ssh 'connection reset by peer' problem since 5.8p1

[Oren Held]

On Thu, Feb 17, 2011 at 10:17:26AM -0500, Craig J Copi wrote:
> In message <20110217142532.GF29762 at calimero.vinschen.de>, Corinna Vinschen writes:
> 
> >What I'm missing in the debug output is a clear statement of the
> >side which closes the connection, *why* the connection has been
> >closed.  In Andrew's debug output The server side just contains:
> 
> I have seen something similar but attributed it to a local error
> (undiscovered source). I have 3 OpenBSD machines and 2 Ubuntu
> machines all running 5.8. All can ssh to each other EXCEPT to one of
> the ubuntu machines. The two ubuntu machines should be identical
> (same versions of the distribution, same configuration files, ...).
> My "solution" was to put
> HostKeyAlgorithms       ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
> in my ~/.ssh/config file.  In particular I found that removing the keys
> ecdsa-sha2-nistp256-cert-v01 at openssh.com,
> ecdsa-sha2-nistp384-cert-v01 at openssh.com,
> ecdsa-sha2-nistp521-cert-v01 at openssh.com
> allows for all machines to interconnect.

1. I confirm that above fix works for me also. Alternatively, as reported in
Debian bug #612607, adding '-c aes128-ctr' to the ssh command line does the
trick as well.

2. I narrowed it a bit down: it only occurs when *running* ssh v5.[7,8]p1 client
on my Debian-sid (unstable) box. It's a run-time, and not a compile-time thing.
Copying binaries to and fro my box to Ubuntu 10.10 box proved that it only
matter where it's being run, not where it's being compiled.

In that case, I guess it's something in my environment and not in openssh - but
possibly not openssl, because I tried 0.9.8o on both Ubuntu and Debian, and it
fails only in the latter. However, some change in the code of 5.7p1 had
triggered this problem.

Oren