Discussion:
Recent updates cause ssh sessions to disconnect/reauth repeatedly for ~20 seconds?
(too old to reply)
David C. Rankin
2017-08-12 23:09:29 UTC
Permalink
Raw Message
All,

After updates in the past day or two, I see new behavior for my idle ssh
connections that authorize as normal, but then are systematically disconnected
forcing a reauth at regular intervals of one-per second, for about 20 seconds.

Aug 12 17:46:11 valhalla sshd[3095]: userauth_pubkey: key type ssh-dss not in
PubkeyAcceptedKeyTypes [preauth]
Aug 12 17:46:11 valhalla sshd[3095]: Accepted publickey for david from
192.168.6.104 port 50778 ssh2: ECDSA SHA256:foo
Aug 12 17:46:11 valhalla sshd[3095]: pam_unix(sshd:session): session opened
for user david by (uid=0)
Aug 12 17:46:11 valhalla systemd-logind[466]: New session c15 of user david.
Aug 12 17:46:11 valhalla systemd[1]: Started Session c15 of user david.
Aug 12 17:46:11 valhalla sshd[3097]: Received disconnect from 192.168.6.104
port 50778:11: disconnected by user
Aug 12 17:46:11 valhalla sshd[3097]: Disconnected from user david
192.168.6.104 port 50778
Aug 12 17:46:11 valhalla sshd[3095]: pam_unix(sshd:session): session closed
for user david
Aug 12 17:46:11 valhalla systemd-logind[466]: Removed session c15.
...
Aug 12 17:46:11 valhalla systemd[1]: Started Session c16 of user david.
Aug 12 17:46:11 valhalla sshd[3102]: Received disconnect from 192.168.6.104
port 50780:11: disconnected by user
Aug 12 17:46:11 valhalla sshd[3102]: Disconnected from user david
192.168.6.104 port 50780
Aug 12 17:46:11 valhalla sshd[3100]: pam_unix(sshd:session): session closed
for user david
Aug 12 17:46:11 valhalla systemd-logind[466]: Removed session c16.
...
Aug 12 17:46:12 valhalla systemd[1]: Started Session c17 of user david.
Aug 12 17:46:12 valhalla sshd[3107]: Received disconnect from 192.168.6.104
port 50782:11: disconnected by user
Aug 12 17:46:12 valhalla sshd[3107]: Disconnected from user david
192.168.6.104 port 50782
Aug 12 17:46:12 valhalla sshd[3105]: pam_unix(sshd:session): session closed
for user david
Aug 12 17:46:12 valhalla systemd-logind[466]: Removed session c17.


It says "Received disconnect from 192.168.6.104 port 50778:11: disconnected
by user", but that has never happened in the past. It also causes the
connection port to jump +2 each iteration. Can anyone else confirm this as new
behavior?

At least it stops after about 20 iterations and seems to settle down. I have
connections on a LAN that may be up for 3-4 days at a time.

(If it were continually iterating/logging 9-lines per-second over that period,
it would grow quickly.)
--
David C. Rankin, J.D.,P.E.
LoneVVolf
2017-08-13 12:03:49 UTC
Permalink
Raw Message
Post by David C. Rankin
All,
After updates in the past day or two, I see new behavior for my idle ssh
connections that authorize as normal, but then are systematically disconnected
forcing a reauth at regular intervals of one-per second, for about 20 seconds.
Aug 12 17:46:11 valhalla sshd[3095]: userauth_pubkey: key type ssh-dss not in
PubkeyAcceptedKeyTypes [preauth]
Hi, that type of keys was disabled for security reasons in 2015, are you
sure these connections from 192.168.6.104 are genuine ?
What kind of device is at 192.168.6.104 ?

https://wiki.archlinux.org/index.php/Secure_Shell#id_dsa_refused_by_OpenSSH_7.0

LW
David C. Rankin
2017-08-13 13:29:52 UTC
Permalink
Raw Message
Post by David C. Rankin
All,
After updates in the past day or two, I see new behavior for my idle ssh
connections that authorize as normal, but then are systematically disconnected
forcing a reauth at regular intervals of one-per second, for about 20 seconds.
Aug 12 17:46:11 valhalla sshd[3095]: userauth_pubkey: key type ssh-dss not in
PubkeyAcceptedKeyTypes [preauth]
Hi, that type of keys was disabled for security reasons in 2015, are you sure
these connections from 192.168.6.104 are genuine ?
What kind of device is at 192.168.6.104 ?
https://wiki.archlinux.org/index.php/Secure_Shell#id_dsa_refused_by_OpenSSH_7.0
LW
That's just an old key in the .ssh directory. It isn't used to connect. The
ECDSA key is the one that connects:

Aug 12 17:46:11 valhalla sshd[3095]: userauth_pubkey: key type ssh-dss not in
PubkeyAcceptedKeyTypes [preauth]
Aug 12 17:46:11 valhalla sshd[3095]: Accepted publickey for david from
192.168.6.104 port 50778 ssh2: ECDSA SHA256:foo
--
David C. Rankin, J.D.,P.E.
Loading...