FedoraForum.org - Fedora Support Forums and Community
Results 1 to 12 of 12
  1. #1
    Join Date
    Jun 2007
    Posts
    29

    Fedora 26 broke ssh

    Before Fedora 26, I was able to ssh into a remote computer. But after I upgraded (?) I now get the following error:

    Connection closed by 169.232.151.211 port 22

    This is what I know:

    * It's not a router issue since I am able to login with other non-Fedora 26 computers.

    * It's not a firewall issue since the problem persists if I shutdown the firewall (via service firewalld stop).

    * It's not a selinux issue because the problem persists is a set selinux to permissive.

    I also tried doing a fresh install, same issue. Does anyone have any clue on what's going on?
    Last edited by LinGreg; 4th August 2017 at 02:25 AM.

  2. #2
    Join Date
    May 2009
    Location
    Texas
    Posts
    93

    Re: Fedora 26 broke ssh

    what does your log look like? try command below
    $ journal -r -u sshd

  3. #3
    Join Date
    Jun 2007
    Posts
    29

    Re: Fedora 26 broke ssh

    I assume you meant "journalctl" instead of "journal"? For journalctl, the output is:

    Code:
    # journalctl -r -u sshd
    -- No entries --

  4. #4
    Join Date
    May 2009
    Location
    Texas
    Posts
    93

    Re: Fedora 26 broke ssh

    Have you checked if the service is running, or at least enabled with systemctl?

    $ systemctl status sshd

  5. #5
    Join Date
    Jun 2007
    Posts
    29

    Re: Fedora 26 broke ssh

    Yep, it's running (I just restarted it):

    Code:
    $ systemctl status sshd
    ● sshd.service - OpenSSH server daemon
       Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor pre
       Active: active (running) since Thu 2017-08-03 20:28:05 PDT; 55s ago
         Docs: man:sshd(8)
               man:sshd_config(5)
     Main PID: 10767 (sshd)
        Tasks: 1 (limit: 4915)
       CGroup: /system.slice/sshd.service
               └─10767 /usr/sbin/sshd -D

  6. #6
    Join Date
    May 2011
    Posts
    184

    Re: Fedora 26 broke ssh

    try ssh -vvv YOURHOSTNAME and see what error message you get.

    If you are not using a public key, check if the server disallows clear text passwords by looking at /etc/ssh/sshd_config PasswordAuthentication.

  7. #7
    Join Date
    Jun 2007
    Posts
    29

    Re: Fedora 26 broke ssh

    Hopefully, "ssh -D -d" can shed some light on this:

    Code:
    #/usr/sbin/sshd -D -d
    debug1: sshd version OpenSSH_7.5, OpenSSL 1.1.0f-fips  25 May 2017
    debug1: private host key #0: ssh-rsa SHA256:oDBKXsUs3LgRjBPcmL71i+CSlRrz5xnbOTc8eKCE1uo
    debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:DY+0Ldo7yXDpd0uHhHWyQbgNtxZNNz1Zh1uW3Z3bH9k
    debug1: private host key #2: ssh-ed25519 SHA256:WS0CVVQGtp8np5vO4TaTcUMd0t+AHiGpZX7UVRpchdI
    debug1: rexec_argv[0]='/usr/sbin/sshd'
    debug1: rexec_argv[1]='-D'
    debug1: rexec_argv[2]='-d'
    debug1: Set /proc/self/oom_score_adj from 0 to -1000
    debug1: Bind to port 22 on 0.0.0.0.
    Bind to port 22 on 0.0.0.0 failed: Address already in use.
    debug1: Bind to port 22 on ::.
    Bind to port 22 on :: failed: Address already in use.
    Cannot bind any address.

  8. #8
    Join Date
    Jun 2007
    Posts
    29

    Re: Fedora 26 broke ssh

    The only error message in "ssh -vvv ..." is "Connection closed by 169.232.151.213 port 22", and PasswordAuthentication is set to yes

  9. #9
    Join Date
    Jun 2007
    Posts
    29

    Re: Fedora 26 broke ssh

    Has anyone running Fedora 26 solved this problem?

  10. #10
    Join Date
    Jun 2007
    Posts
    29

    Re: Fedora 26 broke ssh

    Here is the output of "ssh -vvvv":

    Code:
    OpenSSH_7.5p1, OpenSSL 1.1.0f-fips  25 May 2017
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug3: /etc/ssh/ssh_config line 56: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
    debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
    debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
    debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
    debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]
    debug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
    debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *
    debug2: resolving "ixchel.astro.ucla.edu" port 22
    debug2: ssh_connect_direct: needpriv 0
    debug1: Connecting to ixchel.astro.ucla.edu [169.232.151.213] port 22.
    debug1: Connection established.
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/gmartine/.ssh/id_rsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/gmartine/.ssh/id_rsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/gmartine/.ssh/id_dsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/gmartine/.ssh/id_dsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/gmartine/.ssh/id_ecdsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/gmartine/.ssh/id_ecdsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/gmartine/.ssh/id_ed25519 type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/gmartine/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_7.5
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
    debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
    debug2: fd 4 setting O_NONBLOCK
    debug1: Authenticating to ixchel.astro.ucla.edu:22 as 'gmartine'
    debug3: send packet: type 20
    debug1: SSH2_MSG_KEXINIT sent
    debug3: receive packet: type 20
    debug1: SSH2_MSG_KEXINIT received
    debug2: local client KEXINIT proposal
    debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
    debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
    debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc
    debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc
    debug2: MACs ctos: umac-128-etm@openssh.com,umac-128@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-512
    debug2: MACs stoc: umac-128-etm@openssh.com,umac-128@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-512
    debug2: compression ctos: none,zlib@openssh.com,zlib
    debug2: compression stoc: none,zlib@openssh.com,zlib
    debug2: languages ctos: 
    debug2: languages stoc: 
    debug2: first_kex_follows 0 
    debug2: reserved 0 
    debug2: peer server KEXINIT proposal
    debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
    debug2: host key algorithms: ssh-rsa,ssh-dss
    debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
    debug2: MACs ctos: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: MACs stoc: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    debug2: compression ctos: none,zlib@openssh.com
    debug2: compression stoc: none,zlib@openssh.com
    debug2: languages ctos: 
    debug2: languages stoc: 
    debug2: first_kex_follows 0 
    debug2: reserved 0 
    debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
    debug1: kex: host key algorithm: ssh-rsa
    debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
    debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
    debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32
    debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32
    debug3: send packet: type 34
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
    Connection closed by 169.232.151.213 port 22

  11. #11
    Join Date
    Oct 2011
    Posts
    1,630

    Re: Fedora 26 broke ssh

    Port is open?

    Try to see if ssh service is still enabled.
    Code:
    $ sudo firewall-cmd --list-services

  12. #12
    Join Date
    Jun 2007
    Posts
    29

    Re: Fedora 26 broke ssh

    Ok, I think I figured out what's going on. The Fedora 26 openssh client version uses the "aes256-gcm@openssh.com" cipher by default whereas previous client versions used the "aes128-ctr" cipher by default. The ssh server I was logging into, while it supposedly supported the "aes256-gcm@openssh.com" cipher, had troubles with actually using this cipher (it used the older 7.1p2 openssh version). Specifically, the server gave this error:

    Code:
    fatal: matching cipher is not supported: aes256-gcm@openssh.com [preauth]
    But ssh, using the old cipher, works:

    Code:
    ssh -c aes128-ctr my_login@my_server.com
    Which leads me to ask: How can I get ssh to not use the "aes256-gcm@openssh.com" cipher by default?

    UPDATE: I changed the line in /etc/ssh/ssh_config from

    Code:
    # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
    to

    Code:
    Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
    thereby excluding the dreaded "aes256-gcm@openssh.com" cipher. Now it works fine.
    Last edited by LinGreg; 4th August 2017 at 10:07 PM.

Similar Threads

  1. Yum in Fedora 21 broke.
    By lsatenstein in forum F21 Development Forum
    Replies: 6
    Last Post: 17th November 2014, 01:09 AM
  2. [SOLVED] I broke something: Fedora 17/KDE
    By Solo1959 in forum Using Fedora
    Replies: 4
    Last Post: 2nd July 2012, 06:26 PM
  3. Fedora 13 broke my nic
    By AllanPen in forum Using Fedora
    Replies: 11
    Last Post: 24th December 2010, 06:39 PM
  4. I broke fedora ^_^
    By willc0de4food in forum Using Fedora
    Replies: 15
    Last Post: 3rd January 2008, 07:15 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •