Re: OpenSSH: cause of random kex_exchange_identification errors?

To: debian-user@lists.debian.org
Subject: Re: OpenSSH: cause of random kex_exchange_identification errors?
From: Hans <hans.ullrich@loop.de>
Date: Wed, 02 Feb 2022 16:12:32 +0100
Message-id: <[🔎] 3254240.Y3uBfgkYHO@protheus2>
In-reply-to: <[🔎] 20220202144432.GB157206@cventin.lip.ens-lyon.fr>
References: <[🔎] 20220202144432.GB157206@cventin.lip.ens-lyon.fr>

Am Mittwoch, 2. Februar 2022, 15:44:32 CET schrieb Vincent Lefevre:
Sounds weired. I wonder, if there is a typo. Your message beginning with 

kex_exchange_identif....

looks for me like a typo. I would have "key_exchange_...." expected.

However, I did not check this, and mybe this is correct. 
On the other side, maybe this typo causes (if it is really a typo!) some 
weired behaviour.

As I said, I may be wrong, but this is, what I did see at once.

Other reasons might be a timing problem on the network. Maybe you can take a 
look with wireshark or similar, if there are network problems.

Got this one day on my wireless part, had lots of packets to be recalled, 
which I did only see with wireshark and could not be noticed during normal 
internet use.

Just some ideas.....

Does this help? Guess, not really....

Best regards

Hans

> When I want to connect with SSH (ssh/scp) to some machine, I sometimes
> get errors, either
> 
> kex_exchange_identification: Connection closed by remote host
> 
> or
> 
> kex_exchange_identification: read: Connection reset by peer
> 
> immediately after the connection attempt. This happens randomly,
> and there are some periods where this happens quite often. The
> client machine doesn't seem to matter, and this issue also even
> occurs from machines on the local network.
> 
> With ssh -vvv, the output ends with
> 
> debug1: Local version string SSH-2.0-OpenSSH_8.7p1 Debian-4
> kex_exchange_identification: read: Connection reset by peer
> Connection reset by [...] port 22
> 
> In the source, this corresponds to function kex_exchange_identification
> in kex.c:
> 
>     len = atomicio(read, ssh_packet_get_connection_in(ssh),
>         &c, 1);
>     if (len != 1 && errno == EPIPE) {
>             error_f("Connection closed by remote host");
>             r = SSH_ERR_CONN_CLOSED;
>             goto out;
>     } else if (len != 1) {
>             oerrno = errno;
>             error_f("read: %.100s", strerror(errno));
>             r = SSH_ERR_SYSTEM_ERROR;
>             goto out;
>     }
> 
> so either with EPIPE or with ECONNRESET, and this apparently occurs
> before the exchange of banners.
> 
> I could reproduce the issue with telnet, which gives
> 
> [...]
> Escape character is '^]'.
> Connection closed by foreign host.
> 
> while one normally has
> 
> SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
> 
> just after the "Escape character..." line.
> 
> Note that this is different from a "Connection refused". Here, the
> connection is accepted, but immediately closed.
> 
> The admin of the machine could see nothing particular in the logs.
> He eventually modified the MaxStartups value, but this did not
> solve the issue (but AFAIK, if this were the cause, there would
> have been something about it in the logs). The machine has enough
> available memory.
> 
> Any idea about the possible cause of these random errors?

Reply to:

Follow-Ups:
- Re: OpenSSH: cause of random kex_exchange_identification errors?
  - From: Vincent Lefevre <vincent@vinc17.net>

References:
- OpenSSH: cause of random kex_exchange_identification errors?
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Re: OpenSSH: cause of random kex_exchange_identification errors?
Next by Date: Re: OpenSSH: cause of random kex_exchange_identification errors?
Previous by thread: Re: OpenSSH: cause of random kex_exchange_identification errors?
Next by thread: Re: OpenSSH: cause of random kex_exchange_identification errors?
Index(es):
- Date
- Thread