Connection reset/closed by server after SSH2_MSG_KEXINIT sent in SSH

9,482

For visibility, the link on the comment by @Jakuje solved it for me.

Reset the MTU size to 576:

ifconfig eth0 mtu 576

Doing it only on the host running the ssh server worked for me, but the link suggests doing it on both server and client.

Share:
9,482

Related videos on Youtube

Admin
Author by

Admin

Updated on September 18, 2022

Comments

  • Admin
    Admin over 1 year

    I've restarted my Fedora 25 server since not restarting it for 3 days (the only 2 things I have installed were JRE and screen) and noticed that SSH stopped working. Sometimes the connection is reset, sometimes it's closed.

    sh-3.2# ssh [email protected]
    Connection reset by 192.168.1.127
    

    I don't know how to view my logs since now I no longer have ssh access, but this is what is outputted if I use ssh -vvv (I'm not sure if OS X El Capitan outputs as much as a Linux)

    sh-3.2# ssh -vvv [email protected]
    OpenSSH_6.9p1, LibreSSL 2.1.8
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 21: Applying options for *
    debug1: /etc/ssh/ssh_config line 56: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to 192.168.1.127 [192.168.1.127] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.9
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
    debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
    debug2: fd 3 setting O_NONBLOCK
    debug1: Authenticating to 192.168.1.127:22 as 'root'
    debug3: hostkeys_foreach: reading file "/var/root/.ssh/known_hosts"
    debug1: SSH2_MSG_KEXINIT sent
    Connection reset by 192.168.1.127
    sh-3.2#
    

    I usually connect using a public key but using one doesn't change the output above. Nginx still works completely along with Cockpit, nothing has changed network-wise. If I attempt to SSH my server into itself, then nothing changes once again. (I'm aware that always using root is unsafe but I have tried everything else)

    [root@localhost ~]# ssh -vvvv localhost                                         
    OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017                                 
    debug1: Reading configuration data /etc/ssh/ssh_config                          
    debug3: /etc/ssh/ssh_config line 56: Including file /etc/ssh/ssh_config.d/05-red
    hat.conf depth 0                                                                
    debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf         
    debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 2: include /etc/crypto-policie
    s/back-ends/openssh.config matched no files                                     
    debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *     
    debug2: resolving "localhost" port 22                                           
    debug2: ssh_connect_direct: needpriv 0                                          
    debug1: Connecting to localhost [::1] port 22.                                  
    debug1: Connection established.                                                 
    debug1: permanently_set_uid: 0/0                                                
    debug1: identity file /root/.ssh/id_rsa type 1                                  
    debug1: key_load_public: No such file or directory
    debug1: identity file /root/.ssh/id_rsa-cert type -1                            
    debug1: key_load_public: No such file or directory                              
    debug1: identity file /root/.ssh/id_dsa type -1                                 
    debug1: key_load_public: No such file or directory                              
    debug1: identity file /root/.ssh/id_dsa-cert type -1                            
    debug1: key_load_public: No such file or directory                              
    debug1: identity file /root/.ssh/id_ecdsa type -1                               
    debug1: key_load_public: No such file or directory                              
    debug1: identity file /root/.ssh/id_ecdsa-cert type -1                          
    debug1: key_load_public: No such file or directory                              
    debug1: identity file /root/.ssh/id_ed25519 type -1                             
    debug1: key_load_public: No such file or directory                              
    debug1: identity file /root/.ssh/id_ed25519-cert type -1                        
    debug1: Enabling compatibility mode for protocol 2.0                            
    debug1: Local version string SSH-2.0-OpenSSH_7.4                                
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4        
    debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000                       
    debug2: fd 3 setting O_NONBLOCK                                                 
    debug1: Authenticating to localhost:22 as 'root'                                
    debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"                 
    debug3: send packet: type 20                                                    
    debug1: SSH2_MSG_KEXINIT sent                                                   
    Connection reset by ::1 port 22                                                 
    [root@localhost ~]# ^C                                         
    

    Also, no other devices on my network can connect. I have not tried PuTTY however Cyberduck just tells me that "recv failed". I have noticed that the connection always resets after "SSH2_MSG_KEXINIT" is sent, but I don't know what it is.

    Here's my ssh config too, all of those are commented:

    [root@localhost ~]# cat /etc/ssh/ssh_config                                     
    #       $OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $                                                              
    
    # Host *                                                                        
    #   ForwardAgent no                                                             
    #   ForwardX11 no                                                               
    #   RhostsRSAAuthentication no                                                  
    #   ConnectTimeout 0                                                            
    #   StrictHostKeyChecking ask                                                   
    #   IdentityFile ~/.ssh/identity                                                
    #   IdentityFile ~/.ssh/id_rsa                                                  
    #   IdentityFile ~/.ssh/id_dsa                                                  
    #   IdentityFile ~/.ssh/id_ecdsa                                                
    #   IdentityFile ~/.ssh/id_ed25519                                              
    #   Port 22                                                                     
    #   Protocol 2                                                                  
    #   Cipher 3des                                                                 
    #   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3d
    es-cbc                                                                          
    #   MACs hmac-md5,hmac-sha1,[email protected],hmac-ripemd160                  
    #   EscapeChar ~                                                                
    #   Tunnel no                                                                   
    #   TunnelDevice any:any                                                        
    #   PermitLocalCommand no                                                       
    #   VisualHostKey no                                                            
    #   ProxyCommand ssh -q -W %h:%p gateway.example.com                            
    #   RekeyLimit 1G 1h                                                            
    #                                                                               
    # To modify the system-wide ssh configuration, create a  *.conf  file under     
    #  /etc/ssh/ssh_config.d/  which will be automatically included below           
    Include /etc/ssh/ssh_config.d/*.conf   
    

    I have tried dnf reinstall openssh-server and that did not change anything. I'm not sure about anything but as I've said, I'm not sure how to view OpenSSH's logfiles (at all? am I correct about it having logs?) in Fedora 25. It would be nice if this could be fixed as it's prevented me from working for 4 hours. Thanks.