Christian Hesse
2015-May-04 19:21 UTC
fatal: ssh_dispatch_run_fatal: Connection reset by peer [preauth]
Hello everybody, I have systemd set up to listen on ssh socket (:::22), the connection is handled to sshd via socket activation. Usually this works perfectly fine. However the service is checked from nagios. Sometimes the host logs: systemd[1]: Started OpenSSH Per-Connection Daemon ([::1]:60865). systemd[1]: Starting OpenSSH Per-Connection Daemon ([::1]:60865)... systemd[1]: Started OpenSSH Per-Connection Daemon (127.0.0.1:41286). systemd[1]: Starting OpenSSH Per-Connection Daemon (127.0.0.1:41286)... sshd[2854]: Connection closed by ::1 [preauth] sshd[2855]: fatal: ssh_dispatch_run_fatal: Connection reset by peer [preauth] Looks like this happens if we have two incoming connection (::1 and 127.0.0.1 are checked) at the some time. Why does this happen? Who's fault is it? As these are TCP connections I would expect it is not a problem to know what packet belongs to what connection. -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);} -------------- next part -------------- A non-text attachment was scrubbed... Name: lo.pcap Type: application/vnd.tcpdump.pcap Size: 3730 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150504/750d381f/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150504/750d381f/attachment-0001.bin>
Damien Miller
2015-May-05 02:36 UTC
fatal: ssh_dispatch_run_fatal: Connection reset by peer [preauth]
On Mon, 4 May 2015, Christian Hesse wrote:> Hello everybody, > > I have systemd set up to listen on ssh socket (:::22), the connection is > handled to sshd via socket activation. Usually this works perfectly fine. > > However the service is checked from nagios. Sometimes the host logs: > > systemd[1]: Started OpenSSH Per-Connection Daemon ([::1]:60865). > systemd[1]: Starting OpenSSH Per-Connection Daemon ([::1]:60865)... > systemd[1]: Started OpenSSH Per-Connection Daemon (127.0.0.1:41286). > systemd[1]: Starting OpenSSH Per-Connection Daemon (127.0.0.1:41286)... > sshd[2854]: Connection closed by ::1 [preauth] > sshd[2855]: fatal: ssh_dispatch_run_fatal: Connection reset by peer [preauth] > > Looks like this happens if we have two incoming connection (::1 and > 127.0.0.1 are checked) at the some time. > Why does this happen? Who's fault is it? As these are TCP connections I would > expect it is not a problem to know what packet belongs to what connection.You might need to look at server debug output and/or tcpdumps to see what is going on here, but it looks like whatever is making the connections is gracefully closing one but unceremoniously dropping the other. BTW openssh HEAD has a more useful error message for connections closed by TCP reset. -d
Christian Hesse
2015-May-05 07:30 UTC
fatal: ssh_dispatch_run_fatal: Connection reset by peer [preauth]
Damien Miller <djm at mindrot.org> on Tue, 2015/05/05 12:36:> On Mon, 4 May 2015, Christian Hesse wrote: > > > Hello everybody, > > > > I have systemd set up to listen on ssh socket (:::22), the connection is > > handled to sshd via socket activation. Usually this works perfectly fine. > > > > However the service is checked from nagios. Sometimes the host logs: > > > > systemd[1]: Started OpenSSH Per-Connection Daemon ([::1]:60865). > > systemd[1]: Starting OpenSSH Per-Connection Daemon ([::1]:60865)... > > systemd[1]: Started OpenSSH Per-Connection Daemon (127.0.0.1:41286). > > systemd[1]: Starting OpenSSH Per-Connection Daemon (127.0.0.1:41286)... > > sshd[2854]: Connection closed by ::1 [preauth] > > sshd[2855]: fatal: ssh_dispatch_run_fatal: Connection reset by peer > > [preauth] > > > > Looks like this happens if we have two incoming connection (::1 and > > 127.0.0.1 are checked) at the some time. > > Why does this happen? Who's fault is it? As these are TCP connections I > > would expect it is not a problem to know what packet belongs to what > > connection. > > You might need to look at server debug output and/or tcpdumps to see > what is going on here, but it looks like whatever is making the connections > is gracefully closing one but unceremoniously dropping the other. > > BTW openssh HEAD has a more useful error message for connections closed > by TCP reset.Tried with HEAD from git master, but I can not reproduce it there... I will let you know if I can give more information about what is going on. -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);} -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150505/75d75fca/attachment-0001.bin>
Possibly Parallel Threads
- [Bug 2727] New: ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 8002: message authentication code incorrect
- [Bug 2327] New: sshd to log one unique string or prefix after connection failure, no matter why.
- An Analysis of the DHEat DoS Against SSH in Cloud Environments
- IMAP preauth and stats-writer
- IMAP preauth and stats-writer