SSH connection hang after upgrade - openssh

This is a discussion on SSH connection hang after upgrade - openssh ; I recently had to upgrade my version of OpenSSH from 4.7 to 5.0p1 on my MacBook (Darwin). I installed the latest 'portable' tarball and removed the system version: $ ssh -V OpenSSH_5.0p1, OpenSSL 0.9.7l 28 Sep 2006 $ which ssh ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: SSH connection hang after upgrade

  1. SSH connection hang after upgrade

    I recently had to upgrade my version of OpenSSH from 4.7 to 5.0p1 on my
    MacBook (Darwin). I installed the latest 'portable' tarball and
    removed the system version:
    $ ssh -V
    OpenSSH_5.0p1, OpenSSL 0.9.7l 28 Sep 2006
    $ which ssh
    /usr/bin/ssh

    sshd is the same version, installed in /usr/sbin/sshd. Now, things are
    a bit broken: I am able to ssh from another machine into my MacBook,
    so the server (sshd) is working, but the outgoing client (ssh) hangs
    indefinitely on connect. ssh-add also hangs on any operation. ssh-
    agent shows:
    SSH_AUTH_SOCK=/tmp/ssh-35xNGanxBs/agent.2282; export SSH_AUTH_SOCK;
    SSH_AGENT_PID=2283; export SSH_AGENT_PID;
    echo Agent pid 2283;

    The interesting bits from an 'ssh -vvv localhost' session are:
    ....
    debug3: Not a RSA1 key file /Users/jd/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: missing keytype
    debug2: key_type_from_name: unknown key type 'Proc-Type:'
    debug3: key_read: missing keytype
    debug2: key_type_from_name: unknown key type 'DEK-Info:'
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    ....
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: missing keytype

    The ssh connection attempt just hangs and sits at:
    ....
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received

    I don't know why the error 'Not a RSA1 key file' comes up, as my
    private key (id_rsa) remains unchanged and begins:
    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,...

    Other points of interest:
    'ssh-keygen -B' correctly identifies my private key and returns what
    appears to be a valid bubble-babble digest, beginning with '1024 ...'
    'ssh-keygen -l' correctly identifies my private key and returns what
    appears to be a valid fingerprint, beginning with '1024 ...'
    'ssh-keygen -y' correctly identifies my private key, asks for my pass
    phrase, and returns my public key, beginning with 'ssh-rsa ...'
    I haven't knowingly enabled any RSA-related settings in sshd_config,
    and HostKey remains commented out.

    Any thoughts on what may be wrong, whether this is a bug or something
    I've screwed up, or what else I can try?

    Thanks,
    ~John
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  2. Re: SSH connection hang after upgrade

    Hello,

    Any help, please? Could this possibly be a bug with 'portable'
    OpenSSH 5.0p_1 on Mac OS X 10.5.3? I don't understand why the daemon
    is saying my private key is "Not a RSA1 key file" when it _is_ a valid
    RSA key file ... or why the daemon is trying to read the private key
    in the first place: as long as the SSH Agent is working properly,
    shouldn't it be the _public_ key it looks for?

    Thanks,
    ~John

    On Jun 18, 2008, at 6:16 PM, John DeStefano wrote:

    > I recently had to upgrade my version of OpenSSH from 4.7 to 5.0p1 on
    > my
    > MacBook (Darwin). I installed the latest 'portable' tarball and
    > removed the system version:
    > $ ssh -V
    > OpenSSH_5.0p1, OpenSSL 0.9.7l 28 Sep 2006
    > $ which ssh
    > /usr/bin/ssh
    >
    > sshd is the same version, installed in /usr/sbin/sshd. Now, things are
    > a bit broken: I am able to ssh from another machine into my MacBook,
    > so the server (sshd) is working, but the outgoing client (ssh) hangs
    > indefinitely on connect. ssh-add also hangs on any operation. ssh-
    > agent shows:
    > SSH_AUTH_SOCK=/tmp/ssh-35xNGanxBs/agent.2282; export SSH_AUTH_SOCK;
    > SSH_AGENT_PID=2283; export SSH_AGENT_PID;
    > echo Agent pid 2283;
    >
    > The interesting bits from an 'ssh -vvv localhost' session are:
    > ...
    > debug3: Not a RSA1 key file /Users/jd/.ssh/id_rsa.
    > debug2: key_type_from_name: unknown key type '-----BEGIN'
    > debug3: key_read: missing keytype
    > debug2: key_type_from_name: unknown key type 'Proc-Type:'
    > debug3: key_read: missing keytype
    > debug2: key_type_from_name: unknown key type 'DEK-Info:'
    > debug3: key_read: missing keytype
    > debug3: key_read: missing whitespace
    > ...
    > debug3: key_read: missing whitespace
    > debug2: key_type_from_name: unknown key type '-----END'
    > debug3: key_read: missing keytype
    >
    > The ssh connection attempt just hangs and sits at:
    > ...
    > debug2: service_accept: ssh-userauth
    > debug1: SSH2_MSG_SERVICE_ACCEPT received
    >
    > I don't know why the error 'Not a RSA1 key file' comes up, as my
    > private key (id_rsa) remains unchanged and begins:
    > -----BEGIN RSA PRIVATE KEY-----
    > Proc-Type: 4,ENCRYPTED
    > DEK-Info: DES-EDE3-CBC,...
    >
    > Other points of interest:
    > 'ssh-keygen -B' correctly identifies my private key and returns what
    > appears to be a valid bubble-babble digest, beginning with '1024 ...'
    > 'ssh-keygen -l' correctly identifies my private key and returns what
    > appears to be a valid fingerprint, beginning with '1024 ...'
    > 'ssh-keygen -y' correctly identifies my private key, asks for my
    > pass phrase, and returns my public key, beginning with 'ssh-rsa ...'
    > I haven't knowingly enabled any RSA-related settings in sshd_config,
    > and HostKey remains commented out.
    >
    > Any thoughts on what may be wrong, whether this is a bug or
    > something I've screwed up, or what else I can try?
    >
    > Thanks,
    > ~John


    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  3. Re: SSH connection hang after upgrade


    There is a difference between a RSA1 key (RSA for ssh v1 protocol) and an
    RSA key (RSA for ssh v2 protocol). So that has nothing to do with what
    you are seeing.

    - Ben

    On Fri, 20 Jun 2008, John DeStefano wrote:

    > Hello,
    >
    > Any help, please? Could this possibly be a bug with 'portable'
    > OpenSSH 5.0p_1 on Mac OS X 10.5.3? I don't understand why the daemon
    > is saying my private key is "Not a RSA1 key file" when it _is_ a valid
    > RSA key file ... or why the daemon is trying to read the private key
    > in the first place: as long as the SSH Agent is working properly,
    > shouldn't it be the _public_ key it looks for?
    >
    > Thanks,
    > ~John
    >
    > On Jun 18, 2008, at 6:16 PM, John DeStefano wrote:
    >
    >> I recently had to upgrade my version of OpenSSH from 4.7 to 5.0p1 on
    >> my
    >> MacBook (Darwin). I installed the latest 'portable' tarball and
    >> removed the system version:
    >> $ ssh -V
    >> OpenSSH_5.0p1, OpenSSL 0.9.7l 28 Sep 2006
    >> $ which ssh
    >> /usr/bin/ssh
    >>
    >> sshd is the same version, installed in /usr/sbin/sshd. Now, things are
    >> a bit broken: I am able to ssh from another machine into my MacBook,
    >> so the server (sshd) is working, but the outgoing client (ssh) hangs
    >> indefinitely on connect. ssh-add also hangs on any operation. ssh-
    >> agent shows:
    >> SSH_AUTH_SOCK=/tmp/ssh-35xNGanxBs/agent.2282; export SSH_AUTH_SOCK;
    >> SSH_AGENT_PID=2283; export SSH_AGENT_PID;
    >> echo Agent pid 2283;
    >>
    >> The interesting bits from an 'ssh -vvv localhost' session are:
    >> ...
    >> debug3: Not a RSA1 key file /Users/jd/.ssh/id_rsa.
    >> debug2: key_type_from_name: unknown key type '-----BEGIN'
    >> debug3: key_read: missing keytype
    >> debug2: key_type_from_name: unknown key type 'Proc-Type:'
    >> debug3: key_read: missing keytype
    >> debug2: key_type_from_name: unknown key type 'DEK-Info:'
    >> debug3: key_read: missing keytype
    >> debug3: key_read: missing whitespace
    >> ...
    >> debug3: key_read: missing whitespace
    >> debug2: key_type_from_name: unknown key type '-----END'
    >> debug3: key_read: missing keytype
    >>
    >> The ssh connection attempt just hangs and sits at:
    >> ...
    >> debug2: service_accept: ssh-userauth
    >> debug1: SSH2_MSG_SERVICE_ACCEPT received
    >>
    >> I don't know why the error 'Not a RSA1 key file' comes up, as my
    >> private key (id_rsa) remains unchanged and begins:
    >> -----BEGIN RSA PRIVATE KEY-----
    >> Proc-Type: 4,ENCRYPTED
    >> DEK-Info: DES-EDE3-CBC,...
    >>
    >> Other points of interest:
    >> 'ssh-keygen -B' correctly identifies my private key and returns what
    >> appears to be a valid bubble-babble digest, beginning with '1024 ...'
    >> 'ssh-keygen -l' correctly identifies my private key and returns what
    >> appears to be a valid fingerprint, beginning with '1024 ...'
    >> 'ssh-keygen -y' correctly identifies my private key, asks for my
    >> pass phrase, and returns my public key, beginning with 'ssh-rsa ...'
    >> I haven't knowingly enabled any RSA-related settings in sshd_config,
    >> and HostKey remains commented out.
    >>
    >> Any thoughts on what may be wrong, whether this is a bug or
    >> something I've screwed up, or what else I can try?
    >>
    >> Thanks,
    >> ~John

    >
    > _______________________________________________
    > openssh-unix-dev mailing list
    > openssh-unix-dev@mindrot.org
    > https://lists.mindrot.org/mailman/li...enssh-unix-dev
    >

    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  4. Re: SSH connection hang after upgrade

    On Jun 20, 2008, at 2:54 PM, Ben Lindstrom wrote:
    > There is a difference between a RSA1 key (RSA for ssh v1 protocol)
    > and an RSA key (RSA for ssh v2 protocol). So that has nothing to do
    > with what you are seeing.
    > - Ben


    OK; thanks ... but if 'Protocol 2' is specified in sshd_config, should
    sshd be looking for an 'RSA1 key'? And why would it look at .ssh/
    id_rsa instead of looking for .ssh/identity, which doesn't exist on my
    system but I believe is the file used for SSH v1 RSA? Is there a way
    to prevent it from doing so?

    Thanks,
    ~John


    > On Fri, 20 Jun 2008, John DeStefano wrote:
    >
    >> Hello,
    >>
    >> Any help, please? Could this possibly be a bug with 'portable'
    >> OpenSSH 5.0p_1 on Mac OS X 10.5.3? I don't understand why the daemon
    >> is saying my private key is "Not a RSA1 key file" when it _is_ a
    >> valid
    >> RSA key file ... or why the daemon is trying to read the private key
    >> in the first place: as long as the SSH Agent is working properly,
    >> shouldn't it be the _public_ key it looks for?
    >>
    >> Thanks,
    >> ~John
    >>
    >> On Jun 18, 2008, at 6:16 PM, John DeStefano wrote:
    >>
    >>> I recently had to upgrade my version of OpenSSH from 4.7 to 5.0p1 on
    >>> my
    >>> MacBook (Darwin). I installed the latest 'portable' tarball and
    >>> removed the system version:
    >>> $ ssh -V
    >>> OpenSSH_5.0p1, OpenSSL 0.9.7l 28 Sep 2006
    >>> $ which ssh
    >>> /usr/bin/ssh
    >>>
    >>> sshd is the same version, installed in /usr/sbin/sshd. Now, things
    >>> are
    >>> a bit broken: I am able to ssh from another machine into my MacBook,
    >>> so the server (sshd) is working, but the outgoing client (ssh) hangs
    >>> indefinitely on connect. ssh-add also hangs on any operation. ssh-
    >>> agent shows:
    >>> SSH_AUTH_SOCK=/tmp/ssh-35xNGanxBs/agent.2282; export SSH_AUTH_SOCK;
    >>> SSH_AGENT_PID=2283; export SSH_AGENT_PID;
    >>> echo Agent pid 2283;
    >>>
    >>> The interesting bits from an 'ssh -vvv localhost' session are:
    >>> ...
    >>> debug3: Not a RSA1 key file /Users/jd/.ssh/id_rsa.
    >>> debug2: key_type_from_name: unknown key type '-----BEGIN'
    >>> debug3: key_read: missing keytype
    >>> debug2: key_type_from_name: unknown key type 'Proc-Type:'
    >>> debug3: key_read: missing keytype
    >>> debug2: key_type_from_name: unknown key type 'DEK-Info:'
    >>> debug3: key_read: missing keytype
    >>> debug3: key_read: missing whitespace
    >>> ...
    >>> debug3: key_read: missing whitespace
    >>> debug2: key_type_from_name: unknown key type '-----END'
    >>> debug3: key_read: missing keytype
    >>>
    >>> The ssh connection attempt just hangs and sits at:
    >>> ...
    >>> debug2: service_accept: ssh-userauth
    >>> debug1: SSH2_MSG_SERVICE_ACCEPT received
    >>>
    >>> I don't know why the error 'Not a RSA1 key file' comes up, as my
    >>> private key (id_rsa) remains unchanged and begins:
    >>> -----BEGIN RSA PRIVATE KEY-----
    >>> Proc-Type: 4,ENCRYPTED
    >>> DEK-Info: DES-EDE3-CBC,...
    >>>
    >>> Other points of interest:
    >>> 'ssh-keygen -B' correctly identifies my private key and returns what
    >>> appears to be a valid bubble-babble digest, beginning with
    >>> '1024 ...'
    >>> 'ssh-keygen -l' correctly identifies my private key and returns what
    >>> appears to be a valid fingerprint, beginning with '1024 ...'
    >>> 'ssh-keygen -y' correctly identifies my private key, asks for my
    >>> pass phrase, and returns my public key, beginning with 'ssh-rsa ...'
    >>> I haven't knowingly enabled any RSA-related settings in sshd_config,
    >>> and HostKey remains commented out.
    >>>
    >>> Any thoughts on what may be wrong, whether this is a bug or
    >>> something I've screwed up, or what else I can try?
    >>>
    >>> Thanks,
    >>> ~John

    >>
    >> _______________________________________________
    >> openssh-unix-dev mailing list
    >> openssh-unix-dev@mindrot.org
    >> https://lists.mindrot.org/mailman/li...enssh-unix-dev
    >>


    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  5. Re: SSH connection hang after upgrade

    On Fri, Jun 20, 2008 at 04:00:16PM -0400, John DeStefano wrote:
    > OK; thanks ... but if 'Protocol 2' is specified in sshd_config,
    > should sshd be looking for an 'RSA1 key'?


    Protocol is about what sshd speaks on the network.

    But granted - there is no point in dealing with SSH v1 keys when
    using protocol version v2. Please send patches.


    > And why would it look at .ssh/id_rsa instead of looking for
    > .ssh/identity,


    Because .ssh/id_rsa is the default SSH v2 RSA key filename.


    > which doesn't exist on my system but I believe is the file used for
    > SSH v1 RSA? Is there a way to prevent it from doing so?


    ..ssh/identity is the default SSH v1 key filename.

    The key thing is not a problem - that's just how sshd looks for keys.

    I'm afraid I can't provide any good suggestions about the real
    problem. :\


    //Peter
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


+ Reply to Thread