Hi. Having this weird problem when connecting to a SFTP server.
Client Debug: sftp -vvvv -oport=2222 -F /usr/local/etc/ssh_config <removed>@<removed> OpenSSH_5.9p1, OpenSSL 1.0.1 14 Mar 2012 debug1: Reading configuration data /usr/local/etc/ssh_config debug1: /usr/local/etc/ssh_config line 1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to <removed> [<removed>] port 2222. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load "/home/<removed>/.ssh/id_rsa" as a RSA1 public key debug1: identity file /home/<removed>/.ssh/id_rsa type 1 debug1: identity file /home/<removed>/.ssh/id_rsa-cert type -1 debug1: identity file /home/<removed>/.ssh/id_dsa type -1 debug1: identity file /home/<removed>/.ssh/id_dsa-cert type -1 debug1: identity file /home/<removed>/.ssh/id_ecdsa type -1 debug1: identity file /home/<removed>/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version <removed> debug1: no match: <removed> debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug2: fd 3 setting O_NONBLOCK debug3: put_host_port: [<removed>]:2222 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss<mailto:ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss> debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP DH_GEX group out of range: 1024 !< 1020 !< 8192 Couldn't read packet: Connection reset by peer As you can see in the end, the error: DH_GEX group out of range: 1024 !< 1020 !< 8192 shows. When we grabbed the package and decoded it in Wireshark, we found that the key being sent was 1032 bit long, not 1020 as the client debug indicates. And the request for terminating the session is done by the client, not the server. ssh_config looks like this: Host * SendEnv LANG LC_* HashKnownHosts yes We have spent countless hours on this problem, and are desperate on a solution. Since im not in control of the client, only the server, I can only say what the customer tell me. Operating system is unix/linux but exactly which, I don't know. I can mention that this error only occurs with this customer, and no one else. And the customer claims that this error only occurs towards us, and no one else. Anyone have a clue on what this could be ? Google will not help me on this one :( Best regards Daniel Bjørnådal Johansen IT Consultant, ITO Card Services
