[Bug 2071777] [NEW] Unable to ssh to servers in other subnet

Yordan 2071777 at bugs.launchpad.net
Wed Jul 3 07:46:59 UTC 2024 

Public bug reported:

Yesterday i updated OpenSSH to 1:8.9p1-3ubuntu0.10 on few of my servers,
and since i have a problem to ssh to them from other subnets. That means
if i am in same subnet where servers are i can connect, but if i try
from another it fails with 'kex_exchange_identification: read:
Connection reset by peer'. Its not firewall problem, cause i have other
servers that are not ubuntu in same subnet and i can connect from other
subnets.

Ubuntu version: 22.04

Debug log from server:

```
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: audit_event: unhandled event 12
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: Killing privsep child 1170737
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: do_cleanup
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: monitor_read_log: child log fd closed
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: do_cleanup [preauth]
Jul 03 09:43:17 srv1 sshd[1170736]: Connection reset by 192.168.3.13 port 50288 [preauth]
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: permanently_set_uid: 106/65534 [preauth]
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: compat_banner: match: OpenSSH_9.6 pat OpenSSH* compat 0x04000000
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: Remote protocol version 2.0, remote software version OpenSSH_9.6
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
Jul 03 09:43:17 srv1 sshd[1170736]: Connection from 192.168.3.13 port 50288 on 192.168.1.190 port 22 rdomain ""
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: inetd sockets after dupping: 4, 4
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Jul 03 09:43:17 srv1 sshd[1170736]: debug1: Set /proc/self/oom_score_adj to 0
``

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

** Description changed:

  Yesterday i updated OpenSSH to 1:8.9p1-3ubuntu0.10 on few of my servers,
  and since i have a problem to ssh to them from other subnets. That means
  if i am in same subnet where servers are i can connect, but if i try
  from another it fails with 'kex_exchange_identification: read:
  Connection reset by peer'. Its not firewall problem, cause i have other
  servers that are not ubuntu in same subnet and i can connect from other
  subnets.
  
  Ubuntu version: 22.04
  
  Debug log from server:
  
  ```
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: audit_event: unhandled event 12
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: Killing privsep child 1170737
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: do_cleanup
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: monitor_read_log: child log fd closed
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: do_cleanup [preauth]
- Jul 03 09:43:17 srv1 sshd[1170736]: Connection reset by 192.168.2.13 port 50288 [preauth]
+ Jul 03 09:43:17 srv1 sshd[1170736]: Connection reset by 192.168.3.13 port 50288 [preauth]
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: SSH2_MSG_KEXINIT sent [preauth]
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: permanently_set_uid: 106/65534 [preauth]
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: compat_banner: match: OpenSSH_9.6 pat OpenSSH* compat 0x04000000
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: Remote protocol version 2.0, remote software version OpenSSH_9.6
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
  Jul 03 09:43:17 srv1 sshd[1170736]: Connection from 192.168.3.13 port 50288 on 192.168.1.190 port 22 rdomain ""
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: inetd sockets after dupping: 4, 4
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: Set /proc/self/oom_score_adj to 0
  ``

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2071777

Title:
  Unable to ssh to servers in other subnet

Status in openssh package in Ubuntu:
  New

Bug description:
  Yesterday i updated OpenSSH to 1:8.9p1-3ubuntu0.10 on few of my
  servers, and since i have a problem to ssh to them from other subnets.
  That means if i am in same subnet where servers are i can connect, but
  if i try from another it fails with 'kex_exchange_identification:
  read: Connection reset by peer'. Its not firewall problem, cause i
  have other servers that are not ubuntu in same subnet and i can
  connect from other subnets.

  Ubuntu version: 22.04

  Debug log from server:

  ```
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: audit_event: unhandled event 12
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: Killing privsep child 1170737
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: do_cleanup
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: monitor_read_log: child log fd closed
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: do_cleanup [preauth]
  Jul 03 09:43:17 srv1 sshd[1170736]: Connection reset by 192.168.3.13 port 50288 [preauth]
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: SSH2_MSG_KEXINIT sent [preauth]
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: permanently_set_uid: 106/65534 [preauth]
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: compat_banner: match: OpenSSH_9.6 pat OpenSSH* compat 0x04000000
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: Remote protocol version 2.0, remote software version OpenSSH_9.6
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
  Jul 03 09:43:17 srv1 sshd[1170736]: Connection from 192.168.3.13 port 50288 on 192.168.1.190 port 22 rdomain ""
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: inetd sockets after dupping: 4, 4
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
  Jul 03 09:43:17 srv1 sshd[1170736]: debug1: Set /proc/self/oom_score_adj to 0
  ``

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2071777/+subscriptions

More information about the foundations-bugs mailing list