Use dropbear ....
On 21 December 2012 15:27, Nicolas Michel <nicolas.mic...@lemail.be> wrote: > I have the same problem here. Only on one remote host: > > sylock@sylock-vmware:~$ ssh -vvv XXXXXX > OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012 > debug1: Reading configuration data /home/sylock/.ssh/config > debug1: /home/sylock/.ssh/config line 1: Applying options for * > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 19: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to XXXXXX[172.24.6.18] port 22. > debug1: Connection established. > debug1: identity file /home/sylock/.ssh/id_rsa type -1 > debug1: identity file /home/sylock/.ssh/id_rsa-cert type -1 > debug1: identity file /home/sylock/.ssh/id_dsa type -1 > debug1: identity file /home/sylock/.ssh/id_dsa-cert type -1 > debug1: identity file /home/sylock/.ssh/id_ecdsa type -1 > debug1: identity file /home/sylock/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1 > debug1: match: OpenSSH_5.1 pat OpenSSH_5* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1 > debug2: fd 3 setting O_NONBLOCK > debug3: load_hostkeys: loading entries for host "fsmal989" from file > "/home/sylock/.ssh/known_hosts" > debug3: load_hostkeys: found key type RSA in file > /home/sylock/.ssh/known_hosts:269 > debug3: load_hostkeys: loaded 1 keys > debug3: order_hostkeyalgs: prefer hostkeyalgs: > ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-rsa > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa-cert-...@openssh.com, > ssh-rsa-cert-...@openssh.com,ssh-rsa, > ecdsa-sha2-nistp256-cert-...@openssh.com, > ecdsa-sha2-nistp384-cert-...@openssh.com, > ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-dss-cert-...@openssh.com, > ssh-dss-cert-...@openssh.com > ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, > rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, > rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com > ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, > hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com > ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, > hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, > rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, > rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com > ,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com > ,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_setup: found hmac-md5 > debug1: kex: server->client aes128-ctr hmac-md5 none > debug2: mac_setup: found hmac-md5 > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > Write failed: Connection reset by peer > > > sylock@sylock-vmware:~$ ssh -V > OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012 > > sylock@sylock-vmware:~$ cat /etc/*release > DISTRIB_ID=Ubuntu > DISTRIB_RELEASE=12.10 > DISTRIB_CODENAME=quantal > DISTRIB_DESCRIPTION="Ubuntu 12.10" > NAME="Ubuntu" > VERSION="12.10, Quantal Quetzal" > ID=ubuntu > ID_LIKE=debian > PRETTY_NAME="Ubuntu quantal (12.10)" > VERSION_ID="12.10" > > sylock@sylock-vmware:~$ ldd /usr/bin/ssh > linux-vdso.so.1 => (0x00007ffff11c0000) > libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 > (0x00007f14ce3e2000) > libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 > (0x00007f14ce01b000) > libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f14cde16000) > libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f14cdbff000) > libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 > (0x00007f14cd9e3000) > libgssapi_krb5.so.2 => > /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007f14cd7a4000) > libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f14cd3e5000) > /lib64/ld-linux-x86-64.so.2 (0x00007f14ce881000) > libkrb5.so.3 => /usr/lib/x86_64-linux-gnu/libkrb5.so.3 > (0x00007f14cd117000) > libk5crypto.so.3 => /usr/lib/x86_64-linux-gnu/libk5crypto.so.3 > (0x00007f14cceed000) > libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2 > (0x00007f14ccce9000) > libkrb5support.so.0 => > /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007f14ccae1000) > libkeyutils.so.1 => /lib/x86_64-linux-gnu/libkeyutils.so.1 > (0x00007f14cc8dc000) > libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 > (0x00007f14cc6bf000) > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/708493 > > Title: > Can't login anymore: Read from socket failed: Connection reset by peer > > Status in “openssh” package in Ubuntu: > Confirmed > Status in “openssh” package in Debian: > New > > Bug description: > After todays update to > 1:5.7p1-1ubuntu1 > I cannot login to SOME (!) of my servers. Example of a server failing: > > ~$ ssh -v root@mail > OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > debug1: Reading configuration data /home/hildeb/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to mail [141.42.202.200] port 22. > debug1: Connection established. > debug1: identity file /home/hildeb/.ssh/id_rsa type -1 > debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_dsa type 2 > debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 > debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 1.99, remote software version > OpenSSH_5.5p1 Debian-6 > debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > Read from socket failed: Connection reset by peer > > There is NOTHING in daemon.log, auth.log or syslog on the server I'm > trying to connect to. > > Example of a server NOT failing: > > $ ssh -v root@netsight > OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > debug1: Reading configuration data /home/hildeb/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to netsight [10.47.2.222] port 22. > debug1: Connection established. > debug1: identity file /home/hildeb/.ssh/id_rsa type -1 > debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_dsa type 2 > debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 > debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_5.5p1 Debian-6 > debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Server host key: RSA > 18:ce:76:c7:7c:f4:98:94:28:8f:62:4a:31:e8:5b:c9 > debug1: Host 'netsight' is known and matches the RSA host key. > debug1: Found key in /home/hildeb/.ssh/known_hosts:56 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: Roaming not allowed by server > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Offering DSA public key: /home/hildeb/.ssh/id_dsa > debug1: Server accepts key: pkalg ssh-dss blen 433 > debug1: Authentication succeeded (publickey). > Authenticated to netsight ([10.47.2.222]:22). > debug1: channel 0: new [client-session] > debug1: Requesting no-more-sessi...@openssh.com > debug1: Entering interactive session. > debug1: Sending environment. > debug1: Sending env LC_MESSAGES = en_US.utf8 > debug1: Sending env LANG = de_DE.UTF-8 > > ProblemType: Bug > DistroRelease: Ubuntu 11.04 > Package: openssh-client 1:5.7p1-1ubuntu1 > ProcVersionSignature: Ubuntu 2.6.37-12.26-generic 2.6.37 > Uname: Linux 2.6.37-12-generic x86_64 > Architecture: amd64 > Date: Thu Jan 27 09:13:15 2011 > ProcEnviron: > LANGUAGE=en_US:en > LANG=de_DE.UTF-8 > LC_MESSAGES=en_US.utf8 > SHELL=/bin/bash > RelatedPackageVersions: > ssh-askpass N/A > libpam-ssh N/A > keychain N/A > ssh-askpass-gnome 1:5.7p1-1ubuntu1 > SSHClientVersion: OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun > 2010 > SourcePackage: openssh > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions > -- Regards Gary Cell 083-391-4914 Fax 086-655-3146 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs