Re: [hobbit] xymon ssh scan

[Buchan Milne <bgmilne (at) staff.telkomsa.net>]

On Thursday, 10 June 2010 18:35:33 McGraw, Robert P wrote:
> Any ideas on how to solve the following problem.
> 
> 
> hamilton is shown as ssh ok, status unchanged
> for a week, but you can't ssh in:
> 
> % ssh -v hamilton
> OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to hamilton [128.210.3.42] port 22.
> debug1: Connection established.
> debug1: identity file /homes/jflack/.ssh/identity type -1
> debug1: identity file /homes/jflack/.ssh/id_rsa type -1
> debug1: identity file /homes/jflack/.ssh/id_dsa type -1
> debug1: loaded 3 keys
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.9p1

This is quite an old version. Time to consider an upgrade?

> debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.3
> debug1: SSH2_MSG_KEXINIT sent
> Read from socket failed: Connection reset by peer
> 
> Apparently something goes wrong in the server just at the start
> of key exchange. The xymon ssh test reports the remote protocol
> and software versions, so it must converse at least that far, but
> I guess it doesn't go on through the key exchange.
> 
> The ssh server going wrong that way seems to be a familiar failure
> mode for our linux boxes,

In quite a few years in production environments with hundreds of linux 
servers, I haven't seen that myself ...

Have you managed to find a way to reproduce it? Have you filed a bug? IOW, maybe 
prevention of the problem is better than identification.

Regards,
Buchan