Fatal: Read from socket failed: Connection reset by peer [preauth]

Hello,
I have recently updated my AIX machine from version 6.1.7.5 to 6.1.9.1 and i noticed that the errpt of the server is full of ssh messages like the one below:
sshd[<process_id>]: fatal: Read from socket failed: Connection reset by peer [preauth]
Does anyone knows if this a known bug of the ssh version?

Thank you

No but the update affected ssh also you may now have obsolete keys... and need to generate / transfer new ones...

hmm are you sure about that?
cause if this was the case then probably users would not been able to connect right? but it seems that they dont have any problem to connect.
by the way i noticed that this version of ssh uses also ecdsa key which didnt existed in previous version. so i generate this pair of keys because i was also fed with messages in errpt that ssh could not locate this key.
so i generate the key pair for ecdsa and then i get this new message repeating on errpt.

The keys of the users ( remote hosts that is...) have not changed so there is no reason they would have connection issues, its this specific host connecting elsewhere if using private keys (e.g. fo no passwd connection ) that will be refused by remote because keys have changed and dont match with what the remote host has in its known_hosts file...

so what you suggest is to:

  1. generate new pair of keys
  2. remove the entry of the host in the known_hosts file of remote server
  3. connect from host to remote server to authenticate the host and save the new key to known_hosts file of remote server.
    is that correct?

If you know the remote host , try to ssh to it and see if it rejects you... If its the case remove from its known_hosts file the line concerning your host and try again
I normally note down the line number(say, 42) from the error message, and run

 vi +42 known_hosts 

and delete offending key.

ssh-keygen  -R <hostname> 

can be used
to remove all keys belonging to a hostname.

well actually it doesnt reject my connection but it asks for authentication. it doesnt connect me straight away.

OP do you have tcp wrappers installed? if so, did you change your network settings?

i didnt change the network settings. this behavior is noticed after the AIX update. how can i find if i have tcp wrappers?

look for the files /etc/hosts.allow and /etc/hosts.deny.

no i dont have these files

ok, you could add: "*.debug<tab><tab>/var/log/debug.out"
to your /etc/syslog.conf file, and run the following to enable it.
# touch /var/log/debug.out
# refresh -s syslogd

once, you have debugging turned on, you may have find more info on why sshd is giving you errors. while sshing to the system, tail the /var/log/debug.out file.

ok i followed the steps that you said and the time that i get a new error in the errpt log i have also these errors in debug.out:

Jun  5 08:06:50 s_opi auth|security:info sshd[11731042]: Nasty PTR record "208.12.134.3" is set up for 208.12.134.3, ignoring
Jun  5 08:06:50 s_opi auth|security:info sshd[11731042]: Failed password for staek012 from 208.12.134.3 port 60727 ssh2
Jun  5 08:06:50 s_opi auth|security:info syslog: ssh: failed login attempt for staek012 from 208.12.134.3
Jun  5 08:06:50 s_opi auth|security:crit sshd[11731042]: fatal: Read from socket failed: Connection reset by peer [preauth]  hmm

is these records helpful?

ok, this is helpful. it appears that there is an issue with reverse dns lookup. what happens if you run:
$ ssh localhost
do you get the same messages?

no i dont get the same messages. i get just these 2 lines:

 Jun 11 08:22:35 s_opi auth|security:info sshd[7667714]: Accepted publickey for root from 127.0.0.1 port 34282 ssh2 
 Jun 11 08:22:36 s_opi auth|security:info sshd[7667714]: Received disconnect from 127.0.0.1: 11: disconnected by user 

we finally reproduce the problem. this messages appear in the errpt because of the application that is used by the users to connect to the server. when they type wrong password the connection is closing and opens a new connection. it behaves different from putty which continues to ask for password when you type wrong password.