ssh clients shows "closed by UNKNOWN" message when a socket is closed by a remote side while ssh is waiting for user's password: $ ssh user@localhost user@localhost's password: Connection closed by UNKNOWN When the packet_read_seqnr() calls get_remote_ipaddr(), a connection's socket is already closed and there's not been any other call of this function yet so canonical_host_ip from canohost.c is still NULL and the function returns "UNKNOWN". I think that it could be workarounded by calling get_remote_ipaddr() right after packet_set_connection(), e.g. using another debug message, or there could be set_remote_ipaddr() in canonhost.c for that.
Created attachment 2457 [details] add set_remote_ipaddr()
Created attachment 2611 [details] improve ECONNRESET error message On -current, just tweaking the error seems sufficient. $ ./ssh/obj/ssh -p 2222 127.0.0.1 djm@127.0.0.1's password: Connection reset by 127.0.0.1
Created attachment 2612 [details] improved diff; refactor to sshpkt_fatal I just noticed there is already sshpkt_fatal() for this purpose
patch applied - this will be in openssh-6.9
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1