Comment 6 for bug 708493
Revision history for this message
| Ralf Hildebrandt (ralf-hildebrandt) wrote Re: cannot login anymore: Read from socket failed: Connection reset by peer | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Sooo, I found this. All the failing systems have
ii libssl1.0.0 1.0.0c-2 SSL shared libraries
installed (I compiled Postfix against openssl-1.0.0, that's why it's installed), yet their sshd is not linked against libssl1.0.0:
mail:~# ldd /usr/sbin/sshd
linux-gate.so.1 => (0xb774f000)
libwrap.so.0 => /lib/libwrap.so.0 (0xb76c2000)
libpam.so.0 => /lib/libpam.so.0 (0xb76b6000)
libselinux.so.1 => /lib/libselinux
libcrypto.so.0.9.8 => /usr/lib/
libutil.so.1 => /lib/i686/
libz.so.1 => /usr/lib/libz.so.1 (0xb752a000)
libcrypt.so.1 => /lib/i686/
libgssapi_
libkrb5.so.3 => /usr/lib/
libcom_err.so.2 => /lib/libcom_
libc.so.6 => /lib/i686/
libnsl.so.1 => /lib/i686/
libdl.so.2 => /lib/i686/
/lib/ld-linux.so.2 (0xb7750000)
libk5crypto.so.3 => /usr/lib/
libkrb5support
libkeyutils.so.1 => /lib/libkeyutil
libresolv.so.2 => /lib/i686/
libpthread.so.0 => /lib/i686/
The verbose output indicates this immediately before failure:
...
debug1: sending SSH2_MSG_
debug1: expecting SSH2_MSG_
Read from socket failed: Connection reset by peer
ECDH being elliptical curve diffie hellman -- but one needs openssl-1.0.0 (or at least 0.9.9) for that.
Since sshd is not linked against 1.0.0, it cannot handle ECC (elliptical curve cryptography) at all.
But the real question is: Why is ECC being used if ONE of the two sides doesn't support it?!