I burn Yocto on my cards.
Some of it starting OK
Starting OpenBSD Secure Shell server: sshd
Done.
Some of it not.
Starting OpenBSD Secure Shell server: sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
key_load_public: invalid format
Could not load host key: /etc/ssh/ssh_host_dsa_key
key_load_public: invalid format
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
key_load_public: invalid format
Could not load host key: /etc/ssh/ssh_host_ed25519_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
How can I fix the problem?
Well. It's quite a process.
Remove all files in /etc/ssh/
Run /usr/bin/ssh-keygen -A
Logout from a user.
Now you may restart and enjoy.
Related
I have a small application that's trying to do a dozen parallel "scp" runs, pulling files from a remote system. Usually, it runs fine.
Sometimes, one or two of the scp runs quietly dies.
("quiet" if pulling from Linux. If pulling from HP-UX, I get a message
like Connection reset by peer.)
If I add "-v" to my scp commands, then when a failure occurs, I see that I'm
getting "ssh_exchange_identification: read: Connection reset by peer"
(on Linux ... haven't tried the -v on HP-UX).
Here's the "scp -v" output for a typical run, with the point where a 'bad'
run and a 'good' run diverge indicated:
Executing: program /usr/bin/ssh host wilbur, user (unspecified), command scp -v -p -f /home/sieler/source/misc/[p-q]*.[ch]
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
debug1: Connecting to wilbur [10.84.3.61] port 22.
debug1: Connection established.
debug1: identity file /Users/sieler/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/sieler/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
'bad' and 'good' runs match up to this point, then...
Bad:
ssh_exchange_identification: read: Connection reset by peer
Good:
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Authenticating to wilbur:22 as 'sieler'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64#openssh.com none
debug1: kex: client->server aes128-ctr umac-64#openssh.com none
...
Although the usual host machine for the script and scp runs is a Mac, running OS X 10.11.4, the problem was been reproduced to/from several combinations
of Mac/Linux/HP-UX (enough to rule out it being a Mac or HP-UX specific problem).
IIRC, using scp to pull from Linux to Mac has had the problem,
as well as pulling from HP-UX to Mac, and pulling from Linux to HP-UX.
Haven't tried pulling from Mac or HP-UX to Linux.
Is there something about scp/ssh/openssh that parallel usage sometimes fails?
If I run sshd on the Linux system with -ddd, then the demon stops after
the first scp accesses it (the scp has no problem),
and the other eleven scp runs fail.
Thanks
This is probably caused by the limitation of parallel sessions in sshd_config. By default, server is configured to do "random early drop", which means refusing new connections, if amount of active is bigger than some limit. The responsible option is MaxStartups (from man sshd_config):
MaxStartups
Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10:30:100.
Alternatively, random early drop can be enabled by specifying the three colon separated values “start:rate:full” (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of “rate/100” (30%) if there are currently “start” (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches “full” (60).
Bumping the value to something bigger than the amount of connections you expect should solve your problem. Otherwise, you can set LogLevel DEBUG3 in sshd_config to see more logs in system log.
But when you are connecting to the same server, it is better to use connection multiplexing. It will be faster and you will not have these problems. Check out ControlMaster option in ssh_config or just check my similar answer for fast excursion to this "magic".
I am trying to connect to remote solaris machine from a linux server using ssh but not able to connect to the solaris machine. I am using below ssd command to connect to the solaris machine
ssh <host_name>
After giving this command, I am not getting any prompt for username and password. Is it the limitation for linux to solaris connection ??
The output is:
root#host> ssh -v user#solaris_host
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to solaris_host [solaris_host] port 22.
debug1: connect to address solaris_host port 22: Connection timed out
ssh: connect to host solaris_host port 22: Connection timed out
Go over following steps
Check the network connectivity with your target, e.g. ping.
Check if the port 22 is open on your remote host e.g. nmap -A 192.168.0.5/32 -p 22
Check if ssh daemon is running on your target svcs ssh
Come back, when the problem still exists.
I have a virtual linux build running on qemu (It runs drop bear as ssh client.) and I am trying to copy some modules I wrote to it using scp using the following command:
scp -vvv -p 2222 wd/day10/int_mod.ko root#localhost:/lib/modules/3.13.5/int_mod.ko
And I get Connection refused error more specifically (I forwarded 2222 to 22 of virtual machine.):
Executing: program /usr/bin/ssh host localhost, user root, command scp -v -p -d -t /lib/modules/3.13.5/int_mod.ko
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host localhost port 22: Connection refused
lost connection
What I don't understand is I can easily connect to ssh using
ssh -p 2222 root#localhost
I can connect without any problem.
ssh and scp use different options for specifying the port. From the ssh man page:
[-p port]
From the scp man page:
[-P port]
scp uses capital P. Notice how your debug output says port 22 connection refused when you are trying to connect to port 2222.
Problem is that , ssh package is not installed completely!
you must install ssh and openssh-client so on... with Synaptic Package Manager!
in Synaptic Package Manager , first type ssh in search filter and mark ssh. then click on Apply Button to install ssh services for server and client.
by this way your problem will fixed 100 Percentage!!!
see bellow Please:
We have been using Ubuntu VM's on Azure for some time now and rarely had a any problems. However, one of the VMs has gone bonkers lately. Out of the blue, the Ubuntu VM starts rejecting the public key -
ssh -i ~/azure.key abc#xyz.cloudapp.net
Permission denied (publickey).
Verbose gives me even more confusing signs -
~$ ssh -i -v -v -v ~/azure.key abc#xyz.cloudapp.net
Warning: Identity file -v not accessible: No such file or directory.
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
ssh: Could not resolve hostname /home/abc/azure.key: Name or service not known
Wondering if anyone saw this problem or can suggest ideas/solutions?
How about the following?
$ ssh -i ~/azure.key -v -v -v abc#xyz.cloudapp.net
I'm attempting to set up x11 forwarding to monitor video on an embedded robotics platform yet I cannot seem to get the board to generate graphical output. I'm running Arch Linux on a Beagleboard xM wired directly over ethernet (though, I plan to use WiFi in the future). When I try to set the DISPLAY variable it will accept it but when I attempt to run an x11 application is says:
(Object:287): Gtk-WARNING **: cannot open display: [displaynamehere]
obviously [displaynamehere] was whatever I tried to set as the display, yet no display location seemed to work. What's weird is that whenever I connect through ssh -X it does not give me any errors and it does not save my DISPLAY variable.
(EDIT) I also checked the debug log and got this output:
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 315
debug2: parse_server_config: config /etc/ssh/sshd_config len 315
debug3: /etc/ssh/sshd_config:53 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:75 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:96 setting UsePAM yes
debug3: /etc/ssh/sshd_config:101 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:104 setting PrintMotd no
debug3: /etc/ssh/sshd_config:108 setting UsePrivilegeSeparation sandbox
debug3: /etc/ssh/sshd_config:124 setting Subsystem sftp /usr/lib/ssh/sftp-server
debug1: sshd version OpenSSH_6.3, OpenSSL 1.0.1e 11 Feb 2013
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_dsa_key" as a RSA1 public key
debug1: private host key: #1 type 2 DSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/bin/sshd'
debug1: rexec_argv[1]='-ddd'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.
debug2: fd 3 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 3 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
Any suggestions would be greatly appreciated, I've been trying at this with google for almost a week now to no avail.
Thanks a lot!
On the server
Edit /etc/ssh/sshd_config:
AllowAgentForwarding yes
AllowTcpForwarding yes
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no
Restart the sshd daemon:
sudo service sshd restart
# or
sudo /etc/init.d/ssh restart
# or whatever way of restarting your box services works on your distro...
Install the packages (Ubuntu/Debian):
apt-get -y update
apt-get -y install xauth
Install the packages (RHEL/CentOS):
yum -y update
yum -y install xauth
Now exit the server:
exit
On the client
Set the DISPLAY environment variable locally:
export DISPLAY=:0.0
and start a trusted SSH connection to the server:
ssh -Y $ssh_user#$ssh_server
Verify success with a graphical app. Install an app supporting X11 forwarding, if needed. As an example:
yum -y install xclock
and action:
for i in {1..3} ; do bash -c "xclock &" ; done ;
Whenever I had this problem it was almost always about following two options, I think you should set them as below before making any further changes on your configuration like setting DISPLAY, etc.
X11Forwarding yes
X11UseLocalhost no
ssh should set the DISPLAY automatically.
usual suspects: missing "X11Forwarding yes" in /etc/ssh/sshd_config
To debug you can run verbose mode on the client and server and you may notice something :
try on the "server" side (debug mode, no daemon)
$ /usr/sbin/sshd -d -p 222
on the "client":
$ ssh -v -Y phil#192.168.0.14 -p 222
Once in a while I meet an odd thing, like 'missing xauth' ...