From owner-freebsd-current@FreeBSD.ORG Fri Oct 26 19:15:22 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 79DD116A417 for ; Fri, 26 Oct 2007 19:15:22 +0000 (UTC) (envelope-from rob.zietlow@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.227]) by mx1.freebsd.org (Postfix) with ESMTP id 3582613C481 for ; Fri, 26 Oct 2007 19:15:21 +0000 (UTC) (envelope-from rob.zietlow@gmail.com) Received: by nz-out-0506.google.com with SMTP id l8so792648nzf for ; Fri, 26 Oct 2007 12:15:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=PBcxsFHjtt64DQ73ZmurdQ6yihVaVPz2UNZVMKyUwP0=; b=SEOe+y9FGEoi7rG8dGtusptLkBN6zEzkNbRmO9N0ntbARBByMJT0g58YQ4orKrHh1qx5B3QOhVlNLrQqDHEOFMrtSC553TYOH/OGj8qyZ/R4IEDwyCoxJxQ1G17/3Ubt1jxfdInzzPVdqXgy2Ecpd3rGNFp+CWmmn5J5qPynmJ4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=oyT0jY4iRSBg7IAcqfaUqVt48ueyXyQLjNHUZA6flJH+EEqdxgSiPnrRhxQAfRoRmrjmva43OGHZC2m7kYGB/RK3ppusz/VLZ0Kw380WvUdHPsR+lint8ex0mk9IZCJdlSjQxWJS7m4Ow9DwHyi+KfoK96xcf3U2+W6OW5q5WUI= Received: by 10.114.88.1 with SMTP id l1mr1583618wab.1193424427406; Fri, 26 Oct 2007 11:47:07 -0700 (PDT) Received: by 10.114.94.19 with HTTP; Fri, 26 Oct 2007 11:47:07 -0700 (PDT) Message-ID: Date: Fri, 26 Oct 2007 13:47:07 -0500 From: "Rob Zietlow" To: freebsd-current@freebsd.org MIME-Version: 1.0 X-Mailman-Approved-At: Fri, 26 Oct 2007 19:27:32 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: [7.0-Beta] can no longer ssh into just upgraded host X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Oct 2007 19:15:22 -0000 Hello, A google for the error messages hasn't turned up so I turn to you mailing lists. I have recently upgraded to RELENG_7. (Oct 26th 13:03) Ever since then i am no longer able to ssh into the upgraded host from outside my local subnet. This has been tested coming from OSX, Linux, openbsd and Solaris 8-10. >From the host to the server I see the following. #ssh -vv 192.168.8.163 OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.8.163 [192.168.8.163] port 22. debug1: Connection established. debug1: identity file /home/$USER/.ssh/identity type -1 debug1: identity file /home/$USER/.ssh/id_rsa type -1 debug1: identity file /home/$USER/.ssh/id_dsa type -1 ssh_exchange_identification: read: Connection reset by peer # I get this if the keys exist in ~/.ssh/known_hosts or not. I get this on all of the hosts connecting to the new 7.0 server On the server i see the following. /var/log/auth Oct 26 13:32:27 dhcp11 sshd[1013]: Did not receive identification string from 192.168.3.132 I compared an /etc/ssh/sshd_config from a working 6.2 host and my 7 host and they are identical (empty lines removed) dhcp11# grep -v # /etc/ssh/sshd_config DSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys Subsystem sftp /usr/libexec/sftp-server Here is /etc/hosts.allow dhcp11# grep -v # /etc/hosts.allow (empty lines removed again) ALL : ALL : allow sendmail : ALL : allow ftpd : ALL : allow sshd in debugging mode. dhcp11# /usr/sbin/sshd -ddddddd debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 249 debug2: parse_server_config: config /etc/ssh/sshd_config len 249 debug3: /etc/ssh/sshd_config:111 setting Subsystem sftp /usr/libexec/sftp-server debug3: /etc/ssh/sshd_config:118 setting DSAAuthentication yes debug3: /etc/ssh/sshd_config:119 setting PubkeyAuthentication yes debug3: /etc/ssh/sshd_config:120 setting AuthorizedKeysFile .ssh/authorized_keys debug1: sshd version OpenSSH_4.5p1 FreeBSD-20061110 debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #0 type 2 DSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddddddd' debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: fd 4 clearing O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 7 config len 249 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 debug1: inetd sockets after dupping: 3, 3 debug1: res_init() Connection from 192.168.3.132 port 39685 Did not receive identification string from 192.168.3.132 DNS queries forward and reverse resolve the hostnames I am ssh-ing in from. Any other suggestions as I have ran out of ideas and google isn't as helpful at this point, unless I have overlooked something.