Hey all, I've got a really strange ssh issue. When I'm connecting to one of my Gentoo machines, dosen't matter what from, my ssh connection is reset by peer after authentication is sucessful. Here is the really wierd part. If I remove all of the ssh keys from my ~/.ssh folder it logs in fine; remember I'm not using the keys when it fails either. It does fail the same way with the keys too though.
I'm running openssh-4.2_p1 on the Gentoo box, and until a few days ago this was working perfectly as a backup server with keyed logins for rsync. At the moment I'm doing this by hand nightly, which isn't much fun to say the least. As for network conectivity, both machines are on a internal 192.168.0.0/24 net, no address translation or anything like that. I've removed the firewall from the machine while working on this, so that isn't a factor. I've tired a few different versions of openssh, even building it by hand and running it on an alternate port for debuging (see below). I've made new keys on both machines. I even installed telnet so I could stop sshd entirely and remove all traces of it, then reinstall. I've rebuilt ssh with and without pam, sftplogging, and tcpd (no /etc/hosts.allow/deny files exist). I even took a quick try with ssh.com's server, it failed too, but I don't know it well enough to make that really useful to this. Here are the debuging logs from the server, and the verbose client logins. I guess I'll keep this at level 2 for the moment. client side, no verbosity: ssh [EMAIL PROTECTED] Password: Read from remote host 192.168.0.254: Connection reset by peer Connection to 192.168.0.254 closed. Client side Level 2 verbosity: root]# ssh [EMAIL PROTECTED] -vv OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.0.254 [192.168.0.254] port 22. debug1: Connection established. debug2: key_type_from_name: unknown key type '1024' debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug2: key_type_from_name: unknown key type '-----BEGIN' debug2: key_type_from_name: unknown key type '-----END' debug1: identity file /root/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2 debug1: match: OpenSSH_4.2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman- group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,[EMAIL PROTECTED] debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,[EMAIL PROTECTED] debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman- group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED], aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED], aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- [EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: none,[EMAIL PROTECTED] debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 135/256 debug2: bits set: 1025/2048 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '192.168.0.254' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:22 debug2: bits set: 1004/2048 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Trying private key: /root/.ssh/id_rsa debug1: Offering public key: /root/.ssh/id_dsa debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,keyboard-interactive debug2: we did not send a packet, disable method debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug2: we sent a keyboard-interactive packet, wait for reply debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password: debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 0 debug1: Authentication succeeded (keyboard-interactive). debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Entering interactive session. debug1: channel_free: channel 0: client-session, nchannels 1 Read from remote host 192.168.0.254: Connection reset by peer Connection to 192.168.0.254 closed. debug1: Transferred: stdin 0, stdout 0, stderr 100 bytes in 0.0 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 2591.6 debug1: Exit status -1 Ok, now the server side debuging. Info level Dec 19 16:46:19 gentoo sshd[26348]: Accepted keyboard-interactive/pam for jrauch from 192.168.0.129 port 44809 ssh2 Debug level2 Dec 19 16:51:03 gentoo sshd[26274]: Received signal 15; terminating. Dec 19 16:51:04 gentoo sshd[26489]: debug2: fd 3 setting O_NONBLOCK Dec 19 16:51:04 gentoo sshd[26489]: debug1: Bind to port 22 on 0.0.0.0. Dec 19 16:51:04 gentoo sshd[26489]: Server listening on 0.0.0.0 port 22. Dec 19 16:51:04 gentoo sshd[26489]: socket: Address family not supported by protocol Dec 19 16:51:38 gentoo sshd[26497]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7 Dec 19 16:51:38 gentoo sshd[26489]: debug1: Forked child 26497. Dec 19 16:51:38 gentoo sshd[26497]: debug1: inetd sockets after dupping: 3, 3 Dec 19 16:51:38 gentoo sshd[26497]: Connection from 192.168.0.129 port 47637 Dec 19 16:51:38 gentoo sshd[26497]: debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2 Dec 19 16:51:38 gentoo sshd[26497]: debug1: match: OpenSSH_3.6.1p2 pat OpenSSH_3.* Dec 19 16:51:38 gentoo sshd[26497]: debug1: Enabling compatibility mode for protocol 2.0 Dec 19 16:51:38 gentoo sshd[26497]: debug1: Local version string SSH-2.0- OpenSSH_4.2 Dec 19 16:51:38 gentoo sshd[26497]: debug2: fd 3 setting O_NONBLOCK Dec 19 16:51:38 gentoo sshd[26497]: debug2: Network child is on pid 26501 Dec 19 16:51:38 gentoo sshd[26497]: debug2: monitor_read: 0 used once, disabling now Dec 19 16:51:38 gentoo sshd[26497]: debug2: monitor_read: 4 used once, disabling now Dec 19 16:51:38 gentoo sshd[26497]: debug2: monitor_read: 6 used once, disabling now Dec 19 16:51:38 gentoo sshd[26497]: debug1: PAM: initializing for "jrauch" Dec 19 16:51:38 gentoo sshd[26497]: debug1: PAM: setting PAM_RHOST to "drop1" Dec 19 16:51:38 gentoo sshd[26497]: debug1: PAM: setting PAM_TTY to "ssh" Dec 19 16:51:38 gentoo sshd[26497]: debug2: monitor_read: 45 used once, disabling now Dec 19 16:51:38 gentoo sshd[26497]: debug2: monitor_read: 3 used once, disabling now Dec 19 16:51:38 gentoo sshd[26497]: debug1: temporarily_use_uid: 1000/100 (e=0/ 0) Dec 19 16:51:38 gentoo sshd[26497]: debug1: trying public key file /home/jrauch /.ssh/authorized_keys Dec 19 16:51:38 gentoo sshd[26497]: debug1: restore_uid: 0/0 Dec 19 16:51:38 gentoo sshd[26497]: debug1: temporarily_use_uid: 1000/100 (e=0/ 0) Dec 19 16:51:38 gentoo sshd[26497]: debug1: trying public key file /home/jrauch /.ssh/authorized_keys2 Dec 19 16:51:38 gentoo sshd[26497]: debug1: restore_uid: 0/0 Dec 19 16:51:41 gentoo sshd[26497]: debug2: PAM: sshpam_respond entering, 1 responses Dec 19 16:51:41 gentoo sshd[26502]: debug1: do_pam_account: called Dec 19 16:51:41 gentoo sshd[26497]: debug1: PAM: num PAM env strings 0 Dec 19 16:51:41 gentoo sshd[26497]: debug2: PAM: sshpam_respond entering, 0 responses Dec 19 16:51:41 gentoo sshd[26497]: debug2: monitor_read: 54 used once, disabling now Dec 19 16:51:41 gentoo sshd[26497]: debug1: do_pam_account: called Dec 19 16:51:41 gentoo sshd[26497]: Accepted keyboard-interactive/pam for jrauch from 192.168.0.129 port 47637 ssh2 Dec 19 16:51:41 gentoo sshd[26497]: debug1: monitor_child_preauth: jrauch has been authenticated by privileged process Dec 19 16:51:41 gentoo sshd[26497]: debug2: mac_init: found hmac-md5 Dec 19 16:51:41 gentoo sshd[26497]: debug2: mac_init: found hmac-md5 Dec 19 16:51:41 gentoo sshd[26497]: debug2: User child is on pid 26503 Dec 19 16:51:41 gentoo sshd[26497]: debug1: do_cleanup Dec 19 16:51:41 gentoo sshd[26497]: debug1: PAM: cleanup The server's name isn't really Gentoo... I'm sure you understand. and to anyone that made it through all of that, thanks. I've tried everything I can think of with no luck, so any ideas are welcome.
