Hello the root cause has been found in the meantime. The problem was that the file system on which the keys are stored was full. Since the dropbear is started with the -R option, the keys are generated only the first time a login is done. If at that moment there is no room left, the reported behavior is seen.
Best regards Ronny Op ma 5 jun 2023 om 14:41 schreef Ronny Meeus <ronny.me...@gmail.com>: > > Hello > > we have a dropbear version 2020,81 running in an old release of our SW > as our login server. > Currently we experience issues logging in on the system from the > remote system running Openssh (using dropbear also on the client side > we see a similar result). > > At the end of the mail I pasted the output we get. > (after the trace "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY", nothing > is seen anymore) > > This issue is not seen persistently and seems to occur on random systems. > After a reboot the issue seems to be resolved, not clear whether it > will come back after some time or not. > > For the moment it is impossible to collect local traces on the server > node since we cannot reach it anymore. > Doing a telnet to the port 2222 is actually showing the dropbear > version etc, meaning that the connection as such (at TCP level) seems > to be OK. > > Is this a known issue and is there something we can do as a workaround > (or do we have means to collect more information about the root > cause)? > > Thanks. > > Best regards, > Ronny > > ~ # ssh -p 2222 root@169.254.1.4 -vvvv > OpenSSH_8.4p1, OpenSSL 1.1.1j 16 Feb 2021 > debug1: Reading configuration data /etc/ssh/ssh_config > debug2: resolve_canonicalize: hostname 169.254.1.4 is address > debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> > '/root/.ssh/known_hosts' > debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> > '/root/.ssh/known_hosts2' > debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling > debug2: ssh_connect_direct > debug1: Connecting to 169.254.1.4 [169.254.1.4] port 2222. > debug1: Connection established. > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: identity file /root/.ssh/id_ecdsa_sk type -1 > debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1 > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > debug1: identity file /root/.ssh/id_ed25519_sk type -1 > debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1 > debug1: identity file /root/.ssh/id_xmss type -1 > debug1: identity file /root/.ssh/id_xmss-cert type -1 > debug1: Local version string SSH-2.0-OpenSSH_8.4 > debug1: Remote protocol version 2.0, remote software version dropbear_2020.81 > debug1: no match: dropbear_2020.81 > debug2: fd 3 setting O_NONBLOCK > debug1: Authenticating to 169.254.1.4:2222 as 'root' > debug3: put_host_port: [169.254.1.4]:2222 > debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" > debug3: send packet: type 20 > debug1: SSH2_MSG_KEXINIT sent > debug3: receive packet: type 20 > debug1: SSH2_MSG_KEXINIT received > debug2: local client KEXINIT proposal > debug2: KEX algorithms: > curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c > debug2: host key algorithms: > ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,sk-ecdsa-sha2-nistp256-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,sk-ssh-ed25519-cert-...@openssh.com,rsa-sha2-512-cert-...@openssh.com,rsa-sha2-256-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp...@openssh.com,ssh-ed25519,sk-ssh-ed25...@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa > debug2: ciphers ctos: > chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com > debug2: ciphers stoc: > chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com > debug2: MACs ctos: > umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: MACs stoc: > umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 > debug2: compression ctos: none,z...@openssh.com,zlib > debug2: compression stoc: none,z...@openssh.com,zlib > debug2: languages ctos: > debug2: languages stoc: > debug2: first_kex_follows 0 > debug2: reserved 0 > debug2: peer server KEXINIT proposal > debug2: KEX algorithms: > curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,kexgue...@matt.ucc.asn.au > debug2: host key algorithms: > ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-256,ssh-rsa > debug2: ciphers ctos: chacha20-poly1...@openssh.com,aes128-ctr,aes256-ctr > debug2: ciphers stoc: chacha20-poly1...@openssh.com,aes128-ctr,aes256-ctr > debug2: MACs ctos: hmac-sha1,hmac-sha2-256 > debug2: MACs stoc: hmac-sha1,hmac-sha2-256 > debug2: compression ctos: z...@openssh.com,none > debug2: compression stoc: z...@openssh.com,none > debug2: languages ctos: > debug2: languages stoc: > debug2: first_kex_follows 0 > debug2: reserved 0 > debug1: kex: algorithm: curve25519-sha256 > debug1: kex: host key algorithm: ecdsa-sha2-nistp256 > debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: > <implicit> compression: none > debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: > <implicit> compression: none > debug3: send packet: type 30 > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
