So ssh works fine through console/terminal, but when I am using a MySQL database client (Sequel Pro), it seems to somehow be using a different ssh version, and the include directive therefore doesn't work. It states that it is using the proper SSH version, but does it switch at some point during the protocol?
OpenSSH_7.5p1, OpenSSL 1.0.2l 25 May 2017
debug1: Reading configuration data /Users/me/.ssh/config
debug1: Reading configuration data /Users/me/.ssh/devops
debug1: Reading configuration data /Users/me/.ssh/defaults
debug1: /Users/me/.ssh/defaults line 4: Applying options for *
debug1: /Users/me/.ssh/defaults line 76: Applying options for ch-pre-bastion
debug1: /Users/me/.ssh/defaults line 80: Applying options for ch-pre-*
debug1: Reading configuration data /usr/local/etc/ssh/ssh_config
debug1: Control socket " none" does not exist
debug1: Executing proxy command: exec ssh gateway#52.33.83.63 -W 52.33.83.63:22
debug1: permanently_drop_suid: 502
debug1: identity file /Users/me/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/me/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
/Users/me/.ssh/config: line 1: Bad configuration option: include
/Users/me/.ssh/config: line 2: Bad configuration option: include
/Users/me/.ssh/config: terminating, 2 bad configuration options
ssh_exchange_identification: Connection closed by remote host
You have probably more SSH versions installed on your machine and the one from proxy command is probably picking up the old one, without Include support.
debug1: Executing proxy command: exec ssh gateway#52.33.83.63 -W 52.33.83.63:22
Try to find a complete path to ssh binary and use it in the ~/.ssh/config of ProxyCommand or just use ProxyJump option, which should choose correct ssh instance`.
Related
I have successfully been connecting to Bitbucket cloud via my SSH key set up on my laptop for the past three years with no issue, but suddenly today I started seeing this error when trying to pull from remote branch:
kex_exchange_identification: write: Broken pipe
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I followed the instructions here: https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/ for Mac OS (I am using Big Sur). So I deleted the old ssh key, both from my machine and from my Bitbucket account, and replaced it with a newly generated one.
My .ssh config file contains this as recommended:
Host *
UseKeychain yes
So I have added the new key id_rsa to ssh agent:
ssh-add -K ~/.ssh/id_rsa
and added id_rsa.pub to my Bitbucket account as described in the instructions.
Still when I run ssh -T git#bitbucket.org I see: "kex_exchange_identification: write: Broken pipe"
Here is the output with the -v flag enabled:
daniel#North ~ % ssh -T -v git#bitbucket.org
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/daniel/.ssh/config
debug1: /Users/daniel/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to bitbucket.org port 22.
debug1: Connection established.
debug1: identity file /Users/daniel/.ssh/id_rsa type 0
debug1: identity file /Users/daniel/.ssh/id_rsa-cert type -1
debug1: identity file /Users/daniel/.ssh/id_dsa type -1
debug1: identity file /Users/daniel/.ssh/id_dsa-cert type -1
debug1: identity file /Users/daniel/.ssh/id_ecdsa type -1
debug1: identity file /Users/daniel/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/daniel/.ssh/id_ed25519 type -1
debug1: identity file /Users/daniel/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/daniel/.ssh/id_xmss type -1
debug1: identity file /Users/daniel/.ssh/id_xmss-cert type -1
kex_exchange_identification: write: Broken pipe
The strange thing is, when I try the exact same steps on a different Macbook, also running Big Sur, it actually works and I see 'authenticated via ssh key' when running the above command.
Anyone have any idea what might be causing the failure to connect?
my colleague has the same problem, strange thing is that it works when putting the mac in safe mode.
I am trying to clone from a Gitlab server from my Macbook. When I clone, I get the following error:
manzanita-226-109:icarus homeuser$ git clone elm:dummy/dummy.git
Cloning into 'dummy'...
ssh_exchange_identification: read: Connection reset by peer
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
When I try to ssh into the gitlab server, I get the following:
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/homeuser/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to elm.ndc.nasa.gov port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/homeuser/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
ssh_exchange_identification: read: Connection reset by peer
I can get on the gitlab server using Google Chrome with no issues. I also tried cloning and ssh'ing from a different server with no issues. I do not have admin privileges on this gitlab server, but I do not believe there are any banning/blacklisting softwares on there.
Can anyone advise?
ssh_exchange_identification: read: Connection reset by peer
This basically means the TCP connection was "reset" immediately after being accepted by the server. Common reasons for this are:
The remote SSH server software is malfunctioning (e.g. it crashed).
The remote SSH server software is configured to drop your connections for some reason.
Some router or other networking device between you and the server is interfering with the TCP connection.
There's no way to tell exactly what is wrong from the client debugging messages. You need to troubleshoot this on the server. The remote SSH server program might have a log file you can look at, for example.
On my server (Dockerized GitLab) the problem was that I had given the wrong permissions to sshd's keys in /etc/gitlab which could be seen by inspecting the logs in /var/log/gitlab/sshd.
I solved the problem by changing the permissions on the server with this command:
chmod -R 700 /etc/gitlab
I had a similar issue and I found out that the /var/empty folder had the wrong owner. I ran " sudo chown root /var/empty " and it resolved the issue.
I just changed url from ssh to http and it fixed everything...
git remote set-url origin https://username#gitclient.com/reposetory_address
I had this same error. Maybe it is generic, but my issue was that the server had some uncommitted changes that needed to be added and committed before I could push changes from my computer. Hope this saves someone some time, since it wasted a few hours. Thanks!
Add my scenario. In my case, github server is private, previously the github repo server ip is fixed, and I add it in /etc/hosts file. The server ip was updated after maintainance but the hosts file is not updated. I removed the fixed item in /etc/hosts file and the error is gone.
Just for reference in case anyone hit the same issue.
After installing owncloud and running the MySQL secure setup I can not connect to the server anymore. I get the following error:
MacBook-Pro:~ username$ ssh -i ~/.ssh/authorized_keys2 root#x.x.x.x -v
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/.ssh/authorized_keys2 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/username/.ssh/authorized_keys2-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
ssh_exchange_identification: Connection closed by remote host
Whats going on and how can I fix it? I still have an active conneciton to the server
Check /var/log/messages file and see what the error message is. In many case it just a misconfiguration of permission.
I'm trying to set up Capistrano for a webapp I'm working on, and I'm having trouble getting agent forwarding to work.
Here's my ~/.ssh/config:
Host rs
Hostname <ip of my server>
ForwardAgent yes
User root
And I don't think default settings are overriding anything, since ForwardAgent is never mentioned there (except in a commented line).
Here's what happens when I SSH normally:
$ ssh -v deploy#<server>
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/ulyssecarion/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
-- snip --
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.8.0-29-generic x86_64)
If I force SSH to allow agent-forwarding with the -A flag, then I can get it work:
$ ssh -Av deploy#<server>
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/ulyssecarion/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
-- snip --
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
debug1: Requesting authentication agent forwarding. # Note this additional line here
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 12.04.3 LTS (GNU/Linux 3.8.0-29-generic x86_64)
(Notice that the logs on the second example have an additional line indicating agent forwarding is being requested.)
Is this normal, or am I doing something wrong? Thanks in advance!
This block
Host rs
HostName <ip of my server>
ForwardAgent
User root
only applies if your call to ssh looks like
ssh rs
in which case ssh knows that should be used in place of "rs". In your call
ssh -v deploy#<server>
whatever you are using as <server> does not match "rs" (since only the literal string "rs" is going to match), so the block does not apply.
The argument to the Host option must be a pattern which will match the host name you actually use on the command line.
There is some great information over on ServerFault about setting up ssh agent forwarding.
https://superuser.com/questions/168933/extra-configuration-required-for-ssh-agent-forwarding
One thing I want to point out, the ssh config file on the server might have ForwardAgent commented out, but at least on my config file, it's really listing the ssh defaults. It seems for some versions of openssh you have to set the AllowAgentForwarding option on the server. I've found this article really useful https://help.github.com/articles/using-ssh-agent-forwarding
The way to check if ssh agent forwarding is working is by looking at the $SSH_AUTH_SOCK environment variable.
echo "$SSH_AUTH_SOCK"
Again I have a question about an ssh issue:
On a embedded system (no display, no keyboard) my only login interface was ssh. Telnet is disabled too. (I am currently trying to enable it with only little hope...)
My only interaction at the moment is receiving a ping answer and browsing my shared files via smb://!
ssh's answer is always:
$ ssh -vvvvl root 192.168.0.3
OpenSSH_5.5p1 Debian-4ubuntu4, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.0.3 [192.168.0.3] port 22.
debug1: Connection established.
debug1: identity file /home/simon/.ssh/id_rsa type -1
debug1: identity file /home/simon/.ssh/id_rsa-cert type -1
debug1: identity file /home/simon/.ssh/id_dsa type -1
debug1: identity file /home/simon/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-8
debug1: match: OpenSSH_4.3p2 Debian-8 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu4
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
Read from socket failed: Connection reset by peer
But I direct access to the hdd through pulling it out of the device and manipulating files on it while it is connected to another machine.
One of my last steps before I logged off and get locked out was sudo rm /etc/ssh/*host*key* followed by dpkg-reconfigure openssh-server, what failed because dpkg-reconfigure was not found. So I guess the problem is, that the keys are deleted.
My question is now: how can I off-shore create keys and provide them to sshd without running any command on the target system OR how can I make sshd let me log in without having a key?
Thanks for your help if there is any..?!
You can generate a new set of host keys on a handy Linux system as follows:
ssh-keygen -t rsa -b 2048 -f ssh_host_rsa_key
ssh-keygen -t dsa -b 1024 -f ssh_host_dsa_key
When ssh-keygen asks you for a passphrase, hit Enter without typing anything. Host keys must have an empty passphrase.
This creates the following files in your current directory:
ssh_host_rsa_key
ssh_host_rsa_key.pub
ssh_host_dsa_key
ssh_host_dsa_key.pub
You can then mount your device's hard drive and copy these four files into etc/ssh.
Note that when you try to ssh to the system afterwards, your ssh client will complain that the keys are different than expected, and probably refuse to connect. If you're running the OpenSSH client, you can correct this by using ssh-keygen again:
ssh-keygen -R <your_server_hostname>
ssh -vvvvl root 192.168.0.3
should be:
ssh -vvvvl root#192.168.0.3
I don't know if that is just a typo you made while posting on stackoverflow or if you typed it in on the command line.