ssh 'connection reset by peer' problem since 5.8p1
Oren Held
oren at held.org.il
Sun Feb 20 03:22:58 EST 2011
On Thu, Feb 17, 2011 at 10:17:26AM -0500, Craig J Copi wrote:
> In message <20110217142532.GF29762 at calimero.vinschen.de>, Corinna Vinschen writes:
>
> >What I'm missing in the debug output is a clear statement of the
> >side which closes the connection, *why* the connection has been
> >closed. In Andrew's debug output The server side just contains:
>
> I have seen something similar but attributed it to a local error
> (undiscovered source). I have 3 OpenBSD machines and 2 Ubuntu
> machines all running 5.8. All can ssh to each other EXCEPT to one of
> the ubuntu machines. The two ubuntu machines should be identical
> (same versions of the distribution, same configuration files, ...).
> My "solution" was to put
> HostKeyAlgorithms ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss
> in my ~/.ssh/config file. In particular I found that removing the keys
> ecdsa-sha2-nistp256-cert-v01 at openssh.com,
> ecdsa-sha2-nistp384-cert-v01 at openssh.com,
> ecdsa-sha2-nistp521-cert-v01 at openssh.com
> allows for all machines to interconnect.
1. I confirm that above fix works for me also. Alternatively, as reported in
Debian bug #612607, adding '-c aes128-ctr' to the ssh command line does the
trick as well.
2. I narrowed it a bit down: it only occurs when *running* ssh v5.[7,8]p1 client
on my Debian-sid (unstable) box. It's a run-time, and not a compile-time thing.
Copying binaries to and fro my box to Ubuntu 10.10 box proved that it only
matter where it's being run, not where it's being compiled.
In that case, I guess it's something in my environment and not in openssh - but
possibly not openssl, because I tried 0.9.8o on both Ubuntu and Debian, and it
fails only in the latter. However, some change in the code of 5.7p1 had
triggered this problem.
Oren
More information about the openssh-unix-dev
mailing list