Solved Can't ssh to 14-stable after OpenSSH is updated to 9.5p1

blazingice

blazingice

I used to ssh from a laptop to a desktop running FreeBSD 14-stable without a problem. During October I did two regular updates of 14-stable, after which I lost the ability to ssh. All I get is:

Code: 
Connection closed by 192.168.0.97 port 22

I have reverted to previous boot environment when ssh worked, to compare the settings and the only thing that I can see is:

1. Boot environment when ssh worked:
Code: 
OpenSSH_9.4, OpenSSL 3.0.10 1 Aug 2023

2. Default boot environment where I can't ssh uses:
Code: 
OpenSSH_9.5p1, OpenSSL 3.0.10 1 Aug 2023

/etc/ssh/sshd_config is exactly the same in both boot environments (obviously apart from #VersionAddendum)

Any ideas where else I should be looking, I am a bit stuck and don't know what else to check.
 
Have you tried adding a "-vvv" on the client side to get verbose debug logs? That should give a clue. Also check sshd logs on the server side, or any firewall settings relating to ssh port.

"When" are you getting that Connection Closed message? During the initial connection? After you have logged in?
 
This might ultimately be a very stupid question... since I've had that experience myself: did you reboot after upgrading and before trying to ssh in?
I've had the unpleasant experience that after upgrading in general, sometimes ssh would no longer let me log in unless I rebooted the machine.
 
Here is the debug logs from the client side
Code: 
username@Enlil ~ % ssh -vvv username@192.168.0.97
OpenSSH_8.6p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/username/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.0.97 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/username/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/username/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.0.97 [192.168.0.97] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /Users/username/.ssh/id_rsa type 0
debug1: identity file /Users/username/.ssh/id_rsa-cert type -1
debug1: identity file /Users/username/.ssh/id_dsa type -1
debug1: identity file /Users/username/.ssh/id_dsa-cert type -1
debug1: identity file /Users/username/.ssh/id_ecdsa type -1
debug1: identity file /Users/username/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/username/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/username/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/username/.ssh/id_ed25519 type 3
debug1: identity file /Users/username/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/username/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/username/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/username/.ssh/id_xmss type -1
debug1: identity file /Users/username/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.5 FreeBSD-20231004
debug1: compat_banner: match: OpenSSH_9.5 FreeBSD-20231004 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.0.97:22 as 'username'
debug3: record_hostkey: found key type ED25519 in file /Users/username/.ssh/known_hosts:27
debug3: record_hostkey: found key type RSA in file /Users/username/.ssh/known_hosts:28
debug3: record_hostkey: found key type ECDSA in file /Users/username/.ssh/known_hosts:29
debug3: load_hostkeys_file: loaded 3 keys from 192.168.0.97
debug1: load_hostkeys: fopen /Users/username/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
Connection closed by 192.168.0.97 port 22

From the server side I get the following in /var/log/messages
Code: 
Oct 21 18:03:57 freebsd-stable kernel: pid 2266 (sshd), jid 0, uid 0: exited on signal 11 (no core dump - bad address)

Yes, I have rebooted multiple time as I was changing the boot environments.
 
So the server side ties to the connection closed on the client side. But if the server is actually exiting, that implies to me something not completely updated. Perhaps a pkg update? Did you run freebsd-update install a few times in the new boot environment?
 
I have been updating from source so have not used freebsd-update. I don't think pkg update will help with OpenSSh, unless I was using the port version.
 
blazingice said:
I have been updating from source so have not used freebsd-update. I don't think pkg update will help with OpenSSh, unless I was using the port version.
Click to expand...
That's good information; as for OpenSSH, I'm not sure about what's in base or ports anymore. I do know that 14 was delayed because of OpenSSH but don't know if that was base or elsewhere.

So my suggestion about freebsd-update install on the server is likely irrelevant. Since you are updating from source, maybe double check your source tree up to date with either stable or "RC-X" and maybe do a clean before buildkernel && buildworld to get rid of any stale references.
 
You must log in or register to reply here.
Back
Top