I have a SSHd, where a bunch of Windows clients connects to via pscp (so it uses scp). These clients send very small files (10-100KB) and quit the connection after that.
A few days ago, we updated the system, including openssh-server from 6.6.1p1-35.el7_3.x86_64 to 7.4p1-12.el7_4.x86_64. The config was not changed. Since then, our logs contain thousands of the following entries every day:
fatal: ssh_packet_send_debug: Connection reset by peer
This does not affect all of the connections, only some.
So I ran openssh in debug mode for a few minutes, which led to entries like the following:
For comparison, here are the log entries for a "sane" connection:[20111]: User child is on pid 24038
[24038]: debug1: PAM: establishing credentials
[24038]: debug1: permanently_set_uid: 1002/1002
[24038]: debug3: monitor_apply_keystate: packet_set_state
[24038]: debug2: set_newkeys: mode 0
[24038]: debug1: rekey after 4294967296 blocks
[24038]: debug2: set_newkeys: mode 1
[24038]: debug1: rekey after 4294967296 blocks
[24038]: debug1: ssh_packet_set_postauth: called
[24038]: debug3: ssh_packet_set_state: done
[24038]: debug3: notify_hostkeys: key 0: ssh-rsa SHA256:[...]
[24038]: debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:[...]
[24038]: debug3: notify_hostkeys: sent 2 hostkeys
[24038]: debug3: send packet: type 80
[24038]: debug3: send packet: type 4
[24038]: fatal: ssh_packet_send_debug: Connection reset by peer
[24038]: debug1: do_cleanup
[24038]: debug3: PAM: sshpam_thread_cleanup entering
[24038]: debug3: mm_request_send entering: type 122
[24038]: debug3: mm_request_receive_expect entering: type 123
[24038]: debug3: mm_request_receive entering
We use the following sshd_config (I deleted all commented lines):[16407]: User child is on pid 18352
[18352]: debug1: PAM: establishing credentials
[18352]: debug1: permanently_set_uid: 1002/1002
[18352]: debug3: monitor_apply_keystate: packet_set_state
[18352]: debug2: set_newkeys: mode 0
[18352]: debug1: rekey after 4294967296 blocks
[18352]: debug2: set_newkeys: mode 1
[18352]: debug1: rekey after 4294967296 blocks
[18352]: debug1: ssh_packet_set_postauth: called
[18352]: debug3: ssh_packet_set_state: done
[18352]: debug3: notify_hostkeys: key 0: [...]
[18352]: debug3: notify_hostkeys: key 1: [...]
[18352]: debug3: notify_hostkeys: sent 2 hostkeys
[18352]: debug3: send packet: type 80
[18352]: debug3: send packet: type 4
-> here the other connection is resetted
[18352]: debug3: send packet: type 4
[18352]: debug1: Entering interactive session for SSH2.
[18352]: debug2: fd 5 setting O_NONBLOCK
[18352]: debug2: fd 6 setting O_NONBLOCK
[18352]: debug1: server_init_dispatch
[18352]: debug3: receive packet: type 90
[...]
Any attempt to help would be really appreciated.HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
SyslogFacility AUTHPRIV
PermitRootLogin no
AllowGroups ssh-login wheel svamon-client
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
X11Forwarding no
UsePrivilegeSeparation sandbox # Default for new installations.
UseDNS no
MaxStartups 100:10:400
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp /usr/libexec/openssh/sftp-server
Kind regards,
Jimini