You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I have recently setup step-ca to issue SSH certificates for SSO (using Auth0 flow). Everything works as expected except for one thing. When a certificate expires and a new one is generated I get an error
on the source running comannd ssh user@server -vvv
.
.
.
debug1: SSH2_MSG_KEXINIT sent
Bad packet length 1231976033.
debug3: send packet: type 1
ssh_dispatch_run_fatal: Connection to UNKNOWN port 65535: message authentication code incorrect
on target server tcp dump shows nothing interesting, simply closes the connection. If I look at sshd journal (sudo journalctl -u ssh.service) I get:
.
.
.
Feb 05 11:13:24 server sshd[269575]: error: kex_exchange_identification: banner line contains invalid characters
Feb 05 11:13:24 server sshd[269575]: banner exchange: Connection from 10.0.16.96 port 33770: invalid format
Feb 05 11:14:09 server sshd[269576]: Connection from 10.0.16.96 port 51712 on 10.0.60.0 port 22 rdomain
Banner is turned off in sshd configurations, so I believe something else is causing this issue. Upon trying to SSH again (having taken out the certificate already) everything works as usual.
Any tips on what I should look at next? Been stuck on this the whole day today, not sure how to proceed 🥲
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello, I have recently setup step-ca to issue SSH certificates for SSO (using Auth0 flow). Everything works as expected except for one thing. When a certificate expires and a new one is generated I get an error
on the source running comannd
ssh user@server -vvvon target server tcp dump shows nothing interesting, simply closes the connection. If I look at sshd journal (
sudo journalctl -u ssh.service) I get:Banner is turned off in sshd configurations, so I believe something else is causing this issue. Upon trying to SSH again (having taken out the certificate already) everything works as usual.
Any tips on what I should look at next? Been stuck on this the whole day today, not sure how to proceed 🥲
Beta Was this translation helpful? Give feedback.
All reactions