[SOLVED] SSH Login to Karaf - Fails after update to 2.4.0 Build 1431

Running Openhab on Centos7

After updating openhab to 2.4.0 Build 1431, I can no longer access Karaf via. SSH.
All other things works perfect.

I’m logging on to karaf from the machine running openhab with:

ssh -p 8101 openhab@localhost

I get two different messages:

1.Connection closed by ::1 port 8101

or

2.Connection closed by ::1 port 8101

I did - netstat -atn |grep 8101

And get:

tcp6 0 0 :::8101 :::* LISTEN
tcp6 0 0 ::1:8101 ::1:40238 TIME_WAIT Hope somebody can help me out here

does openhab-cli console work?

i am still on 1430

Could be many things such as bad file permissions.
Try ssh -v plus debug level (edit /var/lib/openhab2/etc/org.ops4j.pax.logging.cfg as console does not work) on org.apache.karaf.

No I get this:

Logging in as openhab
Session is being closed

wait… upgrading to see if I can replicate this

With the -v set I get this:

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 8101.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version SSHD-CORE-1.7.0
debug1: no match: SSHD-CORE-1.7.0
debug1: Authenticating to localhost:8101 as ‘openhab’
debug1: SSH2_MSG_KEXINIT sent
Connection reset by 127.0.0.1 port 8101

crossed my mind: your localhost resolution is pointing to IPv6

try:

ssh -p 8101 openhab@127.0.0.1

edit: forget it… I just saw the verbose output… it’s not due to the resolution

something is wrong with your key files

You run as root so ssh won’t find the proper public key.

I also saw this - disabled IPV6 on the host, but the same.

I cannot replicate this, so it’s not an issue of the snapshot build… something else is wrong with your system…
checking the verbose output now for hints

I get the same error if I run it under another user.

It has worked perfect before the upgrade for years.

Check file access rights on your local private key (~/.ssh/identity.*) and if the matching public key (still) is in /var/lib/openhab2/etc/keys.properties

also, check what else (except OH2.4) was upgraded during the last apt-get upgrade run

tail -10 /var/log/apt/history.log

I run Centos

Only did a Yum update on openhab and addons

side question: do you experience: https://github.com/openhab/openhab-distro/issues/729 ?

(all addons being installed when you have openhab-addons-2.4.0-SNAPSHOT.kar sitting in /usr/share/openhab2/addons/)

try:

openhab-cli reset-ownership

restart OH2 service and check again

For som reason I do not have any of those files anylonger

key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version SSHD-CORE-1.7.0
debug1: no match: SSHD-CORE-1.7.0
debug1: Authenticating to localhost:8101 as ‘openhab’
debug1: SSH2_MSG_KEXINIT sent
Connection reset by 127.0.0.1 port 8101

they are not really needed… ssh client is checking if they exist. this is not the root-cause
they also don’t exist on my system and i can use root to ssh into karaf console

did you configure in the past key based authentication for the console?

No I don’t think I did, but not 100% sure

try to fix OH2 permissions and retry (stop, fix, start)

so if you didn’t use key auth but want to use password auth, the file to specify that in is users.properties so check if there’s anything bad in there.
Either way, proper path to debugging is to enable server side logging as I mentioned above.