ssh, sftp, sshfs error: Connection reset by peer

soupcan · 2011-02-04 06:21:31

Done a bit of googling with this, haven't found a solution. I've been trying to connect to a server for a bit now to get to a few backups, and none of the normal tools are working. I've added sshd to hosts.allow, sshd is running, and scp/ssh programs (putty and winscp) are working fine under Windows. Yet I can't connect in Arch. Relevant info:
ssh -v output

OpenSSH_5.7p1, OpenSSL 1.0.0c 2 Dec 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to foo.host.com [85.17.5.145] port 22.
debug1: Connection established.
debug1: identity file /home/foo/.ssh/id_rsa type -1
debug1: identity file /home/foo/.ssh/id_rsa-cert type -1
debug1: identity file /home/foo/.ssh/id_dsa type -1
debug1: identity file /home/foo/.ssh/id_dsa-cert type -1
debug1: identity file /home/foo/.ssh/id_ecdsa type -1
debug1: identity file /home/foo/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5
debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
Read from socket failed: Connection reset by peer

tomk · 2011-02-04 06:52:40

Check the logs on the server.

soupcan · 2011-02-04 07:10:41

tomk wrote:

Check the logs on the server.

I can only access it by ssh...

soupcan · 2011-02-06 00:52:30

Please help, I need to access a backup sometime soon. I'm not sure what other logs I need to provide, and I can't get anything from the server.

soupcan · 2011-02-11 20:29:57

Hello, I've been attempting to fix this without luck for the last week. With the help of #openssh, I've determined that I cannot connect to any hosts with ssh. However, telnet connects and I have no firewall running. I would be most appreciative of any suggestions.

litemotiv · 2011-02-11 20:45:38

There's not much to SSH. The only thing that i can think of is your /etc/ssh/ssh_config, did you doublecheck that?

hosts.allow/deny is not needed or of influence here, that would only apply to other machines connecting to your machine.

Have you tried with/without keyfile, as user/root etc?

soupcan · 2011-02-11 20:58:28

I've tried moving /etc/ssh/ssh_config to ssh_config.old to generate a new config, no change. Before this, I never touched ssh_config and everything worked. I've tried as root, my user, and a newly made user with no files in its home dir. The only thing I haven't tried is keyfiles, but I need to be able to access the server to set those up.

Last edited by soupcan (2011-02-11 21:02:22)

litemotiv · 2011-02-11 21:06:29

soupcan wrote:

I've tried moving /etc/ssh/ssh_config to ssh_config.old to generate a new config, no change. Before this, I never touched ssh_config and everything worked. I've tried as root, my user, and a newly made user with no files in its home dir. The only thing I haven't tried is keyfiles, but I need to be able to access the server to set those up.

You said that you couldn't connect to any host, so maybe you could try connecting to a different host wihout keyfile?

Edit: my bad, you weren't using a keyfile in the first place.

Last edited by litemotiv (2011-02-11 21:08:28)

soupcan · 2011-02-11 21:23:55

litemotiv wrote:

soupcan wrote:
I've tried moving /etc/ssh/ssh_config to ssh_config.old to generate a new config, no change. Before this, I never touched ssh_config and everything worked. I've tried as root, my user, and a newly made user with no files in its home dir. The only thing I haven't tried is keyfiles, but I need to be able to access the server to set those up.
You said that you couldn't connect to any host, so maybe you could try connecting to a different host wihout keyfile?
Edit: my bad, you weren't using a keyfile in the first place.

I never even get the option to enter a password anyway, so I feel like keyfiles wouldn't have fixed anything. Not really a loss.

Last edited by soupcan (2011-02-11 21:32:29)

z0id · 2011-02-12 00:00:43

Try disabling tcp checksum offloading with ethtool.

Ronis_BR · 2011-02-14 21:46:06

Hi guys,

I'm really thinking it is an Arch Linux bug.
I have a router (WiFi AP) and three devices connected: one computer with bleeding edge arch (1), one with almost one year old arch (2) and a android cellphone (3). So, everything is using the same external IP.

When I try to connect to a server using SSH, (1) has the same problem described by soupcan, (2) and (3) connects perfectly. (1) does not have network problem, since I can connect to the server by VNC, for example. I also tried SSH at the same port of VNC to exclude firewall problems, but the problem remains.

vesath · 2011-02-14 23:39:31

In case you feel like helping solve this issue: http://bugs.archlinux.org/task/22897

tomk · 2011-02-15 08:16:09

Issue reproduced here, but against Ronis_BR's server only - my own is working fine, with 5.8 client connecting to 5.6 server.

Have either of you run your server in debug mode while these connections are attempted? A comparison of the outputs for 5.6->5.6 and 5.8->5.6 might be useful.

parky6 · 2011-02-16 12:21:42

Hi,

I have a problem connecting to HP iLO with current version: openssh 5.8p1.
I have compiled 5.6p1 5.7p1 and 5.8p1 with no any options passed to ./configure but prefix. Here is the result:

[13:04][xxxxxx@zzzzzz opt]$ ./openssh-5.8p1/bin/ssh -v yyyyyy
OpenSSH_5.8p1, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /opt/openssh-5.8p1/etc/ssh_config
debug1: Connecting to yyyyyy [1.2.3.4] port 22.
debug1: Connection established.
debug1: identity file /home/xxxxxx/.ssh/id_rsa type -1
debug1: identity file /home/xxxxxx/.ssh/id_rsa-cert type -1
debug1: identity file /home/xxxxxx/.ssh/id_dsa type 2
debug1: identity file /home/xxxxxx/.ssh/id_dsa-cert type -1
debug1: identity file /home/xxxxxx/.ssh/id_ecdsa type -1
debug1: identity file /home/xxxxxx/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version mpSSH_0.1.0
debug1: no match: mpSSH_0.1.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
Received disconnect from 1.2.3.4: 2: Client Disconnect
[13:05][xxxxxx@zzzzzz opt]$ 
[13:05][xxxxxx@zzzzzz opt]$ 
[13:05][xxxxxx@zzzzzz opt]$ 
[13:05][xxxxxx@zzzzzz opt]$ 
[13:05][xxxxxx@zzzzzz opt]$ ./openssh-5.7p1/bin/ssh -v yyyyyy
OpenSSH_5.7p1, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /opt/openssh-5.7p1/etc/ssh_config
debug1: Connecting to yyyyyy [1.2.3.4] port 22.
debug1: Connection established.
debug1: identity file /home/xxxxxx/.ssh/id_rsa type -1
debug1: identity file /home/xxxxxx/.ssh/id_rsa-cert type -1
debug1: identity file /home/xxxxxx/.ssh/id_dsa type 2
debug1: identity file /home/xxxxxx/.ssh/id_dsa-cert type -1
debug1: identity file /home/xxxxxx/.ssh/id_ecdsa type -1
debug1: identity file /home/xxxxxx/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version mpSSH_0.1.0
debug1: no match: mpSSH_0.1.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.7
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
Received disconnect from 1.2.3.4: 2: Client Disconnect
[13:05][xxxxxx@zzzzzz opt]$ 
[13:05][xxxxxx@zzzzzz opt]$ 
[13:05][xxxxxx@zzzzzz opt]$ ./openssh-5.6p1/bin/ssh -v yyyyyy
OpenSSH_5.6p1, OpenSSL 1.0.0d 8 Feb 2011
debug1: Reading configuration data /opt/openssh-5.6p1/etc/ssh_config
debug1: Connecting to yyyyyy [1.2.3.4] port 22.
debug1: Connection established.
debug1: identity file /home/xxxxxx/.ssh/id_rsa type -1
debug1: identity file /home/xxxxxx/.ssh/id_rsa-cert type -1
debug1: identity file /home/xxxxxx/.ssh/id_dsa type 2
debug1: identity file /home/xxxxxx/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version mpSSH_0.1.0
debug1: no match: mpSSH_0.1.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'yyyyyy' is known and matches the RSA host key.
debug1: Found key in /home/xxxxxx/.ssh/known_hosts:68
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xxxxxx/.ssh/id_rsa
debug1: Offering DSA public key: /home/xxxxxx/.ssh/id_dsa
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: password
xxxxxx@yyyyyy's password:

As you can view - I have success only with openssh 5.6p1

Is there any configuration option that I can try to solve the issue?

soupcan · 2011-03-07 19:24:58

I'm no longer having this issue, it seems to have been resolved by a recent update. I'm going to try and determine which one it was.

sulraug · 2011-03-09 17:47:09

I still have the problem, so if you know what solved it post it, please.

fax8 · 2011-03-10 10:59:54

I was also affected by this issue. This fixed it: https://bugs.archlinux.org/task/22897#comment72694

My logs:
client: http://pastebin.com/T1tYGbDL
server: http://pastebin.com/nUXDJfSj

fax8 · 2011-03-10 11:23:28

A better way of fixing this seems to be https://bugs.archlinux.org/task/22897#comment73361

sulraug · 2011-03-10 12:06:53

Allthough the I started to had the problem when the update of openssh, it seems my problem was other. I had to enable clamp mss to the mtu in shorewall. I had several tcpdumps running, and in my case I had a lot of incorrect checkums. This was likely the source of my problem. The curious thing is that I never had to enable this before.

Leonid.I · 2011-03-10 21:05:01

Someone affected by this issue, have you tried a complete reinstall of openssh? I mean remove the pkg, /etc/ssh, ~/.ssh; and then install openssh again, regenerating the keys. I am asking, because I am still failing to reproduce this problem (x86_64 arch laptop w/ ssh 5.8 -> x86 arch desktop w/ ssh 5.8; RHEL 4 -> same arch desktop). My /etc/ssh_config's are default and ~/.ssh/config is:

Compression yes
LogLevel DEBUG1

Arch Linux

#1 2011-02-04 06:21:31

ssh, sftp, sshfs error: Connection reset by peer

#2 2011-02-04 06:52:40

Re: ssh, sftp, sshfs error: Connection reset by peer

#3 2011-02-04 07:10:41

Re: ssh, sftp, sshfs error: Connection reset by peer

#4 2011-02-06 00:52:30

Re: ssh, sftp, sshfs error: Connection reset by peer

#5 2011-02-11 20:29:57

Re: ssh, sftp, sshfs error: Connection reset by peer

#6 2011-02-11 20:45:38

Re: ssh, sftp, sshfs error: Connection reset by peer

#7 2011-02-11 20:58:28

Re: ssh, sftp, sshfs error: Connection reset by peer

#8 2011-02-11 21:06:29

Re: ssh, sftp, sshfs error: Connection reset by peer

#9 2011-02-11 21:23:55

Re: ssh, sftp, sshfs error: Connection reset by peer

#10 2011-02-12 00:00:43

Re: ssh, sftp, sshfs error: Connection reset by peer

#11 2011-02-14 21:46:06

Re: ssh, sftp, sshfs error: Connection reset by peer

#12 2011-02-14 23:39:31

Re: ssh, sftp, sshfs error: Connection reset by peer

#13 2011-02-15 08:16:09

Re: ssh, sftp, sshfs error: Connection reset by peer

#14 2011-02-16 12:21:42

Re: ssh, sftp, sshfs error: Connection reset by peer

#15 2011-03-07 19:24:58

Re: ssh, sftp, sshfs error: Connection reset by peer

#16 2011-03-09 17:47:09

Re: ssh, sftp, sshfs error: Connection reset by peer

#17 2011-03-10 10:59:54

Re: ssh, sftp, sshfs error: Connection reset by peer

#18 2011-03-10 11:23:28

Re: ssh, sftp, sshfs error: Connection reset by peer

#19 2011-03-10 12:06:53

Re: ssh, sftp, sshfs error: Connection reset by peer

#20 2011-03-10 21:05:01

Re: ssh, sftp, sshfs error: Connection reset by peer

Board footer