Announcement

Collapse
No announcement yet.

ssh problem

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    ssh problem

    Hello All,

    Some folks changed the security certificates on a couple servers and I can't ssh to them anymore.

    Any idea what I need to do to reset or clear out the old security certificates?

    I get the following error: Read from socket failed: Connection reset by peer

    When I start up putty on my XP virtual machine on the same computer I can connect fine.
    From both OS' I can ping the servers.

    That is as far as I can get. Thoughts?
    Thanks,

    Craigbert
    ----------------------------------------------------
    Kubuntu 13.04
    8GB RAM & Intel Core i7 1.87GHz
    Registered Linux User 537624

    #2
    OK. I did ssh -vvv name@server.com and it is hanging on this line:
    SSH2_MSG_KEXINIT sent
    Thanks,

    Craigbert
    ----------------------------------------------------
    Kubuntu 13.04
    8GB RAM & Intel Core i7 1.87GHz
    Registered Linux User 537624

    Comment


      #3
      I suspect the problem is somewhere on the server side of the connection. Check the SSHD logs there for errors.

      Comment


        #4
        Still working this, but now we are pretty sure something changed in the vpn/router/firewall.
        Discovered by doing this:
        ssh -c aes256-ctr <server_name/ip> it goes through w/o a hitch.

        REALLY weird.

        If anyone has additional insight please don't hesitate to enlighten.
        Thanks,

        Craigbert
        ----------------------------------------------------
        Kubuntu 13.04
        8GB RAM & Intel Core i7 1.87GHz
        Registered Linux User 537624

        Comment


          #5
          The -c aes256-ctr option constrains the cipher suite that the client will offer to the server. Here, you've indicated that you'll accept only AES-256 in counter mode, which forces AES (normally a block cipher) into a stream cipher. While that wouldn't have been my first guess at troubleshooting, it appears you've found something that works. Perhaps the firewall in the path has been configured to permit only certain cipher suites -- somewhat unusual, but not entirely out of the question.

          I would still be interested in seeing the logs on the server both when the connection succeeds and when it fails, plus the output of ssh -vvv on the client both when it succeeds and when it fails.

          Comment

          Working...
          X