LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   ssh Connection reset by peer -- Suggestions for getting debug messages? (http://www.linuxquestions.org/questions/linux-networking-3/ssh-connection-reset-by-peer-suggestions-for-getting-debug-messages-727203/)

pcardout 05-20-2009 01:34 AM
ssh Connection reset by peer -- Suggestions for getting debug messages?
 
Hello LQers. I hope I have some good karma -- because this one is weird.
[Just spent an hour helping a noob with a graphics card problem ... karma].

We all understand this message:
Code:
Read from remote host xxx: Connection reset by peer
Connection to xxx closed.
but I am getting it frequently and have eliminated all the obvious
possibilities.

Things you should know:
  1. This problem seems to only occur with my home computer yyy secure shelling to my office computer xxx.
  2. yyy has been logging into xxx for 5 years with a rock-solid ssh connection.
  3. When yyy shells into OTHER boxes, the connection is STILL rock solid.
  4. When yyy shells into zzz, and then from there shells into xxx, the connection is STILL rock solid. This suggests some software/configuration thing,
    not some fundamental link problem.
  5. The problem seems to have started when I replaced xxx with a brand new machine.
  6. When I upgraded the hardware on xxx (office machine), I also changed from Debian "etch" (stable) to "lenny" (stable). yyy (home machine) is
    still running "etch".
  7. Suspecting an unstable network card driver on the new xxx,
    I changed to a much older stable network card, and got the same behavior.
    This eliminates the network card and drivers. They were also eliminated
    by the fact that other connections to this machine are solid.
  8. I added ServerKeepAlive 60 and ClientKeepAlive 300 to my local .ssh directory on the client machine. No help.
  9. When I run ssh, it takes more than 10 seconds to get
    prompted for the password. This is new behavior, and does not occur
    with other machines.
  10. The first time I try to ssh, I get a connection reset the instant
    I enter my password. Then I try again and can get in, but get booted
    in 3 to 20 minutes.

At this point I am just looking for intelligent questions to ask.
How can I diagnose this?

I did not see any messages with dmesg,
or /var/log/syslog. I saw some posts about enabling verbose logging
with sshd on the server -- but could not make that work. So maybe
that is a place to start.

chitambira 05-20-2009 04:44 AM
what is it that you tried? # ssh -vvvv users@server

pcardout 05-20-2009 10:07 AM
Dear Mr. Chitambira -- Thanks for helping me think about this differently.

I had been looking for debug messages on the server side. Evidently
you can start sshd with debug flags as well. I had not had luck
making this work, however.

On the client side, I have two problems. One is that the first
logon almost always ends in failure, the other is that the second
logon does not last. The only thing I can see that differentiates
the two is that the second logon happens shortly after the first
attempt. It as if the first attempt changes some state on the server.
It all seems like magic at the moment.

Thinking perhaps that something is horked up on the client side,
I did an
Code:
ssh-keygen
. That didn't improve the problem.

Anyway -- I will post an excerpt from a failed logon attempt.
If anything strikes you as odd -- I will pursue it further.

Code:
richard@XXXXX's password:

debug3: packet_send2: adding 48 (len 67 padlen 13 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 0
debug3: tty_make_modes: ospeed 38400
debug3: tty_make_modes: ispeed 38400
debug3: tty_make_modes: 1 3
debug3: tty_make_modes: 55 1
#DELETED ABOUT 30 SIMILAR LINES
debug3: tty_make_modes: 91 1
debug3: tty_make_modes: 92 0
debug3: tty_make_modes: 93 0
debug1: Sending environment.
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env TERM
debug3: Ignored env DESKTOP_STARTUP_ID
#DELETED 10 SIMILAR LINES
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env PATH
debug3: Ignored env GDM_XSERVER_LOCATION
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env GDMSESSION
debug3: Ignored env HISTCONTROL
debug3: Ignored env HOME
debug3: Ignored env SHLVL
#DELETED 5 SIMILAR LINES
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env COLORTERM
debug3: Ignored env XAUTHORITY
debug3: Ignored env _
debug2: channel 0: request shell confirm 0
debug2: fd 3 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cfd -1)

  debug3: channel 0: close_fds r 4 w 5 e 6 c -1
  Read from remote host XXXXX: Connection reset by peer
  Connection to XXXXX closed.
  debug1: Transferred: stdin 0, stdout 0, stderr 88 bytes in 0.2 seconds
  debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 391.2
  debug1: Exit status -1

chitambira 05-21-2009 04:07 AM
hmmm... seems like you are trying to run X over ssh (X forwading) ;) need logs from server /var/log/secure, /var/log/Xorg.0.log if available, then also need full client session debug for both fisrt and second ssh connection attempts, then lastly your /etc/ssh/ssh_config from client side

pcardout 05-21-2009 09:01 AM
Client side config
 
As far as X forwarding goes -- that is a very helpful feature -- but I was
not using it. I there something in the log that suggests I was?

(I just checked my aliases -- ssh is not aliased to ssh -X)

As far as client side ssh_config -- I had not previously had one
for my userID, but I created one as follows:

Code:
richard@elrond:~/.ssh$ ls -a
.  ..  authorized_keys  id_rsa  id_rsa.pub  known_hosts  ssh_config
I added the following line based on posts at LQ -- no help.

Code:
richard@elrond:~/.ssh$ more ssh_config
ClientAliveInterval 120
However, you probably really want this:

Code:
richard@elrond:~$ cat /etc/ssh/ssh_config

# This is the ssh client system-wide configuration file.  ...

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#  ForwardAgent no
#  ForwardX11 no
#  ForwardX11Trusted yes
#  RhostsRSAAuthentication no
#  RSAAuthentication yes
#  PasswordAuthentication yes
#  HostbasedAuthentication no
#  BatchMode no
#  CheckHostIP yes
#  AddressFamily any
#  ConnectTimeout 0
#  StrictHostKeyChecking ask
#  IdentityFile ~/.ssh/identity
#  IdentityFile ~/.ssh/id_rsa
#  IdentityFile ~/.ssh/id_dsa
#  Port 22
#  Protocol 2,1
#  Cipher 3des
#  Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#  EscapeChar ~
#  Tunnel no
#  TunnelDevice any:any
#  PermitLocalCommand no
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no
I can send more session logs later -- Is there no way to make the server log more info?

THanks for staying involved.

flydream 07-06-2012 02:51 AM
How about this issue? already fixed?
Now I also met same problem, and I am finding the solution...

Quote:
Originally Posted by pcardout (Post 3548157)
As far as X forwarding goes -- that is a very helpful feature -- but I was
not using it. I there something in the log that suggests I was?

(I just checked my aliases -- ssh is not aliased to ssh -X)

As far as client side ssh_config -- I had not previously had one
for my userID, but I created one as follows:

Code:
richard@elrond:~/.ssh$ ls -a
.  ..  authorized_keys  id_rsa  id_rsa.pub  known_hosts  ssh_config
I added the following line based on posts at LQ -- no help.

Code:
richard@elrond:~/.ssh$ more ssh_config
ClientAliveInterval 120
However, you probably really want this:

Code:
richard@elrond:~$ cat /etc/ssh/ssh_config

# This is the ssh client system-wide configuration file.  ...

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#  ForwardAgent no
#  ForwardX11 no
#  ForwardX11Trusted yes
#  RhostsRSAAuthentication no
#  RSAAuthentication yes
#  PasswordAuthentication yes
#  HostbasedAuthentication no
#  BatchMode no
#  CheckHostIP yes
#  AddressFamily any
#  ConnectTimeout 0
#  StrictHostKeyChecking ask
#  IdentityFile ~/.ssh/identity
#  IdentityFile ~/.ssh/id_rsa
#  IdentityFile ~/.ssh/id_dsa
#  Port 22
#  Protocol 2,1
#  Cipher 3des
#  Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#  EscapeChar ~
#  Tunnel no
#  TunnelDevice any:any
#  PermitLocalCommand no
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no
I can send more session logs later -- Is there no way to make the server log more info?

THanks for staying involved.


All times are GMT -5. The time now is 06:40 PM.