bugzilla-daemon at mindrot.org
2004-Apr-07 18:41 UTC
[Bug 837] connection closed by remote host
http://bugzilla.mindrot.org/show_bug.cgi?id=837 Summary: connection closed by remote host Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org ReportedBy: godfrey.anderson at cibc.com Hi, I am using OpenSSH_3.4p1 on Solaris 8 systems to implement password less logins between two servers. I have created a public/private key from one account on server HostA., I have then copied the "id_rsa_pub" key to a user account on hostB. in directory $HOME/.ssh, the permission of the authorized_keys file set with "chmod 600 authorized_keys", the .ssh directory is set to 700 by chmod, the $HOME directory permisions is also set to 755. When I try to connect using the command "ssh -l usernameA HostB" I receive the following messages: Connection to unixs348 closed by remote host. Connection to unixs348 closed. The connection was NOT successful I have taken the same "id_rsa.pub" file and tried it under a second account on HostB,with exactly the same permissions setup as above, and the command "ssh -l usernameB HostB" from HostA completes SUCCESSFULLY. I have created public/private keys for passwordless logins on many of our servers, setup in exactly the same way, I have no idea why the ssh connection failes on one userid and is successful on the next, can anyone shed some light on this for me, Thanks in advance for any help..... Godfrey Here is the debug output of the failed connection attempt using usernameA: OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to unixs348 [10.66.71.25] port 22. debug1: Connection established. debug1: identity file /export/home/etl_ops/.ssh/identity type -1 debug3: Not a RSA1 key file /export/home/etl_ops/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: no key found debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: no key found debug1: identity file /export/home/etl_ops/.ssh/id_rsa type 1 debug1: identity file /export/home/etl_ops/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman- group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman- group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 133/256 debug1: bits set: 1567/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /export/home/etl_ops/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile: filename /export/home/etl_ops/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'unixs348' is known and matches the RSA host key. debug1: Found key in /export/home/etl_ops/.ssh/known_hosts:1 debug1: bits set: 1577/3191 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug3: input_userauth_banner debug1: authentications that can continue: publickey,password,keyboard- interactive debug3: start over, passed a different list publickey,password,keyboard- interactive debug3: preferred publickey debug3: authmethod_lookup publickey debug3: remaining preferred: debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey debug1: try privkey: /export/home/etl_ops/.ssh/identity debug3: no such identity: /export/home/etl_ops/.ssh/identity debug1: try pubkey: /export/home/etl_ops/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 110948 hint 1 debug2: input_userauth_pk_ok: fp 61:ff:c1:f1:05:24:73:8d:8b:63:e0:4b:db:68:3e:61 debug3: sign_and_send_pubkey debug1: read PEM private key done: type RSA debug1: ssh-userauth2 successful: method publickey debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug1: send channel open 0 debug1: Entering interactive session. debug1: channel_free: channel 0: client-session, nchannels 1 debug3: channel_free: status: The following connections are open: #0 client-session (t3 r-1 i0/0 o0/0 fd 5/6) debug3: channel_close_fds: channel 0: r 5 w 6 e 7 Connection to unixs348 closed by remote host. Connection to unixs348 closed. debug1: Transferred: stdin 0, stdout 0, stderr 79 bytes in 0.0 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1603.7 debug1: Exit status -1 etl_ops at unixs352:/export/home/etl_ops/.ssh$ Here is the result of the same command on the successful attempt using usernameB: OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to unixs348 [10.66.71.25] port 22. debug1: Connection established. debug1: identity file /export/home/etl_ops/.ssh/identity type -1 debug3: Not a RSA1 key file /export/home/etl_ops/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: no key found debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug3: key_read: no space debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: no key found debug1: identity file /export/home/etl_ops/.ssh/id_rsa type 1 debug1: identity file /export/home/etl_ops/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman- group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman- group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128- cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac- ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 127/256 debug1: bits set: 1577/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /export/home/etl_ops/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug3: check_host_in_hostfile: filename /export/home/etl_ops/.ssh/known_hosts debug3: check_host_in_hostfile: match line 1 debug1: Host 'unixs348' is known and matches the RSA host key. debug1: Found key in /export/home/etl_ops/.ssh/known_hosts:1 debug1: bits set: 1564/3191 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug3: input_userauth_banner debug1: authentications that can continue: publickey,password,keyboard- interactive debug3: start over, passed a different list publickey,password,keyboard- interactive debug3: preferred publickey debug3: authmethod_lookup publickey debug3: remaining preferred: debug3: authmethod_is_enabled publickey debug1: next auth method to try is publickey debug1: try privkey: /export/home/etl_ops/.ssh/identity debug3: no such identity: /export/home/etl_ops/.ssh/identity debug1: try pubkey: /export/home/etl_ops/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 110948 hint 1 debug2: input_userauth_pk_ok: fp 61:ff:c1:f1:05:24:73:8d:8b:63:e0:4b:db:68:3e:61 debug3: sign_and_send_pubkey debug1: read PEM private key done: type RSA debug1: ssh-userauth2 successful: method publickey debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug1: send channel open 0 debug1: Entering interactive session. debug2: callback start debug1: ssh_session2_setup: id 0 debug1: channel request 0: pty-req debug3: tty_make_modes: ospeed 9600 debug3: tty_make_modes: ispeed 0 debug3: tty_make_modes: 1 3 debug3: tty_make_modes: 2 28 debug3: tty_make_modes: 3 8 debug3: tty_make_modes: 4 21 debug3: tty_make_modes: 5 4 debug3: tty_make_modes: 6 0 debug3: tty_make_modes: 7 0 debug3: tty_make_modes: 8 17 debug3: tty_make_modes: 9 19 debug3: tty_make_modes: 10 26 debug3: tty_make_modes: 11 25 debug3: tty_make_modes: 12 18 debug3: tty_make_modes: 13 23 debug3: tty_make_modes: 14 22 debug3: tty_make_modes: 16 0 debug3: tty_make_modes: 18 15 debug3: tty_make_modes: 30 0 debug3: tty_make_modes: 31 0 debug3: tty_make_modes: 32 0 debug3: tty_make_modes: 33 0 debug3: tty_make_modes: 34 0 debug3: tty_make_modes: 35 0 debug3: tty_make_modes: 36 1 debug3: tty_make_modes: 37 0 debug3: tty_make_modes: 38 1 debug3: tty_make_modes: 39 0 debug3: tty_make_modes: 40 0 debug3: tty_make_modes: 41 1 debug3: tty_make_modes: 50 1 debug3: tty_make_modes: 51 1 debug3: tty_make_modes: 52 0 debug3: tty_make_modes: 53 1 debug3: tty_make_modes: 54 1 debug3: tty_make_modes: 55 1 debug3: tty_make_modes: 56 0 debug3: tty_make_modes: 57 0 debug3: tty_make_modes: 58 0 debug3: tty_make_modes: 59 1 debug3: tty_make_modes: 60 1 debug3: tty_make_modes: 61 1 debug3: tty_make_modes: 62 0 debug3: tty_make_modes: 70 1 debug3: tty_make_modes: 71 0 debug3: tty_make_modes: 72 1 debug3: tty_make_modes: 73 0 debug3: tty_make_modes: 74 0 debug3: tty_make_modes: 75 0 debug3: tty_make_modes: 90 1 debug3: tty_make_modes: 91 1 debug3: tty_make_modes: 92 0 debug3: tty_make_modes: 93 0 debug1: channel request 0: shell debug1: fd 4 setting TCP_NODELAY debug2: callback done debug1: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 131072 Last login: Wed Apr 7 10:54:16 2004 from 10.1.40.123 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Apr-08 00:44 UTC
[Bug 837] connection closed by remote host
http://bugzilla.mindrot.org/show_bug.cgi?id=837 ------- Additional Comments From dtucker at zip.com.au 2004-04-08 10:44 ------- 3.4p1 is quite old, and you reproduce with 3.8p1? Either way, the information most likely to to show what's going on is will be in the server-side debugging. Try: # /path/to/sshd -ddd -p 2222 then connect with $ ssh -p 2022 yourhost then attach (note: use "create new attachment", do not paste into the text fields) the output of sshd on your failing host. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Apr-08 15:34 UTC
[Bug 837] connection closed by remote host
http://bugzilla.mindrot.org/show_bug.cgi?id=837 ------- Additional Comments From godfrey.anderson at cibc.com 2004-04-09 01:34 ------- Created an attachment (id=599) --> (http://bugzilla.mindrot.org/attachment.cgi?id=599&action=view) output of sshd in debug mode & sshd_config file Here is the output from the sshd -ddd -p 2222 command. Note, that I have disguised my IP addresses, as I should have done when I first submitted the bug. The content of my sshd_config file is also included. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-Apr-14 04:13 UTC
[Bug 837] connection closed by remote host
http://bugzilla.mindrot.org/show_bug.cgi?id=837 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From dtucker at zip.com.au 2004-04-14 12:13 ------- PAMAuthenticationViaKbdInt isn't equivalent to UsePAM, but the difference probably isn't going to matter in this case. This is probably caused by the same thing as bug #789. The patches in that bug are quite simple, so you can probably apply those to 3.4p1 with minimal hassle (you will need both attachments #537 and #547). BTW I hope you have applied the buffer patch to your 3.4p1: http://www.openssh.com/txt/buffer.adv ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2004-May-07 00:32 UTC
[Bug 837] connection closed by remote host
http://bugzilla.mindrot.org/show_bug.cgi?id=837 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2004-05-07 10:32 ------- Closing this bug: it's an old OpenSSH version, a patch is available and the issue is believed fixed in 3.8.1p1. Please reopen if you can reproduce the problem on 3.8.1p1. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 387] New: command="" in authorized_keys fails when sshd_config has "PermitRootLogon forced-commands-only"
- Still logs me out - openssh 3.4.p1
- 3.8p1 password expiry, Solaris 8
- Case where ssh hangs on exit with 2.9.9p2 on Sol8
- 2.9p2 -- ForwardX11 fails -- X11 connection uses different authentication protocol