEcd1zur+dXZsbArmzrcGs debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:3aAAv+pS/mxSCadlScgN8CD6bclzSfzyZ5re9Cb30h0 debug1: private host key #2: ssh-ed25519 SHA256:7lS8fhUowMoIC8/5DJ0k62I6fzK1eA5PTClqFR0g4HM debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-E' debug1: rexec_argv[3]='/tmp/ssh.log' debug3: oom_adjust_setup debug1: Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug2: fd 5 setting O_NONBLOCK debug3: sock_set_v6only: set socket 5 IPV6_V6ONLY debug1: Bind to port 22 on ::. Server listening on :: port 22. debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 734 debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 734 debug3: /etc/ssh/sshd_config:22 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:24 setting HostKey /etc/ssh/ssh_host_ed25519_key debug3: /etc/ssh/sshd_config:37 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:43 setting PermitRootLogin yes debug3: /etc/ssh/sshd_config:52 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /etc/ssh/sshd_config:70 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:74 setting ChallengeResponseAuthentication no debug3: /etc/ssh/sshd_config:84 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:85 setting GSSAPICleanupCredentials no debug3: /etc/ssh/sshd_config:101 setting UsePAM yes debug3: /etc/ssh/sshd_config:106 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:113 setting PrintMotd no debug3: /etc/ssh/sshd_config:132 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:133 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:134 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:135 setting AcceptEnv XMODIFIERS debug3: /etc/ssh/sshd_config:138 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug1: sshd version OpenSSH_8.0, OpenSSL 1.1.1k FIPS 25 Mar 2021 debug1: private host key #0: ssh-rsa SHA256:GwaDpWqZk3FQrfNmD4GqWDEcd1zur+dXZsbArmzrcGs debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:3aAAv+pS/mxSCadlScgN8CD6bclzSfzyZ5re9Cb30h0 debug1: private host key #2: ssh-ed25519 SHA256:7lS8fhUowMoIC8/5DJ0k62I6fzK1eA5PTClqFR0g4HM debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-E' debug1: rexec_argv[3]='/tmp/ssh.log' debug3: oom_adjust_setup debug1: Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 4 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug2: fd 5 setting O_NONBLOCK debug3: sock_set_v6only: set socket 5 IPV6_V6ONLY debug1: Bind to port 22 on ::. Server listening on :: port 22. debug3: fd 6 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 9 config len 734 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9 debug3: recv_rexec_state: entering fd = 5 debug3: ssh_msg_recv entering debug3: recv_rexec_state: done debug2: parse_server_config_depth: config rexec len 734 debug3: rexec:22 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: rexec:24 setting HostKey /etc/ssh/ssh_host_ed25519_key debug3: rexec:37 setting SyslogFacility AUTHPRIV debug3: rexec:43 setting PermitRootLogin yes debug3: rexec:52 setting AuthorizedKeysFile .ssh/authorized_keys debug3: rexec:70 setting PasswordAuthentication yes debug3: rexec:74 setting ChallengeResponseAuthentication no debug3: rexec:84 setting GSSAPIAuthentication yes debug3: rexec:85 setting GSSAPICleanupCredentials no debug3: rexec:101 setting UsePAM yes debug3: rexec:106 setting X11Forwarding yes debug3: rexec:113 setting PrintMotd no debug3: rexec:132 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: rexec:133 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: rexec:134 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: rexec:135 setting AcceptEnv XMODIFIERS debug3: rexec:138 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug1: sshd version OpenSSH_8.0, OpenSSL 1.1.1k FIPS 25 Mar 2021 debug1: private host key #0: ssh-rsa SHA256:GwaDpWqZk3FQrfNmD4GqWDEcd1zur+dXZsbArmzrcGs debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:3aAAv+pS/mxSCadlScgN8CD6bclzSfzyZ5re9Cb30h0 debug1: private host key #2: ssh-ed25519 SHA256:7lS8fhUowMoIC8/5DJ0k62I6fzK1eA5PTClqFR0g4HM debug1: inetd sockets after dupping: 5, 5 Connection from ::1 port 56500 on ::1 port 22 debug1: Local version string SSH-2.0-OpenSSH_8.0 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0 debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000 debug2: fd 5 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing seccomp filter sandbox debug2: Network child is on pid 8363 debug3: preauth child monitor started debug1: SELinux support enabled [preauth] debug1: ssh_selinux_change_context: setting context from 'unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023' to 'unconfined_u:unconfined_r:sshd_net_t:s0-s0:c0.c1023' [preauth] debug3: ssh_selinux_change_context: setcon unconfined_u:unconfined_r:sshd_net_t:s0-s0:c0.c1023 from unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 failed with Invalid argument [preauth] debug3: privsep user:group 74:74 [preauth] debug1: permanently_set_uid: 74/74 [preauth] debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug3: send packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug3: receive packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug2: local server KEXINIT proposal [preauth] debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth] debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth] debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] [preauth] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: compression ctos: none,[email protected] [preauth] debug2: compression stoc: none,[email protected] [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug2: peer client KEXINIT proposal [preauth] debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c [preauth] debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth] debug2: ciphers ctos: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc [preauth] debug2: ciphers stoc: [email protected],[email protected],aes256-ctr,aes256-cbc,[email protected],aes128-ctr,aes128-cbc [preauth] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512 [preauth] debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha1,[email protected],hmac-sha2-512 [preauth] debug2: compression ctos: none,[email protected],zlib [preauth] debug2: compression stoc: none,[email protected],zlib [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug1: kex: algorithm: curve25519-sha256 [preauth] debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth] debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth] debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth] debug1: kex: curve25519-sha256 need=32 dh_need=32 [preauth] debug3: mm_request_send entering: type 120 [preauth] debug3: mm_request_receive_expect entering: type 121 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 120 debug3: mm_request_send entering: type 121 debug1: kex: curve25519-sha256 need=32 dh_need=32 [preauth] debug3: mm_request_send entering: type 120 [preauth] debug3: mm_request_receive_expect entering: type 121 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 120 debug3: mm_request_send entering: type 121 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] debug3: receive packet: type 30 [preauth] debug3: mm_sshkey_sign entering [preauth] debug3: mm_request_send entering: type 6 [preauth] debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth] debug3: mm_request_receive_expect entering: type 7 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_sign debug3: mm_answer_sign: hostkey proof signature 0x55639ba6a250(101) debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: send packet: type 31 [preauth] debug3: send packet: type 21 [preauth] debug2: set_newkeys: mode 1 [preauth] debug1: rekey out after 4294967296 blocks [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug3: send packet: type 7 [preauth] debug3: receive packet: type 21 [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug2: set_newkeys: mode 0 [preauth] debug1: rekey in after 4294967296 blocks [preauth] debug1: KEX done [preauth] debug3: receive packet: type 5 [preauth] debug3: send packet: type 6 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user root service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug3: mm_getpwnamallow entering [preauth] debug3: mm_request_send entering: type 8 [preauth] debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] debug3: mm_request_receive_expect entering: type 9 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 8 debug3: mm_answer_pwnamallow debug2: parse_server_config_depth: config reprocess config len 734 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 9 debug2: monitor_read: 8 used once, disabling now debug2: input_userauth_request: setting up authctxt for root [preauth] debug3: mm_start_pam entering [preauth] debug3: mm_request_send entering: type 100 [preauth] debug3: mm_inform_authserv entering [preauth] debug3: mm_request_send entering: type 4 [preauth] debug3: mm_inform_authrole entering [preauth] debug3: mm_request_send entering: type 80 [preauth] debug2: input_userauth_request: try method none [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 100 debug1: PAM: initializing for "root" debug1: PAM: setting PAM_RHOST to "::1" debug1: PAM: setting PAM_TTY to "ssh" debug2: monitor_read: 100 used once, disabling now debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 1.235ms, delaying 4.731ms (requested 5.966ms) [preauth] debug1: monitor_read_log: child log fd closed debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 80 debug3: mm_answer_authrole: role= debug2: monitor_read: 80 used once, disabling now debug3: mm_request_receive entering debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering debug1: Killing privsep child 8363 

Interestingly enough, if I run an nmap on serverA, I also see this:

Host is up (0.00013s latency). PORT STATE SERVICE 22/tcp open ssh | ssh-auth-methods: |_ Supported authentication methods: false 

Attempting to ssh with PreferredAuthentications=passwrod and PubkeyAuthentication=no has the same results.

Copy of /etc/ssh/ssh_config

# $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. # Host * # ForwardAgent no # ForwardX11 no # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # GSSAPIKeyExchange no # GSSAPITrustDNS no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,[email protected] # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h # # This system is following system-wide crypto policy. # To modify the system-wide ssh configuration, create a *.conf file under # /etc/ssh/ssh_config.d/ which will be automatically included below Include /etc/ssh/ssh_config.d/*.conf 

copy of /etc/ssh/sshd_config

# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. # If you want to change the port on a SELinux system, you have to tell # SELinux about this change. # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER # #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # This system is following system-wide crypto policy. The changes to # crypto properties (Ciphers, MACs, ...) will not have any effect here. # They will be overridden by command-line options passed to the server # on command line. # Please, check manual pages for update-crypto-policies(8) and sshd_config(5). # Logging #SyslogFacility AUTH SyslogFacility AUTHPRIV #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication yes # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no #KerberosUseKuserok yes # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials no #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no #GSSAPIEnablek5users no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. # WARNING: 'UsePAM no' is not supported in RHEL and may cause several # problems. UsePAM yes #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes # It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd, # as it is more configurable and versatile than the built-in version. PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # Accept locale-related environment variables AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server 

I'm unsure as to what's changed - the internal firewall is seeing traffic fine and has had no changes. nothing in the yum history implying any updates, and I'm able to ssh in with other servers fine. I feel like it's something blindly staring me in the face - what am I missing here?