LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Solaris / OpenSolaris (https://www.linuxquestions.org/questions/solaris-opensolaris-20/)
-   -   SSH weird crash behavior (https://www.linuxquestions.org/questions/solaris-opensolaris-20/ssh-weird-crash-behavior-755951/)

djcrash1981 09-17-2009 11:24 AM

SSH weird crash behavior
 
I'm having this weird problem.

I'm trying to connect to a server through ssh and it gives me a socket error

Here are the errors in the server:
[root@cw-2501-adm:/]$ /usr/lib/ssh/sshd -4 -ddd -p 443
debug3: cipher ok: aes128-cbc [aes128-cbc,blowfish-cbc,3des-cbc]
debug3: cipher ok: blowfish-cbc [aes128-cbc,blowfish-cbc,3des-cbc]
debug3: cipher ok: 3des-cbc [aes128-cbc,blowfish-cbc,3des-cbc]
debug3: ciphers ok: [aes128-cbc,blowfish-cbc,3des-cbc]
debug2: mac_init: found hmac-sha1
debug3: mac ok: hmac-sha1 [hmac-sha1,hmac-md5]
debug2: mac_init: found hmac-md5
debug3: mac ok: hmac-md5 [hmac-sha1,hmac-md5]
debug3: macs ok: [hmac-sha1,hmac-md5]
debug1: sshd version Sun_SSH_1.1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: Bind to port 443 on 0.0.0.0.
Server listening on 0.0.0.0 port 443.
debug1: Server will not fork when running in debugging mode.
Connection from 150.100.107.11 port 40602
debug1: Client protocol version 2.0; client software version OpenSSH_5.1p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.1p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: ar-EG,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cs-CZ,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,hu-HU,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,tr,i-default,th
debug2: kex_parse_kexinit: ar-EG,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cs-CZ,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,hu-HU,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,tr,i-default,th
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: Failed to acquire GSS-API credentials for any mechanisms (Unspecified GSS failure. Minor code may provide more information
mech_dh: Invalid or unknown error
)
debug1: SSH2_MSG_KEXINIT sent
debug3: kex_reset_dispatch -- should we dispatch_set(KEXINIT) here? 0 && !0
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: aes128-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: ar-EG,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cs-CZ,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,hu-HU,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,tr,i-default,th
debug2: kex_parse_kexinit: ar-EG,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cs-CZ,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,hu-HU,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,tr,i-default,th
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: Peer sent proposed langtags, ctos:
debug1: Peer sent proposed langtags, stoc:
debug1: We proposed langtags, ctos: ar-EG,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cs-CZ,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,hu-HU,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,tr,i-default,th
debug1: We proposed langtags, stoc: ar-EG,de,de-DE,en-US,es,es-ES,fi-FI,fr,fr-BE,fr-FR,he-IL,hi-IN,it,it-IT,ja-JP,ko,ko-KR,pl,pl-PL,pt-BR,ru,ru-RU,sv,sv-SE,th-TH,tr-TR,zh,zh-CN,zh-HK,zh-TW,ar,bg-BG,ca,ca-ES,cs-CZ,cz,da,da-DK,de-AT,de-CH,el,el-GR,en-AU,en-CA,en-GB,en-IE,en-NZ,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-GT,es-MX,es-NI,es-PA,es-PE,es-PY,es-SV,es-UY,es-VE,et,et-EE,fi,fr-CA,fr-CH,he,hr-HR,hu,hu-HU,is-IS,ja,lt,lt-LT,lv,lv-LV,mk-MK,nl,nl-BE,nl-NL,no,no-NO,no-NY,nr,pt,pt-PT,ro-RO,sh-BA,sk-SK,sl-SI,sq-AL,sr-SP,sr-YU,tr,i-default,th
Read from socket failed: Connection reset by peer
debug1: Calling cleanup 0x59c68(0x0)

And in the client:
m827078@yavin4:~$ ssh -vvv -p 443 root@consolccr1
OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to consolccr1 [150.100.228.114] port 443.
debug1: Connection established.
debug1: identity file /home/m827078/.ssh/identity type -1
debug1: identity file /home/m827078/.ssh/id_rsa type -1
debug3: Not a RSA1 key file /home/m827078/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/m827078/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1
debug1: no match: Sun_SSH_1.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer


I hope someone can help me.

I'm running Solaris 5.9:
SunOS cw-2501-adm 5.9 Generic_122300-37 sun4u sparc SUNW,Sun-Blade-2500

Greetings.

estabroo 09-17-2009 02:06 PM

looks like the ssh on your solaris is using version 1.1 protocol and your linux server is using 2.0 protocol and is probably set to not allow 1.1 since 1.1 is easily broken. So you either need to update your solaris ssh or allow your linux ssh to use 1.1

djcrash1981 09-17-2009 02:10 PM

Quote:

Originally Posted by estabroo (Post 3687398)
looks like the ssh on your solaris is using version 1.1 protocol and your linux server is using 2.0 protocol and is probably set to not allow 1.1 since 1.1 is easily broken. So you either need to update your solaris ssh or allow your linux ssh to use 1.1

No, it's configured with version 2 only, here is the sshd_config
[root@cw-2501-adm:/etc/ssh]$ vi sshd_config
"sshd_config" 158 lines, 5110 characters
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# ident "@(#)sshd_config 1.3 01/10/08 SMI"
#
# Configuration file for sshd(1m)

# Protocol versions supported
#
# The sshd shipped in this release of Solaris has support for major versions
# 1 and 2. It is recommended due to security weaknesses in the v1 protocol
# that sites run only v2 if possible. Support for v1 is provided to help sites
# with existing ssh v1 clients/servers to transition.
# Support for v1 may not be available in a future release of Solaris.
#
# To enable support for v1 an RSA1 key must be created with ssh-keygen(1).
# RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they
# do not already exist, RSA1 keys for protocol v1 are not automatically created.

# Uncomment ONLY ONE of the following Protocol statements.

# Only v2 (recommended)
Protocol 2

# Both v1 and v2 (not recommended)
#Protocol 2,1

# Only v1 (not recommended)
#Protocol 1

# Listen port (the IANA registered port number for ssh is 22)
Port 22

# The default listen address is all interfaces, this may need to be changed
# if you wish to restrict the interfaces sshd listens on for a multi homed host.
# Multiple ListenAddress entries are allowed.

# IPv4 only
ListenAddress 0.0.0.0
# IPv4 & IPv6
#ListenAddress ::

# Port forwarding
AllowTcpForwarding yes

# If port forwarding is enabled, specify if the server can bind to INADDR_ANY.
# This allows the local port forwarding to work when connections are received
# from any remote host.
GatewayPorts yes

# X11 tunneling options
X11Forwarding yes
X11DisplayOffset 10

# The maximum number of concurrent unauthenticated connections to sshd.
# start:rate:full see sshd(1) for more information.
# The default is 10 unauthenticated clients.
#MaxStartups 10:30:60

# Banner to be printed before authentication starts.
#Banner /etc/issue

# Should sshd print the /etc/motd file and check for mail.
# On Solaris it is assumed that the login shell will do these (eg /etc/profile).
PrintMotd no

# KeepAlive specifies whether keep alive messages are sent to the client.
# See sshd(1) for detailed description of what this means.
# Note that the client may also be sending keep alive messages to the server.
KeepAlive yes

# Syslog facility and level
SyslogFacility auth
LogLevel info

#
# Authentication configuration
#

# Host private key files
# Must be on a local disk and readable only by the root user (root:sys 600).
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Default Encryption algorithms and Message Authentication codes
Ciphers aes128-cbc,blowfish-cbc,3des-cbc
MACS hmac-sha1,hmac-md5

# Length of the server key
# Default 768, Minimum 512
ServerKeyBits 768

# sshd regenerates the key every KeyRegenerationInterval seconds.
# The key is never stored anywhere except the memory of sshd.
# The default is 1 hour (3600 seconds).
KeyRegenerationInterval 3600

# Ensure secure permissions on users .ssh directory.
StrictModes yes

# Length of time in seconds before a client that hasn't completed
# authentication is disconnected.
# Default is 600 seconds. 0 means no time limit.
LoginGraceTime 600

# Maximum number of retries for authentication
# Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2
MaxAuthTries 6
MaxAuthTriesLog 3

# Are logins to accounts with empty passwords allowed.
# If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK
# to pam_authenticate(3PAM).
PermitEmptyPasswords no

# To disable tunneled clear text passwords, change PasswordAuthentication to no.
PasswordAuthentication yes

# Use PAM via keyboard interactive method for authentication.
# Depending on the setup of pam.conf(4) this may allow tunneled clear text
# passwords even when PasswordAuthentication is set to no. This is dependent
# on what the individual modules request and is out of the control of sshd
# or the protocol.
PAMAuthenticationViaKBDInt yes

# Are root logins permitted using sshd.
# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
# maybe denied access by a PAM module regardless of this setting.
# Valid options are yes, without-password, no.
PermitRootLogin yes

# sftp subsystem
Subsystem sftp /usr/lib/ssh/sftp-server


# SSH protocol v1 specific options
#
# The following options only apply to the v1 protocol and provide
# some form of backwards compatibility with the very weak security
# of /usr/bin/rsh. Their use is not recommended and the functionality
# will be removed when support for v1 protocol is removed.

# Should sshd use .rhosts and .shosts for password less authentication.
IgnoreRhosts yes
RhostsAuthentication no

# Rhosts RSA Authentication
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts.
# If the user on the client side is not root then this won't work on
# Solaris since /usr/bin/ssh is not installed setuid.
RhostsRSAAuthentication no

# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.
#IgnoreUserKnownHosts yes

# Is pure RSA authentication allowed.
# Default is yes
RSAAuthentication yes


All times are GMT -5. The time now is 01:59 AM.