Recent updates cause ssh sessions to disconnect/reauth repeatedly for ~20 seconds?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Recent updates cause ssh sessions to disconnect/reauth repeatedly for ~20 seconds?

David C. Rankin
All,

  After updates in the past day or two, I see new behavior for my idle ssh
connections that authorize as normal, but then are systematically disconnected
forcing a reauth at regular intervals of one-per second, for about 20 seconds.

Aug 12 17:46:11 valhalla sshd[3095]: userauth_pubkey: key type ssh-dss not in
PubkeyAcceptedKeyTypes [preauth]
Aug 12 17:46:11 valhalla sshd[3095]: Accepted publickey for david from
192.168.6.104 port 50778 ssh2: ECDSA SHA256:foo
Aug 12 17:46:11 valhalla sshd[3095]: pam_unix(sshd:session): session opened
for user david by (uid=0)
Aug 12 17:46:11 valhalla systemd-logind[466]: New session c15 of user david.
Aug 12 17:46:11 valhalla systemd[1]: Started Session c15 of user david.
Aug 12 17:46:11 valhalla sshd[3097]: Received disconnect from 192.168.6.104
port 50778:11: disconnected by user
Aug 12 17:46:11 valhalla sshd[3097]: Disconnected from user david
192.168.6.104 port 50778
Aug 12 17:46:11 valhalla sshd[3095]: pam_unix(sshd:session): session closed
for user david
Aug 12 17:46:11 valhalla systemd-logind[466]: Removed session c15.
...
Aug 12 17:46:11 valhalla systemd[1]: Started Session c16 of user david.
Aug 12 17:46:11 valhalla sshd[3102]: Received disconnect from 192.168.6.104
port 50780:11: disconnected by user
Aug 12 17:46:11 valhalla sshd[3102]: Disconnected from user david
192.168.6.104 port 50780
Aug 12 17:46:11 valhalla sshd[3100]: pam_unix(sshd:session): session closed
for user david
Aug 12 17:46:11 valhalla systemd-logind[466]: Removed session c16.
...
Aug 12 17:46:12 valhalla systemd[1]: Started Session c17 of user david.
Aug 12 17:46:12 valhalla sshd[3107]: Received disconnect from 192.168.6.104
port 50782:11: disconnected by user
Aug 12 17:46:12 valhalla sshd[3107]: Disconnected from user david
192.168.6.104 port 50782
Aug 12 17:46:12 valhalla sshd[3105]: pam_unix(sshd:session): session closed
for user david
Aug 12 17:46:12 valhalla systemd-logind[466]: Removed session c17.


  It says "Received disconnect from 192.168.6.104 port 50778:11: disconnected
by user", but that has never happened in the past. It also causes the
connection port to jump +2 each iteration. Can anyone else confirm this as new
behavior?

  At least it stops after about 20 iterations and seems to settle down. I have
connections on a LAN that may be up for 3-4 days at a time.

(If it were continually iterating/logging 9-lines per-second over that period,
it would grow quickly.)

--
David C. Rankin, J.D.,P.E.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Recent updates cause ssh sessions to disconnect/reauth repeatedly for ~20 seconds?

LoneVVolf
On 13-08-17 01:09, David C. Rankin wrote:
> All,
>
>    After updates in the past day or two, I see new behavior for my idle ssh
> connections that authorize as normal, but then are systematically disconnected
> forcing a reauth at regular intervals of one-per second, for about 20 seconds.
>
> Aug 12 17:46:11 valhalla sshd[3095]: userauth_pubkey: key type ssh-dss not in
> PubkeyAcceptedKeyTypes [preauth]

Hi, that type of keys was disabled for security reasons in 2015, are you
sure these connections from 192.168.6.104 are genuine ?
What kind of device is at 192.168.6.104 ?

https://wiki.archlinux.org/index.php/Secure_Shell#id_dsa_refused_by_OpenSSH_7.0

LW
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Recent updates cause ssh sessions to disconnect/reauth repeatedly for ~20 seconds?

David C. Rankin
On 08/13/2017 07:03 AM, LoneVVolf wrote:

> On 13-08-17 01:09, David C. Rankin wrote:
>> All,
>>
>>    After updates in the past day or two, I see new behavior for my idle ssh
>> connections that authorize as normal, but then are systematically disconnected
>> forcing a reauth at regular intervals of one-per second, for about 20 seconds.
>>
>> Aug 12 17:46:11 valhalla sshd[3095]: userauth_pubkey: key type ssh-dss not in
>> PubkeyAcceptedKeyTypes [preauth]
>
> Hi, that type of keys was disabled for security reasons in 2015, are you sure
> these connections from 192.168.6.104 are genuine ?
> What kind of device is at 192.168.6.104 ?
>
> https://wiki.archlinux.org/index.php/Secure_Shell#id_dsa_refused_by_OpenSSH_7.0
>
> LW

That's just an old key in the .ssh directory. It isn't used to connect. The
ECDSA key is the one that connects:

Aug 12 17:46:11 valhalla sshd[3095]: userauth_pubkey: key type ssh-dss not in
PubkeyAcceptedKeyTypes [preauth]
Aug 12 17:46:11 valhalla sshd[3095]: Accepted publickey for david from
192.168.6.104 port 50778 ssh2: ECDSA SHA256:foo

--
David C. Rankin, J.D.,P.E.
Loading...