SSH login disconnect after upgrading AIX 6.1 [7]
- Netsarang Support
Owned by Netsarang Support
Mar 08, 2021
4 min read
Loading data...
SSH login disconnect after upgrading AIX 6.1
Tuesday, January 8, 2013 2:54 AM - JPP
Hi,
i have a strange behavior after upgrading an aix 6.1 to the latest level 6100-08-01-1245
everything was working normally before the upgrade, the aix level was 6.1 TL7
xshell disconnect the ssh login immediately , connection with ssh is closed immediately with no explicit message.
using telnet works
using putty works with ssh
using an ssh connection after connecting to another server works ( using xshell4)
Program Ver. : Xshell 4
i have a strange behavior after upgrading an aix 6.1 to the latest level 6100-08-01-1245
everything was working normally before the upgrade, the aix level was 6.1 TL7
xshell disconnect the ssh login immediately , connection with ssh is closed immediately with no explicit message.
using telnet works
using putty works with ssh
using an ssh connection after connecting to another server works ( using xshell4)
Program Ver. : Xshell 4
Re: SSH login disconect after upgrading AIX 6.1
Tuesday, January 8, 2013 4:12 PM - Support
We will try reproducing this problem.
First, try upgrading to the latest by going to Help > Check for updates.
If the problem persists, let us know the following:
1. Windows version
2. Steps to reproduce the problem
3. Screenshot
---
Technical Support
First, try upgrading to the latest by going to Help > Check for updates.
If the problem persists, let us know the following:
1. Windows version
2. Steps to reproduce the problem
3. Screenshot
---
Technical Support
Re: SSH login disconect after upgrading AIX 6.1
Wednesday, January 9, 2013 6:01 PM - Support
Also, you can get more information by looking at the server side log files. Since you can access the server via logging into a different server first, the AIX server is disconnecting the connection for some reason. You can find the ssh log file in /var/log/
---
Technical Support
---
Technical Support
Re: SSH login disconect after upgrading AIX 6.1
Thursday, January 17, 2013 2:22 AM - JPP
i found no log in /var/log
here is some logs :
log from xshell session :
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
[10:51:58] Version exchange initiated...
[10:51:58] server: SSH-2.0-OpenSSH_6.0
[10:51:58] client: SSH-2.0-nsssh2_4.0.0027 NetSarang Computer, Inc.
[10:51:58] SSH2 is selected.
[10:51:58] Algorithm negotiation initiated...
[10:51:58] key exchange: diffie-hellman-group14-sha1
[10:51:58] host key: ssh-dss
[10:51:58] outgoing encryption: 3des-cbc
[10:51:58] incoming encryption: 3des-cbc
[10:51:58] outgoing mac: hmac-sha1
[10:51:58] incoming mac: hmac-sha1
[10:51:58] outgoing compression: none
[10:51:58] incoming compression: none
Connection closed by foreign host.
launch sshd in debug after i try to connect ssh :
root@su10401# /usr/sbin/sshd -ddd &
[1] 11337738
root@su10401# debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 219
debug2: parse_server_config: config /etc/ssh/sshd_config len 219
debug3: /etc/ssh/sshd_config:19 setting Protocol 2
debug3: /etc/ssh/sshd_config:34 setting LogLevel DEBUG
debug3: /etc/ssh/sshd_config:40 setting StrictModes no
debug3: /etc/ssh/sshd_config:89 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:101 setting UseDNS no
debug3: /etc/ssh/sshd_config:111 setting Subsystem sftp /usr/sbin/sftp-server
debug1: sshd version OpenSSH_6.0p1
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 5 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 5 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 9 config len 219
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
debug1: inetd sockets after dupping: 5, 5
debug1: audit connection from 10.25.92.157 port 63484 euid 0
Connection from 10.25.92.157 port 63484
debug1: Client protocol version 2.0; client software version nsssh2_4.0.0027 NetSarang Computer, Inc.
debug1: no match: nsssh2_4.0.0027 NetSarang Computer, Inc.
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug3: Value for authType is STD_AUTH
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling the Kerberos auth
debug2: fd 5 setting O_NONBLOCK
debug2: Network child is on pid 15139000
debug3: preauth child monitor started
debug3: privsep user:group 202:201 [preauth]
debug1: permanently_set_uid: 202/201 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0 [preauth]
debug2: kex_parse_kexinit: reserved 0 [preauth]
debug2: kex_parse_kexinit: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa [preauth]
debug2: kex_parse_kexinit: 3des-cbc [preauth]
debug2: kex_parse_kexinit: 3des-cbc [preauth]
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none [preauth]
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0 [preauth]
debug2: kex_parse_kexinit: reserved 0 [preauth]
debug2: mac_setup: found hmac-sha1 [preauth]
debug1: kex: client->server 3des-cbc hmac-sha1 none [preauth]
debug2: mac_setup: found hmac-sha1 [preauth]
debug1: kex: server->client 3des-cbc hmac-sha1 none [preauth]
debug2: dh_gen_key: priv key bits set: 196/384 [preauth]
debug2: bits set: 1019/2048 [preauth]
debug1: expecting SSH2_MSG_KEXDH_INIT [preauth]
debug2: bits set: 1046/2048 [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 5 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 20054448(55)
debug3: mm_request_send entering: type 5
debug2: monitor_read: 4 used once, disabling now
debug2: kex_derive_keys [preauth]
debug2: set_newkeys: mode 1 [preauth]
cipher_init: EVP_CipherInit: set key failed for 3des-cbc [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: Killing privsep child 15139000
debug1: audit event euid 0 user (unknown user) event 12 (SSH_connabndn)
debug1: Return Val-1 for auditproc:0
[1] + Done(255) /usr/sbin/sshd -ddd &
here is some logs :
log from xshell session :
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
[10:51:58] Version exchange initiated...
[10:51:58] server: SSH-2.0-OpenSSH_6.0
[10:51:58] client: SSH-2.0-nsssh2_4.0.0027 NetSarang Computer, Inc.
[10:51:58] SSH2 is selected.
[10:51:58] Algorithm negotiation initiated...
[10:51:58] key exchange: diffie-hellman-group14-sha1
[10:51:58] host key: ssh-dss
[10:51:58] outgoing encryption: 3des-cbc
[10:51:58] incoming encryption: 3des-cbc
[10:51:58] outgoing mac: hmac-sha1
[10:51:58] incoming mac: hmac-sha1
[10:51:58] outgoing compression: none
[10:51:58] incoming compression: none
Connection closed by foreign host.
launch sshd in debug after i try to connect ssh :
root@su10401# /usr/sbin/sshd -ddd &
[1] 11337738
root@su10401# debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 219
debug2: parse_server_config: config /etc/ssh/sshd_config len 219
debug3: /etc/ssh/sshd_config:19 setting Protocol 2
debug3: /etc/ssh/sshd_config:34 setting LogLevel DEBUG
debug3: /etc/ssh/sshd_config:40 setting StrictModes no
debug3: /etc/ssh/sshd_config:89 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:101 setting UseDNS no
debug3: /etc/ssh/sshd_config:111 setting Subsystem sftp /usr/sbin/sftp-server
debug1: sshd version OpenSSH_6.0p1
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 5 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 5 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 9 config len 219
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
debug1: inetd sockets after dupping: 5, 5
debug1: audit connection from 10.25.92.157 port 63484 euid 0
Connection from 10.25.92.157 port 63484
debug1: Client protocol version 2.0; client software version nsssh2_4.0.0027 NetSarang Computer, Inc.
debug1: no match: nsssh2_4.0.0027 NetSarang Computer, Inc.
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug3: Value for authType is STD_AUTH
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.
debug1: Error loading Kerberos, disabling the Kerberos auth
debug2: fd 5 setting O_NONBLOCK
debug2: Network child is on pid 15139000
debug3: preauth child monitor started
debug3: privsep user:group 202:201 [preauth]
debug1: permanently_set_uid: 202/201 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0 [preauth]
debug2: kex_parse_kexinit: reserved 0 [preauth]
debug2: kex_parse_kexinit: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa [preauth]
debug2: kex_parse_kexinit: 3des-cbc [preauth]
debug2: kex_parse_kexinit: 3des-cbc [preauth]
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none [preauth]
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0 [preauth]
debug2: kex_parse_kexinit: reserved 0 [preauth]
debug2: mac_setup: found hmac-sha1 [preauth]
debug1: kex: client->server 3des-cbc hmac-sha1 none [preauth]
debug2: mac_setup: found hmac-sha1 [preauth]
debug1: kex: server->client 3des-cbc hmac-sha1 none [preauth]
debug2: dh_gen_key: priv key bits set: 196/384 [preauth]
debug2: bits set: 1019/2048 [preauth]
debug1: expecting SSH2_MSG_KEXDH_INIT [preauth]
debug2: bits set: 1046/2048 [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 5 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 20054448(55)
debug3: mm_request_send entering: type 5
debug2: monitor_read: 4 used once, disabling now
debug2: kex_derive_keys [preauth]
debug2: set_newkeys: mode 1 [preauth]
cipher_init: EVP_CipherInit: set key failed for 3des-cbc [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: Killing privsep child 15139000
debug1: audit event euid 0 user (unknown user) event 12 (SSH_connabndn)
debug1: Return Val-1 for auditproc:0
[1] + Done(255) /usr/sbin/sshd -ddd &
Re: SSH login disconect after upgrading AIX 6.1
Thursday, January 17, 2013 2:23 AM - JPP
windows 7
xshell 4 build 120
xshell 4 build 120
Re: SSH login disconnect after upgrading AIX 6.1
Thursday, January 17, 2013 4:08 PM - Support
Thank you for submitting the logs. This has been forwarded to our developers. Please allow some time to review.
Thank you for being patient.
---
Technical Support
Thank you for being patient.
---
Technical Support
Re: SSH login disconnect after upgrading AIX 6.1
Friday, January 18, 2013 4:52 AM - JPP
i succeed to do direct ssh login changing the encryption mode in SSH/security
with blowfish or arcour or perhaps other, it works
leaving "Cipher list" makes the connexion closed
so it is probably a change at ssh_config at server level ?
i never needed to change this ecryption option
with blowfish or arcour or perhaps other, it works
leaving "Cipher list" makes the connexion closed
so it is probably a change at ssh_config at server level ?
i never needed to change this ecryption option
Re: SSH login disconnect after upgrading AIX 6.1
Tuesday, October 6, 2015 1:45 PM - Jaden
I have the the same problem after upgrading AIX 6.1
and remove security.pkcs11 ( installp -u security.pkcs11 -g )
It will be ok!!
and remove security.pkcs11 ( installp -u security.pkcs11 -g )
It will be ok!!
Previous views: 950