ssh issues

I ignored my linode on host28 between April and now, and apparently there's hell to pay ;->

The thing is, I can log in fine using lish and a screen. But ssh ain't working. sshd seems to launch fine, and ps aux | grep sshd gives me

root      2440  0.0  1.1  3292 1416 ?        Ss   02:47   0:00 sshd

But when I go to log in, I am denied access, with the same username/password combo (for root) which works on my screen session.

I tried once using sshd -d and here is the transcript:

> root@li9-121 /var/log [537] sshd -d

debug1: sshd version OpenSSH_3.8.1p1 Debian 1:3.8.1p1-11ubuntu3.1

debug1: read PEM private key done: type RSA

debug1: private host key: #0 type 1 RSA

debug1: read PEM private key done: type DSA

debug1: private host key: #1 type 2 DSA

debug1: Bind to port 22 on ::.

Server listening on :: port 22.

debug1: Bind to port 22 on 0.0.0.0.

debug1: Server will not fork when running in debugging mode.

Connection from ::ffff:[[$myipaddy ]] port 1979

debug1: Client protocol version 2.0; client software version PuTTY

debug1: no match: PuTTY

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian 1:3.8.1p1-11ubuntu3.1

debug1: permanentlysetuid: 102/65534

debug1: listhostkeytypes: ssh-rsa,ssh-dss

debug1: SSH2MSGKEXINIT sent

debug1: SSH2MSGKEXINIT received

debug1: kex: client->server 3des-cbc hmac-sha1 none

debug1: kex: server->client 3des-cbc hmac-sha1 none

debug1: expecting SSH2MSGKEXDH_INIT

debug1: SSH2MSGNEWKEYS sent

debug1: expecting SSH2MSGNEWKEYS

debug1: SSH2MSGNEWKEYS received

debug1: KEX done

debug1: userauth-request for user root service ssh-connection method password

debug1: attempt 0 failures 0

Failed password for root from ::ffff:[[ $myipaddy ]] port 1979 ssh2

debug1: PAM: initializing for "root"

debug1: PAM: setting PAMRHOST to "[[ $myFQDN ]]"

debug1: PAM: setting PAM_TTY to "ssh"

Read from socket failed: Connection reset by peer

debug1: do_cleanup

debug1: PAM: cleanup

debug1: do_cleanup

debug1: PAM: cleanup

root@li9-121 /var/log [538]

What's even weirder is what happens when I try and ssh in from my old university account:

> apocalypse ~ [159] ssh li9-121.members.linode.com

Local: Bad packet length 1349676916.

apocalypse ~ [160]

Here is the linode side of that connection attempt:
> root@li9-121 /var/log [538] sshd -d

debug1: sshd version OpenSSH_3.8.1p1 Debian 1:3.8.1p1-11ubuntu3.1

debug1: read PEM private key done: type RSA

debug1: private host key: #0 type 1 RSA

debug1: read PEM private key done: type DSA

debug1: private host key: #1 type 2 DSA

debug1: Bind to port 22 on ::.

Server listening on :: port 22.

debug1: Bind to port 22 on 0.0.0.0.

debug1: Server will not fork when running in debugging mode.

Connection from ::ffff:192.58.221.245 port 48314

debug1: Client protocol version 1.0; client software version 1.2.33

debug1: no match: 1.2.33

debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian 1:3.8.1p1-11ubuntu3.1

Protocol major versions differ for ::ffff:192.58.221.245: SSH-2.0-OpenSSH_3.8.1p1 Debian 1:3.8.1p1-11ubuntu3.1 vs. SSH-1.0-1.2.33

root@li9-121 /var/log [539]

In the second case it looks like the machine my account is on needs a newer ssh client, or something. But I don't get the first case. My machine is on a new network but even setting MTU to 576 on both my linode and home router does not solve the problem. Also I can ssh just fine into lish and other hosts.

Any clues?

Thanks for any help …

PS I saw the May 30 thread RE sshd and tried the same mojo on /dev/null to no avail …

5 Replies

@ryantate:

What's even weirder is what happens when I try and ssh in from my old university account:

> apocalypse ~ [159] ssh li9-121.members.linode.com

Local: Bad packet length 1349676916.

apocalypse ~ [160]
Pretty sure this one is caused by ssh version mismatch. Enable ssh protocol version 1 in your sshd config, or update your ssh client to a version that supports ssh2… As for the other problem, no ideas yet.

-Chris

Another suggestion:

     -d      Debug mode.  The server sends verbose debug output to the system
             log, and does not put itself in the background.  The server also
             will not fork and will only process one connection.  This option
             is only intended for debugging for the server.  Multiple -d
             options increase the debugging level.  Maximum is 3.

Give "sshd -d -d -d" a shot…

-Chris

As it turns out, sshd defaults to allow both v1 and v2 logins, and although I updated sshd_config anyway to be sure, that didn't fix anything. Rather than dig further on that end I tried typing ssh2 on my university account and that worked – there's an ssh2 client and I logged in successfully.

Is it possible I've never logged in from home machine to linode? Perhaps. Maybe I just need to update my client here. Developing …

Ackkk. Upgraded PuTTy my ssh client to 0.58 from 0.50 and everything works. Sorry to waste everyone's time.

FWIW, PuTTy 0.50 supported ssh2 but not public key authentication (I'm just guessing on whether public key auth is significant but the -d transcript looked like there was some attempted key swapping going on.) So maybe it was negotiating an ssh2 connection it actually couldn't handle.

> Ackkk. Upgraded PuTTy my ssh client to 0.58 from 0.50 and everything works.

Hey, suddenly Putty works from my computer now. Gee, thanks!

James

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct