Join Log in
Score:0
Thomas Grusz avatar Ubuntu

SSH into server running xinetd throws error "kex_exchange_identification: read: Connection reset by peer"

cn flag
Thomas Grusz

I have two servers running ubuntu 22.04.2 LTS with openssh-server 1:8.9p1-3ubuntu0.1 installed. And on both servers I have installed the same admin user.

I want to test the legacy superdaemon xinetd for ssh. So I stopped the ssh.service on the first server and started the xinetd.service on that server after adding the following config file:

cat /etc/xinetd.d/ssh

service ssh
{
    disable     = no
    socket_type = stream
    protocol    = tcp
    wait        = no
    user        = root
    server      =/usr/sbin/sshd
    server_args = -1
    flags       = IPv4
    interface   = 192.168.50.100
}

When I try to ssh into the server running xinetd, the xinetd daemon should start the ssh daemon on the target server and allow me in. But I get the following error message:

ssh -v 192.168.50.100

OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.50.100 [192.168.50.100] port 22.
debug1: Connection established.
debug1: identity file /home/thomasgrusz/.ssh/id_rsa type -1
debug1: identity file /home/thomasgrusz/.ssh/id_rsa-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ecdsa type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ed25519 type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ed25519-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ed25519_sk type -1
debug1: identity file /home/thomasgrusz/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_xmss type -1
debug1: identity file /home/thomasgrusz/.ssh/id_xmss-cert type -1
debug1: identity file /home/thomasgrusz/.ssh/id_dsa type -1
debug1: identity file /home/thomasgrusz/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.1
debug1: kex_exchange_identification: banner line 0: unknown option -- 1
kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.50.100 port 22

Any ideas?

370
2 + 2
ssh
waltinator avatar
it flag
waltinator
It can't find any of the "`identify file`s" to use in setting up the SSH connection, so it drops the connection. Have you read `man ssh-keygen`?
0
Reply
Thomas Grusz avatar
cn flag
Thomas Grusz
@waltinator The missing ssh-key should not be an isssue. It should just ask for the password, which it does, when I enable the ssh.service by hand.
0
Reply
Score:0
Freddy avatar Ubuntu
cf flag
Freddy

Use

server_args = -i

for xinetd.

+ 1
Thomas Grusz avatar
cn flag
Thomas Grusz
Thanks for spotting this, but it's still throwing the same error.
0
Reply
Score:0
Thomas Grusz avatar Ubuntu
cn flag
Thomas Grusz

Update: March 12, 2023

I found the issue when I looked into the error logs of the xindetd daemon on the target server. It throws the following error when I try to ssh in:

Mar 12 14:09:06 ubuntuserver100 sshd[1551]: fatal: Missing privilege separation directory: /run/sshd

I created the /run/sshd/ directory manually and then everything worked perfectly. This is a temp folder though, so it will be missing again after reboot. I fixed this by adding the following file:

thomasgrusz@ubuntuserver100:~$ cat /usr/lib/tmpfiles.d/sshd.conf
d /run/sshd 0755 root root

I got the idea from this post, but there is probably a more elegant solution for this.

Does anyone know, why this folder is missing in the first place?

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.