Upgrading from Etch to Lenny ends in SSH problems
in [Debian]
|
Prev: wireless connected was: Re: corrupted firmware-linux-nonfree 0.26
Next: Clarification: Opinions & why: What's the best DVD setup for Debian AMD64 system
From: Wouter van Vliet / Interpotential on 7 Jul 2010 20:10 Hi All, I've just been attempting an (more than just slightly) overdue upgrade from Etch to Lenny on a machine I don't have physical access to. At first, everything seemed to work fine. But after a while my connection (over ssh) was dropped and all my box returns now is 'connection closed' when I try to reconnect. It gives me this: wouter(a)wouter-desktop:~$ ssh -vvv root(a)www.#########.nl OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to www.#########.nl [###.###.###.###] port 22. debug1: Connection established. debug1: identity file /home/wouter/.ssh/identity type -1 debug1: identity file /home/wouter/.ssh/id_rsa type -1 debug1: identity file /home/wouter/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5 debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug3: Wrote 792 bytes for a total of 831 Connection closed by ###.###.###.### Of course I've already activated customer support, hoping that my hosting company is willing to physically go to the server. But I was hoping that you might have some suggestions on what I might be able to try. Though I know my options are limited :( And at the same time I'm wondering what's causing it, and how I could have prevented it. I upgraded with a simple: apt-get dist-upgrade Thanks! Wouter -- http://www.interpotential.com http://www.ilikealot.com Phone: +4520371433
From: Alexander Batischev on 8 Jul 2010 17:30 Hi! Well, maybe something happened to passwordless authentication - did you try to connect using password, not RSA key? To do so, you can simply move ~/.ssh/id* somewhere and try to connect. You should be asked for a password that time. I'm not sure about that, but hope that helps. -- Regards, Alexander Batischev 1024D/69093C81 F870 A381 B5F5 D2A1 1B35 4D63 A1A7 1C77 6909 3C81
From: Wouter van Vliet / Interpotential on 8 Jul 2010 17:40 Ok, so apparently the problem had all sorts of things to do with the host key being blacklisted, and therefore labeled as 'compromised'. Of course one can't SSH in anymore in such a situation. How to prevent it? Well, I probably should have checked with ssh-vulnkey before doing the upgrade. W. On 8 July 2010 02:06, Wouter van Vliet / Interpotential < wouter(a)interpotential.com> wrote: > Hi All, > > I've just been attempting an (more than just slightly) overdue upgrade from > Etch to Lenny on a machine I don't have physical access to. At first, > everything seemed to work fine. But after a while my connection (over ssh) > was dropped and all my box returns now is 'connection closed' when I try to > reconnect. It gives me this: > > wouter(a)wouter-desktop:~$ ssh -vvv root(a)www.#########.nl > OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to www.#########.nl [###.###.###.###] port 22. > debug1: Connection established. > debug1: identity file /home/wouter/.ssh/identity type -1 > debug1: identity file /home/wouter/.ssh/id_rsa type -1 > debug1: identity file /home/wouter/.ssh/id_dsa type -1 > debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 > Debian-5 > debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu4 > debug2: fd 3 setting O_NONBLOCK > debug1: SSH2_MSG_KEXINIT sent > debug3: Wrote 792 bytes for a total of 831 > Connection closed by ###.###.###.### > > Of course I've already activated customer support, hoping that my hosting > company is willing to physically go to the server. But I was hoping that you > might have some suggestions on what I might be able to try. Though I know my > options are limited :( > > And at the same time I'm wondering what's causing it, and how I could have > prevented it. I upgraded with a simple: apt-get dist-upgrade > > Thanks! > Wouter > > > -- > http://www.interpotential.com > http://www.ilikealot.com > > Phone: +4520371433 > -- http://www.interpotential.com http://www.ilikealot.com Phone: +4520371433
From: Tzafrir Cohen on 10 Jul 2010 17:50
On Thu, Jul 08, 2010 at 05:52:22PM +0200, Wouter van Vliet / Interpotential wrote: > Ok, so apparently the problem had all sorts of things to do with the host > key being blacklisted, and therefore labeled as 'compromised'. Of course one > can't SSH in anymore in such a situation. > > How to prevent it? Well, I probably should have checked with ssh-vulnkey > before doing the upgrade. I actually wonder why the problem didn't hurt you before that. If you had a bad host key for so long, you must have recieved some warnings/errors about it from some ssh clients. -- Tzafrir Cohen | tzafrir(a)jabber.org | VIM is http://tzafrir.org.il | | a Mutt's tzafrir(a)cohens.org.il | | best tzafrir(a)debian.org | | friend -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/20100710214550.GG17569(a)pear.tzafrir.org.il |