I have successfully been connecting to Bitbucket cloud via my SSH key set up on my laptop for the past three years with no issue, but suddenly today I started seeing this error when trying to pull from remote branch:
kex_exchange_identification: write: Broken pipe
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I followed the instructions here: https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/ for Mac OS (I am using Big Sur). So I deleted the old ssh key, both from my machine and from my Bitbucket account, and replaced it with a newly generated one.
My .ssh config file contains this as recommended:
Host *
UseKeychain yes
So I have added the new key id_rsa to ssh agent:
ssh-add -K ~/.ssh/id_rsa
and added id_rsa.pub to my Bitbucket account as described in the instructions.
Still when I run ssh -T git#bitbucket.org I see: "kex_exchange_identification: write: Broken pipe"
Here is the output with the -v flag enabled:
daniel#North ~ % ssh -T -v git#bitbucket.org
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/daniel/.ssh/config
debug1: /Users/daniel/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to bitbucket.org port 22.
debug1: Connection established.
debug1: identity file /Users/daniel/.ssh/id_rsa type 0
debug1: identity file /Users/daniel/.ssh/id_rsa-cert type -1
debug1: identity file /Users/daniel/.ssh/id_dsa type -1
debug1: identity file /Users/daniel/.ssh/id_dsa-cert type -1
debug1: identity file /Users/daniel/.ssh/id_ecdsa type -1
debug1: identity file /Users/daniel/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/daniel/.ssh/id_ed25519 type -1
debug1: identity file /Users/daniel/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/daniel/.ssh/id_xmss type -1
debug1: identity file /Users/daniel/.ssh/id_xmss-cert type -1
kex_exchange_identification: write: Broken pipe
The strange thing is, when I try the exact same steps on a different Macbook, also running Big Sur, it actually works and I see 'authenticated via ssh key' when running the above command.
Anyone have any idea what might be causing the failure to connect?
my colleague has the same problem, strange thing is that it works when putting the mac in safe mode.
Related
It worked fine before I installed zsh to decorate my terminal. Actually I am not sure if this caused a problem.
I am getting an error saying :
ssh_exchange_identification: Connection closed by remote host
➜ ssh test_ssh
ssh_exchange_identification: Connection closed by remote host
➜ ssh -v test_ssh
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/mike/.ssh/config
debug1: /Users/mike/.ssh/config line 34: Applying options for test_ssh
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: /etc/ssh/ssh_config line 52: Applying options for *
debug1: Connecting to 15.164.49.113 port 7779.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mike/.ssh/key/admin.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/mike/.ssh/key/admin.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: ssh_exchange_identification: HTTP/1.1 400 Bad Request
in my own case, I was able to log in from my ssh and got this error when I try to login directly to my VPS from my MacBook terminal
HOW I SOLVE THIS ERROR
ssh_exchange_identification: Connection closed by the remote host
(this always occur when you create a new user on your VPS. you will get this error because you have only ssh configuration for root, not the new user)
on your mac book terminal
type
$ cd ~/.ssh
now
~/.ssh create a config file with the following content:
$ nano config
and copy this
Host *
ForwardAgent no
ForwardX11 no
ForwardX11Trusted yes
User shapeshed
Port 22
Protocol 2
save and exit
type
$ ls
result
authorized_keys id_rsa id_rsa1.pub
config id_rsa.pub known_hosts
$ cat id_rsa.pub (to view your public key on macOS terminal )
copy your mac os terminal public key and contr X to exit (if you also use nano text editor)
now on your VPS(remote server)
make sure you are login as the new user created
user#...... not root
$ cd ~/.ssh
$ ls
note that you have just
authorized_keys known_hostsas your result ... no public key for the VPS to recognize signing in from your computer
now let's create new id_rsa.pub on our VPS
$ nano id_rsa.pub
paste your mac os id_rsa.pub you copied save and exit.
type
$ ssh -vvv user#**.**.**.**
replace ** with your IP and see your VPS logged in from your terminal without asking for a password.
bazzlylinksSolution
I am trying to clone from a Gitlab server from my Macbook. When I clone, I get the following error:
manzanita-226-109:icarus homeuser$ git clone elm:dummy/dummy.git
Cloning into 'dummy'...
ssh_exchange_identification: read: Connection reset by peer
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
When I try to ssh into the gitlab server, I get the following:
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/homeuser/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to elm.ndc.nasa.gov port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
ssh_exchange_identification: read: Connection reset by peer
I can get on the gitlab server using Google Chrome with no issues. I also tried cloning and ssh'ing from a different server with no issues. I do not have admin privileges on this gitlab server, but I do not believe there are any banning/blacklisting softwares on there.
Can anyone advise?
ssh_exchange_identification: read: Connection reset by peer
This basically means the TCP connection was "reset" immediately after being accepted by the server. Common reasons for this are:
The remote SSH server software is malfunctioning (e.g. it crashed).
The remote SSH server software is configured to drop your connections for some reason.
Some router or other networking device between you and the server is interfering with the TCP connection.
There's no way to tell exactly what is wrong from the client debugging messages. You need to troubleshoot this on the server. The remote SSH server program might have a log file you can look at, for example.
On my server (Dockerized GitLab) the problem was that I had given the wrong permissions to sshd's keys in /etc/gitlab which could be seen by inspecting the logs in /var/log/gitlab/sshd.
I solved the problem by changing the permissions on the server with this command:
chmod -R 700 /etc/gitlab
I had a similar issue and I found out that the /var/empty folder had the wrong owner. I ran " sudo chown root /var/empty " and it resolved the issue.
I just changed url from ssh to http and it fixed everything...
git remote set-url origin https://username#gitclient.com/reposetory_address
I had this same error. Maybe it is generic, but my issue was that the server had some uncommitted changes that needed to be added and committed before I could push changes from my computer. Hope this saves someone some time, since it wasted a few hours. Thanks!
Add my scenario. In my case, github server is private, previously the github repo server ip is fixed, and I add it in /etc/hosts file. The server ip was updated after maintainance but the hosts file is not updated. I removed the fixed item in /etc/hosts file and the error is gone.
Just for reference in case anyone hit the same issue.
So ssh works fine through console/terminal, but when I am using a MySQL database client (Sequel Pro), it seems to somehow be using a different ssh version, and the include directive therefore doesn't work. It states that it is using the proper SSH version, but does it switch at some point during the protocol?
OpenSSH_7.5p1, OpenSSL 1.0.2l 25 May 2017
debug1: Reading configuration data /Users/me/.ssh/config
debug1: Reading configuration data /Users/me/.ssh/devops
debug1: Reading configuration data /Users/me/.ssh/defaults
debug1: /Users/me/.ssh/defaults line 4: Applying options for *
debug1: /Users/me/.ssh/defaults line 76: Applying options for ch-pre-bastion
debug1: /Users/me/.ssh/defaults line 80: Applying options for ch-pre-*
debug1: Reading configuration data /usr/local/etc/ssh/ssh_config
debug1: Control socket " none" does not exist
debug1: Executing proxy command: exec ssh gateway#52.33.83.63 -W 52.33.83.63:22
debug1: permanently_drop_suid: 502
debug1: identity file /Users/me/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
/Users/me/.ssh/config: line 1: Bad configuration option: include
/Users/me/.ssh/config: line 2: Bad configuration option: include
/Users/me/.ssh/config: terminating, 2 bad configuration options
ssh_exchange_identification: Connection closed by remote host
You have probably more SSH versions installed on your machine and the one from proxy command is probably picking up the old one, without Include support.
debug1: Executing proxy command: exec ssh gateway#52.33.83.63 -W 52.33.83.63:22
Try to find a complete path to ssh binary and use it in the ~/.ssh/config of ProxyCommand or just use ProxyJump option, which should choose correct ssh instance`.
I have been trying to connect from one EC2 instance to another using ssh public keys and have been having a very tough time.
Here is the scenario:
I need to have box 2 scp a file from box 1 in a script. This script will need to be able to scp without a password so I need to setup public keys.
On box 2 I ran ssh-keygen –t rsa and generated id_rsa and id_rsa.pub
I copied id_rsa.pub to box 1
I moved id_rsa.pub to .ssh and ran cat id_rsa.pug >> authorized_keys
I changed permissions of all .ssh directory to 700 on both boxes and the files themselves to 600.
I have changed the sshd_config settings on box 1 to:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
And then restarted ssh
/sbin/service sshd restart
When I try to scp or ssh into box1 from box1 I get the error:
Address 67.22.33.1 maps to ec2-67-22-33-1.compute-1.amazonaws.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
tomcat#tomcat1.****.com's password:
Any ideas?
I made that change and tried scp to tomcat1 and it failed. Here is the output:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to tomcat1.****.com [67.22.33.15] port 22.
debug1: Connection established.
debug1: identity file /home/tomcat/.ssh/identity type -1
debug1: identity file /home/tomcat/.ssh/id_rsa type 1
debug1: identity file /home/tomcat/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host 'tomcat1.****.com (67.22.33.15)' can't be established.
RSA key fingerprint is 5a:3e:fe:be:b8:0e:05:63:bf:ab:c8:4f:e5:91:db:a0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'tomcat1.****.com,67.22.33.15' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/tomcat/.ssh/identity
debug1: Offering public key: /home/tomcat/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/tomcat/.ssh/id_dsa
debug1: Next authentication method: password
Your authorized keys line should be
AuthorizedKeysFile %h/.ssh/authorized_keys
The server is looking in the wrong directory for your server.
UPDATE - FIXED IT
restorecon -R -v -d /root/.ssh
This is a known issue with RH where directories get mislabelled and PAM prevends sshd from reading authorized_hosts when run as init script. You'll see the errors if you stumble across /var/log/audit/audit.log. Rare it seems but painful when it happens!
More details at https://bugzilla.redhat.com/show_bug.cgi?id=499343
ORIGINAL POST
I've just hit what looks like exactly this problem. I had a poorly tuned VirtualBox (I hadn't told vbox to use 64bit) -- which when I cloned and restarted (in vbox RedHat 64-bit mode), started asking me for a password.
The original image was fine -- with identical settings -- so I think the suggestion of being networking-related might be relevant, or else to do with server keys.
The weird thing however is that if on the box, I kill the sshd process which autostarted, then manually run /usr/sbin/sshd as root, I can log in passwordless fine. A silly workaround, but usable.
So it is an /etc/init.d/sshd issue. But I haven't been able to track down what it is ... have tried chucking out most of the stuff in that script but it still prompts for password when invoked as /etc/init.d/sshd start but not when at /usr/sbin/sshd.
Maybe these comments can help, and someone can then help further!?
Try removing box1 IP from ~/.ssh/known_hosts, so it renews. Perhaps ssh disables key authentication due to possible 'man in the middle' attack.
If it won't help, add line
GSSAPIAuthentication no
in your /etc/ssh/ssh_config file.
I think this link will solve your problem and I use it to solve my ssh not login problem. The keypoint is to run
ssh root#node02 'restorecon -R -v /root/.ssh'
this command will fix SE
http://blog.firedaemon.com/2011/07/27/passwordless-root-ssh-public-key-authentication-on-centos-6/
After following previous steps I had to set the permission to ".." in the .ssh folder:
Once I had for ~/.ssh:
drwx------ 2 build build 4096 Nov 4 14:35 .
drwx------ 6 build build 4096 Nov 4 14:34 ..
-rw------- 1 build build 400 Nov 4 14:35 authorized_keys
It worked!
Thanks. Damian
I had the exact same problem and have been scratching my head for an entire afternoon.
It turned out to be a small sshd_config file issue.
first, change access mod on .ssh folder of the remote host to user access only.
chmod 700 ~/.ssh
next, go to /etc/ssh/sshd_config, change StrictModes yes to StrictModes no. If it's commented out, then specifically add StrictModes no into the file.
That solved the issue.
And one more thing I just found, I had to edit the .ssh/authorized_keys file to and make hostname fully qualified. Otherwise, I couldn't use the fully qualified name in the scp/ssh command. Now both fully qualified (like "host.company.com") & the relative name ("host") work, given that both hosts are in the "company.com" domain. ssh-keygen created the public key file with just the hostname.
Again I have a question about an ssh issue:
On a embedded system (no display, no keyboard) my only login interface was ssh. Telnet is disabled too. (I am currently trying to enable it with only little hope...)
My only interaction at the moment is receiving a ping answer and browsing my shared files via smb://!
ssh's answer is always:
$ ssh -vvvvl root 192.168.0.3
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.3 [192.168.0.3] port 22.
debug1: Connection established.
debug1: identity file /home/simon/.ssh/id_rsa type -1
debug1: identity file /home/simon/.ssh/id_rsa-cert type -1
debug1: identity file /home/simon/.ssh/id_dsa type -1
debug1: identity file /home/simon/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-8
debug1: match: OpenSSH_4.3p2 Debian-8 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer
But I direct access to the hdd through pulling it out of the device and manipulating files on it while it is connected to another machine.
One of my last steps before I logged off and get locked out was sudo rm /etc/ssh/*host*key* followed by dpkg-reconfigure openssh-server, what failed because dpkg-reconfigure was not found. So I guess the problem is, that the keys are deleted.
My question is now: how can I off-shore create keys and provide them to sshd without running any command on the target system OR how can I make sshd let me log in without having a key?
Thanks for your help if there is any..?!
You can generate a new set of host keys on a handy Linux system as follows:
ssh-keygen -t rsa -b 2048 -f ssh_host_rsa_key
ssh-keygen -t dsa -b 1024 -f ssh_host_dsa_key
When ssh-keygen asks you for a passphrase, hit Enter without typing anything. Host keys must have an empty passphrase.
This creates the following files in your current directory:
ssh_host_rsa_key
ssh_host_rsa_key.pub
ssh_host_dsa_key
ssh_host_dsa_key.pub
You can then mount your device's hard drive and copy these four files into etc/ssh.
Note that when you try to ssh to the system afterwards, your ssh client will complain that the keys are different than expected, and probably refuse to connect. If you're running the OpenSSH client, you can correct this by using ssh-keygen again:
ssh-keygen -R <your_server_hostname>
ssh -vvvvl root 192.168.0.3
should be:
ssh -vvvvl root#192.168.0.3
I don't know if that is just a typo you made while posting on stackoverflow or if you typed it in on the command line.