[Bug 708493] Re: Can't login anymore: Read from socket failed: Connection reset by peer

Srdjan Grubor sgnn7 at sgnn7.org
Tue Jun 10 20:44:50 UTC 2014 

Looks to be a "No supported key exchange algorithms [preauth]" problem.

Regenerating the host RSA key with "ssh-keygen -t rsa -f
/etc/ssh/ssh_host_rsa_key" fixes the issue

Log of failure (pre-keygen) on host:
$ sudo /usr/sbin/sshd -p 2222 -D -d -d -d -e
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 37
debug2: parse_server_config: config /etc/ssh/sshd_config len 37
debug3: /etc/ssh/sshd_config:1 setting PermitRootLogin yes
debug3: /etc/ssh/sshd_config:2 setting LogLevel DEBUG3
debug1: sshd version OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014
debug3: Truncated RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug3: Truncated RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
Could not load host key: /etc/ssh/ssh_host_rsa_key
debug3: Truncated RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug3: Truncated RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_dsa_key" as a RSA1 public key
Could not load host key: /etc/ssh/ssh_host_dsa_key
debug3: Truncated RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug3: Truncated RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
debug3: Truncated RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug3: Truncated RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ed25519_key" as a RSA1 public key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[2]='2222'
debug1: rexec_argv[3]='-D'
debug1: rexec_argv[4]='-d'
debug1: rexec_argv[5]='-d'
debug1: rexec_argv[6]='-d'
debug1: rexec_argv[7]='-e'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 2222 on ::.
Server listening on :: port 2222.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 37
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config: config rexec len 37
debug3: rexec:1 setting PermitRootLogin yes
debug3: rexec:2 setting LogLevel DEBUG3
debug1: sshd version OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014
debug3: Truncated RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug3: Truncated RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
Could not load host key: /etc/ssh/ssh_host_rsa_key
debug3: Truncated RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug3: Truncated RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_dsa_key" as a RSA1 public key
Could not load host key: /etc/ssh/ssh_host_dsa_key
debug3: Truncated RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug3: Truncated RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
debug3: Truncated RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug3: Truncated RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ed25519_key" as a RSA1 public key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.56.1 port 53307 on 192.168.56.101 port 2222
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 3095
debug3: preauth child monitor started
debug3: privsep user:group 117:65534 [preauth]
debug1: permanently_set_uid: 117/65534 [preauth]
debug1: list_hostkey_types:  [preauth]
No supported key exchange algorithms [preauth]
debug1: do_cleanup [preauth]
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: Killing privsep child 3095

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/708493

Title:
  Can't login anymore: Read from socket failed: Connection reset by peer

Status in “openssh” package in Ubuntu:
  Confirmed
Status in “openssh” package in Debian:
  New

Bug description:
  After todays update to
  1:5.7p1-1ubuntu1
  I cannot login to SOME (!) of my servers. Example of a server failing:

  ~$ ssh -v root at mail
  OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010
  debug1: Reading configuration data /home/hildeb/.ssh/config
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: Applying options for *
  debug1: Connecting to mail [141.42.202.200] port 22.
  debug1: Connection established.
  debug1: identity file /home/hildeb/.ssh/id_rsa type -1
  debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1
  debug1: identity file /home/hildeb/.ssh/id_dsa type 2
  debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
  debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
  debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1
  debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1
  debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1
  debug1: Remote protocol version 1.99, remote software version OpenSSH_5.5p1 Debian-6
  debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH*
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug1: kex: server->client aes128-ctr hmac-md5 none
  debug1: kex: client->server aes128-ctr hmac-md5 none
  debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
  Read from socket failed: Connection reset by peer

  There is NOTHING in daemon.log, auth.log or syslog on the server I'm
  trying to connect to.

  Example of a server NOT failing:

  $ ssh -v root at netsight
  OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010
  debug1: Reading configuration data /home/hildeb/.ssh/config
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: Applying options for *
  debug1: Connecting to netsight [10.47.2.222] port 22.
  debug1: Connection established.
  debug1: identity file /home/hildeb/.ssh/id_rsa type -1
  debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1
  debug1: identity file /home/hildeb/.ssh/id_dsa type 2
  debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
  debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
  debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1
  debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1
  debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1
  debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6
  debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH*
  debug1: Enabling compatibility mode for protocol 2.0
  debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1
  debug1: SSH2_MSG_KEXINIT sent
  debug1: SSH2_MSG_KEXINIT received
  debug1: kex: server->client aes128-ctr hmac-md5 none
  debug1: kex: client->server aes128-ctr hmac-md5 none
  debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
  debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
  debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
  debug1: Server host key: RSA 18:ce:76:c7:7c:f4:98:94:28:8f:62:4a:31:e8:5b:c9
  debug1: Host 'netsight' is known and matches the RSA host key.
  debug1: Found key in /home/hildeb/.ssh/known_hosts:56
  debug1: ssh_rsa_verify: signature correct
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug1: SSH2_MSG_NEWKEYS received
  debug1: Roaming not allowed by server
  debug1: SSH2_MSG_SERVICE_REQUEST sent
  debug1: SSH2_MSG_SERVICE_ACCEPT received
  debug1: Authentications that can continue: publickey,keyboard-interactive
  debug1: Next authentication method: publickey
  debug1: Offering DSA public key: /home/hildeb/.ssh/id_dsa
  debug1: Server accepts key: pkalg ssh-dss blen 433
  debug1: Authentication succeeded (publickey).
  Authenticated to netsight ([10.47.2.222]:22).
  debug1: channel 0: new [client-session]
  debug1: Requesting no-more-sessions at openssh.com
  debug1: Entering interactive session.
  debug1: Sending environment.
  debug1: Sending env LC_MESSAGES = en_US.utf8
  debug1: Sending env LANG = de_DE.UTF-8

  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: openssh-client 1:5.7p1-1ubuntu1
  ProcVersionSignature: Ubuntu 2.6.37-12.26-generic 2.6.37
  Uname: Linux 2.6.37-12-generic x86_64
  Architecture: amd64
  Date: Thu Jan 27 09:13:15 2011
  ProcEnviron:
   LANGUAGE=en_US:en
   LANG=de_DE.UTF-8
   LC_MESSAGES=en_US.utf8
   SHELL=/bin/bash
  RelatedPackageVersions:
   ssh-askpass N/A
   libpam-ssh N/A
   keychain N/A
   ssh-askpass-gnome 1:5.7p1-1ubuntu1
  SSHClientVersion: OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010
  SourcePackage: openssh

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions

More information about the foundations-bugs mailing list