Connection reset by peer error message on OpenBSD server
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Connection reset by peer error message on OpenBSD server
I lost many days trying solving "kex_exchange_identification: read: connection reset by peer error". I set off router and linux firewall and I got the same error. The ping to ssh server is working. I don't know why the server doesn't ask client password? It asked only at first connection. I set static address in router at "Address Reservation" for server station. Bellow there are console commands and their output:
These are on ssh client computer:
Code:
~ $:ssh -vvv ghegheg@100.96.180.251
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 100.96.180.251 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/ghegheg/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/ghegheg/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 100.96.180.251 [100.96.180.251] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/ghegheg/.ssh/id_rsa type -1
debug1: identity file /home/ghegheg/.ssh/id_rsa-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519 type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519_sk type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_xmss type -1
debug1: identity file /home/ghegheg/.ssh/id_xmss-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_dsa type -1
debug1: identity file /home/ghegheg/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
kex_exchange_identification: read: Connection reset by peer
Connection reset by 100.96.180.251 port 22
---------------------------------------------------------------
---------------------------------------------------------------
~ $:sudo cat /etc/ssh/ssh_config
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
SendEnv LANG LC_*
HashKnownHosts yes
These are on ssh server computer:
Code:
$:sudo systemctl status sshd
ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-03-29 13:06:24 EEST; 2h 56min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 946 (sshd)
Tasks: 1 (limit: 19006)
Memory: 3.8M
CPU: 57ms
CGroup: /system.slice/ssh.service
└─946 "sshd: /usr/sbin/sshd -D[listener] 0 of 10-100 startups"
mar 29 13:06:24 ghegheg-Z490M-GAMING-X systemd[1]: Starting OpenBSD Secure Shell server...
mar 29 13:06:24 ghegheg-Z490M-GAMING-X sshd[946]: Server listening on 0.0.0.0 port 22.
mar 29 13:06:24 ghegheg-Z490M-GAMING-X sshd[946]: Server listening on :: port 22.
mar 29 13:06:24 ghegheg-Z490M-GAMING-X systemd[1]: Started OpenBSD Secure Shell server.
mar 29 14:47:14 ghegheg-Z490M-GAMING-X sshd[24517]: fatal: Timeout before authentication for 5.14.134.233 port 53414
mar 29 15:37:21 ghegheg-Z490M-GAMING-X sshd[25471]: fatal: Timeout before authentication for 5.14.134.233 port 41608
mar 29 15:57:43 ghegheg-Z490M-GAMING-X sshd[26442]: fatal: Timeout before authentication for 5.14.134.233 port 54108
-----------------------------------------------
------------------------------------------------
$:cat /etc/ssh/sshd_config
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
-----------------------------------------------------------
-----------------------------------------------------------
$:cat /etc/hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
-----------------------------------------------------------------------
-----------------------------------------------------------------------
$:cat /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
I don't know what to do. On ssh server appear fatal: Timeout before authentication for 5.14.134.233 port 53414 / 41608 /54108 , three ports that are different than ssh port 22. Can somebody with more experience to give me a hint to solve this unpleasant situation?
Which disto do you have over on the server, and which version of OpenSSH-server do you have there?
I would look at the SSH daemon's log file while attempting to log in:
Code:
tail -f /var/log/auth.log
Though the exact location can vary from distro to distro.
If there are too many other activities going on in the log to easily see the part for the failed SSH session attempt, then spin up a one-off server on another port. It'll have to be an open port to work however.
I don't understand your last command, maybe it's something missing but I'm studying it now. Anyway every IP is time variable and may differ from one output to another depend on time when it was taken.
Try "ssh localhost". This will take the network out of the equation.
I don't know of compatibility with the versions, but usually it is backward compatible.
I'd check the passwd line in /etc/nsswitch.conf. I have a feeling it is trying to auth via a non-local method, the only
way it could do this via PAM or nsswitch.conf, like NIS or centrify or something like that. We should see the auth
methods in the debug ssh, like key, password, but I don't see any.
What I usually do on things like that, I strace the opensshd server process to figure out what it is trying to do. Usually things like open that fail give me a clue on what it doing.
Last edited by elgrandeperro; 03-31-2023 at 11:16 AM.
~ $:ssh localhost
ghegheg@localhost's password:
Welcome to Ubuntu 22.04.2 LTS (GNU/Linux 5.19.0-38-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
* Introducing Expanded Security Maintenance for Applications.
Receive updates to over 25,000 software packages with your
Ubuntu Pro subscription. Free for personal use.
https://ubuntu.com/pro
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
2 additional security updates can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esm
Last login: Fri Mar 31 21:12:19 2023 from 127.0.0.1
------------------------------------------------------------------------
------------------------------------------------------------------------
~ $:cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files systemd
group: files systemd
shadow: files
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
------------------------------------------------------------------------
------------------------------------------------------------------------
/var/run $:cat /var/run/sshd.pid
1029
-------------------------------------------------------------------------
-------------------------------------------------------------------------
~ $:sudo strace -vfp 1029
strace: Process 1029 attached
ppoll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}], 102, NULL, [], 8
On ssh client host:
Code:
~ $:ssh -vvv ghegheg@100.96.182.238
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 100.96.182.238 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/ghegheg/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/ghegheg/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 100.96.182.238 [100.96.182.238] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/ghegheg/.ssh/id_rsa type -1
debug1: identity file /home/ghegheg/.ssh/id_rsa-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/ghegheg/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519 type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519_sk type -1
debug1: identity file /home/ghegheg/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_xmss type -1
debug1: identity file /home/ghegheg/.ssh/id_xmss-cert type -1
debug1: identity file /home/ghegheg/.ssh/id_dsa type -1
debug1: identity file /home/ghegheg/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
kex_exchange_identification: read: Connection reset by peer
Connection reset by 100.96.182.238 port 22
From sshd server host, immediately I put all last command output on this file, because there are 93347 characters and I cannot display here: output.txt
I pressed Ctrl+C to stop strace ouput. There is 6964 child process that has a big strace output. I don't have enough experience to find out the cause of sshd server error, maybe somebody will help me.
To your ssh_config file on the client or try ssh -o "IPQoS=none".... . This is a relatively new option. What I see is the remote version should be sent back to the client and that is not happening, yet it is connected so not blocked. It has to be some data sending issue.
Last edited by elgrandeperro; 04-02-2023 at 10:14 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.