Re: fatal: ssh_dispatch_run_fatal: Connection reset by peer [preauth]

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Christian Hesse <list@xxxxxxxx> on Tue, 2015/05/05 09:30:
> Damien Miller <djm@xxxxxxxxxxx> on Tue, 2015/05/05 12:36:
> > On Mon, 4 May 2015, Christian Hesse wrote:
> > 
> > > Hello everybody,
> > > 
> > > I have systemd set up to listen on ssh socket (:::22), the connection is
> > > handled to sshd via socket activation. Usually this works perfectly
> > > fine.
> > > 
> > > However the service is checked from nagios. Sometimes the host logs:
> > > 
> > > systemd[1]: Started OpenSSH Per-Connection Daemon ([::1]:60865).
> > > systemd[1]: Starting OpenSSH Per-Connection Daemon ([::1]:60865)...
> > > systemd[1]: Started OpenSSH Per-Connection Daemon (127.0.0.1:41286).
> > > systemd[1]: Starting OpenSSH Per-Connection Daemon (127.0.0.1:41286)...
> > > sshd[2854]: Connection closed by ::1 [preauth]
> > > sshd[2855]: fatal: ssh_dispatch_run_fatal: Connection reset by peer
> > > [preauth]
> > > 
> > > Looks like this happens if we have two incoming connection (::1 and
> > > 127.0.0.1 are checked) at the some time.
> > > Why does this happen? Who's fault is it? As these are TCP connections I
> > > would expect it is not a problem to know what packet belongs to what
> > > connection.
> > 
> > You might need to look at server debug output and/or tcpdumps to see
> > what is going on here, but it looks like whatever is making the
> > connections is gracefully closing one but unceremoniously dropping the
> > other.
> > 
> > BTW openssh HEAD has a more useful error message for connections closed
> > by TCP reset.
> 
> Tried with HEAD from git master, but I can not reproduce it there...
> I will let you know if I can give more information about what is going on.

Just bisected the issue... Looks like commit
671eb9676cc78de450e68efae5443a3be649da89 ("refactor ssh_dispatch_run_fatal()
to use sshpkt_fatal()") fixes this.

Thanks a lot!
-- 
main(a){char*c=/*    Schoene Gruesse                         */"B?IJj;MEH"
"CX:;",b;for(a/*    Chris           get my mail address:    */=0;b=c[a++];)
putchar(b-1/(/*               gcc -o sig sig.c && ./sig    */b/42*2-3)*42);}

Attachment: pgpURrVhy5Dc7.pgp
Description: OpenPGP digital signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux