Why is SSHD hanging at "Server accepts key"

Solution 1:

This is usually caused by an issue with reverse DNS; just had this happen to one of my legacy servers the other week. You were right to invoke sshd -d, but the reverse DNS problems won't really become apparent unless you run it with sshd -ddd instead so that you're seeing the output of debug3.

While reverse DNS issues don't always cause things to back up this badly, if enough DNS lookups related to the connection attempt are failing (i.e. all DNS servers are completely unavailable, or enough of the related zones/reverse zones are timing out), under some configurations it will be enough to completely lock out ssh access to the system. It doesn't matter how high you set your client timeout if the server gets impatient and drops the connection.

Solution 2:

I've had this problem too, but here it was the client's turn to talk. In this case, it appeared to be due to the presence of a gpg-agent (running in ssh-agent-support mode); killing it or ssh-add -D'ing it allowed resumption of ssh connections.

Solution 3:

In my case, it was caused by a corrupt keyring. If one runs with more debugging info (ssh -vvv), one will get:

debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
debug2: input_userauth_pk_ok: fp
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
debug3: sign_and_send_pubkey: RSA
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Per this, I got the hint it was related to the SSH_AUTH_SOCK variable. Then I located it:

user@user-office / $ $SSH_AUTH_SOCK
bash: /run/user/1000/keyring/ssh: No such device or address

I then deleted this file and reran the ssh command. This caused the pass prompt to appear and then it worked.