Hello,
I have recently updated my AIX machine from version 6.1.7.5 to 6.1.9.1 and i noticed that the errpt of the server is full of ssh messages like the one below:
sshd[<process_id>]: fatal: Read from socket failed: Connection reset by peer [preauth]
Does anyone knows if this a known bug of the ssh version?
hmm are you sure about that?
cause if this was the case then probably users would not been able to connect right? but it seems that they dont have any problem to connect.
by the way i noticed that this version of ssh uses also ecdsa key which didnt existed in previous version. so i generate this pair of keys because i was also fed with messages in errpt that ssh could not locate this key.
so i generate the key pair for ecdsa and then i get this new message repeating on errpt.
The keys of the users ( remote hosts that is...) have not changed so there is no reason they would have connection issues, its this specific host connecting elsewhere if using private keys (e.g. fo no passwd connection ) that will be refused by remote because keys have changed and dont match with what the remote host has in its known_hosts file...
If you know the remote host , try to ssh to it and see if it rejects you... If its the case remove from its known_hosts file the line concerning your host and try again
I normally note down the line number(say, 42) from the error message, and run
vi +42 known_hosts
and delete offending key.
ssh-keygen -R <hostname>
can be used
to remove all keys belonging to a hostname.
ok, you could add: "*.debug<tab><tab>/var/log/debug.out"
to your /etc/syslog.conf file, and run the following to enable it.
# touch /var/log/debug.out
# refresh -s syslogd
once, you have debugging turned on, you may have find more info on why sshd is giving you errors. while sshing to the system, tail the /var/log/debug.out file.
ok i followed the steps that you said and the time that i get a new error in the errpt log i have also these errors in debug.out:
Jun 5 08:06:50 s_opi auth|security:info sshd[11731042]: Nasty PTR record "208.12.134.3" is set up for 208.12.134.3, ignoring
Jun 5 08:06:50 s_opi auth|security:info sshd[11731042]: Failed password for staek012 from 208.12.134.3 port 60727 ssh2
Jun 5 08:06:50 s_opi auth|security:info syslog: ssh: failed login attempt for staek012 from 208.12.134.3
Jun 5 08:06:50 s_opi auth|security:crit sshd[11731042]: fatal: Read from socket failed: Connection reset by peer [preauth] hmm
no i dont get the same messages. i get just these 2 lines:
Jun 11 08:22:35 s_opi auth|security:info sshd[7667714]: Accepted publickey for root from 127.0.0.1 port 34282 ssh2
Jun 11 08:22:36 s_opi auth|security:info sshd[7667714]: Received disconnect from 127.0.0.1: 11: disconnected by user
we finally reproduce the problem. this messages appear in the errpt because of the application that is used by the users to connect to the server. when they type wrong password the connection is closing and opens a new connection. it behaves different from putty which continues to ask for password when you type wrong password.