Xshell Forum

SSH login disconnect after upgrading AIX 6.1

Last post: Tuesday, October 6, 2015 1:45 PM by Jaden, 7 reply

 
Tuesday, January 8, 2013 2:54 AM - JPP

SSH login disconnect after upgrading AIX 6.1

 
Hi,

i have a strange behavior after upgrading an aix 6.1 to the latest level 6100-08-01-1245

everything was working normally before the upgrade, the aix level was 6.1 TL7

xshell disconnect the ssh login immediately , connection with ssh is closed immediately with no explicit message.

using telnet works

using putty works with ssh

using an ssh connection after connecting to another server works ( using xshell4)


Program Ver. : Xshell 4
Tuesday, January 8, 2013 4:12 PM - Support

Re: SSH login disconect after upgrading AIX 6.1

 
We will try reproducing this problem.

First, try upgrading to the latest by going to Help > Check for updates.

If the problem persists, let us know the following:
1. Windows version
2. Steps to reproduce the problem
3. Screenshot


---
Technical Support
Wednesday, January 9, 2013 6:01 PM - Support

Re: SSH login disconect after upgrading AIX 6.1

 
Also, you can get more information by looking at the server side log files. Since you can access the server via logging into a different server first, the AIX server is disconnecting the connection for some reason. You can find the ssh log file in /var/log/

---
Technical Support
Thursday, January 17, 2013 2:22 AM - JPP

Re: SSH login disconect after upgrading AIX 6.1

 
i found no log in /var/log

here is some logs :

log from xshell session :

Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
[10:51:58] Version exchange initiated...
[10:51:58] server: SSH-2.0-OpenSSH_6.0
[10:51:58] client: SSH-2.0-nsssh2_4.0.0027 NetSarang Computer, Inc.
[10:51:58] SSH2 is selected.
[10:51:58] Algorithm negotiation initiated...
[10:51:58] key exchange: diffie-hellman-group14-sha1
[10:51:58] host key: ssh-dss
[10:51:58] outgoing encryption: 3des-cbc
[10:51:58] incoming encryption: 3des-cbc
[10:51:58] outgoing mac: hmac-sha1
[10:51:58] incoming mac: hmac-sha1
[10:51:58] outgoing compression: none
[10:51:58] incoming compression: none

Connection closed by foreign host.


launch sshd in debug after i try to connect ssh :

root@su10401# /usr/sbin/sshd -ddd &
[1] 11337738
root@su10401# debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 219
debug2: parse_server_config: config /etc/ssh/sshd_config len 219
debug3: /etc/ssh/sshd_config:19 setting Protocol 2
debug3: /etc/ssh/sshd_config:34 setting LogLevel DEBUG
debug3: /etc/ssh/sshd_config:40 setting StrictModes no
debug3: /etc/ssh/sshd_config:89 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:101 setting UseDNS no
debug3: /etc/ssh/sshd_config:111 setting Subsystem sftp /usr/sbin/sftp-server
debug1: sshd version OpenSSH_6.0p1
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 5 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 5 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 9 config len 219
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
debug1: inetd sockets after dupping: 5, 5
debug1: audit connection from 10.25.92.157 port 63484 euid 0
Connection from 10.25.92.157 port 63484
debug1: Client protocol version 2.0; client software version nsssh2_4.0.0027 NetSarang Computer, Inc.
debug1: no match: nsssh2_4.0.0027 NetSarang Computer, Inc.
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug3: Value for authType is STD_AUTH
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): 0509-022 Cannot load module /usr/krb5/lib/libkrb5.a(libkrb5.a.so).
0509-026 System error: A file or directory in the path name does not exist.

debug1: Error loading Kerberos, disabling the Kerberos auth
debug2: fd 5 setting O_NONBLOCK
debug2: Network child is on pid 15139000
debug3: preauth child monitor started
debug3: privsep user:group 202:201 [preauth]
debug1: permanently_set_uid: 202/201 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0 [preauth]
debug2: kex_parse_kexinit: reserved 0 [preauth]
debug2: kex_parse_kexinit: diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa [preauth]
debug2: kex_parse_kexinit: 3des-cbc [preauth]
debug2: kex_parse_kexinit: 3des-cbc [preauth]
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none [preauth]
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,none [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0 [preauth]
debug2: kex_parse_kexinit: reserved 0 [preauth]
debug2: mac_setup: found hmac-sha1 [preauth]
debug1: kex: client->server 3des-cbc hmac-sha1 none [preauth]
debug2: mac_setup: found hmac-sha1 [preauth]
debug1: kex: server->client 3des-cbc hmac-sha1 none [preauth]
debug2: dh_gen_key: priv key bits set: 196/384 [preauth]
debug2: bits set: 1019/2048 [preauth]
debug1: expecting SSH2_MSG_KEXDH_INIT [preauth]
debug2: bits set: 1046/2048 [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 5 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 20054448(55)
debug3: mm_request_send entering: type 5
debug2: monitor_read: 4 used once, disabling now
debug2: kex_derive_keys [preauth]
debug2: set_newkeys: mode 1 [preauth]
cipher_init: EVP_CipherInit: set key failed for 3des-cbc [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: Killing privsep child 15139000
debug1: audit event euid 0 user (unknown user) event 12 (SSH_connabndn)
debug1: Return Val-1 for auditproc:0

[1] + Done(255) /usr/sbin/sshd -ddd &

Thursday, January 17, 2013 2:23 AM - JPP

Re: SSH login disconect after upgrading AIX 6.1

 
windows 7
xshell 4 build 120
Thursday, January 17, 2013 4:08 PM - Support

Re: SSH login disconnect after upgrading AIX 6.1

 
Thank you for submitting the logs. This has been forwarded to our developers. Please allow some time to review.

Thank you for being patient.

---
Technical Support
Friday, January 18, 2013 4:52 AM - JPP

Re: SSH login disconnect after upgrading AIX 6.1

 
i succeed to do direct ssh login changing the encryption mode in SSH/security

with blowfish or arcour or perhaps other, it works

leaving "Cipher list" makes the connexion closed

so it is probably a change at ssh_config at server level ?

i never needed to change this ecryption option
Tuesday, October 6, 2015 1:45 PM - Jaden

Re: SSH login disconnect after upgrading AIX 6.1

 
I have the the same problem after upgrading AIX 6.1

and remove security.pkcs11 ( installp -u security.pkcs11 -g )
It will be ok!!