On Thu, Apr 19, 2018 at 11:23:15AM -0700, Stephen Casner wrote:
On Thu, 19 Apr 2018, Robin O'Leary wrote: [snip]
- 'ssh admin@NEWIP' connects, but then immediately closes the connection.
As the implementer of the ssh functionality, I'd like to know more about what happened here. Does ssh still immediately close the connection? If so, can you try 'ssh -v admin@NEWIP' and report back the output?
Yes it does, but I've now tried from a few other hosts running different OS versions with mixed results: fail OpenSSH_7.7p1 Debian-2, OpenSSL 1.0.2o 27 Mar 2018 OK OpenSSH_7.4p1 Raspbian-10+deb9u3, OpenSSL 1.0.2l 25 May 2017 OK OpenSSH_7.4p1 Debian-10+deb9u2, OpenSSL 1.0.2l 25 May 2017 OK OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 hang OpenSSH_5.9p1 Debian-5, OpenSSL 1.0.1b 26 Apr 2012
On the v3.0 hardware with limited RAM, the connection closes immediately because the DH handshake fails due to a memory allocation failure. But with v3.1 hardware there is plenty of RAM.
Is there some server-side debug I can turn on? debian 10 (buster) connects but immediately closes: $ ssh -v admin@chevaline OpenSSH_7.7p1 Debian-2, OpenSSL 1.0.2o 27 Mar 2018 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to chevaline [...] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ed25519-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_xmss type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.7p1 Debian-2 debug1: Remote protocol version 2.0, remote software version wolfSSHv1.1.0 debug1: no match: wolfSSHv1.1.0 debug1: Authenticating to chevaline:22 as 'admin' debug1: SSH2_MSG_KEXINIT sent Connection closed by chevaline port 22 The relevant section of /etc/ssh/ssh_config says: Host * SendEnv LANG LC_* HashKnownHosts yes GSSAPIAuthentication yes Raspbian 9 (stretch) works OK: $ ssh -v admin@chevaline OpenSSH_7.4p1 Raspbian-10+deb9u3, OpenSSL 1.0.2l 25 May 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to chevaline [...] port 22. debug1: Connection established. debug1: identity file /home/robin/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u3 debug1: Remote protocol version 2.0, remote software version wolfSSHv1.1.0 debug1: no match: wolfSSHv1.1.0 debug1: Authenticating to chevaline:22 as 'admin' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha2-256 compression: none debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha2-256 compression: none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent debug1: got SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: got SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: ssh-rsa SHA256:2bW5kEnFXZ+ORn3PB00qJa7jRsKkW8zSTyXTuECvVfo The authenticity of host 'chevaline (...)' can't be established. RSA key fingerprint is SHA256:2bW5kEnFXZ+ORn3PB00qJa7jRsKkW8zSTyXTuECvVfo. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'chevaline' (RSA) to the list of known hosts. debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/robin/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/robin/.ssh/id_dsa debug1: Trying private key: /home/robin/.ssh/id_ecdsa debug1: Trying private key: /home/robin/.ssh/id_ed25519 debug1: Next authentication method: password admin@chevaline's password: ... debian 9 (stretch) works OK: $ ssh -v admin@chevaline OpenSSH_7.4p1 Debian-10+deb9u2, OpenSSL 1.0.2l 25 May 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to chevaline [...] port 22. debug1: Connection established. debug1: identity file /home/robin/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u2 debug1: Remote protocol version 2.0, remote software version wolfSSHv1.1.0 debug1: no match: wolfSSHv1.1.0 debug1: Authenticating to chevaline:22 as 'admin' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha2-256 compression: none debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha2-256 compression: none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent debug1: got SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: got SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: ssh-rsa SHA256:2bW5kEnFXZ+ORn3PB00qJa7jRsKkW8zSTyXTuECvVfo debug1: Host 'chevaline' is known and matches the RSA host key. debug1: Found key in /home/robin/.ssh/known_hosts:45 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/robin/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/robin/.ssh/id_dsa debug1: Trying private key: /home/robin/.ssh/id_ecdsa debug1: Trying private key: /home/robin/.ssh/id_ed25519 debug1: Next authentication method: password admin@chevaline's password: debug1: Authentication succeeded (password). ... debian 8 (jessie) works OK: $ ssh -v admin@chevaline OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to chevaline [...] port 22. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/robin/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3 debug1: Remote protocol version 2.0, remote software version wolfSSHv1.1.0 debug1: no match: wolfSSHv1.1.0 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-sha2-256 none debug1: kex: client->server aes128-cbc hmac-sha2-256 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<8192<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA 9b:91:8b:85:00:77:7e:87:a9:5d:60:f6:2a:83:dd:c6 The authenticity of host 'chevaline (...)' can't be established. RSA key fingerprint is 9b:91:8b:85:00:77:7e:87:a9:5d:60:f6:2a:83:dd:c6. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'chevaline' (RSA) to the list of known hosts. debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/robin/.ssh/id_rsa debug1: Trying private key: /home/robin/.ssh/id_dsa debug1: Trying private key: /home/robin/.ssh/id_ecdsa debug1: Trying private key: /home/robin/.ssh/id_ed25519 debug1: Next authentication method: password admin@chevaline's password: ... debian 6 (squeeze) fails in a different way; it just hangs: $ ssh -v admin@chevaline OpenSSH_5.9p1 Debian-5, OpenSSL 1.0.1b 26 Apr 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to chevaline [...] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /home/robin/.ssh/id_rsa type -1 debug1: identity file /home/robin/.ssh/id_rsa-cert type -1 debug1: identity file /home/robin/.ssh/id_dsa type -1 debug1: identity file /home/robin/.ssh/id_dsa-cert type -1 debug1: identity file /home/robin/.ssh/id_ecdsa type -1 debug1: identity file /home/robin/.ssh/id_ecdsa-cert type -1