[Bug 3469] New: SSH from host is not getting connected to Beaglebone black board having openssh 9.0p1

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Aug 10 18:56:53 AEST 2022 

https://bugzilla.mindrot.org/show_bug.cgi?id=3469

            Bug ID: 3469
           Summary: SSH from host is not getting connected to Beaglebone
                    black board having openssh 9.0p1
           Product: Portable OpenSSH
           Version: v9.0p1
          Hardware: ARM
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: raviharavina at eaton.com

Need your help in addressing one of critical issue related to ssh
 connection from HOST. 

success Scenario 1: 
   With Toolchain having Glibc 2.33, Binutils 2.37 and appliation
Openssh 8.8p1 built the image for Beaglebone black (ARM) board. Able to
perform SSH to the device from HOST.

Failure Scenario 2:
   With Toolchain having Glibc 2.36, Binutils 2.38 and appliation
Openssh 8.8p1 built the image for BBB (ARM board). Not able to perform
the SSH to device (BBB) from HOST. 
Below are the logs from HOST and BBB.

===============================
Debug Logs - ssh from HOST (Centos 7 VMWare) to BBB (192.168.200.101).
===============================

[eaton at localhost ~]$ ssh -v admin at 192.168.200.101
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to 192.168.200.101 [192.168.200.101] port 22.
debug1: Connection established.
debug1: identity file /home/eaton/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/eaton/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/eaton/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/eaton/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/eaton/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/eaton/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/eaton/.ssh/id_ed25519 type 4
debug1: key_load_public: No such file or directory
debug1: identity file /home/eaton/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version
OpenSSH_8.8
debug1: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.200.101:22 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: aes128-ctr MAC:
umac-128-etm at openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC:
umac-128-etm at openssh.com compression: none
debug1: kex: curve25519-sha256 need=16 dh_need=16
debug1: kex: curve25519-sha256 need=16 dh_need=16
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 192.168.200.101 port 22


===============================
Debug logs at BBB side - 
===============================

debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 3292
debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 3292
debug3: /etc/ssh/sshd_config:12 setting Protocol 2
debug2: /etc/ssh/sshd_config line 12: Deprecated option Protocol
debug3: /etc/ssh/sshd_config:18 setting HostKey
/etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:19 setting HostKey
/etc/ssh/ssh_host_dsa_key
debug3: /etc/ssh/sshd_config:32 setting PermitRootLogin no
debug3: /etc/ssh/sshd_config:33 setting AllowGroups sshusers
debug3: /etc/ssh/sshd_config:35 setting MaxAuthTries 6
debug3: /etc/ssh/sshd_config:42 setting KexAlgorithms
curve25519-sha256,curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256
debug3: kex names ok:
[curve25519-sha256,curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256]
debug3: /etc/ssh/sshd_config:43 setting Ciphers
aes256-ctr,aes192-ctr,aes128-ctr
debug3: /etc/ssh/sshd_config:44 setting MACs
hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128 at openssh.com
debug3: /etc/ssh/sshd_config:82 setting UsePAM yes
debug3: /etc/ssh/sshd_config:97 setting ClientAliveInterval 900
debug3: /etc/ssh/sshd_config:98 setting ClientAliveCountMax 0
debug3: /etc/ssh/sshd_config:99 setting UseDNS no
debug3: /etc/ssh/sshd_config:108 setting Subsystem sftp
/libexec/sftp-server
debug1: sshd version OpenSSH_8.8, OpenSSL 1.1.1o  3 May 2022
debug1: private host key #0: ssh-rsa
SHA256:oeY2TPdubQnAxUhXloV65tmB8v2gDMg1lDxLpaghe+4
debug1: private host key #1: ssh-dss
SHA256:LTk/c4rfaxHzfTinsiAgfNRnIrvb91DvAeR7Byw6BBA
debug1: rexec_argv[0]='/sbin/sshd'
debug1: rexec_argv[1]='-f'
debug1: rexec_argv[2]='/etc/ssh/sshd_config'
debug1: rexec_argv[3]='-ddd'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 3292
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config_depth: config rexec len 3292
debug3: rexec:12 setting Protocol 2
debug2: rexec line 12: Deprecated option Protocol
debug3: rexec:18 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:19 setting HostKey /etc/ssh/ssh_host_dsa_key
debug3: rexec:32 setting PermitRootLogin no
debug3: rexec:33 setting AllowGroups sshusers
debug3: rexec:35 setting MaxAuthTries 6
debug3: rexec:42 setting KexAlgorithms
curve25519-sha256,curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256
debug3: kex names ok:
[curve25519-sha256,curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256]
debug3: rexec:43 setting Ciphers aes256-ctr,aes192-ctr,aes128-ctr
debug3: rexec:44 setting MACs
hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128 at openssh.com
debug3: rexec:82 setting UsePAM yes
debug3: rexec:97 setting ClientAliveInterval 900
debug3: rexec:98 setting ClientAliveCountMax 0
debug3: rexec:99 setting UseDNS no
debug3: rexec:108 setting Subsystem sftp        /libexec/sftp-server
debug1: sshd version OpenSSH_8.8, OpenSSL 1.1.1o  3 May 2022
debug1: private host key #0: ssh-rsa
SHA256:oeY2TPdubQnAxUhXloV65tmB8v2gDMg1lDxLpaghe+4
debug1: private host key #1: ssh-dss
SHA256:LTk/c4rfaxHzfTinsiAgfNRnIrvb91DvAeR7Byw6BBA
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.200.1 port 54664 on 192.168.200.101 port 22
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version
OpenSSH_7.4
debug1: compat_banner: match: OpenSSH_7.4 pat OpenSSH_7.4* compat
0x04000006
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 3762
debug3: preauth child monitor started
debug3: privsep user:group 98:98 [preauth]
debug1: permanently_set_uid: 98/98 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug3: append_hostkey_type: ssh-rsa key not permitted by
HostkeyAlgorithms [preauth]
debug3: append_hostkey_type: ssh-dss key not permitted by
HostkeyAlgorithms [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms:
curve25519-sha256,curve25519-sha256 at libssh.org,diffie-hellman-group-exchange-sha256
[preauth]
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256 [preauth]
debug2: ciphers ctos: aes256-ctr,aes192-ctr,aes128-ctr [preauth]
debug2: ciphers stoc: aes256-ctr,aes192-ctr,aes128-ctr [preauth]
debug2: MACs ctos:
hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128 at openssh.com
[preauth]
debug2: MACs stoc:
hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128 at openssh.com
[preauth]
debug2: compression ctos: none,zlib at openssh.com [preauth]
debug2: compression stoc: none,zlib at openssh.com [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms:
curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
[preauth]
debug2: host key algorithms:
ssh-rsa-cert-v01 at openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
[preauth]
debug2: ciphers ctos:
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
[preauth]
debug2: ciphers stoc:
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
[preauth]
debug2: MACs ctos:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
debug2: MACs stoc:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
debug2: compression ctos: none,zlib at openssh.com,zlib [preauth]
debug2: compression stoc: none,zlib at openssh.com,zlib [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: rsa-sha2-512 [preauth]
debug1: kex: client->server cipher: aes128-ctr MAC:
umac-128-etm at openssh.com compression: none [preauth]
debug1: kex: server->client cipher: aes128-ctr MAC:
umac-128-etm at openssh.com compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: receive packet: type 30 [preauth]
debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
debug3: mm_sshkey_sign: entering [preauth]
debug3: mm_request_send: entering, type 6 [preauth]
debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect: entering, type 7 [preauth]
debug3: mm_request_receive: entering [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign: entering
debug3: mm_answer_sign: rsa-sha2-512 KEX signature len=276
debug3: mm_request_send: entering, type 7
debug2: monitor_read: 6 used once, disabling now
debug3: send packet: type 31 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey out after 4294967296 blocks [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive: entering
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 3762


===============================
Openssh Version details at BBB
===============================
Debug logs at BBB side - Openssh version
/tmp $ ssh -v localhost
OpenSSH_8.8p1, OpenSSL 1.1.1o  3 May 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 45: Deprecated option "useroaming"
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve;
disabling
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host localhost port 22: Connection refused

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list