Upgrade linux9 openssh-server problem

After upgrading linux9, I have been using mac’s terminal to log in, these are no problem, when I log in using software such as xshell, the session will end immediately. I am using the key file login method and the following is the log when restarting

.
Jul 25 22:15:48 localhost systemd[1]: Stopping OpenSSH server daemon...
Jul 25 22:15:48 localhost systemd[1]: sshd.service: Deactivated successfully.
Jul 25 22:15:48 localhost systemd[1]: Stopped OpenSSH server daemon.
Jul 25 22:15:48 localhost systemd[1]: Stopped target sshd-keygen.target.
Jul 25 22:15:48 localhost systemd[1]: Stopping sshd-keygen.target...
Jul 25 22:15:48 localhost systemd[1]: OpenSSH ecdsa Server Key Generation was skipped because all trigger condition checks failed.
Jul 25 22:15:48 localhost systemd[1]: OpenSSH ed25519 Server Key Generation was skipped because all trigger condition checks failed.
Jul 25 22:15:48 localhost systemd[1]: OpenSSH rsa Server Key Generation was skipped because all trigger condition checks failed.
Jul 25 22:15:48 localhost systemd[1]: Reached target sshd-keygen.target.
Jul 25 22:15:48 localhost systemd[1]: Starting OpenSSH server daemon...
Jul 25 22:15:48 localhost systemd[1]: Started OpenSSH server daemon.

1 Like

Reading the error log for some reason when the server daemon tries to figure out what kind of key it is suppose to be using it fails all the checks so it can’t use a key to login. the config you are using I assume prohibits logging in using any other method so it doesn’t check so the program just reaches an end state and stops.

Need to figure out why the program is failing those checks, is there a further log based specifically on the keygen service? Or perhaps looking at the sshd-keygen.target file it is mentioning may lead to something worthwhile.

[root@mx ~]# cat /usr/lib/systemd/system/sshd-keygen.target
[Unit]
Wants=sshd-keygen@rsa.service
Wants=sshd-keygen@ecdsa.service
Wants=sshd-keygen@ed25519.service
PartOf=sshd.service

systemctl restart sshd-keygen@ed25519.service

sshd-keygen@ed25519.service - OpenSSH ed25519 Server Key Generation
     Loaded: loaded (/usr/lib/systemd/system/sshd-keygen@.service; disabled; vendor preset: disabled)
     Active: inactive (dead) since Tue 2022-07-26 08:17:12 CST; 6min ago
  Condition: start condition failed at Tue 2022-07-26 08:24:04 CST; 7s ago
             └─ ConditionFileNotEmpty=|!/etc/ssh/ssh_host_ed25519_key was not met
    Process: 1784 ExecStart=/usr/libexec/openssh/sshd-keygen ed25519 (code=exited, status=0/SUCCESS)
   Main PID: 1784 (code=exited, status=0/SUCCESS)
        CPU: 46ms

Jul 26 08:17:12 RK3399 systemd[1]: Starting OpenSSH ed25519 Server Key Generation...
Jul 26 08:17:12 RK3399 systemd[1]: sshd-keygen@ed25519.service: Deactivated successfully.
Jul 26 08:17:12 RK3399 systemd[1]: Finished OpenSSH ed25519 Server Key Generation.
Jul 26 08:20:47 RK3399 systemd[1]: OpenSSH ed25519 Server Key Generation was skipped because all trigger condition checks failed.
Jul 26 08:22:37 RK3399 systemd[1]: OpenSSH ed25519 Server Key Generation was skipped because all trigger condition checks failed.
Jul 26 08:23:19 RK3399 systemd[1]: OpenSSH ed25519 Server Key Generation was skipped because all trigger condition checks failed.
Jul 26 08:23:38 RK3399 systemd[1]: OpenSSH ed25519 Server Key Generation was skipped because all trigger condition checks failed.
Jul 26 08:24:04 RK3399 systemd[1]: OpenSSH ed25519 Server Key Generation was skipped because all trigger condition checks failed.

I think this is the problem after OpenSSL upgrade;
How can I fix this problem?

[root@RK3399 ssh]# /usr/sbin/sshd -p 9710 -d
debug1: sshd version OpenSSH_8.7, OpenSSL 3.0.1 14 Dec 2021
debug1: private host key #0: ssh-rsa SHA256:l295Ah3BM282/Ng34lZr4sqtss5e1A7KSkdLecrGgmA
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:8OP7g5nvaxbbmNSZ2lrSpFoLS9q7RcD+7hefbtl45js
debug1: private host key #2: ssh-ed25519 SHA256:M56mANe3ppZv9sCacin6+9yANdYeJDWHX8erWCV3WnY
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[2]='9710'
debug1: rexec_argv[3]='-d'
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 9710 on 0.0.0.0.
Server listening on 0.0.0.0 port 9710.
debug1: Bind to port 9710 on ::.
Server listening on :: port 9710.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_8.7, OpenSSL 3.0.1 14 Dec 2021
debug1: private host key #0: ssh-rsa SHA256:l295Ah3BM282/Ng34lZr4sqtss5e1A7KSkdLecrGgmA
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:8OP7g5nvaxbbmNSZ2lrSpFoLS9q7RcD+7hefbtl45js
debug1: private host key #2: ssh-ed25519 SHA256:M56mANe3ppZv9sCacin6+9yANdYeJDWHX8erWCV3WnY
debug1: inetd sockets after dupping: 3, 3
Connection from 1.116.42.97 port 63454 on 10.0.0.100 port 9710 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_8.7
debug1: Remote protocol version 2.0, remote software version nsssh2_6.0.0013 NetSarang Computer, Inc.
debug1: compat_banner: no match: nsssh2_6.0.0013 NetSarang Computer, Inc.
debug1: SELinux support disabled [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
debug1: kex: host key algorithm: ssh-rsa [preauth]
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none [preauth]
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none [preauth]
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32 [preauth]
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32 [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
mm_answer_sign: sign: error in libcrypto
debug1: do_cleanup
debug1: Killing privsep child 1898

After pure installation of rockylinux9, I put the public key in .ssh/authorized_keys, log in and select the key to log in, and the prompt message is “The selected key is not registered in the remote host”

Looking at this part of the log it says that the keygen service is not starting because it can’t find the key

" ConditionFileNotEmpty=|!/etc/ssh/ssh_host_ed25519_key was not met "

is your key located there? if not you will either want to put the key there or edit some configs to point to your key.

Also The service says it is disabled by default and is currently still disabled

" …@.service; disabled; vendor preset: disabled) "

though this is only to make sure that the service restarts on boot.
sudo systemctl enable sshd-keygen@.service
the above command will at least solve that much of the problem

You can try it in your system, and by default the service will fail.

in the middle of spinning up a system will take me awhile. but I’ll see what I can find.