[plug] Looking for assistance with a recent Debian upgrade
Joe Aquilina
joe at chem.com.au
Wed Dec 18 09:43:06 AWST 2019
Dean
Here is a an output from a login attempt. The account name on both
machines is joe.
$ ssh -v <server>
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/joe/.ssh/config
debug1: /home/joe/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to <server> [ip.address of server] port 22.
debug1: Connection established.
debug1: identity file /home/joe/.ssh/id_rsa_halley type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/joe/.ssh/id_rsa_halley-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version
OpenSSH_7.9p1 Debian-10+deb10u1
debug1: match: OpenSSH_7.9p1 Debian-10+deb10u1 pat OpenSSH* compat
0x04000000
debug1: Authenticating to <server>:22 as 'joe'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:QV8T212i8K1hhd5P4GVpOFHsOtSDhA30GIlfRug/03c
The authenticity of host '<server> (ip.address of server)' can't be
established.
ECDSA key fingerprint is SHA256:QV8T212i8K1hhd5P4GVpOFHsOtSDhA30GIlfRug/03c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '<server>,ip.address of server' (ECDSA) to
the list of known hosts.
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA
SHA256:cxe0DjCO0G8l1o5GygqKYyG0kgDEPA2K9In3zFvuRsw
debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
debug1: Authentication succeeded (publickey).
Authenticated to <server> ([ip.address of server]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: pledge: network
packet_write_wait: Connection to ip.address of server port 22: Broken pipe
And the relevant lines from /var/log/auth.log from the server for that
login attempt, just in case they help:
Dec 18 09:29:56 <server> sshd[11051]: rexec line 86: Deprecated option
UseLogin
Dec 18 09:29:56 <server> sshd[11051]: Connection closed by <ip.address
of client> port 45462 [preauth]
Dec 18 09:30:15 <server> sshd[11091]: rexec line 86: Deprecated option
UseLogin
Dec 18 09:30:25 <server> sshd[11091]: Connection closed by <ip.address
of client> port 45468 [preauth]
Dec 18 09:30:28 <server> sshd[11110]: rexec line 86: Deprecated option
UseLogin
Dec 18 09:30:31 <server> sshd[11110]: Accepted publickey for joe from
<ip.address for client> port 45470 ssh2: RSA
SHA256:cxe0DjCO0G8l1o5GygqKYyG0kgDEPA2K9In3zFvuRsw
Dec 18 09:30:31 <server> sshd[11110]: fatal: privsep_preauth: preauth
child terminated by signal 31
Hope that helps identifying the cause of the problem. Happy to provide
more verbose output if required, or config files if required.
Cheers.
Joe Aquilina
On 17/12/19 7:07 pm, Dean Bergin wrote:
> Hello Joe,
>
> Ok, can you post sanitised vvv(v) output from a login attempt?
>
> Also, do you have console or out of band management access? You may
> want to check the server logs as well (if you haven't already) and
> consider increasing verbosity there too.
>
> I'm happy to take a look at sanitised logs (preferably filtered to
> just SSH) but no guarantees I can pinpoint the problem.
> Just hoping to spot wny clues that would hint at what the next step is
> in troubleshooting.
>
>
> Kind Regards,
>
> /Dean Bergin/.
>
> On Tue, 17 Dec 2019, 18:10 Joe Aquilina, <joe at chem.com.au
> <mailto:joe at chem.com.au>> wrote:
>
> Dean
>
> Yes, I have tried using the IPQoS throughput option, with no success.
>
> I have used -v(vv) when logging in, and am happy to provide
> examples when I login, but my knowledge is not good enough to be
> able to decipher what the extra verbosity is telling me.
>
> Cheers.
>
> Joe Aquilina
>
> On 17/12/19 4:55 pm, Dean Bergin wrote:
>> Hello Joe,
>>
>> Have you tried SSH with the IPQoS throughout option? The
>> following article suggested it (follow link from the post therein).
>>
>> Also, try increasing SSH verbosity with more v's ;-)
>>
>> https://bbs.archlinux.org/viewtopic.php?id=239982
>>
>> Hope that helps.
>>
>>
>> Kind Regards,
>>
>> /Dean Bergin/.
>>
>> On Tue, 17 Dec 2019, 16:18 Joe Aquilina, <joe at chem.com.au
>> <mailto:joe at chem.com.au>> wrote:
>>
>> Ben
>>
>> Thanks for that, and here goes:
>>
>> We have two Debian systems here, along with a bunch of
>> Kubuntu and Windows systems. Early last week I upgraded the
>> second of our Debian systems from stretch to buster. A few
>> days earlier, I had upgraded the other Debian system, also
>> from stretch to buster. That first upgrade went fine and
>> everything is working as expected.
>>
>> However the second (of course the more important system) did
>> not upgrade correctly. It is mostly ok, but I am unable to
>> ssh in to that machine. When I try to, I get this:
>>
>> packet_write_wait: Connection to 10.0.2.1 port 22: Broken pipe
>>
>> Searching on the net suggested I try adding
>> ServerAliveInterval and ServerAliveCountMax into the
>> sshd_config file - no luck there.
>>
>> I have tried removing (and purging) openssh again with no luck.
>>
>> I have also tried disabling ufw in case there problem was
>> there, no luck.
>>
>> Stopping ssh and sshd services and installing dropbear allows
>> me to login to the machine, and I can perform normal file
>> operations. However, this machine collects and distributes
>> our emails for all users on our LAN and the other machines
>> can't access the machine. There is another (off-site) Debian
>> machine that does an important overnight folder sync which it
>> is currently unable to do as it can't ssh in.
>>
>> My Linux/Debian knowledge is obviously pretty limited, and I
>> am not sure what to try next.
>>
>> What else can I provide that might help me solve this?
>>
>> Sorry to be a bit longwinded and possibly not precise enough
>> in my description of the problem. Thanks in advance for any
>> suggestions, advice or assistance.
>>
>> Cheers.
>>
>> Joe Aquilina
>>
>> On 17/12/19 3:55 pm, Benjamin wrote:
>>> Hi Joe,
>>>
>>> Yep, sounds good to me...
>>> ~ B
>>> (PLUG President)
>>>
>>> On Tue, Dec 17, 2019 at 2:57 PM Joe Aquilina
>>> <joe at chem.com.au <mailto:joe at chem.com.au>> wrote:
>>>
>>> Hello. I have just subscribed to this list with this
>>> address after being
>>> a long time lurker using my home email address.
>>>
>>> I am looking for technical assistance after a not quite
>>> successful
>>> recent Debian upgrade (from stretch to buster). Is it
>>> appropriate for me
>>> to do so here? My Linux knowledge is still pretty
>>> limited and I have not
>>> been able to find a solution to the problem through
>>> extensive searches
>>> on the internet.
>>>
>>> If that is a reasonable request, I will detail the
>>> problem, and what I
>>> have tried to do to fix it, in a separate email.
>>>
>>> Thanks in advance.
>>>
>>> Joe Aquilina
>>>
>>> --
>>> Joe Aquilina
>>> Central Chemical Consulting Pty Ltd
>>> PO Box 2546 Malaga WA 6944 Australia
>>> 1/11 Narloo St Malaga 6090 Australia
>>> Tel: +61 8 9248 2739 Fax: +61 8 9248 2749
>>> joe at chem.com.au <mailto:joe at chem.com.au> www.chem.com.au
>>> <http://www.chem.com.au>
>>>
>>> _______________________________________________
>>> PLUG discussion list: plug at plug.org.au
>>> <mailto:plug at plug.org.au>
>>> http://lists.plug.org.au/mailman/listinfo/plug
>>> Committee e-mail: committee at plug.org.au
>>> <mailto:committee at plug.org.au>
>>> PLUG Membership: http://www.plug.org.au/membership
>>>
>>
>> --
>> Joe Aquilina
>> Central Chemical Consulting Pty Ltd
>> PO Box 2546 Malaga WA 6944 Australia
>> 1/11 Narloo St Malaga 6090 Australia
>> Tel: +61 8 9248 2739 Fax: +61 8 9248 2749
>> joe at chem.com.au <mailto:joe at chem.com.au> www.chem.com.au <http://www.chem.com.au>
>>
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au <mailto:plug at plug.org.au>
>> http://lists.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.org.au
>> <mailto:committee at plug.org.au>
>> PLUG Membership: http://www.plug.org.au/membership
>>
>
> --
> Joe Aquilina
> Central Chemical Consulting Pty Ltd
> PO Box 2546 Malaga WA 6944 Australia
> 1/11 Narloo St Malaga 6090 Australia
> Tel: +61 8 9248 2739 Fax: +61 8 9248 2749
> joe at chem.com.au <mailto:joe at chem.com.au> www.chem.com.au <http://www.chem.com.au>
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au <mailto:plug at plug.org.au>
> http://lists.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.org.au <mailto:committee at plug.org.au>
> PLUG Membership: http://www.plug.org.au/membership
>
--
Joe Aquilina
Central Chemical Consulting Pty Ltd
PO Box 2546 Malaga WA 6944 Australia
1/11 Narloo St Malaga 6090 Australia
Tel: +61 8 9248 2739 Fax: +61 8 9248 2749
joe at chem.com.au www.chem.com.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20191218/16980e6b/attachment.html>
More information about the plug
mailing list