[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Sorry folks, but as part of the bug clean up ahead of 16.04 LTS I'm marking this as invalid because it affects an Ubuntu release which is now unsupported. If you can still recreate this bug in a supported release please do open a new bug and we can triage it for consideration in the 16.04 LTS development cycle. ** Changed in: openssh (Ubuntu) Status: Triaged => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Hi guys. Without apparent reason suddenly I wasn't enable to make a ssh connection with my production server. When run a ssh -v I get "expecting SSH2_MSG_KEX_ECDH_REPLY connection closed". After spend a lot of time looking for a solution, I solve my problem just uncommenting two lines in my /etc/ssh/ssh_config file. I uncommented lines beginning with "Ciphers ..." and "MACs ". Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
no resolution ? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
:) ... In the IT world it takes time to analyze a problem well !! Congrats ... Happy Easter !! On 4 April 2015 at 13:06, Mike wrote: > Thank you for the suggestions Gary. I realized that my problem is caused > by the router firmware. Basically, they introduced loopback blocking and > I couldn't connect from the same network even using the external IP. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/708493 > > Title: > Can't login anymore: Read from socket failed: Connection reset by peer > > Status in openssh package in Ubuntu: > Triaged > Status in openssh package in Debian: > New > > Bug description: > After todays update to > 1:5.7p1-1ubuntu1 > I cannot login to SOME (!) of my servers. Example of a server failing: > > ~$ ssh -v root@mail > OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > debug1: Reading configuration data /home/hildeb/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to mail [141.42.202.200] port 22. > debug1: Connection established. > debug1: identity file /home/hildeb/.ssh/id_rsa type -1 > debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_dsa type 2 > debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 > debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 1.99, remote software version > OpenSSH_5.5p1 Debian-6 > debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > Read from socket failed: Connection reset by peer > > There is NOTHING in daemon.log, auth.log or syslog on the server I'm > trying to connect to. > > Example of a server NOT failing: > > $ ssh -v root@netsight > OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > debug1: Reading configuration data /home/hildeb/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to netsight [10.47.2.222] port 22. > debug1: Connection established. > debug1: identity file /home/hildeb/.ssh/id_rsa type -1 > debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_dsa type 2 > debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 > debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_5.5p1 Debian-6 > debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Server host key: RSA > 18:ce:76:c7:7c:f4:98:94:28:8f:62:4a:31:e8:5b:c9 > debug1: Host 'netsight' is known and matches the RSA host key. > debug1: Found key in /home/hildeb/.ssh/known_hosts:56 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: Roaming not allowed by server > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Offering DSA public key: /home/hildeb/.ssh/id_dsa > debug1: Server accepts key: pkalg ssh-dss blen 433 > debug1: Authentication succeeded (publickey). > Authenticated to netsight ([10.47.2.222]:22). > debug1: channel 0: new [client-session] > debug1: Requesting no-more-sessi...@openssh.com > debug1: Entering interactive session. > debug1: Sending environment. > debug1: Sending env LC_MESSAGES = en_US.utf8 >
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Thank you for the suggestions Gary. I realized that my problem is caused by the router firmware. Basically, they introduced loopback blocking and I couldn't connect from the same network even using the external IP. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
** Changed in: openssh (Ubuntu) Assignee: Irfan Fauzan (irfan-it2988) => (unassigned) ** Changed in: openssh (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
** Tags added: oneiric precise -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Why are you testing a NATED address from the same server ( client and server ) ? Do you get the same problem when connecting via the NATED address from the outside network ... using a different client machine from outside ? On 20 February 2015 at 20:43, Gary Salisbury wrote: > Did this used to work ? > > This bug is due to a ssh version change ... > > Sounds like you may have a firewall issue, if you are trying to connect > via a nated connection for the 1st time. > > Use tcpdump on your server ... and analyze the traffic on port 22 > > Compare the traffic, when you connect locally and then via the nated > connection. > > Use the verbose settings of ssh to get more information before > posting again .. > > > > > > > > > > On 20 February 2015 at 20:25, Mike wrote: > >> Thanks, but a specific client is not an option. I need to connect with any >> client from different systems. The flow I described is for problem >> isolation only. Putty cannot connect either. >> >> On Fri Feb 20 2015 at 18:31:15 Gary Salisbury <708...@bugs.launchpad.net> >> wrote: >> >> > Use dbclient ... >> > >> > On 20 February 2015 at 19:07, Mike wrote: >> > >> > > Hello, >> > > Not sure it is the same problem here, but I cannot connect to my >> machine >> > > if go through NAT. >> > ... >> >> -- >> You received this bug notification because you are subscribed to the bug >> report. >> https://bugs.launchpad.net/bugs/708493 >> >> Title: >> Can't login anymore: Read from socket failed: Connection reset by peer >> >> Status in openssh package in Ubuntu: >> Confirmed >> Status in openssh package in Debian: >> New >> >> Bug description: >> After todays update to >> 1:5.7p1-1ubuntu1 >> I cannot login to SOME (!) of my servers. Example of a server failing: >> >> ~$ ssh -v root@mail >> OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 >> debug1: Reading configuration data /home/hildeb/.ssh/config >> debug1: Reading configuration data /etc/ssh/ssh_config >> debug1: Applying options for * >> debug1: Connecting to mail [141.42.202.200] port 22. >> debug1: Connection established. >> debug1: identity file /home/hildeb/.ssh/id_rsa type -1 >> debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 >> debug1: identity file /home/hildeb/.ssh/id_dsa type 2 >> debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 >> debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 >> debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 >> debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 >> debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 >> debug1: Remote protocol version 1.99, remote software version >> OpenSSH_5.5p1 Debian-6 >> debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* >> debug1: Enabling compatibility mode for protocol 2.0 >> debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 >> debug1: SSH2_MSG_KEXINIT sent >> debug1: SSH2_MSG_KEXINIT received >> debug1: kex: server->client aes128-ctr hmac-md5 none >> debug1: kex: client->server aes128-ctr hmac-md5 none >> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >> Read from socket failed: Connection reset by peer >> >> There is NOTHING in daemon.log, auth.log or syslog on the server I'm >> trying to connect to. >> >> Example of a server NOT failing: >> >> $ ssh -v root@netsight >> OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 >> debug1: Reading configuration data /home/hildeb/.ssh/config >> debug1: Reading configuration data /etc/ssh/ssh_config >> debug1: Applying options for * >> debug1: Connecting to netsight [10.47.2.222] port 22. >> debug1: Connection established. >> debug1: identity file /home/hildeb/.ssh/id_rsa type -1 >> debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 >> debug1: identity file /home/hildeb/.ssh/id_dsa type 2 >> debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 >> debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 >> debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 >> debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 >> debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 >> debug1: Remote protocol version 2.0, remote software version >> OpenSSH_5.5p1 Debian-6 >> debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* >> debug1: Enabling compatibility mode for protocol 2.0 >> debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 >> debug1: SSH2_MSG_KEXINIT sent >> debug1: SSH2_MSG_KEXINIT received >> debug1: kex: server->client aes128-ctr hmac-md5 none >> debug1: kex: client->server aes128-ctr hmac-md5 none >> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >> debug1: Server host key: RSA >> 18:ce:76
Re: [Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Did this used to work ? This bug is due to a ssh version change ... Sounds like you may have a firewall issue, if you are trying to connect via a nated connection for the 1st time. Use tcpdump on your server ... and analyze the traffic on port 22 Compare the traffic, when you connect locally and then via the nated connection. Use the verbose settings of ssh to get more information before posting again .. On 20 February 2015 at 20:25, Mike wrote: > Thanks, but a specific client is not an option. I need to connect with any > client from different systems. The flow I described is for problem > isolation only. Putty cannot connect either. > > On Fri Feb 20 2015 at 18:31:15 Gary Salisbury <708...@bugs.launchpad.net> > wrote: > > > Use dbclient ... > > > > On 20 February 2015 at 19:07, Mike wrote: > > > > > Hello, > > > Not sure it is the same problem here, but I cannot connect to my > machine > > > if go through NAT. > > ... > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/708493 > > Title: > Can't login anymore: Read from socket failed: Connection reset by peer > > Status in openssh package in Ubuntu: > Confirmed > Status in openssh package in Debian: > New > > Bug description: > After todays update to > 1:5.7p1-1ubuntu1 > I cannot login to SOME (!) of my servers. Example of a server failing: > > ~$ ssh -v root@mail > OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > debug1: Reading configuration data /home/hildeb/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to mail [141.42.202.200] port 22. > debug1: Connection established. > debug1: identity file /home/hildeb/.ssh/id_rsa type -1 > debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_dsa type 2 > debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 > debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 1.99, remote software version > OpenSSH_5.5p1 Debian-6 > debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > Read from socket failed: Connection reset by peer > > There is NOTHING in daemon.log, auth.log or syslog on the server I'm > trying to connect to. > > Example of a server NOT failing: > > $ ssh -v root@netsight > OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > debug1: Reading configuration data /home/hildeb/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to netsight [10.47.2.222] port 22. > debug1: Connection established. > debug1: identity file /home/hildeb/.ssh/id_rsa type -1 > debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_dsa type 2 > debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 > debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_5.5p1 Debian-6 > debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Server host key: RSA > 18:ce:76:c7:7c:f4:98:94:28:8f:62:4a:31:e8:5b:c9 > debug1: Host 'netsight' is known and matches the RSA host key. > debug1: Found key in /home/hildeb/.ssh/known_hosts:56 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: Roaming not allowed by server > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1:
Re: [Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Thanks, but a specific client is not an option. I need to connect with any client from different systems. The flow I described is for problem isolation only. Putty cannot connect either. On Fri Feb 20 2015 at 18:31:15 Gary Salisbury <708...@bugs.launchpad.net> wrote: > Use dbclient ... > > On 20 February 2015 at 19:07, Mike wrote: > > > Hello, > > Not sure it is the same problem here, but I cannot connect to my machine > > if go through NAT. > ... -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Use dbclient ... On 20 February 2015 at 19:07, Mike wrote: > Hello, > Not sure it is the same problem here, but I cannot connect to my machine > if go through NAT. > If I connect directly from LAN everything works, but if I use the external > IP, then I get connection reset after debug1: SSH2_MSG_KEXINIT sent. > > Client and server is the same machine. I tried to set MTU to 1400 and > 400 with no effect, also changed the net.ipv4.tcp_rmem setting and tried > different cipher algorithms with no luck. > > Linux 3.16.0-31-generic #41-Ubuntu > Ubuntu 14.10 > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/708493 > > Title: > Can't login anymore: Read from socket failed: Connection reset by peer > > Status in openssh package in Ubuntu: > Confirmed > Status in openssh package in Debian: > New > > Bug description: > After todays update to > 1:5.7p1-1ubuntu1 > I cannot login to SOME (!) of my servers. Example of a server failing: > > ~$ ssh -v root@mail > OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > debug1: Reading configuration data /home/hildeb/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to mail [141.42.202.200] port 22. > debug1: Connection established. > debug1: identity file /home/hildeb/.ssh/id_rsa type -1 > debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_dsa type 2 > debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 > debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 1.99, remote software version > OpenSSH_5.5p1 Debian-6 > debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > Read from socket failed: Connection reset by peer > > There is NOTHING in daemon.log, auth.log or syslog on the server I'm > trying to connect to. > > Example of a server NOT failing: > > $ ssh -v root@netsight > OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > debug1: Reading configuration data /home/hildeb/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to netsight [10.47.2.222] port 22. > debug1: Connection established. > debug1: identity file /home/hildeb/.ssh/id_rsa type -1 > debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_dsa type 2 > debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 > debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_5.5p1 Debian-6 > debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Server host key: RSA > 18:ce:76:c7:7c:f4:98:94:28:8f:62:4a:31:e8:5b:c9 > debug1: Host 'netsight' is known and matches the RSA host key. > debug1: Found key in /home/hildeb/.ssh/known_hosts:56 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: Roaming not allowed by server > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Offering DSA public key: /home/hildeb/.ssh/id_dsa > debug1: Server accepts key: pkalg ssh-dss blen 433 > debug1: Authentication succeeded (publickey). > Authenticated to netsight ([10.47.2.222]:22). > debug1: channe
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Hello, Not sure it is the same problem here, but I cannot connect to my machine if go through NAT. If I connect directly from LAN everything works, but if I use the external IP, then I get connection reset after debug1: SSH2_MSG_KEXINIT sent. Client and server is the same machine. I tried to set MTU to 1400 and 400 with no effect, also changed the net.ipv4.tcp_rmem setting and tried different cipher algorithms with no luck. Linux 3.16.0-31-generic #41-Ubuntu Ubuntu 14.10 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
This worked for me: ssh -v admin@172.16.3.253 -o KexAlgorithms=diffie-hellman-group14-sha1 source: http://stackoverflow.com/questions/25341773/cisco-ssh-key-exchange- fails-from-ubuntu-14-04-client-dh-key-range-mismatch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
This has now been bountied : https://www.bountysource.com/issues/1033630-can-t-login-anymore-read- from-socket-failed-connection-reset-by-peer Good Luck 'Guesy ' and others. This is just a note of a bounty made and shouldn't change the spirit of fixing bugs. Thank-you. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
I figured out a temporary workaround. Edit your ~/.ssh/config, and add the line: Ciphers aes128-cbc I haven't done any real debugging, but there looks like there could be a problem with ciphers bigger than 128-bits. My Cisco devices are complaining about DH length when I use AES192 or AES256. AES128 works fine. It's not ideal, but it could help for the time-being. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Well, at least in my case, I found that all the sshd host keys were truncated. I'm guessing that the hard shutdown of the VM was the cause but I'm not 100% sure. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
I don't know if it's related but this is the log of trying to use that RSA key to connect to a server: debug1: Trying private key: /etc/ssh/ssh_host_rsa_key debug1: key_parse_private2: missing begin marker debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type Enter passphrase for key '/etc/ssh/ssh_host_rsa_key': The key should not have a password AFAIK -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Looks to be a "No supported key exchange algorithms [preauth]" problem. Regenerating the host RSA key with "ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key" fixes the issue Log of failure (pre-keygen) on host: $ sudo /usr/sbin/sshd -p -D -d -d -d -e debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 37 debug2: parse_server_config: config /etc/ssh/sshd_config len 37 debug3: /etc/ssh/sshd_config:1 setting PermitRootLogin yes debug3: /etc/ssh/sshd_config:2 setting LogLevel DEBUG3 debug1: sshd version OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014 debug3: Truncated RSA1 identifier debug1: key_parse_private2: missing begin marker debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type debug3: Truncated RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key Could not load host key: /etc/ssh/ssh_host_rsa_key debug3: Truncated RSA1 identifier debug1: key_parse_private2: missing begin marker debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type debug3: Truncated RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_dsa_key" as a RSA1 public key Could not load host key: /etc/ssh/ssh_host_dsa_key debug3: Truncated RSA1 identifier debug1: key_parse_private2: missing begin marker debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type debug3: Truncated RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key Could not load host key: /etc/ssh/ssh_host_ecdsa_key debug3: Truncated RSA1 identifier debug1: key_parse_private2: missing begin marker debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type debug3: Truncated RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ed25519_key" as a RSA1 public key Could not load host key: /etc/ssh/ssh_host_ed25519_key debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-p' debug1: rexec_argv[2]='' debug1: rexec_argv[3]='-D' debug1: rexec_argv[4]='-d' debug1: rexec_argv[5]='-d' debug1: rexec_argv[6]='-d' debug1: rexec_argv[7]='-e' debug3: oom_adjust_setup Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port on 0.0.0.0. Server listening on 0.0.0.0 port . debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port on ::. Server listening on :: port . debug3: fd 5 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 8 config len 37 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug3: recv_rexec_state: entering fd = 5 debug3: ssh_msg_recv entering debug3: recv_rexec_state: done debug2: parse_server_config: config rexec len 37 debug3: rexec:1 setting PermitRootLogin yes debug3: rexec:2 setting LogLevel DEBUG3 debug1: sshd version OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014 debug3: Truncated RSA1 identifier debug1: key_parse_private2: missing begin marker debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type debug3: Truncated RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key Could not load host key: /etc/ssh/ssh_host_rsa_key debug3: Truncated RSA1 identifier debug1: key_parse_private2: missing begin marker debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type debug3: Truncated RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_dsa_key" as a RSA1 public key Could not load host key: /etc/ssh/ssh_host_dsa_key debug3: Truncated RSA1 identifier debug1: key_parse_private2: missing begin marker debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type debug3: Truncated RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key Could not load host key: /etc/ssh/ssh_host_ecdsa_key debug3: Truncated RSA1 identifier debug1: key_parse_private2: missing begin marker debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type debug3: Truncated RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ed25519_key" as a RSA1 public key Could not load host key: /etc/ssh/ssh_host_ed25519_key debug1: inetd sockets after dupping: 3, 3 Connection from 192.168.56.1 port 53307 on 192.168.56.101 port debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH* compat 0x0400 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1 debug2: fd 3 setting O_NONBLOCK debug2: Network child is on pid 3095 debug3: preauth child monitor started debug3: privsep user:group 117:6553
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
My cases of this bug (though it seems like there are different ones with similar symptoms) happen each time I reset a 14.04 VM to an older state from a hard shutdown. Localhost ssh connections fail as well with same output. Workaround for me is regenerating the host keys (sudo rm /etc/ssh/host_* && sudo ssh-keygen -A) each time I revert the VM. Changing the cipher/kex does not seem to change the outcome. I wonder if some junk gets written to the keys in bad shutdowns. I'll see If I can debug the output of the sshd. Client log below: $ ssh root@redacted - OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.56.101 [192.168.56.101] port 22. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load "/home/sg/.ssh/id_rsa" as a RSA1 public key debug1: identity file /home/sg/.ssh/id_rsa type 1 debug1: identity file /home/sg/.ssh/id_rsa-cert type -1 debug1: identity file /home/sg/.ssh/id_dsa type -1 debug1: identity file /home/sg/.ssh/id_dsa-cert type -1 debug1: identity file /home/sg/.ssh/id_ecdsa type -1 debug1: identity file /home/sg/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/sg/.ssh/id_ed25519 type -1 debug1: identity file /home/sg/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p1 Ubuntu-2ubuntu1 debug1: match: OpenSSH_6.6p1 Ubuntu-2ubuntu1 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x1400 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host "192.168.56.101" from file "/home/sg/.ssh/known_hosts" debug3: load_hostkeys: found key type ECDSA in file /home/sg/.ssh/known_hosts:87 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug2: compat_kex_proposal: original KEX proposal: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: Compat: skipping algorithm "curve25519-sha...@libssh.org" debug2: compat_kex_proposal: compat KEX proposal: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug1: SSH2_MSG_KEXINIT sent Read from socket failed: Connection reset by peer -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
** Changed in: openssh (Ubuntu) Assignee: (unassigned) => Irfan Fauzan (irfan-it2988) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Hi I am facing the same problem. I have tried manys mentioned on the net to solve but nothing seem to work. When I called: ping -M do -s 1500 ubuntu This is what I recieved in output- PING ubuntu (127.0.1.1) 1500(1528) bytes of data. 1508 bytes from ubuntu (127.0.1.1): icmp_req=1 ttl=64 time=0.052 ms 1508 bytes from ubuntu (127.0.1.1): icmp_req=2 ttl=64 time=0.037 ms 1508 bytes from ubuntu (127.0.1.1): icmp_req=3 ttl=64 time=0.030 ms 1508 bytes from ubuntu (127.0.1.1): icmp_req=4 ttl=64 time=0.039 ms Command- ssh -c 3des-cbc host Output- * Documentation: https://help.ubuntu.com/ Last login: Thu Apr 11 22:10:40 2013 from localhost But when I enter the command- git clone g...@github.com:Shondhi/Hello.git Output is- Cloning into 'Hello'... Read from socket failed: Connection reset by peer fatal: The remote end hung up unexpectedly Kindly, guide me. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Howdy, I know that in my case, this was definitely an MTU problem, and it exhibits exactly the behavior stated above. to test this, call ping -M do -s 1500 If it goes through, this is probably not your issue. If it does not, try lowering the -s value until it does go through. If the value that you find is lower than the MTU on your interface, this is likely the problem. The solution would be to change your MTU size on the interface. You can check this with ifconfig and set it with sudo ifconfig mtu 1000 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Hi, I've managed to solve the issue... purge openssh-server on server machine, then reinstall -- worked for me. Regards SCUBA -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
I've studied the thread and tried the workaround suggestions. The problem persists in 12.04.2! Regards SCUBA -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
I know the workaround. But we're here on a bug report platform ... I posted to say "hey, the problem is still here in 12.04!" Best regards, Nicolas -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
It's not really an answer, this bug has been around in ssh for a year or so already ... dropbear doesn't have this issue or older versions of ssh ... they don't crash , it should have been fixed by now. On 21 December 2012 18:44, Andrew Schulman wrote: > Multiple commenters (#19, #43) have posted the workaround. In my > ~/ssh/.config I now have > > Host * > # Workaround for the dreaded 'connection reset by peer' bug, openssh >=5.7: > Ciphers aes128-ctr,aes192-ctr,aes256-ctr > > and I no longer see this problem. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/708493 > > Title: > Can't login anymore: Read from socket failed: Connection reset by peer > > Status in “openssh” package in Ubuntu: > Confirmed > Status in “openssh” package in Debian: > New > > Bug description: > After todays update to > 1:5.7p1-1ubuntu1 > I cannot login to SOME (!) of my servers. Example of a server failing: > > ~$ ssh -v root@mail > OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > debug1: Reading configuration data /home/hildeb/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to mail [141.42.202.200] port 22. > debug1: Connection established. > debug1: identity file /home/hildeb/.ssh/id_rsa type -1 > debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_dsa type 2 > debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 > debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 1.99, remote software version > OpenSSH_5.5p1 Debian-6 > debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > Read from socket failed: Connection reset by peer > > There is NOTHING in daemon.log, auth.log or syslog on the server I'm > trying to connect to. > > Example of a server NOT failing: > > $ ssh -v root@netsight > OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > debug1: Reading configuration data /home/hildeb/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to netsight [10.47.2.222] port 22. > debug1: Connection established. > debug1: identity file /home/hildeb/.ssh/id_rsa type -1 > debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_dsa type 2 > debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 > debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_5.5p1 Debian-6 > debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Server host key: RSA > 18:ce:76:c7:7c:f4:98:94:28:8f:62:4a:31:e8:5b:c9 > debug1: Host 'netsight' is known and matches the RSA host key. > debug1: Found key in /home/hildeb/.ssh/known_hosts:56 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: Roaming not allowed by server > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Offering DSA public key: /home/hildeb/.ssh/id_dsa > debug1: Server accepts key: pkalg ssh-dss blen 433 > debug1: Authentication succeeded (publickey). > Authenticated to netsight ([10.47.2.222]:22). > debug1: channel 0: new [client-session] > debug1:
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Multiple commenters (#19, #43) have posted the workaround. In my ~/ssh/.config I now have Host * # Workaround for the dreaded 'connection reset by peer' bug, openssh >=5.7: Ciphers aes128-ctr,aes192-ctr,aes256-ctr and I no longer see this problem. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
Use dropbear On 21 December 2012 15:27, Nicolas Michel wrote: > I have the same problem here. Only on one remote host: > > sylock@sylock-vmware:~$ ssh -vvv XX > OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012 > debug1: Reading configuration data /home/sylock/.ssh/config > debug1: /home/sylock/.ssh/config line 1: Applying options for * > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 19: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to XX[172.24.6.18] port 22. > debug1: Connection established. > debug1: identity file /home/sylock/.ssh/id_rsa type -1 > debug1: identity file /home/sylock/.ssh/id_rsa-cert type -1 > debug1: identity file /home/sylock/.ssh/id_dsa type -1 > debug1: identity file /home/sylock/.ssh/id_dsa-cert type -1 > debug1: identity file /home/sylock/.ssh/id_ecdsa type -1 > debug1: identity file /home/sylock/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1 > debug1: match: OpenSSH_5.1 pat OpenSSH_5* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1 > debug2: fd 3 setting O_NONBLOCK > debug3: load_hostkeys: loading entries for host "fsmal989" from file > "/home/sylock/.ssh/known_hosts" > debug3: load_hostkeys: found key type RSA in file > /home/sylock/.ssh/known_hosts:269 > debug3: load_hostkeys: loaded 1 keys > debug3: order_hostkeyalgs: prefer hostkeyalgs: > ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-rsa > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa-cert-...@openssh.com, > ssh-rsa-cert-...@openssh.com,ssh-rsa, > ecdsa-sha2-nistp256-cert-...@openssh.com, > ecdsa-sha2-nistp384-cert-...@openssh.com, > ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-dss-cert-...@openssh.com, > ssh-dss-cert-...@openssh.com > ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, > rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour, > rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com > ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, > hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com > ,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160, > hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, > rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc, > rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com > ,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com > ,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_setup: found hmac-md5 > debug1: kex: server->client aes128-ctr hmac-md5 none > debug2: mac_setup: found hmac-md5 > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > Write failed: Connection reset by peer > > > sylock@sylock-vmware:~$ ssh -V > OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012 > > sylock@sylock-vmware:~$ cat /etc/*release > DISTRIB_ID=Ubuntu > DISTRIB_RELEASE=12.10 > DISTRIB_CODENAME=quantal > DISTRIB_DESCRIPTION="Ubuntu 12.10" > NAME="Ubuntu" >
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
I have the same problem here. Only on one remote host: sylock@sylock-vmware:~$ ssh -vvv XX OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012 debug1: Reading configuration data /home/sylock/.ssh/config debug1: /home/sylock/.ssh/config line 1: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to XX[172.24.6.18] port 22. debug1: Connection established. debug1: identity file /home/sylock/.ssh/id_rsa type -1 debug1: identity file /home/sylock/.ssh/id_rsa-cert type -1 debug1: identity file /home/sylock/.ssh/id_dsa type -1 debug1: identity file /home/sylock/.ssh/id_dsa-cert type -1 debug1: identity file /home/sylock/.ssh/id_ecdsa type -1 debug1: identity file /home/sylock/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1 debug1: match: OpenSSH_5.1 pat OpenSSH_5* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host "fsmal989" from file "/home/sylock/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /home/sylock/.ssh/known_hosts:269 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-...@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP Write failed: Connection reset by peer sylock@sylock-vmware:~$ ssh -V OpenSSH_6.0p1 Debian-3ubuntu1, OpenSSL 1.0.1c 10 May 2012 sylock@sylock-vmware:~$ cat /etc/*release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.10 DISTRIB_CODENAME=quantal DISTRIB_DESCRIPTION="Ubuntu 12.10" NAME="Ubuntu" VERSION="12.10, Quantal Quetzal" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu quantal (12.10)" VERSION_ID="12.10" sylock@sylock-vmware:~$ ldd /usr/bin/ssh linux-vdso.so.1 => (0x711c) libselinux.so.1 => /lib/x86_64-linux-gn
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
ssh -c 3des-cbc host also works for me as well. And adding this to my ssh config makes it automatic Host * Ciphers 3des-cbc btw, this is only a problem through my cisco openconnect VPN. Different VPNs don't have this issue. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer
** Summary changed: - cannot login anymore: Read from socket failed: Connection reset by peer + Can't login anymore: Read from socket failed: Connection reset by peer -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: Can't login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs