Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ssh session closes after authentication, reset by peer

from [John Rauch] Network Security [Permanent Link]
Subject: ssh session closes after authentication, reset by peer
Date: Tue, 20 Dec 2005 14:33:25 -0500 
Hey all, 

I've got a really strange ssh issue. When I'm connecting to one of my Gentoo 
machines, dosen't matter what from, my ssh connection is reset by peer after 
authentication is sucessful. Here is the really wierd part. If I remove all of 
the ssh keys from my ~/.ssh folder it logs in fine; remember I'm not using the 
keys when it fails either.  It does fail the same way with the keys too though. 

I'm running openssh-4.2_p1 on the Gentoo box, and until a few days ago this was 
working perfectly as a backup server with keyed logins for rsync. At the moment 
I'm doing this by hand nightly, which isn't much fun to say the least. 

As for network conectivity, both machines are on a internal 192.168.0.0/24 net, 
no address translation or anything like that. I've removed the firewall from 
the 
machine while working on this, so that isn't a factor. 

I've tired a few different versions of openssh, even building it by hand and 
running it on an alternate port for debuging (see below). I've made new keys on 
both machines. I even installed telnet so I could stop sshd entirely and remove 
all traces of it, then reinstall. I've rebuilt ssh with and without pam, 
sftplogging, and tcpd (no /etc/hosts.allow/deny files exist).

I even took a quick try with ssh.com's server, it failed too, but I don't know 
it well enough to make that really useful to this. 

Here are the debuging logs from the server, and the verbose client logins. I 
guess I'll keep this at level 2 for the moment. 

client side, no verbosity: 

ssh jrauch@192.168.0.254 
Password: 
Read from remote host 192.168.0.254: Connection reset by peer 
Connection to 192.168.0.254 closed.     


Client side Level 2 verbosity: 

root]# ssh jrauch@192.168.0.254 -vv 
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f 
debug1: Reading configuration data /etc/ssh/ssh_config 
debug1: Applying options for * 
debug1: Rhosts Authentication disabled, originating port will not be trusted. 
debug2: ssh_connect: needpriv 0 
debug1: Connecting to 192.168.0.254 [192.168.0.254] port 22. 
debug1: Connection established. 
debug2: key_type_from_name: unknown key type '1024' 
debug1: identity file /root/.ssh/identity type -1 
debug1: identity file /root/.ssh/id_rsa type -1 
debug2: key_type_from_name: unknown key type '-----BEGIN' 
debug2: key_type_from_name: unknown key type '-----END' 
debug1: identity file /root/.ssh/id_dsa type 2 
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.2 
debug1: match: OpenSSH_4.2 pat OpenSSH* 
debug1: Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-
group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,zlib 
debug2: kex_parse_kexinit: none,zlib 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-
group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,
aes128-ctr,aes192-ctr,aes256-ctr 
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,
aes128-ctr,aes192-ctr,aes256-ctr 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,zlib@openssh.com 
debug2: kex_parse_kexinit: none,zlib@openssh.com 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5 
debug1: kex: server->client aes128-cbc hmac-md5 none 
debug2: mac_init: found hmac-md5 
debug1: kex: client->server aes128-cbc hmac-md5 none 
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP 
debug2: dh_gen_key: priv key bits set: 135/256 
debug2: bits set: 1025/2048 
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY 
debug1: Host '192.168.0.254' is known and matches the RSA host key. 
debug1: Found key in /root/.ssh/known_hosts:22 
debug2: bits set: 1004/2048 
debug1: ssh_rsa_verify: signature correct 
debug2: kex_derive_keys 
debug2: set_newkeys: mode 1 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: expecting SSH2_MSG_NEWKEYS 
debug2: set_newkeys: mode 0 
debug1: SSH2_MSG_NEWKEYS received 
debug1: SSH2_MSG_SERVICE_REQUEST sent 
debug2: service_accept: ssh-userauth 
debug1: SSH2_MSG_SERVICE_ACCEPT received 
debug1: Authentications that can continue: publickey,keyboard-interactive 
debug1: Next authentication method: publickey 
debug1: Trying private key: /root/.ssh/identity 
debug1: Trying private key: /root/.ssh/id_rsa 
debug1: Offering public key: /root/.ssh/id_dsa 
debug2: we sent a publickey packet, wait for reply 
debug1: Authentications that can continue: publickey,keyboard-interactive 
debug2: we did not send a packet, disable method 
debug1: Next authentication method: keyboard-interactive 
debug2: userauth_kbdint 
debug2: we sent a keyboard-interactive packet, wait for reply 
debug2: input_userauth_info_req 
debug2: input_userauth_info_req: num_prompts 1 
Password: 
debug2: input_userauth_info_req 
debug2: input_userauth_info_req: num_prompts 0 
debug1: Authentication succeeded (keyboard-interactive). 
debug1: channel 0: new [client-session] 
debug2: channel 0: send open 
debug1: Entering interactive session. 
debug1: channel_free: channel 0: client-session, nchannels 1 
Read from remote host 192.168.0.254: Connection reset by peer 
Connection to 192.168.0.254 closed. 
debug1: Transferred: stdin 0, stdout 0, stderr 100 bytes in 0.0 seconds 
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 2591.6 
debug1: Exit status -1  



Ok, now the server side debuging. 

Info level 

Dec 19 16:46:19 gentoo sshd[26348]: Accepted keyboard-interactive/pam for 
jrauch 
from 192.168.0.129 port 44809 ssh2      


Debug level2 

Dec 19 16:51:03 gentoo sshd[26274]: Received signal 15; terminating. 
Dec 19 16:51:04 gentoo sshd[26489]: debug2: fd 3 setting O_NONBLOCK 
Dec 19 16:51:04 gentoo sshd[26489]: debug1: Bind to port 22 on 0.0.0.0. 
Dec 19 16:51:04 gentoo sshd[26489]: Server listening on 0.0.0.0 port 22. 
Dec 19 16:51:04 gentoo sshd[26489]: socket: Address family not supported by 
protocol 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: rexec start in 4 out 4 newsock 4 
pipe 6 sock 7 
Dec 19 16:51:38 gentoo sshd[26489]: debug1: Forked child 26497. 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: inetd sockets after dupping: 3, 3 
Dec 19 16:51:38 gentoo sshd[26497]: Connection from 192.168.0.129 port 47637 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: Client protocol version 2.0; client 
software version OpenSSH_3.6.1p2 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: match: OpenSSH_3.6.1p2 pat 
OpenSSH_3.* 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: Enabling compatibility mode for 
protocol 2.0 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: Local version string SSH-2.0-
OpenSSH_4.2 
Dec 19 16:51:38 gentoo sshd[26497]: debug2: fd 3 setting O_NONBLOCK 
Dec 19 16:51:38 gentoo sshd[26497]: debug2: Network child is on pid 26501 
Dec 19 16:51:38 gentoo sshd[26497]: debug2: monitor_read: 0 used once, 
disabling 
now 
Dec 19 16:51:38 gentoo sshd[26497]: debug2: monitor_read: 4 used once, 
disabling 
now 
Dec 19 16:51:38 gentoo sshd[26497]: debug2: monitor_read: 6 used once, 
disabling 
now 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: PAM: initializing for "jrauch" 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: PAM: setting PAM_RHOST to "drop1" 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: PAM: setting PAM_TTY to "ssh" 
Dec 19 16:51:38 gentoo sshd[26497]: debug2: monitor_read: 45 used once, 
disabling now 
Dec 19 16:51:38 gentoo sshd[26497]: debug2: monitor_read: 3 used once, 
disabling 
now 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: temporarily_use_uid: 1000/100 (e=0/
0) 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: trying public key file /home/jrauch
/.ssh/authorized_keys 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: restore_uid: 0/0 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: temporarily_use_uid: 1000/100 (e=0/
0) 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: trying public key file /home/jrauch
/.ssh/authorized_keys2 
Dec 19 16:51:38 gentoo sshd[26497]: debug1: restore_uid: 0/0 
Dec 19 16:51:41 gentoo sshd[26497]: debug2: PAM: sshpam_respond entering, 1 
responses 
Dec 19 16:51:41 gentoo sshd[26502]: debug1: do_pam_account: called 
Dec 19 16:51:41 gentoo sshd[26497]: debug1: PAM: num PAM env strings 0 
Dec 19 16:51:41 gentoo sshd[26497]: debug2: PAM: sshpam_respond entering, 0 
responses 
Dec 19 16:51:41 gentoo sshd[26497]: debug2: monitor_read: 54 used once, 
disabling now 
Dec 19 16:51:41 gentoo sshd[26497]: debug1: do_pam_account: called 
Dec 19 16:51:41 gentoo sshd[26497]: Accepted keyboard-interactive/pam for 
jrauch 
from 192.168.0.129 port 47637 ssh2 
Dec 19 16:51:41 gentoo sshd[26497]: debug1: monitor_child_preauth: jrauch has 
been authenticated by privileged process 
Dec 19 16:51:41 gentoo sshd[26497]: debug2: mac_init: found hmac-md5 
Dec 19 16:51:41 gentoo sshd[26497]: debug2: mac_init: found hmac-md5 
Dec 19 16:51:41 gentoo sshd[26497]: debug2: User child is on pid 26503 
Dec 19 16:51:41 gentoo sshd[26497]: debug1: do_cleanup 
Dec 19 16:51:41 gentoo sshd[26497]: debug1: PAM: cleanup        

The server's name isn't really Gentoo... I'm sure you understand. 

and to anyone that made it through all of that, thanks.
I've tried everything I can think of with no luck, so any ideas are welcome.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • ssh session closes after authentication, reset by peer, John Rauch <=
Previous by Date:  Key-Exchange Failures w/OpenSSH 4.2p1, Wasik, Paul
Next by Date:  Restricting sftp commands, m l
Previous by Thread:  Key-Exchange Failures w/OpenSSH 4.2p1, Wasik, Paul
Next by Thread:  Restricting sftp commands, m l
Indexes:  [Date] [Thread] [Top] [All Lists]