Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED]Can no longer ssh into colocated server OR localhost
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
figueroa
l33t
l33t


Joined: 14 Aug 2005
Posts: 858
Location: Lower right-hand corner USA

PostPosted: Thu Aug 13, 2020 7:29 pm    Post subject: [SOLVED]Can no longer ssh into colocated server OR localhost Reply with quote

I noticed this just this morning. I have a very mature, up-to-date x86 server collated in the same room which I usually access via ssh from my x86_64 desktop, but not this morning:

Code:
$ssh jeremiah
Connection closed by 192.168.0.105 port 2021

"jeremiah" is the name of the server at 192.168.0.105 and it is at port 2021. So, I enter:
Code:

$ ssh -v jeremiah
OpenSSH_8.1p1, OpenSSL 1.1.1g  21 Apr 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 52: Applying options for jeremiah
debug1: Connecting to jeremiah [192.168.0.105] port 2021.
debug1: Connection established.
debug1: identity file /home/figueroa/.ssh/id_rsa type 0
debug1: identity file /home/figueroa/.ssh/id_rsa-cert type -1
debug1: identity file /home/figueroa/.ssh/id_dsa type -1
debug1: identity file /home/figueroa/.ssh/id_dsa-cert type -1
debug1: identity file /home/figueroa/.ssh/id_ecdsa type -1
debug1: identity file /home/figueroa/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/figueroa/.ssh/id_ed25519 type -1
debug1: identity file /home/figueroa/.ssh/id_ed25519-cert type -1
debug1: identity file /home/figueroa/.ssh/id_xmss type -1
debug1: identity file /home/figueroa/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1
debug1: match: OpenSSH_8.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to jeremiah:2021 as 'figueroa'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:IEiSZZ2N5OXQkE7fs9dbyMjtH3wxDqyvxgtvwxqoYhw
debug1: Host '[jeremiah]:2021' is known and matches the ECDSA host key.
debug1: Found key in /home/figueroa/.ssh/known_hosts:666
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /home/figueroa/.ssh/id_rsa RSA SHA256:KLDcZoUAM+qzgiOKAOJKLtkSDptTip/2xGuSxWUzHRA
debug1: Will attempt key: /home/figueroa/.ssh/id_dsa
debug1: Will attempt key: /home/figueroa/.ssh/id_ecdsa
debug1: Will attempt key: /home/figueroa/.ssh/id_ed25519
debug1: Will attempt key: /home/figueroa/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
Connection closed by 192.168.0.105 port 2021


In the log at jeremiah I find:
Code:
$ tail /var/log/sshd/current
Aug 13 13:20:32 [sshd] Unable to negotiate with 192.168.0.102 port 33762: no
matching host key type found. Their offer:
rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
[preauth]
Aug 13 13:21:02 [sshd] Received signal 15; terminating.
Aug 13 13:21:02 [sshd] Server listening on 0.0.0.0 port 2021.


I don't understand it, of course, but, on the server (jeremiah), I also try:
Code:
$ssh -p 2021 localhost
Connection closed by 127.0.0.1 port 2021


For sure, sshd is broken. I did reboot the server about this time yesterday, because I was having trouble authenticating for email. After the reboot, that works fine. Mail on the server works fine and rsync also works fine because I use this server as my Gentoo repository server. I can still ssh from server to my desktop, but not from desktop to server, and not from server to localhost.

I had not changed /etc/ssh/ssh_config or sshd_config, and those configuration files are almost identical on both home desktop and home server except for the sshd port.

Yesterday's emerge updates pulled in:
Code:
sys-libs/glibc-2.31-r6
dev-libs/libffi-3.3-r2
dev-libs/mpfr-4.1.0
net-libs/libtirpc-1.2.6
net-libs/libnsl-1.3.0-r1
dev-libs/nspr-4.26
net-libs/rpcsvc-proto-1.4.2
dev-libs/nss-3.55
app-portage/mirrorselect-2.2.6-r1
mail-client/claws-mail-3.17.6-r1

though there was nothing notable in the log messages about them.

Help!

ADDED: I authenticate with a password.
_________________
Andy Figueroa
andy@andyfigueroa.net Working with Unix since 1983.


Last edited by figueroa on Thu Aug 13, 2020 8:59 pm; edited 1 time in total
Back to top
View user's profile Send private message
halcon
Guru
Guru


Joined: 15 Dec 2019
Posts: 330

PostPosted: Thu Aug 13, 2020 8:08 pm    Post subject: Reply with quote

Hi figueroa,

Did you read that topic?

There is another ssh error, but it's also on x86 architecture, also after upgrading sys-libs/glibc to 2.31-r6.

Maybe upgrading net-misc/openssh to 8.3_p1-r4 will help you.
Back to top
View user's profile Send private message
alamahant
Guru
Guru


Joined: 23 Mar 2019
Posts: 555

PostPosted: Thu Aug 13, 2020 8:09 pm    Post subject: Reply with quote

Hi,
If you authenticate with a password why are there so many log msgs about keys?
In your sshd_config do u have
Code:

PasswordAuthentication yes

It doesnt seem to prompt u for a password.
?
Maybe sshd_config was overwritten by a newer version or something..
:D
Back to top
View user's profile Send private message
figueroa
l33t
l33t


Joined: 14 Aug 2005
Posts: 858
Location: Lower right-hand corner USA

PostPosted: Thu Aug 13, 2020 8:31 pm    Post subject: Reply with quote

halcon wrote:
Hi figueroa,

Did you read that topic?

There is another ssh error, but it's also on x86 architecture, also after upgrading sys-libs/glibc to 2.31-r6.

Maybe upgrading net-misc/openssh to 8.3_p1-r4 will help you.

Bless your heart. Upgrading on the server to ~x86 openssh-8.3_p1-r4 fixed the sshd server.
_________________
Andy Figueroa
andy@andyfigueroa.net Working with Unix since 1983.
Back to top
View user's profile Send private message
figueroa
l33t
l33t


Joined: 14 Aug 2005
Posts: 858
Location: Lower right-hand corner USA

PostPosted: Thu Aug 13, 2020 8:39 pm    Post subject: Reply with quote

alamahant wrote:
Hi,
If you authenticate with a password why are there so many log msgs about keys?
In your sshd_config do u have
Code:

PasswordAuthentication yes

It doesnt seem to prompt u for a password.
?
Maybe sshd_config was overwritten by a newer version or something..
:D

Thanks for replying. I actually thought the problem was related to keys, but I couldn't track that down.

The solution really was to upgrade to =net-misc/openssh-8.3_p1-r4 ~x86 on that x86 server caused by an upgrade to glibc that seems to have broken sshd in more ways than one. The same glibc upgrade on my amd64 machine did not affect sshd. (head scratcher)

Not at all related to the lines in /etc/ssh/sshd_config that read:
Code:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no


That isn't the line that ordinarily enables password authentication.
_________________
Andy Figueroa
andy@andyfigueroa.net Working with Unix since 1983.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum