Fedora Linux Support Community & Resources Center
  #1  
Old 4th August 2017, 02:18 AM
LinGreg Offline
Registered User
 
Join Date: Jun 2007
Posts: 29
linuxfedorafirefox
Fedora 26 broke ssh

Before Fedora 26, I was able to ssh into a remote computer. But after I upgraded (?) I now get the following error:

Connection closed by 169.232.151.211 port 22

This is what I know:

* It's not a router issue since I am able to login with other non-Fedora 26 computers.

* It's not a firewall issue since the problem persists if I shutdown the firewall (via service firewalld stop).

* It's not a selinux issue because the problem persists is a set selinux to permissive.

I also tried doing a fresh install, same issue. Does anyone have any clue on what's going on?

Last edited by LinGreg; 4th August 2017 at 02:25 AM.
Reply With Quote
  #2  
Old 4th August 2017, 02:59 AM
trekkie690 Offline
Registered User
 
Join Date: May 2009
Location: Texas
Posts: 90
windows_98_nt_2000firefox
Re: Fedora 26 broke ssh

what does your log look like? try command below
Quote:
$ journal -r -u sshd
Reply With Quote
  #3  
Old 4th August 2017, 03:32 AM
LinGreg Offline
Registered User
 
Join Date: Jun 2007
Posts: 29
linuxfedorachrome
Re: Fedora 26 broke ssh

I assume you meant "journalctl" instead of "journal"? For journalctl, the output is:

Code:
# journalctl -r -u sshd
-- No entries --
Reply With Quote
  #4  
Old 4th August 2017, 04:03 AM
trekkie690 Offline
Registered User
 
Join Date: May 2009
Location: Texas
Posts: 90
linuxfedorafirefox
Re: Fedora 26 broke ssh

Have you checked if the service is running, or at least enabled with systemctl?

Quote:
$ systemctl status sshd
Reply With Quote
  #5  
Old 4th August 2017, 04:30 AM
LinGreg Offline
Registered User
 
Join Date: Jun 2007
Posts: 29
linuxfedorachrome
Re: Fedora 26 broke ssh

Yep, it's running (I just restarted it):

Code:
$ systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor pre
   Active: active (running) since Thu 2017-08-03 20:28:05 PDT; 55s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 10767 (sshd)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/sshd.service
           └─10767 /usr/sbin/sshd -D
Reply With Quote
  #6  
Old 4th August 2017, 04:52 AM
osce0 Offline
Registered User
 
Join Date: May 2011
Posts: 169
linuxfirefox
Re: Fedora 26 broke ssh

try ssh -vvv YOURHOSTNAME and see what error message you get.

If you are not using a public key, check if the server disallows clear text passwords by looking at /etc/ssh/sshd_config PasswordAuthentication.
Reply With Quote
  #7  
Old 4th August 2017, 04:58 AM
LinGreg Offline
Registered User
 
Join Date: Jun 2007
Posts: 29
linuxfedorachrome
Re: Fedora 26 broke ssh

Hopefully, "ssh -D -d" can shed some light on this:

Code:
#/usr/sbin/sshd -D -d
debug1: sshd version OpenSSH_7.5, OpenSSL 1.1.0f-fips  25 May 2017
debug1: private host key #0: ssh-rsa SHA256:oDBKXsUs3LgRjBPcmL71i+CSlRrz5xnbOTc8eKCE1uo
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:DY+0Ldo7yXDpd0uHhHWyQbgNtxZNNz1Zh1uW3Z3bH9k
debug1: private host key #2: ssh-ed25519 SHA256:WS0CVVQGtp8np5vO4TaTcUMd0t+AHiGpZX7UVRpchdI
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-d'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.
debug1: Bind to port 22 on ::.
Bind to port 22 on :: failed: Address already in use.
Cannot bind any address.
Reply With Quote
  #8  
Old 4th August 2017, 05:35 AM
LinGreg Offline
Registered User
 
Join Date: Jun 2007
Posts: 29
linuxfedorachrome
Re: Fedora 26 broke ssh

The only error message in "ssh -vvv ..." is "Connection closed by 169.232.151.213 port 22", and PasswordAuthentication is set to yes
Reply With Quote
  #9  
Old 4th August 2017, 05:56 AM
LinGreg Offline
Registered User
 
Join Date: Jun 2007
Posts: 29
linuxfedorachrome
Re: Fedora 26 broke ssh

Has anyone running Fedora 26 solved this problem?
Reply With Quote
  #10  
Old 4th August 2017, 06:11 AM
LinGreg Offline
Registered User
 
Join Date: Jun 2007
Posts: 29
linuxfedorachrome
Re: Fedora 26 broke ssh

Here is the output of "ssh -vvvv":

Code:
OpenSSH_7.5p1, OpenSSL 1.1.0f-fips  25 May 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 56: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *
debug2: resolving "ixchel.astro.ucla.edu" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to ixchel.astro.ucla.edu [169.232.151.213] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/gmartine/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gmartine/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gmartine/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gmartine/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gmartine/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gmartine/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gmartine/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gmartine/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to ixchel.astro.ucla.edu:22 as 'gmartine'
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc
debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc
debug2: MACs ctos: umac-128-etm@openssh.com,umac-128@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-512
debug2: MACs stoc: umac-128-etm@openssh.com,umac-128@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,ssh-dss
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: MACs ctos: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: MACs stoc: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32
debug1: kex: diffie-hellman-group-exchange-sha256 need=32 dh_need=32
debug3: send packet: type 34
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
Connection closed by 169.232.151.213 port 22
Reply With Quote
  #11  
Old 4th August 2017, 09:19 AM
srakitnican Offline
Registered User
 
Join Date: Oct 2011
Posts: 1,438
linuxchrome
Re: Fedora 26 broke ssh

Port is open?

Try to see if ssh service is still enabled.
Code:
$ sudo firewall-cmd --list-services
Reply With Quote
  #12  
Old 4th August 2017, 09:25 PM
LinGreg Offline
Registered User
 
Join Date: Jun 2007
Posts: 29
linuxfedorachrome
Re: Fedora 26 broke ssh

Ok, I think I figured out what's going on. The Fedora 26 openssh client version uses the "aes256-gcm@openssh.com" cipher by default whereas previous client versions used the "aes128-ctr" cipher by default. The ssh server I was logging into, while it supposedly supported the "aes256-gcm@openssh.com" cipher, had troubles with actually using this cipher (it used the older 7.1p2 openssh version). Specifically, the server gave this error:

Code:
fatal: matching cipher is not supported: aes256-gcm@openssh.com [preauth]
But ssh, using the old cipher, works:

Code:
ssh -c aes128-ctr my_login@my_server.com
Which leads me to ask: How can I get ssh to not use the "aes256-gcm@openssh.com" cipher by default?

UPDATE: I changed the line in /etc/ssh/ssh_config from

Code:
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
to

Code:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
thereby excluding the dreaded "aes256-gcm@openssh.com" cipher. Now it works fine.

Last edited by LinGreg; 4th August 2017 at 10:07 PM.
Reply With Quote
Reply

Tags
broke, fedora, ssh

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Yum in Fedora 21 broke. lsatenstein F21 Development Forum 6 17th November 2014 01:09 AM
[SOLVED] I broke something: Fedora 17/KDE Solo1959 Using Fedora 4 2nd July 2012 06:26 PM
Fedora 13 broke my nic AllanPen Using Fedora 11 24th December 2010 06:39 PM
I broke fedora ^_^ willc0de4food Using Fedora 15 3rd January 2008 07:15 PM


Current GMT-time: 10:27 (Monday, 21-08-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat