ssh works for all users except specific user (connection reset by peer)

fcbman · 08-26-2014, 04:40 AM

Hi,
There are plenty of threads on this error:
Read from socket failed: Connection reset by peer
which most of them indicating a defect...
But I encounter a different issue...:

In my server, I'm able to ssh localhost as all users. e.g:

[root@pc2 ~]# ssh localhost
root@localhost's password:
Last login: Tue Aug 26 05:53:03 2014 from localhost
[root@pc2 ~]#

But! once trying with a specific user, I get the connection reset by peer error:

otherusr@pc2 [~]# ssh localhost
Read from socket failed: Connection reset by peer
otherusr@pc2 [~]#

checking the permissions of the otherusr .ssh dir and the files in it it all looks fine:

otherusr@pc2 [~/.ssh]# ll
total 24
drwx------ 2 otherusr fcbman 4096 Aug 26 05:45 ./
drwxr-xr-x. 21 otherusr fcbman 4096 Aug 26 05:52 ../
-rw-r--r-- 1 otherusr fcbman 780 Aug 24 10:16 authorized_keys
-rw------- 1 otherusr fcbman 1671 Aug 24 10:04 id_rsa
-rw-r--r-- 1 otherusr fcbman 390 Aug 24 10:04 id_rsa.pub
-rw-r--r-- 1 otherusr fcbman 1022 Aug 26 05:45 known_hosts

does anyone has any idea?
the only threads I found indicated HW issue... but since it is working for other users and not a specific user I would assume it is not the same issue...

appreciate any help

Thanks a lot,
fcbman

pan64 · 08-26-2014, 05:46 AM

you need to post sshd_config, start sshd in debug mode and look for related messages in /var/log

fcbman · 08-26-2014, 07:30 AM

pasting only the non remarked rows:

Protocol 2
SyslogFacility AUTHPRIV
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server

I started the sshd in debug mode (with 3 d) and nothing in the debug!
only write messages:

debug3: Wrote 48 bytes for a total of 4237
debug3: Wrote 48 bytes for a total of 4285
debug3: Wrote 48 bytes for a total of 4333
debug3: Wrote 112 bytes for a total of 4445

and still getting closed by peer...

thanks.

pan64 · 08-26-2014, 07:57 AM

I think you need to start ssh also in debug mode. You need to find some info somewhere, either in server or client side.

fcbman · 08-27-2014, 05:10 AM

I'm not sure what you mean to start also ssh in debug...
the ssh daemon is in debug

trying to use ssh_debug command I get less info... maybe it will help:

otherusr@pc2 [~]# ssh_debug localhost
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /home/pc/otherusr/local/prime_secured/ssh_config
debug1: Connecting to localhost [::1] port 1107.
debug1: Connection established.
debug1: identity file /home/pc/otherusr/local/prime_secured/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer

thanks.

wpeckham · 08-27-2014, 05:38 AM

I doubt you will find the problem in the ssh debug stream. Check the end of sshd_conf and see if there is a secific user block for this user, if not I would look in the .bash_profile and .bashrc for that user next. Something is specific to that user and NOT to the service.

I hope that this helps.

pan64 · 08-27-2014, 05:40 AM

use the ssh command, the client in debug mode:

Quote:

-v Verbose mode. Causes ssh to print debugging messages about its progress. This is helpful in debugging connection, authentication, and configuration prob‐
lems. Multiple -v options increase the verbosity. The maximum is 3.

and on the server side (sshd):

Quote:

-d Debug mode. The server sends verbose debug output to standard error, and does not put itself in the background. The server also will not fork and will only
process one connection. This option is only intended for debugging for the server. Multiple -d options increase the debugging level. Maximum is 3.

fcbman · 08-27-2014, 06:39 AM

verbose is exactly what I posted... (ssh_debug is similar to ssh_debug):

otherusr@pc2 [~]# ssh -v localhost
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /home/pc/otherusr/local/prime_secured/ssh_config
debug1: Connecting to localhost [::1] port 1107.
debug1: Connection established.
debug1: identity file /home/pc/otherusr/local/prime_secured/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer

in server side nothing except:

debug3: Wrote 48 bytes for a total of 4093
debug3: Wrote 48 bytes for a total of 4141
debug3: Wrote 48 bytes for a total of 4189
debug3: Wrote 48 bytes for a total of 4237
debug3: Wrote 48 bytes for a total of 4285
debug3: Wrote 48 bytes for a total of 4333
debug3: Wrote 112 bytes for a total of 4445

Thanks.

fcbman · 08-27-2014, 06:43 AM

here is the full server side...

[root@pc2 ~]# debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 563
debug2: parse_server_config: config /etc/ssh/sshd_config len 563
debug3: /etc/ssh/sshd_config:21 setting Protocol 2
debug3: /etc/ssh/sshd_config:36 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:66 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:70 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:81 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:83 setting GSSAPICleanupCredentials yes
debug3: /etc/ssh/sshd_config:97 setting UsePAM yes
debug3: /etc/ssh/sshd_config:100 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:101 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:102 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:103 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:109 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:132 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_5.3p1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.

nothing else in the debug after that although tried to connect 5-6 times (ssh localhost)

sundialsvcs · 08-28-2014, 07:36 AM

Those are only the startup messages. If you see no further messages, which indicate a connection being made or even attempted, then "there's your answer." The traffic is not getting through to the SSH host.

Start SSHD again, making very sure that no other SSHD daemons are running and that this really is the IP-address that the user is talking to. (Is there a "hosts" file entry, for example?) The messages so-far indicate that SSHD has started and is waiting for a connection. Now, try to connect. You should see some further log-entries appearing at this point.

YankeePride13 · 08-28-2014, 07:43 AM

What distro? If Ubuntu, is there any mention of login attempts in /var/log/auth.log?

fcbman · 08-28-2014, 08:35 AM

It is red hat. No auth file...
we are reinstalling the machine... will give updates if issue happens again.
Thanks.