[systemd-devel] sshd.socket: connection closed by remote host

arnaud gaboury arnaud.gaboury at gmail.com
Sat Mar 19 14:50:49 UTC 2016 

On Sat, Mar 19, 2016 at 3:00 PM, arnaud gaboury <arnaud.gaboury at gmail.com>
wrote:

> OS: fedora 23 server
> systemd: 222
>
> I gave a try at sshd.socket instead of the usual sshd.service. The latter
> was working well on my server but I can't ssh with sshd.socket.
>
> % systemctl cat sshd.socket
> ----------------------------------------------
> # /usr/lib/systemd/system/sshd.socket
> [Unit]
> Description=OpenSSH Server Socket
> Documentation=man:sshd(8) man:sshd_config(5)
> Conflicts=sshd.service
>
> [Socket]
> ListenStream=22
> Accept=yes
>
> [Install]
> WantedBy=sockets.target
>
> # /etc/systemd/system/sshd.socket.d/override.conf
> [Socket]
> #ListenStream=
> ListenStream=192.168.1.94:XXXXX
> FreeBind=true
> ----------------------------------------------
>
>  % systemctl status sshd.socket
> -----------------------------------------------------------
> ● sshd.socket - OpenSSH Server Socket
>    Loaded: loaded (/usr/lib/systemd/system/sshd.socket; enabled; vendor
> preset: disabled)
>   Drop-In: /etc/systemd/system/sshd.socket.d
>            └─override.conf
>    Active: active (listening) since Sat 2016-03-19 14:42:26 CET; 7min ago
>      Docs: man:sshd(8)
>            man:sshd_config(5)
>    Listen: 0.0.0.0:22 (Stream)
>            192.168.1.94:XXXXX (Stream)
>  Accepted: 9; Connected: 0
>
> Mar 19 14:42:26 poppy systemd[1]: Listening on OpenSSH Server Socket.
> Mar 19 14:42:26 poppy systemd[1]: Starting OpenSSH Server Socket.
> -------------------------------------------
>
> As you can see, 9 connections have been accepted, but I do not know why
> connection is closed by host.
>
>
>  % ssh -v -p XXXXX user at thetradinghall.com
> OpenSSH_7.2p1, OpenSSL 1.0.2g  1 Mar 2016
> debug1: Reading configuration data /home/user/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to thetradinghall.com [212.147.52.214] port XXXXXX.
> debug1: Connection established.
> debug1: identity file /home/user/.ssh/gabx-hortensia_ed25519.pub type 4
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/user/.ssh/gabx-hortensia_ed25519.pub-cert type
> -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.2
> debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2
> debug1: match: OpenSSH_7.2 pat OpenSSH* compat 0x04000000
> debug1: Authenticating to thetradinghall.com:42660 as 'poisonivy'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: algorithm: curve25519-sha256 at libssh.org
> debug1: kex: host key algorithm: ecdsa-sha2-nistp256
> debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
> <implicit> compression: none
> debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
> <implicit> compression: none
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ecdsa-sha2-nistp256
> SHA256:TU3S5iIvTFbyVwHsNtzm1OPcZ6lYWOnfQ06tKnljnXI
> debug1: checking without port identifier
> debug1: Host 'thetradinghall.com' is known and matches the ECDSA host key.
> debug1: Found key in /home/user/.ssh/known_hosts:8
> debug1: found matching key w/out port
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_EXT_INFO received
> debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
>
> ###################################
> ## Welcome to TheTradingHall.com ##
> ###################################
>
> debug1: Authentications that can continue:
> publickey,gssapi-keyex,gssapi-with-mic
> debug1: Next authentication method: publickey
> debug1: Offering ED25519 public key:
> /home/gabx/.ssh/gabx-hortensia_ed25519.pub
> debug1: Server accepts key: pkalg ssh-ed25519 blen 51
> debug1: Authentication succeeded (publickey).
> Authenticated to thetradinghall.com ([212.147.52.214]:XXXXXX).
> debug1: channel 0: new [client-session]
> debug1: Requesting no-more-sessions at openssh.com
> debug1: Entering interactive session.
> debug1: pledge: network
> debug1: channel 0: free: client-session, nchannels 1
> Connection to thetradinghall.com closed by remote host.
> Connection to thetradinghall.com closed.
> Transferred: sent 1948, received 1628 bytes, in 0.0 seconds
> Bytes per second: sent 22886566.4, received 19126966.1
> debug1: Exit status -1
>
>
> ------------------------------------------
>
> Nothing in journalctl -unit sshd neither sshd at XY-192.168.1.94
>
> Thank you for any hint why the connection is closed by the server when in
> fact it is accepted.
>
> I found the solution by modfiying /etc/pam.d/sshd and adding
system-remote-login and system-login files.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160319/fee97115/attachment.html>

More information about the systemd-devel mailing list