[Linux] Workaround for SSH buffer error

I. Abstract
Some of you may already have experienced the same phenomenon. We wanted to secure one of our servers and disallow any password login. We configured the passwordless login to use ssh and use public-, private-key mode (see here) instead. But after having saved the sshd_config file, we eventually couldn’t reconnect to our Debian server from our Cygwin console. Instead we received a buffer error. The following lines show what we did and a somewhat not 100% clean workaround.

II. What did we do?

  • we set up a Debian Etch server to use Public and Private Key authentication only (see here how to do it)
  • we edited the sshd_config
    server$ nano /etc/ssh/sshd_config
  • we set
    PasswordAuthentication No
  • we saved sshd_config and quit vim
  • we restarted out beloved ssh deamon
    server$ /etc/init.d/ssh restart
  • we then logged out and found that we cannot login by entering
    client$ ssh -o PreferredAuthentications=publickey root@somedomain.com
  • arghhhhh…

III. Workaround

  • we examined the errors:
    buffer_get_ret: trying to get more bytes 4 than in buffer 0
    buffer_get_int: buffer error
  • After fumbling here and there we just removed the known_hosts file on the local client
    client$ rm ~/.ssh/known_hosts
  • we reauthorized the domain and guess what?
  • The error vanished
  • obviously the known_hosts was modified to have a line break somewhere in the middle of the public-key. I suspect openSSHp to have caused this incident

If the above solved your problem aswell, please help us maintaining this site by visiting our sponsors:

IV. Sponsored by

You can leave a response, or trackback from your own site.

3 Responses to “[Linux] Workaround for SSH buffer error”

  1. gs says:

    I ran across this searching for the same error – opened my .ssh/known_hosts file on the client in a text editor before I deleted it, and noticed that somehow the IP address and the key hash for that IP were on separate lines. Deleted the hard return, and everything worked fine.

  2. Marc K. says:

    Same here, but not the known_hosts. Buffering will also fail if there are “newlines” in authorized_keys.

  3. Collin R. says:

    Just ran into the same problem, deleting newlines from each entry in authorized_keys fixed it.

Leave a Reply