sshd crash: connection reset by peer when using IPv6

Moderator: Lillian.W@AST

Post Reply
cmatsuoka
Posts: 5
youtube meble na wymiar Warszawa
Joined: Sat Jun 13, 2020 10:45 pm

sshd crash: connection reset by peer when using IPv6

Post by cmatsuoka »

Hi,

I'd like to report a problem I found when trying to log in using ssh on IPv6, which results in the infamous "kex_exchange_identification: read: Connection reset by peer" error. This happened on ADM 3.5.0.R5D3 the AS6302T, but I don't think it's limited to that specific model. I also have a workaround at the end, in case someone is having a similar problem.

After enabling ssh access in Services/Terminal, I can correctly log in from a remote host using IPv4, but attempts to log in using IPv6 result in:

# ssh -p 4222 -vvv <user>@<hostname>
OpenSSH_8.2p1 Ubuntu-4, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "<hostname>" port 4222
debug2: ssh_connect_direct
debug1: Connecting to <hostname> [<ipv6 addr>] port 4222.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa_sk type -1
debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_ed25519_sk type -1
debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4
kex_exchange_identification: read: Connection reset by peer

This was unexpected, so to understand what was going on here I ran the ssh server on the NAS in debug mode and I found the following:

admin@nas:/volume1 $ sudo /usr/sbin/sshd -Dde -p 4222
/usr/etc/ssh/sshd_config line 15: Deprecated option UsePrivilegeSeparation
debug1: sshd version OpenSSH_7.9, OpenSSL 1.0.2n 7 Dec 2017
debug1: private host key #0: ssh-rsa SHA256:<stuff>
debug1: private host key #1: ssh-dss SHA256:<stuff>
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:<stuff>
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-Dde'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='4222'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 4222 on 0.0.0.0.
Server listening on 0.0.0.0 port 4222.
debug1: Bind to port 4222 on ::.
Server listening on :: port 4222.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
rexec line 15: Deprecated option UsePrivilegeSeparation
debug1: sshd version OpenSSH_7.9, OpenSSL 1.0.2n 7 Dec 2017
debug1: private host key #0: ssh-rsa SHA256:<stuff>
debug1: private host key #1: ssh-dss SHA256:<stuff>
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:<stuff>
debug1: inetd sockets after dupping: 3, 3
*** buffer overflow detected ***: sshd: [accepted] terminated
======= Backtrace: =========
/lib64/libc.so.6(+0x7047b)[0x7efcb051e47b]
/lib64/libc.so.6(__fortify_fail+0x37)[0x7efcb05a69a7]
/lib64/libc.so.6(+0xf69d0)[0x7efcb05a49d0]
/lib64/libc.so.6(+0xf5eb9)[0x7efcb05a3eb9]
/lib64/libc.so.6(_IO_default_xsputn+0x84)[0x7efcb0521c64]
/lib64/libc.so.6(_IO_vfprintf+0x1dce)[0x7efcb04f65de]
/lib64/libc.so.6(__vsprintf_chk+0x97)[0x7efcb05a3f57]
/lib64/libc.so.6(__sprintf_chk+0x7d)[0x7efcb05a3e9d]
sshd: [accepted](main+0x229a)[0x55f183592aaa]
/lib64/libc.so.6(__libc_start_main+0xed)[0x7efcb04ce0bd]
sshd: [accepted](+0xf919)[0x55f183593919]
======= Memory map: ========
55f183584000-55f18364b000 r-xp 00000000 00:02 2259 /usr/sbin/sshd
55f18384a000-55f18384d000 r--p 000c6000 00:02 2259 /usr/sbin/sshd
(...)
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted

My workaround for this problem was to run a different openssh server installed from entware, which works well in both IPv4 and IPv6 after you create a user for privilege separation, but I think Asustor folks may want to have a look at this and fix it.
User avatar
orion
Posts: 3482
Joined: Wed May 29, 2013 11:09 am

Re: sshd crash: connection reset by peer when using IPv6

Post by orion »

Wow, I did not try it before. I think you should report it to asustor directly. https://support.asustor.com/
cmatsuoka
Posts: 5
Joined: Sat Jun 13, 2020 10:45 pm

Re: sshd crash: connection reset by peer when using IPv6

Post by cmatsuoka »

Yes, I think it's a good idea to report directly. I just sent them the traces, thanks!
mickmack1213
Posts: 1
Joined: Fri Jan 21, 2022 11:35 am

Re: sshd crash: connection reset by peer when using IPv6

Post by mickmack1213 »

Hey, thank you for sharing. I kinda thought I have gone crazy in the meantime. because IPv6 link-local (fe08::) is working, while only the global IPv6 results in exactly this error on my AS4004T with ADM 4.0.2.RPL2.

Have you heard anything from the support when or if they will ever fix this?

EDIT:

It seems like they worked on the sshd. At least the version line changed for me:

Code: Select all

debug1: sshd version OpenSSH_8.2, OpenSSL 1.1.1l  24 Aug 2021
Post Reply

Return to “ADM general”