[Bug 708493] Re: cannot login anymore: Read from socket failed: Connection reset by peer
Clint Byrum
clint at fewbar.com
Fri Oct 21 17:44:49 UTC 2011
Is it possible that the new OpenSSL dropped support for your key
encryption?
Can you paste just the first 3 lines of your private key file, with the
BEGIN, Proc-Type and DEK-Info lines?
(Warning, I do not know if this will leak sensitive info, if you are
unsure, do not paste it).
Also can you try generating a new key and see if that is able to be
used?
Excerpts from esodan's message of Thu Oct 20 15:28:11 UTC 2011:
> I have the same problem with sourceforge.net service. My machine have a
> dual boot from Federa 15 and Ubutu. On Fedora I can use ssh with no
> problems but on Ubuntu 11.10 I can't use ssh. This is my debug from ssh
> -vvv:
>
> ssh -vvv -t esodan at shell.sourceforge.net
> OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to shell.sourceforge.net [216.34.181.119] port 22.
> debug1: Connection established.
> debug3: Incorrect RSA1 identifier
> debug3: Could not load "/home/esodan/.ssh/id_rsa" as a RSA1 public key
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug2: key_type_from_name: unknown key type 'Proc-Type:'
> debug3: key_read: missing keytype
> debug2: key_type_from_name: unknown key type 'DEK-Info:'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug3: key_read: missing whitespace
> debug2: key_type_from_name: unknown key type '-----END'
> debug3: key_read: missing keytype
> debug1: identity file /home/esodan/.ssh/id_rsa type 1
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> debug1: identity file /home/esodan/.ssh/id_rsa-cert type -1
> debug1: identity file /home/esodan/.ssh/id_dsa type -1
> debug1: identity file /home/esodan/.ssh/id_dsa-cert type -1
> debug1: identity file /home/esodan/.ssh/id_ecdsa type -1
> debug1: identity file /home/esodan/.ssh/id_ecdsa-cert type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
> debug1: match: OpenSSH_5.3 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1
> debug2: fd 3 setting O_NONBLOCK
> debug3: load_hostkeys: loading entries for host "shell.sourceforge.net" from file "/home/esodan/.ssh/known_hosts"
> debug3: load_hostkeys: loaded 0 keys
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.liu.se
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib at openssh.com
> debug2: kex_parse_kexinit: none,zlib at openssh.com
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_setup: found hmac-md5
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug2: mac_setup: found hmac-md5
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> Read from socket failed: Connection reset by peer
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/708493
>
> Title:
> cannot login anymore: Read from socket failed: Connection reset by
> peer
>
> Status in “openssh” package in Ubuntu:
> Confirmed
> Status in “openssh” package in Debian:
> New
>
> Bug description:
> After todays update to
> 1:5.7p1-1ubuntu1
> I cannot login to SOME (!) of my servers. Example of a server failing:
>
> ~$ ssh -v root at mail
> OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010
> debug1: Reading configuration data /home/hildeb/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to mail [141.42.202.200] port 22.
> debug1: Connection established.
> debug1: identity file /home/hildeb/.ssh/id_rsa type -1
> debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1
> debug1: identity file /home/hildeb/.ssh/id_dsa type 2
> debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
> debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
> debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1
> debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1
> debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_5.5p1 Debian-6
> debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> Read from socket failed: Connection reset by peer
>
> There is NOTHING in daemon.log, auth.log or syslog on the server I'm
> trying to connect to.
>
> Example of a server NOT failing:
>
> $ ssh -v root at netsight
> OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010
> debug1: Reading configuration data /home/hildeb/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to netsight [10.47.2.222] port 22.
> debug1: Connection established.
> debug1: identity file /home/hildeb/.ssh/id_rsa type -1
> debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1
> debug1: identity file /home/hildeb/.ssh/id_dsa type 2
> debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
> debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
> debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1
> debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1
> debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1
> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6
> debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-ctr hmac-md5 none
> debug1: kex: client->server aes128-ctr hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Server host key: RSA 18:ce:76:c7:7c:f4:98:94:28:8f:62:4a:31:e8:5b:c9
> debug1: Host 'netsight' is known and matches the RSA host key.
> debug1: Found key in /home/hildeb/.ssh/known_hosts:56
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: Roaming not allowed by server
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Offering DSA public key: /home/hildeb/.ssh/id_dsa
> debug1: Server accepts key: pkalg ssh-dss blen 433
> debug1: Authentication succeeded (publickey).
> Authenticated to netsight ([10.47.2.222]:22).
> debug1: channel 0: new [client-session]
> debug1: Requesting no-more-sessions at openssh.com
> debug1: Entering interactive session.
> debug1: Sending environment.
> debug1: Sending env LC_MESSAGES = en_US.utf8
> debug1: Sending env LANG = de_DE.UTF-8
>
> ProblemType: Bug
> DistroRelease: Ubuntu 11.04
> Package: openssh-client 1:5.7p1-1ubuntu1
> ProcVersionSignature: Ubuntu 2.6.37-12.26-generic 2.6.37
> Uname: Linux 2.6.37-12-generic x86_64
> Architecture: amd64
> Date: Thu Jan 27 09:13:15 2011
> ProcEnviron:
> LANGUAGE=en_US:en
> LANG=de_DE.UTF-8
> LC_MESSAGES=en_US.utf8
> SHELL=/bin/bash
> RelatedPackageVersions:
> ssh-askpass N/A
> libpam-ssh N/A
> keychain N/A
> ssh-askpass-gnome 1:5.7p1-1ubuntu1
> SSHClientVersion: OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010
> SourcePackage: openssh
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/708493
Title:
cannot login anymore: Read from socket failed: Connection reset by
peer
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions
More information about the Ubuntu-server-bugs
mailing list