Saturday, April 27, 2024
Homepage · server
 Popular · Latest · Hot · Upcoming
3
rated 0 times [  3] [ 0]  / answers: 1 / hits: 4526  / 2 Years ago, tue, january 18, 2022, 1:23:14

After upgrading my Ubuntu Server from release 13.04 to 13.10 (do-release-upgrade), I can not connect to the server anymore, SSH closing connections immediately (after sending SSH2_MSG_KEXINIT). It worked well before upgrade and restart of the server.



~$ ssh -v superuser@MYHOST

OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

[...]

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_6.2

debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2p2 Ubuntu-6ubuntu0.1

debug1: match: OpenSSH_6.2p2 Ubuntu-6ubuntu0.1 pat OpenSSH*

debug1: SSH2_MSG_KEXINIT sent

Connection closed by 123.123.123.123


As I had versioned the system configuration files, I can see that /etc/hosts.allow, /etc/hosts.deny did not change, nor did /etc/ssh/sshd_config.



I checked some similar questions on AskUbuntu, StackExchange and SuperUser, but none of them solves this case, so I'm submitting it again.



A few issues I checked:




  1. AskUbuntu · Upgrade from 13.04 to 13.10 broke remote SSH access? · 10.11.2013

  2. Superuser · Not able to connect with server. Connection closed by remote server · 10.08.2013

  3. StackOverflow · SSH: Connection closed by remote server · 08.08.2013

  4. StackOverflow · ssh connection stop at “debug1: SSH2_MSG_KEXINIT sent” [closed] · 4.03.2010


More From » server
 Answers
6

Examining the log file /var/log/auth.log on the server, to which I connected thru the KVM-over-IP console, I found out that the SSH daemon was ignoring the server private key files ssh_host_rsa_key, ssh_host_dsa_key, ssh_host_ecdsa_key, while complaining about their permissions:



# tail -f /var/log/auth.log

[…]

Feb 21 13:49:18 MYHOST sshd[14646]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Feb 21 13:49:18 MYHOST sshd[14646]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @

Feb 21 13:49:18 MYHOST sshd[14646]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Feb 21 13:49:18 MYHOST sshd[14646]: error: Permissions 0644 for '/etc/ssh/ssh_host_rsa_key' are too open.

Feb 21 13:49:18 MYHOST sshd[14646]: error: It is required that your private key files are NOT accessible by others.

Feb 21 13:49:18 MYHOST sshd[14646]: error: This private key will be ignored.

Feb 21 13:49:18 MYHOST sshd[14646]: error: bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key

Feb 21 13:49:18 MYHOST sshd[14646]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key

[…]


I restricted the permissions and restarted the SSH daemon, which solved my issue:



# cd /etc/ssh

# chmod go-r *

# initctl restart ssh

[#26881] Wednesday, January 19, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
istictroubli
Add To Favorites
Follow
Total Points: 306
Total Questions: 96
Total Answers: 114
Location: Sao Tome and Principe
Member since Wed, Jul 13, 2022
2 Years ago
istictroubli questions
Sun, Jun 5, 22, 14:23, 2 Years ago
Sun, Feb 26, 23, 15:40, 1 Year ago
Fri, Mar 31, 23, 06:07, 1 Year ago
Mon, Jan 23, 23, 16:45, 1 Year ago
Tue, Nov 16, 21, 09:20, 3 Years ago
View All
;