A problem of SSH login on Debian 12 Bookworm

I can’t login with Debian 12 Bookworm with SSH version OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023, with offical image version v1.0.6

The details are shown with command ssh -v root@192.168.42.1

OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /home/redleaves/.ssh/config
debug1: /home/redleaves/.ssh/config line 25: Applying options for 192.168.42.1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no
files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.42.1 [192.168.42.1] port 22.
debug1: Connection established.
debug1: identity file /home/redleaves/.ssh/id_rsa type 0
debug1: identity file /home/redleaves/.ssh/id_rsa-cert type -1
debug1: identity file /home/redleaves/.ssh/id_ecdsa type 2
debug1: identity file /home/redleaves/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/redleaves/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/redleaves/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/redleaves/.ssh/id_ed25519 type -1
debug1: identity file /home/redleaves/.ssh/id_ed25519-cert type -1
debug1: identity file /home/redleaves/.ssh/id_ed25519_sk type -1
debug1: identity file /home/redleaves/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/redleaves/.ssh/id_xmss type -1
debug1: identity file /home/redleaves/.ssh/id_xmss-cert type -1
debug1: identity file /home/redleaves/.ssh/id_dsa type -1
debug1: identity file /home/redleaves/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2+
deb12u2
debug1: compat_banner: match: OpenSSH_9.2p1 Debian-2+deb12u2 pat OpenSSH* compat 0x0
4000000
debug1: Authenticating to 192.168.42.1:22 as 'root'
debug1: load_hostkeys: fopen /home/redleaves/.ssh/known_hosts2: No such file or dire
ctory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> co
mpression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> co
mpression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:HevGleYi9YWZ6oORPug0oEyuPkPW3KmnNy/l14n+
pZo
debug1: load_hostkeys: fopen /home/redleaves/.ssh/known_hosts2: No such file or dire
ctory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.42.1' is known and matches the ED25519 host key.
debug1: Found key in /home/redleaves/.ssh/known_hosts:13
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /home/redleaves/.ssh/id_rsa RSA SHA256:dQwU002uL445a1+5de0
77RKa63y+j2BlZWS5gTu+bBk
debug1: Will attempt key: /home/redleaves/.ssh/id_ecdsa ECDSA SHA256:ulIj8RFcTsd1MDs
O//WeOu0Fpew/Ey7VtnsKl7p6ynQ
debug1: Will attempt key: /home/redleaves/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/redleaves/.ssh/id_ed25519
debug1: Will attempt key: /home/redleaves/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/redleaves/.ssh/id_xmss
debug1: Will attempt key: /home/redleaves/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@o
penssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com,ssh-dss,ssh-rsa,rsa-sha2-256,
rsa-sha2-512>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com=<0>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/redleaves/.ssh/id_rsa RSA SHA256:dQwU002uL445a1+5
de077RKa63y+j2BlZWS5gTu+bBk
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /home/redleaves/.ssh/id_ecdsa ECDSA SHA256:ulIj8RFcTsd1
MDsO//WeOu0Fpew/Ey7VtnsKl7p6ynQ
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/redleaves/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/redleaves/.ssh/id_ed25519
debug1: Trying private key: /home/redleaves/.ssh/id_ed25519_sk
debug1: Trying private key: /home/redleaves/.ssh/id_xmss
debug1: Trying private key: /home/redleaves/.ssh/id_dsa
debug1: Next authentication method: password

It seems that OpenSSH_9.2p1 Debian-2+deb12u1 can’t recognise the correct SSH version of milkv-duo.

Hi @Max,

I have no issues authenticating from Debian 12 using password authentication and no special options. Your debug log shows this is the only method available to you also, with no errors other than refusal to use a key. What is the error?

Thanks.

Hi, @ewp , I have more details about this problem.

I tried to login with password “milkv”, and I login successfully on Windows10,

debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version dropbear_2020.81

but failed to login on Debian12.(Permission denied, please try again.)

debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.2p1 Debian-2+deb12u1

The remote software version is Dropbear, but ssh on my Debian OS gives a wrong version(SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1, same as the SSH installed on my Debian OS).

Do you use the same SSH version on Debian as mine? If not, may be I have to change my openSSH version.

Hi @Max, here is my -vv debug output connecting from Debian to Duo.

debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
debug1: Remote protocol version 2.0, remote software version dropbear_2020.81

I can only think your Debian machine is not routing the connection properly to the Duo. I am not sure how else it would see the SSH banner from the wrong O/S.

Could you try to telnet to the Duo on port 22? The response should show the SSH banner from dropbear.

@ewp I think you are right, I use wireshark to capture packets of SSH, the source and destination address are all 192.168.42.1. That means if I use this address I will login my Debian machine…

Though I know should solve the network route problem first. I don’t know why the address problem occurs. Maybe I need to change the IP address of milkv-duo with serial port.

I feel delightful for your advice.

Hi @Max, if you are comfortable, please share relevant output from running nmcli. The Duo should serve an address to Debian of 192.168.42.x where x is 2 or higher.

Hi @ewp , I have solved this problem by changing the IP address.

This is my configuraion (I use IO board now, so the ip address is not 192.168.42.x)

enx207bd52c3233:
        "Realtek RTL8153"
        ethernet (r8152), 20:7B:D5:2C:32:33, hardware, mtu 1500
        inet4 192.168.168.44/24
        route4 192.168.168.0/24 metric 100
        inet6 fe80::8160:6fc8:1ad3:db75/64
        route6 fe80::/64 metric 1024

Thanks for you effort.(^_^)

You’re welcome. Is the issue solved now?

It is solved now.
RNDIS , Ethernet and SSH login are all working.

I came across the similar issue, it is strange that I can ping to duo device but failed to ssh/telnet into it.

sunmin@debian:~/oh$ lsb_release -a

No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 12 (bookworm)
Release:        12
Codename:       bookworm

sunmin@debian:~/oh$ nmcli device status

DEVICE           TYPE      STATE                   CONNECTION
enp3s0           ethernet  connected               Wired connection 1
lo               loopback  connected (externally)  lo
enx62351b5e42f9  ethernet  disconnected

sunmin@debian:~/oh$ ping 192.168.42.1 -c 5

PING 192.168.42.1 (192.168.42.1) 56(84) bytes of data.
64 bytes from 192.168.42.1: icmp_seq=1 ttl=252 time=28.1 ms
64 bytes from 192.168.42.1: icmp_seq=2 ttl=252 time=22.1 ms
64 bytes from 192.168.42.1: icmp_seq=3 ttl=252 time=38.5 ms
64 bytes from 192.168.42.1: icmp_seq=4 ttl=252 time=24.3 ms
64 bytes from 192.168.42.1: icmp_seq=5 ttl=252 time=35.8 ms

--- 192.168.42.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 22.115/29.786/38.547/6.402 ms

ssh -v root@192.168.42.1

OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.42.1 [192.168.42.1] port 22.
debug1: connect to address 192.168.42.1 port 22: Connection timed out
ssh: connect to host 192.168.42.1 port 22: Connection timed out

Strange that nmcli shows the connection to the Duo is down. The ping is taking a long time at 28ms. Are you sure the ping response is from the Duo? What does ip neigh show on both Debian and the Duo?