Tim's blah blah blah

SSH Connection Reset - Missing Privilege Separation Directory

The worst thing that can happen1 is losing contact with a server with no physical access to it. I haven’t found the root cause, but it’s fixed by restarting the sshd server.

  1. Update: perhaps the root cause is solved by apt-get purge openssh-server && apt install openssh-server (seems to work?)
  2. Update: perhaps the root cause is a race condition in systemd and can be solved by adding RuntimeDirectoryPreserve=yes to /usr/lib/systemd/system/ssh@.service (trying if above doesn’t work)

The issue

I’ve now had this twice (sort of) when upgrading sshd on Debian, which resulted in

kex_exchange_identification: read: Connection reset by peer
Connection reset by 192.168.1.1 port 22

Fortunately I have an overly complex home networking setup and this Debian server runs inside proxmox, and I could still access proxmox (which is also based on Debian, so that’s a bit suprising), which allowed me to access the Debian server2. It turns out sshd was logging errors as follows:

Dec 23 21:50:08 proteus sshd[419962]: fatal: Missing privilege separation directory: /run/sshd

which I had before once after upgrading sshd. I fixed it and forgot about it (which usually means I think I fixed it permanently), however it came back.

Resources

Some other people also have this problem, some solved, some not:


  1. Ok, not the worst thing, but you get what I mean ↩︎

  2. I’ve never rweally realized ↩︎

#Debian #Linux #Networking #Security #Server #Ssh