Lennart Poettering <lenn...@poettering.net> writes: > On Mon, 20.04.15 13:01, Spencer Baugh (sba...@catern.com) wrote: >> Lennart Poettering <lenn...@poettering.net> writes: >> > Hmm, so you say the initial connection does not work but triggers the >> > container, but the subsequent one will? >> >> Not quite; the initial connection seems to actually make it to sshd, as >> sshd has logs of getting it, but the connection is interrupted at some >> point by some thing before anything useful can be done. >> Subsequent connections indeed work fine. > > Interrupted? What precisely does sshd in the container log about the > connection?
I've just noticed that there are in fact two cases: The case where I first ssh from the host to the container, and the case where I first ssh from another unrelated machine with IPv6 connectivity to the container. Neither works, but they do appear to have different behavior. In both cases, all subsequent ssh connections work fine no matter where they originate from. Here are logs for both cases, both ssh and sshd side. Case of sshing from the host to the container: Both sides are hung at the end of these logs. # Log of ssh -vvvv on the host root@ipv6-test:~# ssh -vvvv 2001:470:8:9d:201:2ff:feaa:bbcd -p 23 OpenSSH_6.7p1 Debian-3, OpenSSL 1.0.1k 8 Jan 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 2001:470:8:9d:201:2ff:feaa:bbcd [2001:470:8:9d:201:2ff:feaa:bbcd] port 23. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-3 # logs of sshd inside the container, when sshing from host root@ipv6-container:/# journalctl -u sshd* -- Logs begin at Mon 2015-04-20 18:08:32 UTC, end at Mon 2015-04-20 18:08:33 UTC. -- Apr 20 18:08:32 ipv6-container systemd[1]: Starting SSH Per-Connection Server for 0 ([2001:470:8:9d:201:2ff:feaa:bbcd]:38383)... Apr 20 18:08:32 ipv6-container systemd[1]: Started SSH Per-Connection Server for 0 ([2001:470:8:9d:201:2ff:feaa:bbcd]:38383). Apr 20 18:08:32 ipv6-container sshd[57]: debug1: inetd sockets after dupping: 3, 4 Apr 20 18:08:32 ipv6-container sshd[57]: Connection from 2001:470:8:9d:201:2ff:feaa:bbcd port 38383 on 2001:470:8:9d:201:2ff:feaa:bbcd port 23 Apr 20 18:08:32 ipv6-container sshd[57]: debug1: Client protocol version 2.0; client software version OpenSSH_6.7p1 Debian-3 Apr 20 18:08:32 ipv6-container sshd[57]: debug1: match: OpenSSH_6.7p1 Debian-3 pat OpenSSH* compat 0x04000000 Apr 20 18:08:32 ipv6-container sshd[57]: debug1: Enabling compatibility mode for protocol 2.0 Apr 20 18:08:32 ipv6-container sshd[57]: debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5 Apr 20 18:08:32 ipv6-container sshd[57]: debug2: fd 3 setting O_NONBLOCK Apr 20 18:08:32 ipv6-container sshd[57]: debug3: fd 4 is O_NONBLOCK Apr 20 18:08:32 ipv6-container sshd[57]: debug2: Network child is on pid 64 Apr 20 18:08:32 ipv6-container sshd[57]: debug3: preauth child monitor started Apr 20 18:08:32 ipv6-container sshd[57]: debug3: privsep user:group 104:65534 [preauth] Apr 20 18:08:32 ipv6-container sshd[57]: debug1: permanently_set_uid: 104/65534 [preauth] Apr 20 18:08:32 ipv6-container sshd[57]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] Apr 20 18:08:32 ipv6-container sshd[57]: debug1: SSH2_MSG_KEXINIT sent [preauth] Case of sshing from an unrelated machine to the container: The ssh side terminates with the error at the end, but the sshd side appears to just hang. # logs of ssh -vvvv on unrelated machine root@lxc0:~# ssh -vvvv 2001:470:8:9d:201:2ff:feaa:bbcd -p 23 OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1k 8 Jan 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 2001:470:8:9d:201:2ff:feaa:bbcd [2001:470:8:9d:201:2ff:feaa:bbcd] port 23. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5 debug1: match: OpenSSH_6.7p1 Debian-5 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug3: put_host_port: [2001:470:8:9d:201:2ff:feaa:bbcd]:23 debug3: load_hostkeys: loading entries for host "[2001:470:8:9d:201:2ff:feaa:bbcd]:23" from file "/root/.ssh/known_hosts" debug3: load_hostkeys: found key type ECDSA in file /root/.ssh/known_hosts:1 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com debug2: kex_parse_kexinit: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: setup umac-64-...@openssh.com debug1: kex: server->client aes128-ctr umac-64-...@openssh.com none debug2: mac_setup: setup umac-64-...@openssh.com debug1: kex: client->server aes128-ctr umac-64-...@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY Read from socket failed: Connection reset by peer # logs of sshd inside the container, when sshing from unrelated machine -- Logs begin at Mon 2015-04-20 18:06:52 UTC, end at Mon 2015-04-20 18:06:53 UTC. -- Apr 20 18:06:52 ipv6-container systemd[1]: Starting SSH Per-Connection Server for 0 ([2001:470:7:12f::2]:42531)... Apr 20 18:06:52 ipv6-container systemd[1]: Started SSH Per-Connection Server for 0 ([2001:470:7:12f::2]:42531). Apr 20 18:06:52 ipv6-container sshd[57]: debug1: inetd sockets after dupping: 3, 4 Apr 20 18:06:52 ipv6-container sshd[57]: Connection from 2001:470:7:12f::2 port 42531 on 2001:470:8:9d:201:2ff:feaa:bbcd port 23 Apr 20 18:06:52 ipv6-container sshd[57]: debug1: Client protocol version 2.0; client software version OpenSSH_6.7p1 Debian-5 Apr 20 18:06:52 ipv6-container sshd[57]: debug1: match: OpenSSH_6.7p1 Debian-5 pat OpenSSH* compat 0x04000000 Apr 20 18:06:52 ipv6-container sshd[57]: debug1: Enabling compatibility mode for protocol 2.0 Apr 20 18:06:52 ipv6-container sshd[57]: debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5 Apr 20 18:06:52 ipv6-container sshd[57]: debug2: fd 3 setting O_NONBLOCK Apr 20 18:06:52 ipv6-container sshd[57]: debug3: fd 4 is O_NONBLOCK Apr 20 18:06:52 ipv6-container sshd[57]: debug2: Network child is on pid 67 Apr 20 18:06:52 ipv6-container sshd[57]: debug3: preauth child monitor started Apr 20 18:06:52 ipv6-container sshd[57]: debug3: privsep user:group 104:65534 [preauth] Apr 20 18:06:52 ipv6-container sshd[57]: debug1: permanently_set_uid: 104/65534 [preauth] Apr 20 18:06:52 ipv6-container sshd[57]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] Apr 20 18:06:52 ipv6-container sshd[57]: debug1: SSH2_MSG_KEXINIT sent [preauth] _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel