Creating a bug report/issue
X I have searched the existing open and closed issues and nothing appears to be relevant to my issue.
Required Information
G_DIETPI_VERSION_CORE=9
G_DIETPI_VERSION_SUB=11
G_DIETPI_VERSION_RC=2
G_GITBRANCH=‘master’
G_GITOWNER=‘MichaIng’
bookworm
Linux workern2plus 6.6.65-current-meson64 #1 SMP PREEMPT Wed Dec 11 15:13:43 UTC 2024 aarch64 GNU/Linux
arm64
Odroid N2 (aarch64)
- Power supply used 5V 1A wall wart
- SD card used SanDisk ultra
Additional Information (if applicable)
Issue happens with both OpenSSH and DropBear and is reproducible.
dietpi is recent install, and haven’t tried reinstalling OS yet.
Steps to reproduce
After not ssh’ing into the SBC for a while (approximately 1-2 hours) the initial passwordless SSH to SBC has the “connection reset by peer”. However, immediately attempting to connect again will successfully connect. The same passwordless setup can be used to access two other SBC (orange pI Zero’s) without a problem - so it appears that the issue is localized to the N2+.
I’ve been able to capture the -vv output of a faulty SSH connection:
(base) lobo@iMac-2019 ~ % ssh -vv dietpi@10.0.0.17
OpenSSH_9.8p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/lobo/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug2: resolve_canonicalize: hostname 10.0.0.17 is address
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 10.0.0.17 [10.0.0.17] port 22.
debug1: Connection established.
debug1: identity file /Users/lobo/.ssh/id_rsa type -1
debug1: identity file /Users/lobo/.ssh/id_rsa-cert type -1
debug1: identity file /Users/lobo/.ssh/id_ecdsa type -1
debug1: identity file /Users/lobo/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/lobo/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/lobo/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/lobo/.ssh/id_ed25519 type 3
debug1: identity file /Users/lobo/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/lobo/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/lobo/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/lobo/.ssh/id_xmss type -1
debug1: identity file /Users/lobo/.ssh/id_xmss-cert type -1
debug1: identity file /Users/lobo/.ssh/id_dsa type -1
debug1: identity file /Users/lobo/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.8
kex_exchange_identification: read: Connection reset by peer
Connection reset by 10.0.0.17 port 22
and a successful connection ( trimmed just after the spot issue occurs for brevity )
(base) lobo@iMac-2019 ~ % ssh -vv dietpi@10.0.0.17
OpenSSH_9.8p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/lobo/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug2: resolve_canonicalize: hostname 10.0.0.17 is address
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 10.0.0.17 [10.0.0.17] port 22.
debug1: Connection established.
debug1: identity file /Users/lobo/.ssh/id_rsa type -1
debug1: identity file /Users/lobo/.ssh/id_rsa-cert type -1
debug1: identity file /Users/lobo/.ssh/id_ecdsa type -1
debug1: identity file /Users/lobo/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/lobo/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/lobo/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/lobo/.ssh/id_ed25519 type 3
debug1: identity file /Users/lobo/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/lobo/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/lobo/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/lobo/.ssh/id_xmss type -1
debug1: identity file /Users/lobo/.ssh/id_xmss-cert type -1
debug1: identity file /Users/lobo/.ssh/id_dsa type -1
debug1: identity file /Users/lobo/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2+deb12u5
debug1: compat_banner: match: OpenSSH_9.2p1 Debian-2+deb12u5 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.0.0.17:22 as 'dietpi'
...... (trimmed here)
and the log files on the N2+ for faulty connection:
Mar 11 21:59:45 workern2plus sshd[21727]: Accepted publickey for dietpi from 10.0.0.5 port 57630 ssh2: ED25519 SHA256:rG6L9BADZ6Ipp+iQKfeibfuosrZmDdfJevAxjkyGrW8
Mar 11 21:59:45 workern2plus sshd[21727]: pam_unix(sshd:session): session opened for user dietpi(uid=1000) by (uid=0)
Mar 11 21:59:45 workern2plus sshd[21727]: pam_env(sshd:session): deprecated reading of user environment enabled
Mar 11 21:59:58 workern2plus sshd[21733]: Received disconnect from 10.0.0.5 port 57630:11: disconnected by user
Mar 11 21:59:58 workern2plus sshd[21733]: Disconnected from user dietpi 10.0.0.5 port 57630
Mar 11 21:59:58 workern2plus sshd[21727]: pam_unix(sshd:session): session closed for user dietpi
and the immediate successful retry:
Mar 11 22:00:05 workern2plus sshd[21766]: Accepted publickey for dietpi from 10.0.0.5 port 57633 ssh2: ED25519 SHA256:rG6L9BADZ6Ipp+iQKfeibfuosrZmDdfJevAxjkyGrW8
Mar 11 22:00:05 workern2plus sshd[21766]: pam_unix(sshd:session): session opened for user dietpi(uid=1000) by (uid=0)
Mar 11 22:00:05 workern2plus sshd[21766]: pam_env(sshd:session): deprecated reading of user environment enabled
I originally thought it might be the result of a faulty NTP connection, changing it from ‘default’ to ‘North Americas’ had no effect and the times seem to be the same. I also tried uninstalling DropBear and installing OpenSSH but that doesn’t seem to have any effect on the issue.
Bottom line is that it appears that the N2+ SSHd is not sending the correct “Remote protocol version” and as a result the connection is closed.
Are there any SSH experts out there that can point me towards what files I should check, commands I should be looking at, and/or what configuration options need to be looked at?
Also, do I need to be concerned about the “pam_env(sshd:session): deprecated reading of user environment enabled” warning?
Thanks for any help you can provide.