Hi,
Recently I'm experiencing some problems trying to login to toolserver. The SSH log says:
[...] debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/jimmy/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 Connection closed by 2620:0:862:101::2:4 jimmy@vangogh:~$
Had someone add my pubkey to his authorized_keys but the problem persists.
Anyone can give me a hint? Thanks.
Jimmy Xu wrote:
Hi,
Recently I'm experiencing some problems trying to login to toolserver. The SSH log says:
[...] debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/jimmy/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 Connection closed by 2620:0:862:101::2:4 jimmy@vangogh:~$
Had someone add my pubkey to his authorized_keys but the problem persists.
Anyone can give me a hint? Thanks.
Does it also fail if you connect by IPv4 ? (use the switch -4)
Hi, I had the same kind of problem (same Connection Closed at the same step) earlier this month and I solved it by removing a line in the .ssh/config file of my client (maybe compression). If you have this file, check if you can connect without it (backed up) and isolate the buggy line.
2011/6/18 Platonides platonides@gmail.com:
Jimmy Xu wrote:
Hi,
Recently I'm experiencing some problems trying to login to toolserver. The SSH log says:
[...] debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/jimmy/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 Connection closed by 2620:0:862:101::2:4 jimmy@vangogh:~$
Had someone add my pubkey to his authorized_keys but the problem persists.
Anyone can give me a hint? Thanks.
Does it also fail if you connect by IPv4 ? (use the switch -4)
Toolserver-l mailing list (Toolserver-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/toolserver-l Posting guidelines for this list: https://wiki.toolserver.org/view/Mailing_list_etiquette
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 2011-06-18 16:13, Darkdadaah wrote:
I had the same kind of problem (same Connection Closed at the same step) earlier this month and I solved it by removing a line in the .ssh/config file of my client (maybe compression). If you have this file, check if you can connect without it (backed up) and isolate the buggy line.
There is a known OpenSSH bug that may reset an SSH handshake when the client advertise too many algorithms, see https://bugs.launchpad.net/debian/+source/openssh/+bug/708493 you can try the workarounds summarized in comment #19, - -- Brownout
http://it.wikipedia.org/wiki/Utente:Brownout
PGP key fingerprint = BE55 16AD FED1 0455 ADBE C375 AFD1 16B3 0670 9C59
On Sat, Jun 18, 2011 at 2:01 PM, Platonides platonides@gmail.com wrote:
Does it also fail if you connect by IPv4 ? (use the switch -4)
Yup, also failed to connect to willow or wolfsbane.
On Sat, Jun 18, 2011 at 2:36 PM, Brownout brovvnout+wiki@gmail.com wrote:
There is a known OpenSSH bug that may reset an SSH handshake when the
It says "connection closed" instead of "reset". Also tcpdump suggested a normal FIN-style ending. :(
Forgot to mention that my username on toolserver is ~jimmy.
jimmy@vangogh:~$ ssh -v OpenSSH_5.8p2, OpenSSL 1.0.0d 8 Feb 2011
Hello, At Saturday 18 June 2011 17:33:34 DaB. wrote:
It says "connection closed" instead of "reset". Also tcpdump suggested a normal FIN-style ending. :(
the auth-log on nightshade tells me, that the publickey from you was accepted. So I doubt that the problem is on our side. Your account is also not expired.
Sincerly, DaB.
On Sat, Jun 18, 2011 at 3:34 PM, DaB. WP@daniel.baur4.info wrote:
the auth-log on nightshade tells me, that the publickey from you was accepted. So I doubt that the problem is on our side. Your account is also not expired.
http://pastebin.com/zQnTaDze Full -vvv log and a timestamp.
It did say "accepts key" though. The traffic is encrypted so tcpdump seems not that helping.
On Sat, Jun 18, 2011 at 05:01:52PM +0000, Jimmy Xu wrote:
On Sat, Jun 18, 2011 at 3:34 PM, DaB. WP@daniel.baur4.info wrote:
the auth-log on nightshade tells me, that the publickey from you was accepted. So I doubt that the problem is on our side. Your account is also not expired.
http://pastebin.com/zQnTaDze Full -vvv log and a timestamp.
It did say "accepts key" though. The traffic is encrypted so tcpdump seems not that helping.
Silly question, as it seems the key is accepted, did you change anything to your dotfiles? Maybe you can ask the roots to move your .bashrc and .bash_login out of the way?
Regards,
Andre
On Sat, Jun 18, 2011 at 6:35 PM, Andre Koopal andre@molens.org wrote:
Silly question, as it seems the key is accepted, did you change anything to your dotfiles? Maybe you can ask the roots to move your .bashrc and .bash_login out of the way?
No, I don't recall any changes to my dotfiles, including permission. Since it didn't reach the "interactive session" period, I don't believe .bash* is related.
Still, any hint would be appreciated. Still unable to access my account by now.
Hello, At Monday 20 June 2011 10:40:00 DaB. wrote:
Still, any hint would be appreciated. Still unable to access my account by now.
please generate a new (temporary) ssh-key-pair and submit the public-part to JIRA. Let us look if the key is the problem in some way or the other.
Sincerly, DaB.
On Mon, Jun 20, 2011 at 8:41 AM, DaB. WP@daniel.baur4.info wrote:
please generate a new (temporary) ssh-key-pair and submit the public-part to JIRA. Let us look if the key is the problem in some way or the other.
Done, https://jira.toolserver.org/browse/TS-1071?focusedCommentId=18388.
Hi guys,
It turns out that Toolserver doesn't support compression. I commented out "Compression yes" in my config and it started to work.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jimmy Xu:
It turns out that Toolserver doesn't support compression. I commented out "Compression yes" in my config and it started to work.
This should be fixed now.
The problem was that sshd does a chroot() in the privsep child, which handles communication with the client. However, Solaris ld.so does lazy-loading of shared libraries by default, and sshd doesn't require zlib until after the chroot. Since there is no zlib in the chroot directory, it failed to load:
ld.so.1: sshd: fatal: libz.so.1: open failed: No such file or directory
I have re-built sshd with lazy-loading disabled, and compression (ssh - -C) seems to be working now.
- river.
Jimmy Xu wrote:
On Sat, Jun 18, 2011 at 6:35 PM, Andre Koopalandre@molens.org wrote:
Silly question, as it seems the key is accepted, did you change anything to your dotfiles? Maybe you can ask the roots to move your .bashrc and .bash_login out of the way?
No, I don't recall any changes to my dotfiles, including permission. Since it didn't reach the "interactive session" period, I don't believe .bash* is related.
Still, any hint would be appreciated. Still unable to access my account by now.
I have no problem with the same ssh version as you. Try connecting to my account:
wget http://toolserver.org/~platonides/sandbox/privatekey.rsa chmod 700 privatekey.rsa ssh -i privatekey.rsa platonides@toolserver.org
Hello, At Tuesday 21 June 2011 00:11:38 DaB. wrote:
Try connecting to my account:
wget http://toolserver.org/~platonides/sandbox/privatekey.rsa chmod 700 privatekey.rsa ssh -i privatekey.rsa platonides@toolserver.org
please try that on your own server, not on the TS.
Sincerly, DaB.
Jimmy Xu wrote:
Recently I'm experiencing some problems trying to login to toolserver. The SSH log says:
[...] debug1: Authentications that can continue: publickey,password,keyboard-interactive,hostbased debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/jimmy/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 Connection closed by 2620:0:862:101::2:4 jimmy@vangogh:~$
I don't think you've pasted the exact command you're running. That might help debug.
Had someone add my pubkey to his authorized_keys but the problem persists.
I don't know what this means.
It seems to me that your whole home directory (/home/jimmy/) has funky permissions. My guess is that this is the cause of your problems. I would suggest filing a ticket in JIRA (https://jira.toolserver.org) to get a Toolserver root to investigate your problem.
DaB. has said that your account isn't expired. That was another guess of mine. The last guess I had was that there's something blocking SSH access on your local network. Have you tried logging in from elsewhere?
MZMcBride
On Sat, Jun 18, 2011 at 3:34 PM, DaB. WP@daniel.baur4.info wrote:
the auth-log on nightshade tells me, that the publickey from you was accepted. So I doubt that the problem is on our side. Your account is also not expired.
Yeah that's the weirdest thing. I'm able to login to my VPS or other SSH hosts.
On Sat, Jun 18, 2011 at 3:46 PM, MZMcBride z@mzmcbride.com wrote:
I don't think you've pasted the exact command you're running. That might help debug.
Just some ordinary thing you use everyday :) jimmy@vangogh:~$ ssh -v willow.toolserver.org
Had someone add my pubkey to his authorized_keys but the problem persists.
I don't know what this means.
I asked someone else to put my id_rsa.pub into his authorized_keys so that I can try to login to his account. Failed anyway,
It seems to me that your whole home directory (/home/jimmy/) has funky permissions.
Really don't know why this would happen. Anyway filed a ticked.
Have you tried logging in from elsewhere?
Yup, tried three hosts and the results are identical.
toolserver-l@lists.wikimedia.org