Is it possible that the new OpenSSL dropped support for your key encryption?
Can you paste just the first 3 lines of your private key file, with the BEGIN, Proc-Type and DEK-Info lines? (Warning, I do not know if this will leak sensitive info, if you are unsure, do not paste it). Also can you try generating a new key and see if that is able to be used? Excerpts from esodan's message of Thu Oct 20 15:28:11 UTC 2011: > I have the same problem with sourceforge.net service. My machine have a > dual boot from Federa 15 and Ubutu. On Fedora I can use ssh with no > problems but on Ubuntu 11.10 I can't use ssh. This is my debug from ssh > -vvv: > > ssh -vvv -t eso...@shell.sourceforge.net > OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL 1.0.0e 6 Sep 2011 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to shell.sourceforge.net [216.34.181.119] port 22. > debug1: Connection established. > debug3: Incorrect RSA1 identifier > debug3: Could not load "/home/esodan/.ssh/id_rsa" as a RSA1 public key > debug2: key_type_from_name: unknown key type '-----BEGIN' > debug3: key_read: missing keytype > debug2: key_type_from_name: unknown key type 'Proc-Type:' > debug3: key_read: missing keytype > debug2: key_type_from_name: unknown key type 'DEK-Info:' > debug3: key_read: missing keytype > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug3: key_read: missing whitespace > debug2: key_type_from_name: unknown key type '-----END' > debug3: key_read: missing keytype > debug1: identity file /home/esodan/.ssh/id_rsa type 1 > debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 > debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 > debug1: identity file /home/esodan/.ssh/id_rsa-cert type -1 > debug1: identity file /home/esodan/.ssh/id_dsa type -1 > debug1: identity file /home/esodan/.ssh/id_dsa-cert type -1 > debug1: identity file /home/esodan/.ssh/id_ecdsa type -1 > debug1: identity file /home/esodan/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 > debug1: match: OpenSSH_5.3 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 > debug2: fd 3 setting O_NONBLOCK > debug3: load_hostkeys: loading entries for host "shell.sourceforge.net" from > file "/home/esodan/.ssh/known_hosts" > debug3: load_hostkeys: loaded 0 keys > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: > ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: > ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: none,z...@openssh.com,zlib > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,umac...@openssh.com,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,z...@openssh.com > debug2: kex_parse_kexinit: none,z...@openssh.com > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: > debug2: kex_parse_kexinit: first_kex_follows 0 > debug2: kex_parse_kexinit: reserved 0 > debug2: mac_setup: found hmac-md5 > debug1: kex: server->client aes128-ctr hmac-md5 none > debug2: mac_setup: found hmac-md5 > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > Read from socket failed: Connection reset by peer > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/708493 > > Title: > cannot login anymore: Read from socket failed: Connection reset by > peer > > Status in “openssh” package in Ubuntu: > Confirmed > Status in “openssh” package in Debian: > New > > Bug description: > After todays update to > 1:5.7p1-1ubuntu1 > I cannot login to SOME (!) of my servers. Example of a server failing: > > ~$ ssh -v root@mail > OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > debug1: Reading configuration data /home/hildeb/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to mail [141.42.202.200] port 22. > debug1: Connection established. > debug1: identity file /home/hildeb/.ssh/id_rsa type -1 > debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_dsa type 2 > debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 > debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 1.99, remote software version OpenSSH_5.5p1 > Debian-6 > debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > Read from socket failed: Connection reset by peer > > There is NOTHING in daemon.log, auth.log or syslog on the server I'm > trying to connect to. > > Example of a server NOT failing: > > $ ssh -v root@netsight > OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > debug1: Reading configuration data /home/hildeb/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Connecting to netsight [10.47.2.222] port 22. > debug1: Connection established. > debug1: identity file /home/hildeb/.ssh/id_rsa type -1 > debug1: identity file /home/hildeb/.ssh/id_rsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_dsa type 2 > debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 > debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 > debug1: identity file /home/hildeb/.ssh/id_dsa-cert type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa type -1 > debug1: identity file /home/hildeb/.ssh/id_ecdsa-cert type -1 > debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 > Debian-6 > debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.7p1 Debian-1ubuntu1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Server host key: RSA 18:ce:76:c7:7c:f4:98:94:28:8f:62:4a:31:e8:5b:c9 > debug1: Host 'netsight' is known and matches the RSA host key. > debug1: Found key in /home/hildeb/.ssh/known_hosts:56 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: Roaming not allowed by server > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,keyboard-interactive > debug1: Next authentication method: publickey > debug1: Offering DSA public key: /home/hildeb/.ssh/id_dsa > debug1: Server accepts key: pkalg ssh-dss blen 433 > debug1: Authentication succeeded (publickey). > Authenticated to netsight ([10.47.2.222]:22). > debug1: channel 0: new [client-session] > debug1: Requesting no-more-sessi...@openssh.com > debug1: Entering interactive session. > debug1: Sending environment. > debug1: Sending env LC_MESSAGES = en_US.utf8 > debug1: Sending env LANG = de_DE.UTF-8 > > ProblemType: Bug > DistroRelease: Ubuntu 11.04 > Package: openssh-client 1:5.7p1-1ubuntu1 > ProcVersionSignature: Ubuntu 2.6.37-12.26-generic 2.6.37 > Uname: Linux 2.6.37-12-generic x86_64 > Architecture: amd64 > Date: Thu Jan 27 09:13:15 2011 > ProcEnviron: > LANGUAGE=en_US:en > LANG=de_DE.UTF-8 > LC_MESSAGES=en_US.utf8 > SHELL=/bin/bash > RelatedPackageVersions: > ssh-askpass N/A > libpam-ssh N/A > keychain N/A > ssh-askpass-gnome 1:5.7p1-1ubuntu1 > SSHClientVersion: OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010 > SourcePackage: openssh > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/708493 Title: cannot login anymore: Read from socket failed: Connection reset by peer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/708493/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
