Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Connect Lost on CentOS stream 9 hosts
See original GitHub issueHi team! We are testing on some hosts newly upgraded to CentOS stream 9 with openssl3. And we found we are not able to connect to those hosts with asyncssh while we can use the same cert ssh to it by just running ssh <hostname>.
We got connect lost error from asyncssh connection and following is the detailed logs.
2022-03-24 11:31:47,365 DEBUG [asyncssh] [conn=0] Received key exchange request
2022-03-24 11:31:47,365 DEBUG [asyncssh] [conn=0] Key exchange algs: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
2022-03-24 11:31:47,366 DEBUG [asyncssh] [conn=0] Host key algs: rsa-sha2-512,rsa-sha2-256,ssh-rsa,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com
2022-03-24 11:31:47,366 DEBUG [asyncssh] [conn=0] Client to server:
2022-03-24 11:31:47,366 DEBUG [asyncssh] [conn=0] Encryption algs: aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
2022-03-24 11:31:47,366 DEBUG [asyncssh] [conn=0] MAC algs: umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512
2022-03-24 11:31:47,366 DEBUG [asyncssh] [conn=0] Compression algs: none,zlib@openssh.com
2022-03-24 11:31:47,366 DEBUG [asyncssh] [conn=0] Server to client:
2022-03-24 11:31:47,366 DEBUG [asyncssh] [conn=0] Encryption algs: aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr
2022-03-24 11:31:47,366 DEBUG [asyncssh] [conn=0] MAC algs: umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512
2022-03-24 11:31:47,366 DEBUG [asyncssh] [conn=0] Compression algs: none,zlib@openssh.com
2022-03-24 11:31:47,367 DEBUG [asyncssh] [conn=0] Beginning key exchange
2022-03-24 11:31:47,367 DEBUG [asyncssh] [conn=0] Key exchange alg: curve25519-sha256
2022-03-24 11:31:47,367 DEBUG [asyncssh] [conn=0, pktid=1] Sent MSG_KEX_ECDH_INIT (30), 37 bytes
00000000: ...<some bytes>
00000010: ...<some bytes>
00000020: ...<some bytes>
2022-03-24 11:31:47,387 INFO [asyncssh] [conn=0] Connection lost
2022-03-24 11:31:47,387 INFO [asyncssh] [conn=0] Aborting connection
And on the target host side we got fatal: mm_answer_sign: sign: error in libcrypto.
Here is how I use asyncssh to connect.
priv_path = "somepaht"
cert_path = priv_path + "-cert.pub"
privkey = asyncssh.read_private_key(priv_path)
cert = asyncssh.read_certificate(cert_path)
options = asyncssh.SSHClientConnectionOptions(
username="root",
client_keys=[(privkey, cert)],
known_hosts=None,
x509_trusted_certs=None,
# signature_algs="rsa-sha2-512", # I tried with and without this line. Both are failed
)
async with asyncssh.connect(
"hostname>"
port=22,
options=options,
) as conn:
result = await conn.run("ls /")
logging.info(" --- ".join(result.stdout.splitlines()))
Any help is appreciated! Thanks!
Issue Analytics
- State:
- Created a year ago
- Comments:31 (18 by maintainers)
Top Results From Across the Web
loss internet connectivity after Open SSL update - CentOS forum
The correct solution to the problem you tried to fix was to just run yum update to get the latest openssl packages from...
Read more >CentOS Stream 9 : Initial Settings : Networking - Server World
To set static IP address to the server, Modify settings like follows. If you don't need IPv6, it's possible to disable it like...
Read more >Win 10 host, CentOS 9 virtual machine, no internet connection
Hey fellas, I'm new to VirtualBox. I installed VirtualBox Version 6.1.34 r150636 (Qt5.6.2) on my Win 10 and then installed a CentOS 9...
Read more >No IP address on VMware running centos 7
In my case, I installed two CentOS virtual machine by using VMware Player (Host OS: CentOS7). I found no IP address for both...
Read more >Before You Get Mad About The CentOS Stream Change ...
Tangential to the life cycle complaint, that Red Hat should have waited until RHEL 9 to make this change, I get why people...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Thank you for the confirmation, and for helping me work though this…
Ok - I did some testing here, against a server with ssh-rsa disabled, and I was able to reproduce the “Connection reset by peer” before this change and getting it to work after the change. I’m still not sure why OpenSSH didn’t fall back from the disabled certificate algorithm to one of the supported host key algorithms, but with this change that is no longer necessary. After this change, if you have an RSA host key with a certificate on the server, AsyncSSH will be able to use SHA-2 signature algorithms with that key and validate the cert’s public key rather than the host’s public key in known_hosts.
Thanks for the report on this! I’ll be checking this change in shortly, and am hoping to do a release later today if all goes well.