SSH config corrupted during upgrade to 159

Troubleshooting
1

My upgrade to 159 corrupted somethiing in my SSH settings. SSH login gives:
pi@mypi’s password:

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Connection to mypi closed.

An incorrect password doesn’t show the Debian disclaimer.

Any reason for this not to work?

2

This problem seems to be similar to another SSH report for 159. The error also occurs for user root.

3

There has been little progress for me on this issue.
This thread provided no solution. My passwords still seem to be correct.

Below is the output of an incorrect password and a correct password with ssh debug output:

ssh dietpi@mypi -vvv
OpenSSH_7.5p1-hpn14v12lpk, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving “mypi” port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to mypi […] port 22.
debug1: Connection established.
debug1: identity file /home/bla/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/bla/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/bla/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/bla/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/bla/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/bla/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/bla/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/bla/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5p1-hpn14v12lpk
debug1: Remote protocol version 2.0, remote software version dropbear_2014.65
debug1: no match: dropbear_2014.65
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to mypi:22 as ‘dietpi’
debug3: hostkeys_foreach: reading file “/home/bla/.ssh/known_hosts”
debug3: record_hostkey: found key type RSA in file /home/bla/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from mypi
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au
debug2: host key algorithms: ssh-rsa,ssh-dss
debug2: ciphers ctos: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: ciphers stoc: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: compression ctos: zlib,zlib@openssh.com,none
debug2: compression stoc: zlib,zlib@openssh.com,none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: REQUESTED ENC.NAME is ‘aes128-ctr’
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: REQUESTED ENC.NAME is ‘aes128-ctr’
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:EzF1P4esqyF1VY/EsHZSeeX//6G9KTdyVXpONOJkjfs
debug3: hostkeys_foreach: reading file “/home/bla/.ssh/known_hosts”
debug3: record_hostkey: found key type RSA in file /home/bla/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from mypi
debug3: hostkeys_foreach: reading file “/home/bla/.ssh/known_hosts”
debug3: record_hostkey: found key type RSA in file /home/bla/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from …
debug1: Host ‘mypi’ is known and matches the RSA host key.
debug1: Found key in /home/bla/.ssh/known_hosts:3
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /home/bla/.ssh/id_rsa (0x55eeb6feea50)
debug2: key: /home/bla/.ssh/id_dsa ((nil))
debug2: key: /home/bla/.ssh/id_ecdsa ((nil))
debug2: key: /home/bla/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/bla/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/bla/.ssh/id_dsa
debug3: no such identity: /home/bla/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/bla/.ssh/id_ecdsa
debug3: no such identity: /home/bla/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/bla/.ssh/id_ed25519
debug3: no such identity: /home/bla/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
dietpi@mypi’s password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.


dietpi@mypi’s password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
debug1: Single to Multithread CTR cipher swap - client request
debug1: Authentication succeeded (password).
Authenticated to mypi ([…]:22).
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: ssh_packet_send2: rekex triggered
debug1: enqueue packet: 90
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug1: Entering interactive session.
debug1: pledge: network
debug1: rekeying in progress
debug1: rekeying in progress
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 1
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,kexguess2@matt.ucc.asn.au
debug2: host key algorithms: ssh-rsa,ssh-dss
debug2: ciphers ctos: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: ciphers stoc: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: MACs ctos: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: MACs stoc: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: compression ctos: zlib,zlib@openssh.com,none
debug2: compression stoc: zlib,zlib@openssh.com,none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: REQUESTED ENC.NAME is ‘aes128-ctr’
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: REQUESTED ENC.NAME is ‘aes128-ctr’
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: rekeying in progress
debug1: rekeying in progress
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:EzF1P4esqyF1VY/EsHZSeeX//6G9KTdyVXpONOJkjfs
debug2: verify_host_key: server host key RSA SHA256:EzF1P4esqyF1VY/EsHZSeeX//6G9KTdyVXpONOJkjfs matches cached key
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: ssh_set_newkeys: rekeying after 136 output blocks (3672 bytes total)
debug1: spawned a thread
debug1: spawned a thread
debug1: rekey after 4294967296 blocks
debug1: dequeue packet: 90
debug3: send packet: type 90
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: ssh_set_newkeys: rekeying after 87 input blocks (2592 bytes total)
debug1: spawned a thread
debug1: spawned a thread
debug1: rekey after 4294967296 blocks
debug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY/SCTP_NODELAY
debug3: ssh_packet_set_tos: set IPV6_TCLASS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env MANPATH
debug3: Ignored env SAL_USE_VCLPLUGIN
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env XDG_MENU_PREFIX
debug3: Ignored env XDG_SESSION_COOKIE
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env PAGER
debug3: Ignored env CONFIG_PROTECT_MASK
debug3: Ignored env FLTK_DOCDIR
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env PATH
debug3: Ignored env MAIL
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env QT_QPA_PLATFORMTHEME
debug3: Ignored env PWD
debug3: Ignored env JAVA_HOME
debug3: Ignored env EDITOR
debug3: Ignored env JAVAC
debug1: Sending env LANG = en_US.utf8
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env GSETTINGS_BACKEND
debug3: Ignored env QT_GRAPHICSSYSTEM
debug3: Ignored env _LXSESSION_PID
debug3: Ignored env QT_PLATFORM_PLUGIN
debug3: Ignored env PYTHONDOCS_3_4
debug3: Ignored env MANPAGER
debug3: Ignored env HOME
debug3: Ignored env JDK_HOME
debug3: Ignored env SHLVL
debug3: Ignored env XDG_CONFIG_HOME
debug3: Ignored env LESS
debug3: Ignored env LOGNAME
debug3: Ignored env GCC_SPECS
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env LESSOPEN
debug3: Ignored env R_HOME
debug3: Ignored env INFOPATH
debug3: Ignored env DISPLAY
debug3: Ignored env OPENGL_PROFILE
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env CONFIG_PROTECT
debug3: Ignored env XAUTHORITY
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 65536 rmax 32759
debug2: tcpwinsz: 369280 for connection: 3
debug2: tcpwinsz: 369280 for connection: 3
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug2: tcpwinsz: 369280 for connection: 3
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open → drain
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug2: channel 0: close_read
debug2: channel 0: input open → closed
debug3: channel 0: will not send data after close
debug2: tcpwinsz: 369280 for connection: 3

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
debug3: channel 0: will not send data after close
debug2: tcpwinsz: 369280 for connection: 3
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain → closed
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug3: send packet: type 1
Connection to smoot closed.
Transferred: sent 4184, received 3056 bytes, in 0.2 seconds
Bytes per second: sent 22674.2, received 16561.3
debug1: Exit status -1

4

The debug output showed ssh using ipv6 addresses. I also tried it with the native ipv4 address, but the output was the same (except for different ip addresses).

5

Remote protocol version 2.0, remote software version dropbear_2014.65

hostkeys_foreach: reading file “/home/bla/.ssh/known_hosts”

Offering RSA public key: /home/bla/.ssh/id_rsa
send_pubkey_test

>

First you have to clear all host in:

```text
nano /home/bla/.ssh/known_hosts

And login as user: “root” with IPv4 address to you DietPi device, eg:

ssh root@192.168.0.100

with password: “dietpi” and hope you didn’t change it before!

6

Thanks for the reply. Removing the keys did not change the behaviour. The login with incorrect password has a different behaviour than using the correct password as can be seen in the verbose output. The password is changed from the standard right after installation. (I hope yours isn’t dietpi :wink:

7

I also checked the login with the key in known hosts changed and it gives the regular warning of an incorrect key. That system works correctly.

8

This problem still persists. Also issuing a command like ls via ssh produces no output. On the SD card I can’t find a config file for ssh in /etc.

9

Seem to be a corrupt/faulty/defect sd card.





/usr/sbin/dropbear -h

cat /etc/default/dropbear

cat /etc/init.d/dropbear