Bug#1006463: openssh-client: Can't login on two i386 boxes anymore since the server-side has been upgraded to 8.9p1: "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY"

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1006463: openssh-client: Can't login on two i386 boxes anymore since the server-side has been upgraded to 8.9p1: "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY"
From: Axel Beckert <abe@debian.org>
Date: Fri, 25 Feb 2022 21:38:31 +0100
Message-id: <[🔎] 87zgmewuk8.fsf@c6.deuxchevaux.org>
Reply-to: Axel Beckert <abe@debian.org>, 1006463@bugs.debian.org

Package: openssh-server
Version: 1:8.9p1-2
Severity: grave

Hi,

TL;DR: OpenSSH clients (at least 8.8 and 8.9) can't talk with OpenSSH
8.9 servers in some cases (common property so far: if and only if it's
i386 on the server-side), but 8.9 clients can talk with 8.8 servers in
the same cases (i.e. i386 on the server-side) after downgrading the
server-side. i386 OpenSSH clients can't talk to i386 8.9 servers either.

Full details:

Since I've upgraded my Debian Unstable boxes to 1:8.9p1-2, I can't login
from my desktop (Sid amd64) to at least two hosts (both Sid i386)
anymore:

~ → ssh -v 192.168.1.179
OpenSSH_8.9p1 Debian-2, OpenSSL 1.1.1m  14 Dec 2021
debug1: Reading configuration data /home/abe/.ssh/config
debug1: /home/abe/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.179 [192.168.1.179] port 22.
debug1: Connection established.
debug1: identity file /home/abe/.ssh/id_rsa type 0
debug1: identity file /home/abe/.ssh/id_rsa-cert type -1
debug1: identity file /home/abe/.ssh/id_ecdsa type 2
debug1: identity file /home/abe/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/abe/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/abe/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/abe/.ssh/id_ed25519 type 3
debug1: identity file /home/abe/.ssh/id_ed25519-cert type -1
debug1: identity file /home/abe/.ssh/id_ed25519_sk type -1
debug1: identity file /home/abe/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/abe/.ssh/id_xmss type -1
debug1: identity file /home/abe/.ssh/id_xmss-cert type -1
debug1: identity file /home/abe/.ssh/id_dsa type -1
debug1: identity file /home/abe/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Debian-2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Debian-2
debug1: compat_banner: match: OpenSSH_8.9p1 Debian-2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.179:22 as 'abe'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection reset by 192.168.1.179 port 22

~ → ssh -v 192.168.1.108
OpenSSH_8.9p1 Debian-2, OpenSSL 1.1.1m  14 Dec 2021
debug1: Reading configuration data /home/abe/.ssh/config
debug1: /home/abe/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.108 [192.168.1.108] port 22.
debug1: Connection established.
debug1: identity file /home/abe/.ssh/id_rsa type 0
debug1: identity file /home/abe/.ssh/id_rsa-cert type -1
debug1: identity file /home/abe/.ssh/id_ecdsa type 2
debug1: identity file /home/abe/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/abe/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/abe/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/abe/.ssh/id_ed25519 type 3
debug1: identity file /home/abe/.ssh/id_ed25519-cert type -1
debug1: identity file /home/abe/.ssh/id_ed25519_sk type -1
debug1: identity file /home/abe/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/abe/.ssh/id_xmss type -1
debug1: identity file /home/abe/.ssh/id_xmss-cert type -1
debug1: identity file /home/abe/.ssh/id_dsa type -1
debug1: identity file /home/abe/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Debian-2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Debian-2
debug1: compat_banner: match: OpenSSH_8.9p1 Debian-2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.108:22 as 'abe'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
ssh_dispatch_run_fatal: Connection to 192.168.1.108 port 22: Broken pipe

I though still can login on an Sid amd64 running VM:

~ → ssh -v 192.0.2.21
OpenSSH_8.9p1 Debian-2, OpenSSL 1.1.1m  14 Dec 2021
debug1: Reading configuration data /home/abe/.ssh/config
debug1: /home/abe/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.0.2.21 [192.0.2.21] port 22.
debug1: Connection established.
debug1: identity file /home/abe/.ssh/id_rsa type 0
debug1: identity file /home/abe/.ssh/id_rsa-cert type -1
debug1: identity file /home/abe/.ssh/id_ecdsa type 2
debug1: identity file /home/abe/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/abe/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/abe/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/abe/.ssh/id_ed25519 type 3
debug1: identity file /home/abe/.ssh/id_ed25519-cert type -1
debug1: identity file /home/abe/.ssh/id_ed25519_sk type -1
debug1: identity file /home/abe/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/abe/.ssh/id_xmss type -1
debug1: identity file /home/abe/.ssh/id_xmss-cert type -1
debug1: identity file /home/abe/.ssh/id_dsa type -1
debug1: identity file /home/abe/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Debian-2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Debian-2
debug1: compat_banner: match: OpenSSH_8.9p1 Debian-2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.0.2.21:22 as 'abe'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:8H…
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.0.2.21' is known and matches the RSA host key.
debug1: Found key in /home/abe/.ssh/known_hosts:370
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: agent returned 6 keys
debug1: Will attempt key: /home/abe/.ssh/id_rsa RSA SHA256:AO… agent
debug1: Will attempt key: /home/abe/.ssh/id_ecdsa ECDSA SHA256:n0… agent
debug1: Will attempt key: /home/abe/.ssh/id_ed25519 ED25519 SHA256:HV… agent
debug1: Will attempt key: /home/abe/.ssh/id_rsa RSA SHA256:nS… agent
debug1: Will attempt key: /home/abe/.ssh/id_ecdsa ECDSA SHA256:kC… agent
debug1: Will attempt key: abe@emehari ED25519 SHA256:En… agent
debug1: Will attempt key: /home/abe/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/abe/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/abe/.ssh/id_xmss
debug1: Will attempt key: /home/abe/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/abe/.ssh/id_rsa RSA SHA256:AO… agent
debug1: Server accepts key: /home/abe/.ssh/id_rsa RSA SHA256:AO… agent
Authenticated to 192.0.2.21 ([192.0.2.21]:22) using "publickey".
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: client_input_hostkeys: searching /home/abe/.ssh/known_hosts for 192.0.2.21 / (none)
debug1: client_input_hostkeys: searching /home/abe/.ssh/known_hosts2 for 192.0.2.21 / (none)
debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update
debug1: Remote: /home/abe/.ssh/authorized_keys:26: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /home/abe/.ssh/authorized_keys:26: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Sending environment.
debug1: channel 0: setting env LANG = "C.UTF-8"
debug1: channel 0: setting env TERM = "xterm-256color"
debug1: channel 0: setting env GIT_EDITOR = "zile"
debug1: channel 0: setting env GIT_COMMITTER_NAME = "Axel Beckert"
debug1: channel 0: setting env GIT_AUTHOR_NAME = "Axel Beckert"
debug1: channel 0: setting env GIT_COMMITTER_EMAIL = "abe@d….org"
debug1: channel 0: setting env GIT_AUTHOR_EMAIL = "abe@….org"
Linux example 5.16.0-1-amd64 #1 SMP PREEMPT Debian 5.16.7-2 (2022-02-09) x86_64
[…]

Downgrading the openssh-server on the server-side (and hence all other
openssh-built packages on the server-side as well) resolves the issue:

~ → ssh -v 192.168.1.179
OpenSSH_8.9p1 Debian-2, OpenSSL 1.1.1m  14 Dec 2021
debug1: Reading configuration data /home/abe/.ssh/config
debug1: /home/abe/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.179 [192.168.1.179] port 22.
debug1: Connection established.
debug1: identity file /home/abe/.ssh/id_rsa type 0
debug1: identity file /home/abe/.ssh/id_rsa-cert type -1
debug1: identity file /home/abe/.ssh/id_ecdsa type 2
debug1: identity file /home/abe/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/abe/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/abe/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/abe/.ssh/id_ed25519 type 3
debug1: identity file /home/abe/.ssh/id_ed25519-cert type -1
debug1: identity file /home/abe/.ssh/id_ed25519_sk type -1
debug1: identity file /home/abe/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/abe/.ssh/id_xmss type -1
debug1: identity file /home/abe/.ssh/id_xmss-cert type -1
debug1: identity file /home/abe/.ssh/id_dsa type -1
debug1: identity file /home/abe/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Debian-2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8p1 Debian-1
debug1: compat_banner: match: OpenSSH_8.8p1 Debian-1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.179:22 as 'abe'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:sX…
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.1.179' is known and matches the ECDSA host key.
debug1: Found key in /home/abe/.ssh/known_hosts:472
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: agent returned 6 keys
debug1: Will attempt key: /home/abe/.ssh/id_rsa RSA SHA256:AO… agent
debug1: Will attempt key: /home/abe/.ssh/id_ecdsa ECDSA SHA256:n0… agent
debug1: Will attempt key: /home/abe/.ssh/id_ed25519 ED25519 SHA256:HV… agent
debug1: Will attempt key: /home/abe/.ssh/id_rsa RSA SHA256:nS… agent
debug1: Will attempt key: /home/abe/.ssh/id_ecdsa ECDSA SHA256:kC… agent
debug1: Will attempt key: abe@emehari ED25519 SHA256:En… agent
debug1: Will attempt key: /home/abe/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/abe/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/abe/.ssh/id_xmss
debug1: Will attempt key: /home/abe/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/abe/.ssh/id_rsa RSA SHA256:AO… agent
debug1: Server accepts key: /home/abe/.ssh/id_rsa RSA SHA256:AO… agent
Authenticated to 192.168.1.179 ([192.168.1.179]:22) using "publickey".
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: filesystem
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: client_input_hostkeys: searching /home/abe/.ssh/known_hosts for 192.168.1.179 / (none)
debug1: client_input_hostkeys: searching /home/abe/.ssh/known_hosts2 for 192.168.1.179 / (none)
debug1: client_input_hostkeys: no new or deprecated keys from server
debug1: Remote: /home/abe/.ssh/authorized_keys:12: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /home/abe/.ssh/authorized_keys:12: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Sending environment.
debug1: channel 0: setting env LANG = "C.UTF-8"
debug1: channel 0: setting env TERM = "xterm-256color"
debug1: channel 0: setting env GIT_EDITOR = "zile"
debug1: channel 0: setting env GIT_COMMITTER_NAME = "Axel Beckert"
debug1: channel 0: setting env GIT_AUTHOR_NAME = "Axel Beckert"
debug1: channel 0: setting env GIT_COMMITTER_EMAIL = "abe@….org"
debug1: channel 0: setting env GIT_AUTHOR_EMAIL = "abe@….org"
Linux example2 5.15.0-3-686-pae #1 SMP Debian 5.15.15-1 (2022-01-18) i686
[…]

And just to cross-check the other way round, here's a try connecting
with the 8.8 client to one of the issues having 8.9 clients:

~ → ssh -v 192.168.1.108
OpenSSH_8.8p1 Debian-1, OpenSSL 1.1.1m  14 Dec 2021
debug1: Reading configuration data /home/abe/.ssh/config
debug1: /home/abe/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.108 [192.168.1.108] port 22.
debug1: Connection established.
debug1: identity file /home/abe/.ssh/id_rsa type 0
debug1: identity file /home/abe/.ssh/id_rsa-cert type -1
debug1: identity file /home/abe/.ssh/id_dsa type -1
debug1: identity file /home/abe/.ssh/id_dsa-cert type -1
debug1: identity file /home/abe/.ssh/id_ecdsa type 2
debug1: identity file /home/abe/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/abe/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/abe/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/abe/.ssh/id_ed25519 type 3
debug1: identity file /home/abe/.ssh/id_ed25519-cert type -1
debug1: identity file /home/abe/.ssh/id_ed25519_sk type -1
debug1: identity file /home/abe/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/abe/.ssh/id_xmss type -1
debug1: identity file /home/abe/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8p1 Debian-1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Debian-2
debug1: compat_banner: match: OpenSSH_8.9p1 Debian-2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.108:22 as 'abe'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection reset by 192.168.1.108 port 22

So the issue is clearly on the server-side. And so far I only ran into
it with OpenSSH 8.9 on i386 on the server-side and all my (two) i386 Sid
boxes are affected.

Even connecting from one of them (the one I downgraded already to 8.8)
to the other one (i.e. i386 8.8 client to i386 8.9 server) fails:

~ → ssh -v 192.168.1.108
OpenSSH_8.8p1 Debian-1, OpenSSL 1.1.1m  14 Dec 2021
debug1: Reading configuration data /home/abe/.ssh/config
debug1: /home/abe/.ssh/config line 123: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.108 [192.168.1.108] port 22.
debug1: Connection established.
debug1: identity file /home/abe/.ssh/id_rsa type 0
debug1: identity file /home/abe/.ssh/id_rsa-cert type -1
debug1: identity file /home/abe/.ssh/id_dsa type 1
debug1: identity file /home/abe/.ssh/id_dsa-cert type -1
debug1: identity file /home/abe/.ssh/id_ecdsa type -1
debug1: identity file /home/abe/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/abe/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/abe/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/abe/.ssh/id_ed25519 type 3
debug1: identity file /home/abe/.ssh/id_ed25519-cert type -1
debug1: identity file /home/abe/.ssh/id_ed25519_sk type -1
debug1: identity file /home/abe/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/abe/.ssh/id_xmss type -1
debug1: identity file /home/abe/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8p1 Debian-1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Debian-2
debug1: compat_banner: match: OpenSSH_8.9p1 Debian-2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.1.108:22 as 'abe'
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
ssh_dispatch_run_fatal: Connection to 192.168.1.108 port 22: Broken pipe

Hint: Bug report written on the client side, i.e. on the amd64 box from
which I initially tried to connect to one of the i386 boxes.

Can dig up further details on the i386 boxes if wanted. Will though soon
downgrade the remaining one to 8.8 from Testing, too. Can also upgrade
to 8.9 again for some testing if needed.

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1, 'buildd-experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.16.0-1-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_CPU_OUT_OF_SPEC, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages openssh-client depends on:
ii  adduser           3.118
ii  dpkg              1.21.1
ii  libc6             2.33-7
ii  libedit2          3.1-20210910-1
ii  libfido2-1        1.10.0-1
ii  libgssapi-krb5-2  1.19.2-2
ii  libselinux1       3.3-1+b1
ii  libssl1.1         1.1.1m-1
ii  passwd            1:4.11.1+dfsg1-1
ii  zlib1g            1:1.2.11.dfsg-2

Versions of packages openssh-client recommends:
ii  xauth  1:1.1-1

Versions of packages openssh-client suggests:
pn  keychain                              <none>
ii  kwalletcli [ssh-askpass]              3.03-1
pn  libpam-ssh                            <none>
ii  lxqt-openssh-askpass [ssh-askpass]    0.16.0-1
ii  monkeysphere                          0.43-3.1
ii  ssh-askpass-fullscreen [ssh-askpass]  0.3-3.1+b3

-- no debconf information

Reply to:

Follow-Ups:
- Bug#1006463: openssh-server: Can't login on two i386 boxes anymore since the server-side has been upgraded to 8.9p1: "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY" -> also affects armhf
  - From: Axel Beckert <abe@debian.org>
- Processed: Re: Bug#1006463: openssh-server: Can't login on two i386 boxes anymore since the server-side has been upgraded to 8.9p1: "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY" -> also affects armhf
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1006463: openssh-client: Can't login on two i386 boxes anymore since the server-side has been upgraded to 8.9p1: "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY"
  - From: Colin Watson <cjwatson@debian.org>
- Processed: Re: Bug#1006463: openssh-client: Can't login on two i386 boxes anymore since the server-side has been upgraded to 8.9p1: "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY"
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1006463: marked as done (openssh-server: Can't login on any 32-bit box anymore after the server-side has been upgraded to 8.9p1: "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY")
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#1004427: openssh-server: Connection reset when trying to establish a connection on armhf
Next by Date: Processed: retitle 1006463 to openssh-server: Can't login on two i386 boxes anymore since the server-side has been upgraded to 8.9p1: "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY"
Previous by thread: Bug#1006445: marked as done (openssh-server: Killed by seccomp after accepting connection (i386))
Next by thread: Bug#1006463: openssh-server: Can't login on two i386 boxes anymore since the server-side has been upgraded to 8.9p1: "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY" -> also affects armhf
Index(es):
- Date
- Thread