Failed to connect to dropbear version 2020.81

Ronny Meeus ronny.meeus at gmail.com
Tue Jun 6 16:23:45 AWST 2023 

Hello

the root cause has been found in the meantime.
The problem was that the file system on which the keys are stored was full.
Since the dropbear is started with the -R option, the keys are
generated only the first time a login is done. If at that moment there
is no room left, the reported behavior is seen.

Best regards
Ronny

Op ma 5 jun 2023 om 14:41 schreef Ronny Meeus <ronny.meeus at gmail.com>:
>
> Hello
>
> we have a dropbear version 2020,81 running in an old release of our SW
> as our login server.
> Currently we experience issues logging in on the system from the
> remote system running Openssh (using dropbear also on the client side
> we see a similar result).
>
> At the end of the mail I pasted the output we get.
> (after the trace "debug1: expecting SSH2_MSG_KEX_ECDH_REPLY", nothing
> is seen anymore)
>
> This issue is not seen persistently and seems to occur on random systems.
> After a reboot the issue seems to be resolved, not clear whether it
> will come back after some time or not.
>
> For the moment it is impossible to collect local traces on the server
> node since we cannot reach it anymore.
> Doing a telnet to the port 2222 is actually showing the dropbear
> version etc, meaning that the connection as such (at TCP level) seems
> to be OK.
>
> Is this a known issue and is there something we can do as a workaround
> (or do we have means to collect more information about the root
> cause)?
>
> Thanks.
>
> Best regards,
> Ronny
>
> ~ # ssh -p 2222 root at 169.254.1.4 -vvvv
> OpenSSH_8.4p1, OpenSSL 1.1.1j  16 Feb 2021
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug2: resolve_canonicalize: hostname 169.254.1.4 is address
> debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' ->
> '/root/.ssh/known_hosts'
> debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' ->
> '/root/.ssh/known_hosts2'
> debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
> debug2: ssh_connect_direct
> debug1: Connecting to 169.254.1.4 [169.254.1.4] port 2222.
> debug1: Connection established.
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: identity file /root/.ssh/id_rsa-cert type -1
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: identity file /root/.ssh/id_dsa-cert type -1
> debug1: identity file /root/.ssh/id_ecdsa type -1
> debug1: identity file /root/.ssh/id_ecdsa-cert type -1
> debug1: identity file /root/.ssh/id_ecdsa_sk type -1
> debug1: identity file /root/.ssh/id_ecdsa_sk-cert type -1
> debug1: identity file /root/.ssh/id_ed25519 type -1
> debug1: identity file /root/.ssh/id_ed25519-cert type -1
> debug1: identity file /root/.ssh/id_ed25519_sk type -1
> debug1: identity file /root/.ssh/id_ed25519_sk-cert type -1
> debug1: identity file /root/.ssh/id_xmss type -1
> debug1: identity file /root/.ssh/id_xmss-cert type -1
> debug1: Local version string SSH-2.0-OpenSSH_8.4
> debug1: Remote protocol version 2.0, remote software version dropbear_2020.81
> debug1: no match: dropbear_2020.81
> debug2: fd 3 setting O_NONBLOCK
> debug1: Authenticating to 169.254.1.4:2222 as 'root'
> debug3: put_host_port: [169.254.1.4]:2222
> debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
> debug3: send packet: type 20
> debug1: SSH2_MSG_KEXINIT sent
> debug3: receive packet: type 20
> debug1: SSH2_MSG_KEXINIT received
> debug2: local client KEXINIT proposal
> debug2: KEX algorithms:
> curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
> debug2: host key algorithms:
> ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 at openssh.com,ssh-ed25519,sk-ssh-ed25519 at openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
> debug2: ciphers ctos:
> chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
> debug2: ciphers stoc:
> chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
> debug2: MACs ctos:
> umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> debug2: MACs stoc:
> umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
> debug2: compression ctos: none,zlib at openssh.com,zlib
> debug2: compression stoc: none,zlib at openssh.com,zlib
> debug2: languages ctos:
> debug2: languages stoc:
> debug2: first_kex_follows 0
> debug2: reserved 0
> debug2: peer server KEXINIT proposal
> debug2: KEX algorithms:
> curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,kexguess2 at matt.ucc.asn.au
> debug2: host key algorithms:
> ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-256,ssh-rsa
> debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes256-ctr
> debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes256-ctr
> debug2: MACs ctos: hmac-sha1,hmac-sha2-256
> debug2: MACs stoc: hmac-sha1,hmac-sha2-256
> debug2: compression ctos: zlib at openssh.com,none
> debug2: compression stoc: zlib at openssh.com,none
> debug2: languages ctos:
> debug2: languages stoc:
> debug2: first_kex_follows 0
> debug2: reserved 0
> debug1: kex: algorithm: curve25519-sha256
> debug1: kex: host key algorithm: ecdsa-sha2-nistp256
> debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC:
> <implicit> compression: none
> debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC:
> <implicit> compression: none
> debug3: send packet: type 30
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

More information about the Dropbear mailing list