I compiled OpenSSH_6.6p1 on one of our server. I am able login via SSH to the upgraded server. But I am not able to connect to other servers running OpenSSH_6.6p1 or OpenSSH_5.8 from this. While connecting I am getting an error as below.
Read from socket failed: Connection reset by peer
On the destination server in the logs, I am seeing it as below.
sshd: fatal: Read from socket failed: Connection reset by peer [preauth]
I tried specifying the cipher_spec [ ssh -c aes128-ctr destination-server ] as mentioned in ssh 'connection reset by peer' problem since 5.8p1 (archived version) and was able to connect. How can configure ssh to use the cipher by default? Why is the cipher required here?
Best Answer
The problem sounds like a server-side bug. When the client sends the list of ciphers the openssh server probably expects to be able to read the list in a single system call.
If the list of supported ciphers is longer than can be transmitted in one packet, the server may get fewer bytes in the first call than it expected. The correct behavior on the server would be to perform another call to get the rest of the bytes. But from the problem description it appears, the server instead closes the connection when it did not get the full list of ciphers at once. When the next packet from the client arrives, the server will send a connection reset to the client.
Configuring the client to use a shorter list of ciphers would then work around the bug. The openssh client will look for the list of ciphers in the following places:
The two configuration files are respectively per-user and system-wide settings. Using
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbclike Eric suggested should work fine.