ssh kex_exchange_identification

[andyj]

I updated a few servers this weekend from TC 15 to TC 16.2 (all 64-bit). On just one of them, when I try to ssh into it I get

Code: [Select]

kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.3.4 port 22
Why just one, and why when I revert it back to TC 15 it works fine again?

[patrikg]

time ?

[Paul_123]

What key algo are you using on that client server combo?   

I forget what version of OpenSSH is in 16.2, but on piCore16, OpenSSH removed DSA keys from support.

[andyj]

I switched it back to TC 16 and making no other changes now it works, of course. Thanks for everyone's help!

[andyj]

While I'm in this rabbit hole, I noticed that in the openssh extension /usr/local/etc/init.d/openssh has a few references to DSA keys which are no longer supported by ssh-keygen in the same extension. Other than complaining about an unknown key type it starts ok, but for the next time it's updated a clean up is in order.

[Rich]

Hi andyj
Maybe you could post which keys should be removed?
Are there any new keys that should be added?

[Paul_123]

The openssh init.d script needs updated.

This is what I use in piCore  (The line doing ssh-keygen -t dsa ........ was removed)

Code: [Select]

keygen(){
   ssh-keygen -t rsa -N "" -f /usr/local/etc/ssh/ssh_host_rsa_key
   ssh-keygen -t ecdsa -N "" -f /usr/local/etc/ssh/ssh_host_ecdsa_key
   ssh-keygen -t ed25519 -N "" -f /usr/local/etc/ssh/ssh_host_ed25519_key
}


[patrikg]

Has also seen that the keyfiles being backup with filetool.sh -bv

That reads the .filetool.lst file and what populate that file with the keyfiles ?

[Paul_123]

update your /opt/.filetool.lst to remove the missing keys.

[patrikg]

update your /opt/.filetool.lst to remove the missing keys.

A was only hinting what to do some changes to ?
Don't know then the .filetool.lst being populated with these files.
Maybe when you install openssh client/server.
In the install script.