Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed last month.
Improve this question
Nothing else changed at the server side. However, after my recent MacOS update, I am getting kex_exchange_identification: read: Connection reset by peer
Searched around and around and could not fix it. Please help. Thanks.
ssh xxxx#xx.xx.x.xx -Tv
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to xx.xx.x.xx [xx.xx.x.xx] port 22.
debug1: Connection established.
debug1: identity file /Users/chaowu/.ssh/id_rsa type 0
debug1: identity file /Users/chaowu/.ssh/id_rsa-cert type -1
debug1: identity file /Users/chaowu/.ssh/id_dsa type -1
debug1: identity file /Users/chaowu/.ssh/id_dsa-cert type -1
debug1: identity file /Users/chaowu/.ssh/id_ecdsa type -1
debug1: identity file /Users/chaowu/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/chaowu/.ssh/id_ed25519 type -1
debug1: identity file /Users/chaowu/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/chaowu/.ssh/id_xmss type -1
debug1: identity file /Users/chaowu/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
kex_exchange_identification: read: Connection reset by peer
I found the root cause for this error on macOS Catalina being the computer to which you SSH connect. There is some sort of bug in the Catalina upgrades and possibly patches. Be sure you check permissions on the OpenSSH generated public / private key files in /etc/ssh on the Mac system you are trying to connect to with SSH. These keys are used by the SSH daemon.
Since OpenSSH is cross platform the same would apply to any operating system running SSHd. These files must have the proper permissions.
/etc/ssh is the default path but if you are on Windows or other OS it may vary. But for most Unix/Linux/macOS systems it should be /etc/ssh.
sudo chmod 600 /etc/ssh/*_key
sudo chmod 644 /etc/ssh/*.pub
You should also verify that the SSH client has the correct permissions on the ~/.ssh and the public / private keys, config, authorized_keys, etc. Although if these are wrong you will be told right away there is a permissions problem. But when the permissions on keys for the SSH daemon are wrong you receive errors in the logs. Not counting the public keys used for SSH password free sign on.
When it's not DNS nor certificates, then it's always permissions.
Related
So I am setting up two new macs (yosemite) for ssh-ing into out EC2 instances and the have the same issue.
When I copy and paste the .pem key from amazon into the .ssh/ folder, then try to ssh in with:
sudo ssh -i /users/me/.ssh/key_pair_1_8_5_2015.pem ubuntu#54.186.XXX.XX
I get the following:
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /users/colin/.ssh/key_pair_1_8_5_2015.pem
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Saving password to keychain failed
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: No more authentication methods to try.
Permission denied (publickey).
which results in a popup box asking for the
enter you password for the key pair "key_pair..."
Of course you don't have a key pair for the pem keys, and I certainly have not set one up previously, so this makes no sense. From reading around this seems to be the default error for a whole host of issue.
I know I have permissions set correctly, and I know that the users I am trying to connect to are OK.
I have set up multiple other macs in the same fashion and connected to many ec2 development servers this way.
But since both macs have identical errors, I suspect it is something to do with the client OS that is preventing this. They are freshly wiped macs that have had little previous configuration (although I did set up ssh keys as normal), so I am wondering if there is something else that needs configuring before I can proceed.
Sincere thanks for any help. It is greatly appreciated.
I've had no issues with yosemite or el capitan with EC2 keys. It's not about the OS, it's about the openssh versions.
Ensure your AMI is correct, some people have had issues with building AMIs and leaving old keys on them, rendering launch with new ones not working. Also ensure your permissions are in fact 0400 or 0600 on the private key.
Based on a hunch though I think your key is corrupt:
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
This seems more like the key was saved incorrectly.
Also: You probably shouldn't be running sudo to ssh into it.
I am running ssh via git bash in a windows environment. I had everything working fine but now (a few days later) when I try to connect to bitbucket I get the message: ssh-exchange_identification: read: connection reset by peer.
The full log looks like this:
$ ssh -Tvvv -p 443 git#altssh.bitbucket.org
OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014
debug2: ssh_connect: needpriv 0
debug1: Connecting to altssh.bitbucket.org [131.103.20.174] port 443.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/c/Documents and Settings/xxx/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /c/Documents and Settings/xxx/.ssh/id_rsa type 1
debug1: identity file /c/Documents and Settings/xxx/.ssh/id_rsa-cert type -1
debug1: identity file /c/Documents and Settings/xxx/.ssh/id_dsa type -1
debug1: identity file /c/Documents and Settings/xxx/.ssh/id_dsa-cert type -1
debug1: identity file /c/Documents and Settings/xxx/.ssh/id_ecdsa type -1
debug1: identity file /c/Documents and Settings/xxx/.ssh/id_ecdsa-cert type -1
debug1: identity file /c/Documents and Settings/xxx/.ssh/id_ed25519 type -1
debug1: identity file /c/Documents and Settings/xxx/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
ssh_exchange_identification: read: Connection reset by peer
My issue is exactly like bibucket ssh_exchange_identification: read: Connection reset by peer except
1) I can confirm that my company is not inspecting and blocking packets over port 443 (though they are blocking port 22 which is why I am going over 443 to begin with)
2) I can confirm the issue is not with the bitbucket servers - other people on my team can get in just fine
As stated above, this was working just fine before. I did erase all my keys and started over but to no avail.
Help! I've been banging my head on this for two days now...
Updated -- added more verbose log
OK, so it was faulty logic to think that just because other members on my team had access that I wasn't being blocked. I was/am.
I encountered the same problem when submitting content to my own repository on github. At present, the change is pushed to the repository using http interface, but ssh still does not work
kex_exchange_identification: Connection closed by remote host Connection closed by 20.205.243.166 port 22 fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
I don't understand why but I can't connect to my school server from my network at home. I'm using login as always like ssh name#host.com but it still don't work.
Here is debug report with -v
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: Connecting to merlin.fit.vutbr.cz [147.229.176.19] port 22.
debug1: Connection established.
debug1: identity file /Users/martinpristas/.ssh/id_rsa type -1
debug1: identity file /Users/martinpristas/.ssh/id_rsa-cert type -1
debug1: identity file /Users/martinpristas/.ssh/id_dsa type -1
debug1: identity file /Users/martinpristas/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
ssh_exchange_identification: read: Connection reset by peer
Is here any options like network settings or mac settings to fix it ?
Thank you !
Something is killing the TCP connection after it's established while SSH is trying to log in. I get the same error for that particular host from here, so it's probably a firewall closer to the server than closer to you.
If you don't have control over that firewall, there is nothing you can do.
I experienced the same error connecting to the server. What I did was to change my internet service provider and everything was fine.
I've installed os x server (Mavericks) on my mac and would like to add bot. For some reasons my remote repo is located on other external server and I have access to it by username and password on specified port. I've added remote repo to os x server like this:
ssh://1.2.3.4:PORT/path/to/repo.git
...filled username and password.
Then I've added bot in Xcode but when I hit integrate it fails with logs:
Cloning into 'ssh_myusername_1_2_3_4_PORT_path_to_repo_git'...
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading
configuration data /etc/ssh_config debug1: /etc/ssh_config line 20:
Applying options for * debug1: Connecting to 1.2.3.4 [1.2.3.4] port PORT.
debug1: Connection established.
Could not create directory '/var/teamsserver/.ssh'.
debug1: identity file /var/teamsserver/.ssh/id_rsa type -1
debug1: identity file /var/teamsserver/.ssh/id_rsa-cert type -1
debug1: identity file /var/teamsserver/.ssh/id_dsa type -1
debug1: identity file /var/teamsserver/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-3ubuntu1
debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA b6:b8:0e:e4:25:63:6d:64:a3:d6:6d:7f:46:85:72:0d
debug1: checking without port identifier No RSA host key is known for [1.2.3.4]:PORT
and you have requested strict checking. Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository
exists.
SSH Known Hosts file path is located at
/Library/Server/Xcode/Config/ssh_known_hosts
SSH strict host checking
is enabled (you can disable this by editing the
SSHStrictHostKeyChecking key in
/Library/Server/Xcode/Config/xcsbuildd.plist
Untrusted HTTPS
certificates is disabled (you can enable this by editing the
TrustSelfSignedSSLCertificates key in
/Library/Server/Xcode/Config/xcsbuildd.plist
I assume that there is a problem with permissions but in my /var there are some directories with different permissions and of course there is no teams server folder...
So I don't know how to setup proper permissions (without changing permissions of other subdirectories of /var...). I can try manually make directory "teams server" but don't know with what permissions... ? Do you have any ideas?
EDIT: For test purpose I've created teamsserver directory with 777 but that doesn't solve my problem. Logs looks the same as previous butjust WITHOUT line:
Could not create directory '/var/teamsserver/.ssh'.
Any ideas?
Thanks
I experienced a similar issue with scheme action build scripts when attempting to run git commands against a github repo protected by ssh key pairs.
Bots run builds using a _teamsserver system account. As you've discovered, these accounts don't have home directories by default. To setup builds to access and modify their home directory, I had success with the following (your mileage may vary):
sudo mkdir /var/teamsserver
sudo chown -R _teamsserver:_teamsserver /var/teamsserver/
sudo chmod -R 770 /var/teamsserver/
HTH
Ok, I took some time but I've a solution... Two solutions actually. Ashamed to admit but read and understand logs is enough to solve the problem (again :P).
FIRST ANSWER:
My server host key was added to .ssh/known_hosts BEFORE installing os x server. Server does't use that path of known hosts. As log says server uses:
SSH Known Hosts file path is located at
/Library/Server/Xcode/Config/ssh_known_hosts
and that file was empty in my case. So to solve the problem it is enough to copy known_hosts to ssh_known_hosts:
sudo cp ~/.ssh/known_hosts /Library/Server/Xcode/Config/ssh_known_hosts
It's that simple.
SECOND ANSWER:
Acording to log again
SSH strict host checking is enabled (you can disable this by editing
the SSHStrictHostKeyChecking key in /Library/Server/Xcode/Config/xcsbuildd.plist
Change SSHStrictHostKeyChecking to false.
It's done again.
If you've tried the above and still are getting a permission denied error, you probably don't have the right permissions to that file/directory.
Who are you running as? $id
$ls -al the directory that the server is trying to read the id_rsa from (Probably similar to this path: Library/Server/Xcode/Data/BotRuns/BotRun-a28db5fc-1932-47a0-a528-f52c75e421e2.bundle/credentials/65885363-194e-454b-a3ce-56dcaaf5d3c9/id_rsa)
change ownership of that file ^^ ($sudo chown {#id} {#path})
I did 3 things to allow me to get past this, although I'm not sure which of them solved the problem:
Change all git repositories in my project to use the HTTPS rather than SSH (git) version of the url
Disabled SSHStrictHostKeyChecking as per the instructions from the source control log from the bot.
Enabled TrustSelfSignedSSLCertificates as per the same instructions from the log.
Also check out https://discussions.apple.com/thread/5586872 in case this is a problem for you.
I will back some of these items off and test when I have more time.
I have a simple rails test app and have been pushing commits to github w/o a problem. I went to setup w/ heroku, (created the app, loaded up ssh keys) and when I went back to push changes to github before pushing to heroku I got this error:
$ git push
ssh_exchange_identification: read: Connection reset by peer
fatal: The remote end hung up unexpectedly
When I run:
ssh -vT git#github.com
I get:
ssh-keygen -t rsa -C "myemail#example.com"OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to github.com [207.97.227.239] port 22.
debug1: Connection established.
debug1: identity file /Users/username/.ssh/id_rsa type 1
debug1: identity file /Users/username/.ssh/id_rsa-cert type -1
debug1: identity file /Users/username/.ssh/id_dsa type -1
debug1: identity file /Users/username/.ssh/id_dsa-cert type -1
ssh_exchange_identification: read: Connection reset by peer
I have replaced my email and username here. I have been searching around on this one for a while and have yet to find somebody who has revolved it. I have reset my keys w/ github to no avail. Any ideas on this one?
This isn't a Heroku issue, Github are having issues.
https://status.github.com/