Dropbear SSH is blocking client

I observed from time to time that my target device is suddenly blocking me from login to ssh. In those cases I get the following error message on my ssh client:

“kex_exchange_identification: read: Connection reset by peer”

Unfortunately this state persists. That means my only chance to ever login again is to use the UART cable and delete the dropbear ssh certificates. Do you have any ideas what causes this issue and how to resolve it?

Best regards,

root@b2qt-colibri-imx7:~# dropbear -V
Dropbear v2018.76
root@b2qt-colibri-imx7:~# uname -a
Linux b2qt-colibri-imx7
4.9.166-2.8.5+gd899927 #1 SMP Mon Feb 10 16:18:51 UTC 2020 armv7l GNU/Linux

Hi @michaelg

Can you check if the ssh certificates have some content?

cat /etc/ssh_host*

Could it be that this happens when you do a hard poweroff during the first boot? Do you have an easy way to reproduce it?
Can you also try to start dropbear as follows (manually):

dropbear -F -E

What does the output say?


Hi @stefan_e.tx

Thank you for the hints. So far I din’t manage to reproduce it. As soon as it happens again I will show you the output that I get when I manually start dropbear. I will also try to do a power cycle while the OS is modifying the certificates.

Please note that on my device that is currently working correctly there are no files or folder that match /etc/ssh_host*. There is /etc/dropbear/dropbear_rsa_host_key and /home/root/.ssh/authorized_keys.

Best regards,

Hi @michaelg

You are welcome. Thanks for the feedback.

Best regards,