<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">Dean</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Here is a an output from a login
attempt. The account name on both machines is joe.<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><tt>$ ssh -v <server></tt><tt><br>
</tt><tt>OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec
2017</tt><tt><br>
</tt><tt>debug1: Reading configuration data /home/joe/.ssh/config</tt><tt><br>
</tt><tt>debug1: /home/joe/.ssh/config line 1: Applying options
for *</tt><tt><br>
</tt><tt>debug1: Reading configuration data /etc/ssh/ssh_config</tt><tt><br>
</tt><tt>debug1: /etc/ssh/ssh_config line 19: Applying options for
*</tt><tt><br>
</tt><tt>debug1: Connecting to <server> [ip.address of
server] port 22.</tt><tt><br>
</tt><tt>debug1: Connection established.</tt><tt><br>
</tt><tt>debug1: identity file /home/joe/.ssh/id_rsa_halley type 0</tt><tt><br>
</tt><tt>debug1: key_load_public: No such file or directory</tt><tt><br>
</tt><tt>debug1: identity file /home/joe/.ssh/id_rsa_halley-cert
type -1</tt><tt><br>
</tt><tt>debug1: Local version string SSH-2.0-OpenSSH_7.6p1
Ubuntu-4ubuntu0.3</tt><tt><br>
</tt><tt>debug1: Remote protocol version 2.0, remote software
version OpenSSH_7.9p1 Debian-10+deb10u1</tt><tt><br>
</tt><tt>debug1: match: OpenSSH_7.9p1 Debian-10+deb10u1 pat
OpenSSH* compat 0x04000000</tt><tt><br>
</tt><tt>debug1: Authenticating to <server>:22 as 'joe'</tt><tt><br>
</tt><tt>debug1: SSH2_MSG_KEXINIT sent</tt><tt><br>
</tt><tt>debug1: SSH2_MSG_KEXINIT received</tt><tt><br>
</tt><tt>debug1: kex: algorithm: curve25519-sha256</tt><tt><br>
</tt><tt>debug1: kex: host key algorithm: ecdsa-sha2-nistp256</tt><tt><br>
</tt><tt>debug1: kex: server->client cipher:
<a class="moz-txt-link-abbreviated" href="mailto:chacha20-poly1305@openssh.com">chacha20-poly1305@openssh.com</a> MAC: <implicit> compression:
none</tt><tt><br>
</tt><tt>debug1: kex: client->server cipher:
<a class="moz-txt-link-abbreviated" href="mailto:chacha20-poly1305@openssh.com">chacha20-poly1305@openssh.com</a> MAC: <implicit> compression:
none</tt><tt><br>
</tt><tt>debug1: expecting SSH2_MSG_KEX_ECDH_REPLY</tt><tt><br>
</tt><tt>debug1: Server host key: ecdsa-sha2-nistp256
SHA256:QV8T212i8K1hhd5P4GVpOFHsOtSDhA30GIlfRug/03c</tt><tt><br>
</tt><tt>The authenticity of host '<server> (ip.address of
server)' can't be established.</tt><tt><br>
</tt><tt>ECDSA key fingerprint is
SHA256:QV8T212i8K1hhd5P4GVpOFHsOtSDhA30GIlfRug/03c.</tt><tt><br>
</tt><tt>Are you sure you want to continue connecting (yes/no)?
yes</tt><tt><br>
</tt><tt>Warning: Permanently added '<server>,ip.address of
server' (ECDSA) to the list of known hosts.</tt><tt><br>
</tt><tt>debug1: rekey after 134217728 blocks</tt><tt><br>
</tt><tt>debug1: SSH2_MSG_NEWKEYS sent</tt><tt><br>
</tt><tt>debug1: expecting SSH2_MSG_NEWKEYS</tt><tt><br>
</tt><tt>debug1: SSH2_MSG_NEWKEYS received</tt><tt><br>
</tt><tt>debug1: rekey after 134217728 blocks</tt><tt><br>
</tt><tt>debug1: SSH2_MSG_EXT_INFO received</tt><tt><br>
</tt><tt>debug1: kex_input_ext_info:
server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521></tt><tt><br>
</tt><tt>debug1: SSH2_MSG_SERVICE_ACCEPT received</tt><tt><br>
</tt><tt>debug1: Authentications that can continue:
publickey,password</tt><tt><br>
</tt><tt>debug1: Next authentication method: publickey</tt><tt><br>
</tt><tt>debug1: Offering public key: RSA
SHA256:cxe0DjCO0G8l1o5GygqKYyG0kgDEPA2K9In3zFvuRsw </tt><tt><br>
</tt><tt>debug1: Server accepts key: pkalg rsa-sha2-512 blen 535</tt><tt><br>
</tt><tt>debug1: Authentication succeeded (publickey).</tt><tt><br>
</tt><tt>Authenticated to <server> ([ip.address of
server]:22).</tt><tt><br>
</tt><tt>debug1: channel 0: new [client-session]</tt><tt><br>
</tt><tt>debug1: Requesting <a class="moz-txt-link-abbreviated" href="mailto:no-more-sessions@openssh.com">no-more-sessions@openssh.com</a></tt><tt><br>
</tt><tt>debug1: Entering interactive session.</tt><tt><br>
</tt><tt>debug1: pledge: network</tt><tt><br>
</tt><tt>packet_write_wait: Connection to ip.address of server
port 22: Broken pipe</tt></div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">And the relevant lines from
/var/log/auth.log from the server for that login attempt, just in
case they help:</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><tt>Dec 18 09:29:56 <server>
sshd[11051]: rexec line 86: Deprecated option UseLogin</tt><tt><br>
</tt><tt>Dec 18 09:29:56 <server> sshd[11051]: Connection
closed by <ip.address of client> port 45462 [preauth]</tt><tt><br>
</tt><tt>Dec 18 09:30:15 <server> sshd[11091]: rexec line
86: Deprecated option UseLogin</tt><tt><br>
</tt><tt>Dec 18 09:30:25 <server> sshd[11091]: Connection
closed by <ip.address of client> port 45468 [preauth]</tt><tt><br>
</tt><tt>Dec 18 09:30:28 <server> sshd[11110]: rexec line
86: Deprecated option UseLogin</tt><tt><br>
</tt><tt>Dec 18 09:30:31 <server> sshd[11110]: Accepted
publickey for joe from <ip.address for client> port 45470
ssh2: RSA SHA256:cxe0DjCO0G8l1o5GygqKYyG0kgDEPA2K9In3zFvuRsw</tt><tt><br>
</tt><tt>Dec 18 09:30:31 <server> sshd[11110]: fatal:
privsep_preauth: preauth child terminated by signal 31</tt><tt><br>
</tt><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Hope that helps identifying the cause
of the problem. Happy to provide more verbose output if required,
or config files if required.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Cheers.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Joe Aquilina</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 17/12/19 7:07 pm, Dean Bergin wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CACCjKfRbARuwnKM=OdZ3=L8g6Wtrbk5b8L7cjmPtgJrgAX1Gcg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="auto">Hello Joe,
<div dir="auto"><br>
</div>
<div dir="auto">Ok, can you post sanitised vvv(v) output from a
login attempt?</div>
<div dir="auto"><br>
</div>
<div dir="auto">Also, do you have console or out of band
management access? You may want to check the server logs as
well (if you haven't already) and consider increasing
verbosity there too.</div>
<div dir="auto"><br>
</div>
<div dir="auto">I'm happy to take a look at sanitised logs
(preferably filtered to just SSH) but no guarantees I can
pinpoint the problem.</div>
<div dir="auto">Just hoping to spot wny clues that would hint at
what the next step is in troubleshooting.</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">Kind Regards,</div>
<div dir="auto"><br>
</div>
<div dir="auto"><i>Dean Bergin</i>.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, 17 Dec 2019, 18:10 Joe
Aquilina, <<a href="mailto:joe@chem.com.au"
moz-do-not-send="true">joe@chem.com.au</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>Dean</div>
<div><br>
</div>
<div>Yes, I have tried using the IPQoS throughput option,
with no success.</div>
<div><br>
</div>
<div>I have used -v(vv) when logging in, and am happy to
provide examples when I login, but my knowledge is not
good enough to be able to decipher what the extra
verbosity is telling me.<br>
</div>
<div><br>
</div>
<div>Cheers.</div>
<div><br>
</div>
<div>Joe Aquilina<br>
</div>
<div><br>
</div>
<div>On 17/12/19 4:55 pm, Dean Bergin wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">Hello Joe,
<div dir="auto"><br>
</div>
<div dir="auto">Have you tried SSH with the IPQoS
throughout option? The following article suggested it
(follow link from the post therein).</div>
<div dir="auto"><br>
</div>
<div dir="auto">Also, try increasing SSH verbosity with
more v's ;-)</div>
<div dir="auto"><br>
</div>
<div dir="auto"><a
href="https://bbs.archlinux.org/viewtopic.php?id=239982"
target="_blank" rel="noreferrer"
moz-do-not-send="true">https://bbs.archlinux.org/viewtopic.php?id=239982</a><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">Hope that helps.</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">Kind Regards,</div>
<div dir="auto"><br>
</div>
<div dir="auto"><i>Dean Bergin</i>.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, 17 Dec 2019,
16:18 Joe Aquilina, <<a
href="mailto:joe@chem.com.au" target="_blank"
rel="noreferrer" moz-do-not-send="true">joe@chem.com.au</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>Ben</div>
<div><br>
</div>
<div>Thanks for that, and here goes:</div>
<div><br>
</div>
<div>We have two Debian systems here, along with a
bunch of Kubuntu and Windows systems. Early last
week I upgraded the second of our Debian systems
from stretch to buster. A few days earlier, I had
upgraded the other Debian system, also from
stretch to buster. That first upgrade went fine
and everything is working as expected.</div>
<div><br>
</div>
<div>However the second (of course the more
important system) did not upgrade correctly. It is
mostly ok, but I am unable to ssh in to that
machine. When I try to, I get this:</div>
<div><br>
</div>
<div>packet_write_wait: Connection to 10.0.2.1 port
22: Broken pipe</div>
<div><br>
</div>
<div>Searching on the net suggested I try adding
ServerAliveInterval and ServerAliveCountMax into
the sshd_config file - no luck there.<br>
</div>
<div><br>
</div>
<div>I have tried removing (and purging) openssh
again with no luck.</div>
<div><br>
</div>
<div>I have also tried disabling ufw in case there
problem was there, no luck.<br>
</div>
<div><br>
</div>
<div>Stopping ssh and sshd services and installing
dropbear allows me to login to the machine, and I
can perform normal file operations. However, this
machine collects and distributes our emails for
all users on our LAN and the other machines can't
access the machine. There is another (off-site)
Debian machine that does an important overnight
folder sync which it is currently unable to do as
it can't ssh in.<br>
</div>
<div><br>
</div>
<div>My Linux/Debian knowledge is obviously pretty
limited, and I am not sure what to try next.<br>
</div>
<div><br>
</div>
<div>What else can I provide that might help me
solve this?</div>
<div><br>
</div>
<div>Sorry to be a bit longwinded and possibly not
precise enough in my description of the problem.
Thanks in advance for any suggestions, advice or
assistance.</div>
<div><br>
</div>
<div>Cheers.</div>
<div><br>
</div>
<div>Joe Aquilina<br>
</div>
<div><br>
</div>
<div>On 17/12/19 3:55 pm, Benjamin wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Joe,
<div><br>
</div>
<div>Yep, sounds good to me...</div>
<div>~ B</div>
<div>(PLUG President)</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, Dec
17, 2019 at 2:57 PM Joe Aquilina <<a
href="mailto:joe@chem.com.au"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">joe@chem.com.au</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Hello. I
have just subscribed to this list with this
address after being <br>
a long time lurker using my home email
address.<br>
<br>
I am looking for technical assistance after a
not quite successful <br>
recent Debian upgrade (from stretch to
buster). Is it appropriate for me <br>
to do so here? My Linux knowledge is still
pretty limited and I have not <br>
been able to find a solution to the problem
through extensive searches <br>
on the internet.<br>
<br>
If that is a reasonable request, I will detail
the problem, and what I <br>
have tried to do to fix it, in a separate
email.<br>
<br>
Thanks in advance.<br>
<br>
Joe Aquilina<br>
<br>
-- <br>
Joe Aquilina<br>
Central Chemical Consulting Pty Ltd<br>
PO Box 2546 Malaga WA 6944 Australia<br>
1/11 Narloo St Malaga 6090 Australia<br>
Tel: +61 8 9248 2739 Fax: +61 8 9248 2749<br>
<a href="mailto:joe@chem.com.au"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">joe@chem.com.au</a>
<a href="http://www.chem.com.au"
rel="noreferrer noreferrer noreferrer"
target="_blank" moz-do-not-send="true">www.chem.com.au</a><br>
<br>
_______________________________________________<br>
PLUG discussion list: <a
href="mailto:plug@plug.org.au"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">plug@plug.org.au</a><br>
<a
href="http://lists.plug.org.au/mailman/listinfo/plug"
rel="noreferrer noreferrer noreferrer"
target="_blank" moz-do-not-send="true">http://lists.plug.org.au/mailman/listinfo/plug</a><br>
Committee e-mail: <a
href="mailto:committee@plug.org.au"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">committee@plug.org.au</a><br>
PLUG Membership: <a
href="http://www.plug.org.au/membership"
rel="noreferrer noreferrer noreferrer"
target="_blank" moz-do-not-send="true">http://www.plug.org.au/membership</a><br>
</blockquote>
</div>
</blockquote>
<p><br>
</p>
<pre cols="72">--
Joe Aquilina
Central Chemical Consulting Pty Ltd
PO Box 2546 Malaga WA 6944 Australia
1/11 Narloo St Malaga 6090 Australia
Tel: +61 8 9248 2739 Fax: +61 8 9248 2749
<a href="mailto:joe@chem.com.au" rel="noreferrer noreferrer" target="_blank" moz-do-not-send="true">joe@chem.com.au</a> <a href="http://www.chem.com.au" rel="noreferrer noreferrer" target="_blank" moz-do-not-send="true">www.chem.com.au</a></pre>
</div>
_______________________________________________<br>
PLUG discussion list: <a
href="mailto:plug@plug.org.au" rel="noreferrer
noreferrer" target="_blank" moz-do-not-send="true">plug@plug.org.au</a><br>
<a
href="http://lists.plug.org.au/mailman/listinfo/plug"
rel="noreferrer noreferrer noreferrer"
target="_blank" moz-do-not-send="true">http://lists.plug.org.au/mailman/listinfo/plug</a><br>
Committee e-mail: <a
href="mailto:committee@plug.org.au" rel="noreferrer
noreferrer" target="_blank" moz-do-not-send="true">committee@plug.org.au</a><br>
PLUG Membership: <a
href="http://www.plug.org.au/membership"
rel="noreferrer noreferrer noreferrer"
target="_blank" moz-do-not-send="true">http://www.plug.org.au/membership</a></blockquote>
</div>
</blockquote>
<p><br>
</p>
<pre cols="72">--
Joe Aquilina
Central Chemical Consulting Pty Ltd
PO Box 2546 Malaga WA 6944 Australia
1/11 Narloo St Malaga 6090 Australia
Tel: +61 8 9248 2739 Fax: +61 8 9248 2749
<a href="mailto:joe@chem.com.au" target="_blank" rel="noreferrer" moz-do-not-send="true">joe@chem.com.au</a> <a href="http://www.chem.com.au" target="_blank" rel="noreferrer" moz-do-not-send="true">www.chem.com.au</a></pre>
</div>
_______________________________________________<br>
PLUG discussion list: <a href="mailto:plug@plug.org.au"
target="_blank" rel="noreferrer" moz-do-not-send="true">plug@plug.org.au</a><br>
<a href="http://lists.plug.org.au/mailman/listinfo/plug"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">http://lists.plug.org.au/mailman/listinfo/plug</a><br>
Committee e-mail: <a href="mailto:committee@plug.org.au"
target="_blank" rel="noreferrer" moz-do-not-send="true">committee@plug.org.au</a><br>
PLUG Membership: <a href="http://www.plug.org.au/membership"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">http://www.plug.org.au/membership</a></blockquote>
</div>
</blockquote>
<p><br>
</p>
<pre class="moz-signature" cols="72">--
Joe Aquilina
Central Chemical Consulting Pty Ltd
PO Box 2546 Malaga WA 6944 Australia
1/11 Narloo St Malaga 6090 Australia
Tel: +61 8 9248 2739 Fax: +61 8 9248 2749
<a class="moz-txt-link-abbreviated" href="mailto:joe@chem.com.au">joe@chem.com.au</a> <a class="moz-txt-link-abbreviated" href="http://www.chem.com.au">www.chem.com.au</a></pre>
</body>
</html>