subject:"openssh\: missing kex_exchange_identification ssh error messages with 1\:9.5p1\-2\?"

Re: openssh: missing kex_exchange_identification ssh error messages with 1:9.5p1-2?

2023-12-14 Thread Vincent Lefevre

On 2023-12-14 14:04:08 -0500, Greg Wooledge wrote:
> On Thu, Dec 14, 2023 at 05:14:28PM +0100, Vincent Lefevre wrote:
> > I have the latest version!!! I recall that this is a Debian/unstable
> > machine, which I upgrade regularly. So, everytime I get such an error,
> > I have the latest client.
> 
> Just for the record, saying you have the "latest" version of something
> is unhelpful.  This goes double when you're on a testing or unstable
> system.  We don't know how long ago you updated, or what mirrors you're
> using, or what errors might have occurred the last time you updated,
> or whether you have a locally installed version of "ssh" in your PATH
> before /usr/bin/ssh, or... anything.  Anything at all.
> 
> When asking for help, it's best to give all of the relevant details up
> front.  Start by saying you're on Debian unstable.  Then give the
> installed package version (as printed by "dpkg -l openssh-client")
> and the output of "ssh -V".

As I've said in my message: I've upgraded to openssh-client 1:9.5p1-2.

The versions up to 9.4 were fine, i.e. I got a detailed error message.

> Since this is a problem with ssh, which uses a client/server architecture,
> giving the version of the server's sshd would also help.

openssh-server 1:7.9p1-10+deb10u3

but I don't think this is useful.

> Finally, if you've customized something that's relevant, be sure to
> include that.  For the ssh client, customizations are done in the
> /etc/ssh/ssh_config and ~/.ssh/config files.  Anything you've changed
> or added there would be important to disclose.

At the time of the test:

IdentitiesOnly yes
TCPKeepAlive no
ControlPath /tmp/ssh-%h-%p-%r
SendEnv LANG LC_*
ProxyCommand none
StrictHostKeyChecking yes

(and the last change was "KeepAlive no" → "TCPKeepAlive no"
in June 2022).

> If you've customized anything on the server end (i.e. in
> /etc/ssh/sshd_config) then you should disclose that as well.

Note that I am not the admin of the server. I can see that
MaxStartups was changed to "MaxStartups 20:30:120". But the
last change was done in June.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: openssh: missing kex_exchange_identification ssh error messages with 1:9.5p1-2?

2023-12-14 Thread Greg Wooledge

On Thu, Dec 14, 2023 at 05:14:28PM +0100, Vincent Lefevre wrote:
> I have the latest version!!! I recall that this is a Debian/unstable
> machine, which I upgrade regularly. So, everytime I get such an error,
> I have the latest client.

Just for the record, saying you have the "latest" version of something
is unhelpful.  This goes double when you're on a testing or unstable
system.  We don't know how long ago you updated, or what mirrors you're
using, or what errors might have occurred the last time you updated,
or whether you have a locally installed version of "ssh" in your PATH
before /usr/bin/ssh, or... anything.  Anything at all.

When asking for help, it's best to give all of the relevant details up
front.  Start by saying you're on Debian unstable.  Then give the
installed package version (as printed by "dpkg -l openssh-client")
and the output of "ssh -V".

After that, describe the problem, and give whatever diagnostic information
you've managed to gather so far.  This might include the output of
"ssh -v myuser@myhost" for example.  The ssh client doesn't generally
write information to log files, but for *other* kinds of problems,
copying the relevant pieces of log files (or journalctl output, etc.)
would probably help.

Since this is a problem with ssh, which uses a client/server architecture,
giving the version of the server's sshd would also help.

Finally, if you've customized something that's relevant, be sure to
include that.  For the ssh client, customizations are done in the
/etc/ssh/ssh_config and ~/.ssh/config files.  Anything you've changed
or added there would be important to disclose.  If you've customized
anything on the server end (i.e. in /etc/ssh/sshd_config) then you
should disclose that as well.

Re: openssh: missing kex_exchange_identification ssh error messages with 1:9.5p1-2?

2023-12-14 Thread Klaus Singvogel

Vincent Lefevre wrote:
> I have the latest version!!! I recall that this is a Debian/unstable
> machine, which I upgrade regularly. So, everytime I get such an error,
> I have the latest client.
> 
> Note also that this is an error that occurs randomly.

Then I'm sorry, that I can't help you more on this topic.
The given information is not enough to debug, and I'd never seen any other 
connection failure cases.

My advice is, even it's annoying to see a lot of verbose output on your 
terminal, that you can use options "-vvv" in your ssh call, like: ssh -vvv 
user@host date

As you have as well good as bad connections, try to compare that output from 
both types of ssh connections.

Best regards,
Klaus.
-- 
Klaus Singvogel
GnuPG-Key-ID: 1024R/5068792D  1994-06-27

Re: openssh: missing kex_exchange_identification ssh error messages with 1:9.5p1-2?

2023-12-14 Thread Vincent Lefevre

On 2023-12-14 17:03:10 +0100, Klaus Singvogel wrote:
> Vincent Lefevre wrote:
> > Since 2 years (from early 2022 to 2023-11-26), I've got recurrent
> > errors like
> > 
> > kex_exchange_identification: read: Connection reset by peer
> > Connection reset by x.x.x.x port 22
> 
> This sounds most likely that your SSH client (program at your local
> machine) has an outdated SSH implementation. Try to update this
> program first.

I have the latest version!!! I recall that this is a Debian/unstable
machine, which I upgrade regularly. So, everytime I get such an error,
I have the latest client.

Note also that this is an error that occurs randomly.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: openssh: missing kex_exchange_identification ssh error messages with 1:9.5p1-2?

2023-12-14 Thread Klaus Singvogel

Vincent Lefevre wrote:
> Since 2 years (from early 2022 to 2023-11-26), I've got recurrent
> errors like
> 
> kex_exchange_identification: read: Connection reset by peer
> Connection reset by x.x.x.x port 22

This sounds most likely that your SSH client (program at your local machine) 
has an outdated SSH implementation. Try to update this program first.

Best regards,
Klaus.
-- 
Klaus Singvogel
GnuPG-Key-ID: 1024R/5068792D  1994-06-27

openssh: missing kex_exchange_identification ssh error messages with 1:9.5p1-2?

2023-12-14 Thread Vincent Lefevre

Since 2 years (from early 2022 to 2023-11-26), I've got recurrent
errors like

kex_exchange_identification: read: Connection reset by peer
Connection reset by x.x.x.x port 22

or

kex_exchange_identification: Connection closed by remote host
Connection closed by x.x.x.x port 22

But yesterday, the errors just became

Connection closed by x.x.x.x port 22

though I suspect that this is exactly the same issue.

The sshd server and its config have not changed. Only the client has
changed: I upgraded to openssh-client 1:9.5p1-2 on 2023-11-27 (this
is a Debian/unstable machine).

Is there any explanation of such a change?

Has anyone noticed a similar change (for those who get such errors)?

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: openssh: missing kex_exchange_identification ssh error messages with 1:9.5p1-2?

Re: openssh: missing kex_exchange_identification ssh error messages with 1:9.5p1-2?

Re: openssh: missing kex_exchange_identification ssh error messages with 1:9.5p1-2?

Re: openssh: missing kex_exchange_identification ssh error messages with 1:9.5p1-2?

Re: openssh: missing kex_exchange_identification ssh error messages with 1:9.5p1-2?

openssh: missing kex_exchange_identification ssh error messages with 1:9.5p1-2?

6 matches

Site Navigation

Mail list logo

Footer information