[blfs-support] Openssh cuts connection immediately

[Herbert Laubner via blfs-support]

Hello together,

I have set up a PC using jhalfs with SVN-20200201. This is not the first 
time installing LFS for me.

Base is a raid made with BTRFS in MSDOS-Mode. After the base system was 
setup (fixed fstab, kernel 5.5.1 compiled with btrfs, grub ) I installed 
still in changeroot

- Lynx with zip/unzip/shareutils
- DHCPCD
- Sudo with LinuxPam(rebuild shadow)
- Openssh with Pam-configuration
- wget (after libtasn/p11kit/make-ca)

Lynx, wget are working, sudo is working, ssh from that PC towards other 
PC's in my network are working fine.

Connecting from another PC onto the LFS-PC fails. The cennection gets 
established and shuts down right away again.

I checked

/proc/sys/net/core/netdev_max_backlog 1000
/proc/sys/net/core/somaxconn  4096

The connection protocol:

[herbert@msi-lap ~]$ ssh -vv herbert@192.168.132.139
OpenSSH_8.1p1, OpenSSL 1.1.1d FIPS  10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 192.168.132.139 originally 
192.168.132.139
debug2: match not found
debug1: Reading configuration data 
/etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 192.168.132.139 is address
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug2: checking match for 'final all' host 192.168.132.139 originally 
192.168.132.139
debug2: match found
debug1: Reading configuration data 
/etc/crypto-policies/back-ends/openssh.config
debug2: ssh_connect_direct
debug1: Connecting to 192.168.132.139 [192.168.132.139] port 22.
debug1: Connection established.
debug1: identity file /home/herbert/.ssh/id_rsa type -1
debug1: identity file /home/herbert/.ssh/id_rsa-cert type -1
debug1: identity file /home/herbert/.ssh/id_dsa type -1
debug1: identity file /home/herbert/.ssh/id_dsa-cert type -1
debug1: identity file /home/herbert/.ssh/id_ecdsa type -1
debug1: identity file /home/herbert/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/herbert/.ssh/id_ed25519 type -1
debug1: identity file /home/herbert/.ssh/id_ed25519-cert type -1
debug1: identity file /home/herbert/.ssh/id_xmss type -1
debug1: identity file /home/herbert/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1
debug1: match: OpenSSH_8.1 pat OpenSSH* compat 0x04000000
debug2: fd 5 setting O_NONBLOCK
debug1: Authenticating to 192.168.132.139:22 as 'herbert'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: 
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: 
ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-...@openssh.com,rsa-sha2-512-cert-...@openssh.com,rsa-sha2-256-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: 
aes256-...@openssh.com,chacha20-poly1...@openssh.com,aes256-ctr,aes256-cbc,aes128-...@openssh.com,aes128-ctr,aes128-cbc
debug2: ciphers stoc: 
aes256-...@openssh.com,chacha20-poly1...@openssh.com,aes256-ctr,aes256-cbc,aes128-...@openssh.com,aes128-ctr,aes128-cbc
debug2: MACs ctos: 
hmac-sha2-256-...@openssh.com,hmac-sha1-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha2-256,hmac-sha1,umac-...@openssh.com,hmac-sha2-512
debug2: MACs stoc: 
hmac-sha2-256-...@openssh.com,hmac-sha1-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha2-256,hmac-sha1,umac-...@openssh.com,hmac-sha2-512
debug2: compression ctos: none,z...@openssh.com,zlib
debug2: compression stoc: none,z...@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: 
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: 
rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
debug2: ciphers stoc: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
debug2: MACs ctos: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,z...@openssh.com
debug2: compression stoc: none,z...@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes256-...@openssh.com MAC: 
<implicit> compression: none
debug1: kex: client->server cipher: aes256-...@openssh.com MAC: 
<implicit> compression: none
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug1: kex: curve25519-sha256 need=32 dh_need=32
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 
SHA256:ax4WefO+K5dcR/HJrOdLFV8amfXlrGtixVZujUEcEDY
debug1: Host '192.168.132.139' is known and matches the ECDSA host key.
debug1: Found key in /home/herbert/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/herbert/.ssh/id_rsa
debug1: Will attempt key: /home/herbert/.ssh/id_dsa
debug1: Will attempt key: /home/herbert/.ssh/id_ecdsa
debug1: Will attempt key: /home/herbert/.ssh/id_ed25519
debug1: Will attempt key: /home/herbert/.ssh/id_xmss
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: 
server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
Connection closed by 192.168.132.139 port 22

A restart of the LFS-PC does not change anything, as much as the tried 
restart of the opensshd-service did not helped. Disabeling LinuxPam in 
opensshd_config did also not help.

I have purched opennsh also already using porg, and re-installed it 
again. Same result.
Changing protocol to sftp, using FileZilla was also not a success.

I hope to get a hint where to look, I am running out of ideas, what to 
google.

Best regards
Herbert

-- 
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page