I stumbled across this problem: $ ssh -vvv root@localhost OpenSSH_7.3p1, OpenSSL 1.0.2h 3 May 2016 debug1: Reading configuration data /home/user/.ssh/config debug3: kex names ok: [diffie-hellman-group-exchange-sha1] debug3: kex names ok: [diffie-hellman-group1-sha1] debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolving "localhost" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /home/user/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/user/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.3 ssh_exchange_identification: read: Connection reset by peer The "No such file or directory" can be ignored, they're not relevant for this error. The log revealed this error: Aug 25 19:46:19 mypc sshd[12747]: error: buffer_get_bignum_ret: incomplete message Aug 25 19:46:19 mypc sshd[12747]: fatal: buffer_get_bignum: buffer error And with that I was able to find this thread: http://www.gossamer-threads.com/lists/openssh/dev/66323 And - indeed - removing the "ssh1" use flag resolved the problem. Reproducible: Always Steps to Reproduce: 1. compile openssh 7.3 with the "ssh1" use flag 2. try to ssh connect to the machine 3. fail There is a patch posted: diff --git a/sshd.c b/sshd.c index 799c771..8f2b322 100644 --- a/sshd.c +++ b/sshd.c @@ -1071,7 +1071,7 @@ send_rexec_state(int fd, struct sshbuf *conf) fatal("%s: buffer error: %s", __func__, ssh_err(r)); } else #endif - if ((r = sshbuf_put_u32(m, 1)) != 0) + if ((r = sshbuf_put_u32(m, 0)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) which allegedly (some users confirmed it) alleviates the problem. For me, it was removing ssh1 use flag for now.
Happens also here, with net-misc/openssh-7.3_p1-r2. Disabling ssh1 fixes the issue, but if you need to connect to an old system this can not be a viable solution.
It would be nice if someone with the permission would set this to CONFIRMEND then.
Fixed in openssh-7.3_p1-r5 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82d72deec8357ab399ef96e4d4eda1b64bc37f6f FYI, upstream is planning to completely drop ssh1 support in the next release, so you should make plans accordingly
