{"id":58,"date":"2016-11-17T09:31:27","date_gmt":"2016-11-17T09:31:27","guid":{"rendered":"http:\/\/www.hestben.se\/HestbenTechnical\/?p=58"},"modified":"2016-11-19T18:40:42","modified_gmt":"2016-11-19T18:40:42","slug":"ssh-login-fails-with-debug1-ssh2_msg_kexinit-sentn-connection-closed-by-xx","status":"publish","type":"post","link":"https:\/\/www.hestben.se\/HestbenTechnical\/?p=58","title":{"rendered":"Ssh login fails with debug1: SSH2_MSG_KEXINIT sent\\n Connection closed by XX"},"content":{"rendered":"<p>I was playing around with my apache settings yesterday, and decided to ditch what I had and checkout what was in master in etckeeper with <code>etckeeper vcs checkout HEAD<\/code>.<br \/>\nAfter that, I couldn&#8217;t log in to my server again with ssh:<br \/>\n<code>debug3: load_hostkeys: loaded 1 keys<br \/>\ndebug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa<br \/>\ndebug1: SSH2_MSG_KEXINIT sent<br \/>\nConnection closed by IP-ADDRESS<\/code><br \/>\nI thought it was strange.<br \/>\nAfter getting the logwatch mail, I got these error messages in the log:<br \/>\n<code> error: key_load_private: bad permissions : 58 time(s)<br \/>\n error: Could not load host key: \/etc\/ssh\/ssh_host_rsa_key : 29 time(s)<br \/>\n error: Permissions 0644 for '\/etc\/ssh\/ssh_host_dsa_key' are too open. : 29 time(s)<br \/>\n error: It is recommended that your private key files are NOT accessible by others. : 58 time(s)<br \/>\n error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ : 116 time(s)<br \/>\n fatal: No supported key exchange algorithms [preauth] : 29 time(s)<br \/>\n error: This private key will be ignored. : 58 time(s)<br \/>\n error: Permissions 0644 for '\/etc\/ssh\/ssh_host_rsa_key' are too open. : 29 time(s)<br \/>\n error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @ : 58 time(s)<br \/>\n error: Could not load host key: \/etc\/ssh\/ssh_host_dsa_key : 29 time(s)<\/code><br \/>\nSo, something had changed the permissions to <code>\/etc\/ssh\/ssh_host_dsa_key<\/code>. First I though: &#8220;Damn, have I been rooted now? That is just fair with my previous bad password policy&#8221;.<br \/>\nThen I gave it more thought, and remembered my restoring with etckeeper. I searched and found <a href=\"http:\/\/serverfault.com\/questions\/286560\/etckeeper-git-checkout-and-broken-file-permissions-in-etc\">this question<\/a>.<br \/>\nLooks like you need to run <code>etckeeper init<\/code> after checking out.<br \/>\nThe problem now, because the server is far away from me, is to get somebody technical to connect a screen and keyboard to the computer and follow my instructions.<br \/>\nEDIT: <code>etckeeper init<\/code> was not enough. It didn&#8217;t restore the file permissions. I wonder how many other files have wrecked file permissions now :\/<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was playing around with my apache settings yesterday, and decided to ditch what I had and checkout what was in master in etckeeper with etckeeper vcs checkout HEAD. After that, I couldn&#8217;t log in to my server again with ssh: debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa debug1: SSH2_MSG_KEXINIT sent Connection &hellip; <a href=\"https:\/\/www.hestben.se\/HestbenTechnical\/?p=58\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Ssh login fails with debug1: SSH2_MSG_KEXINIT sent\\n Connection closed by XX&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hestben.se\/HestbenTechnical\/index.php?rest_route=\/wp\/v2\/posts\/58"}],"collection":[{"href":"https:\/\/www.hestben.se\/HestbenTechnical\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hestben.se\/HestbenTechnical\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hestben.se\/HestbenTechnical\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hestben.se\/HestbenTechnical\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=58"}],"version-history":[{"count":6,"href":"https:\/\/www.hestben.se\/HestbenTechnical\/index.php?rest_route=\/wp\/v2\/posts\/58\/revisions"}],"predecessor-version":[{"id":74,"href":"https:\/\/www.hestben.se\/HestbenTechnical\/index.php?rest_route=\/wp\/v2\/posts\/58\/revisions\/74"}],"wp:attachment":[{"href":"https:\/\/www.hestben.se\/HestbenTechnical\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=58"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hestben.se\/HestbenTechnical\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=58"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hestben.se\/HestbenTechnical\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=58"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}