[Bug 3855] sshd-auth sandbox limitations
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Sep 1 17:10:55 AEST 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3855
--- Comment #7 from Adrian Jarc <adrian.jarc at aviatnet.com> ---
(In reply to Damien Miller from comment #6)
> (In reply to Adrian Jarc from comment #5)
>
> > If WolfSSL changes how that works, their wolfCrypt module won't be
> > FIPS certified anymore, and that does not help. So this is not an
> > option.
>
> No, what I mean is asking if there are any existing WolfSSL API
> calls that can be made to prepare it for sandboxing.
>
> > As for 2. point, can we get some pointers as how we could do that?
>
> You'll need to identify the syscall that is failing. If you build
> OpenSSH with the SANDBOX_SECCOMP_FILTER_DEBUG define set in
> sandbox-seccomp-filter.c (don't use this in production) you'll get
> an error message including the syscall number.
I have enabled debug logging, and this is the debug log I get on server
where it fails:
"
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.29539
debug3: fd 8 is not O_NONBLOCK
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.29539
debug2: fd 9 setting O_NONBLOCK
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.29539
debug1: Forked child 5500.
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.5500
debug3: oom_adjust_restore
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.5500
debug1: Set /proc/self/oom_score_adj to 0
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.5500
debug1: rexec start in 8 out 8 newsock 8 config_s 9/10
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.29539
debug2: server_accept_loop: child 5500 for connection from <client-ip>
to <server-ip> received config
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: network sockets: 7, 7
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: server_process_channel_timeouts: setting 0
timeouts
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: channel_clear_timeouts: clearing
2025-09-01T09:00:58.519+00:00 Chassis1 auth.info WTM4800
sshd-session.5500 Connection from <client-ip> port 34166 on <server-ip>
port 22 rdomain ""
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: Local version string SSH-2.0-OpenSSH_10.0
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: Remote protocol version 2.0, remote software
version OpenSSH_9.6p1 Ubuntu-3ubuntu13.13
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: compat_banner: match: OpenSSH_9.6p1
Ubuntu-3ubuntu13.13 pat OpenSSH* compat 0x04000000
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: fd 7 setting O_NONBLOCK
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: Network child is on pid 5502
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: preauth child monitor started
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: mm_request_receive: entering
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: monitor_read: checking request 51
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: mm_answer_state: config len 3640
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: mm_request_send: entering, type 52
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: mm_answer_state: done
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: monitor_read: 51 used once, disabling now
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: server_process_channel_timeouts: setting 0
timeouts [preauth]
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: channel_clear_timeouts: clearing [preauth]
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: fd 5 is O_NONBLOCK [preauth]
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: ssh_sandbox_init: preparing seccomp filter
sandbox [preauth]
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: privsep user:group 997:996 [preauth]
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: permanently_set_uid: 997/996 [preauth]
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: ssh_sandbox_child_debugging: installing
SIGSYS handler [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: ssh_sandbox_child: setting
PR_SET_NO_NEW_PRIVS [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: ssh_sandbox_child: attaching seccomp filter
program [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: ssh_sandbox_child: prctl(PR_SET_SECCOMP):
Invalid argument [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: append_hostkey_type: ssh-rsa key not
permitted by HostkeyAlgorithms [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: list_hostkey_types:
rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256 [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: send packet: type 20 [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: SSH2_MSG_KEXINIT sent [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: receive packet: type 20 [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: SSH2_MSG_KEXINIT received [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: local server KEXINIT proposal [preauth]
2025-09-01T09:00:58.588+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: KEX algorithms:
diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,kex-strict-s-v00 at openssh.com
[preauth]
2025-09-01T09:00:58.588+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: host key algorithms:
rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256 [preauth]
2025-09-01T09:00:58.588+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: ciphers ctos:
aes128-ctr,aes128-gcm at openssh.com,aes256-ctr,aes256-gcm at openssh.com
[preauth]
2025-09-01T09:00:58.588+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: ciphers stoc:
aes128-ctr,aes128-gcm at openssh.com,aes256-ctr,aes256-gcm at openssh.com
[preauth]
2025-09-01T09:00:58.588+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512
[preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512
[preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: compression ctos: none,zlib at openssh.com
[preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: compression stoc: none,zlib at openssh.com
[preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: languages ctos: [preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: languages stoc: [preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: first_kex_follows 0 [preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: reserved 0 [preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: peer client KEXINIT proposal [preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: KEX algorithms:
sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00 at openssh.com
[preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: host key algorithms:
ssh-ed25519-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256
[preaut
2025-09-01T09:00:58.614+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: ciphers ctos:
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
[preauth]
2025-09-01T09:00:58.614+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: ciphers stoc:
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
[preauth]
2025-09-01T09:00:58.614+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: MACs ctos:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
2025-09-01T09:00:58.614+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: MACs stoc:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
2025-09-01T09:00:58.614+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: compression ctos: none,zlib at openssh.com,zlib
[preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: compression stoc: none,zlib at openssh.com,zlib
[preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: languages ctos: [preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: languages stoc: [preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: first_kex_follows 0 [preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: reserved 0 [preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: kex_choose_conf: will use strict KEX ordering
[preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: kex: algorithm: ecdh-sha2-nistp256 [preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: kex: host key algorithm: ecdsa-sha2-nistp256
[preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: kex: client->server cipher: aes128-ctr MAC:
hmac-sha2-256 compression: none [preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: kex: server->client cipher: aes128-ctr MAC:
hmac-sha2-256 compression: none [preauth]
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: receive packet: type 30 [preauth]
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
2025-09-01T09:00:58.635+00:00 Chassis1 auth.info WTM4800
sshd-session.5500 ssh_dispatch_run_fatal: Connection from <client-ip>
port 34166: error in libcrypto [preauth]
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: monitor_read_log: child log fd closed
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: mm_request_receive: entering
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: mm_request_receive: monitor fd closed
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: mm_reap: preauth child exited with status 255
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: do_cleanup
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: PAM: sshpam_thread_cleanup entering
2025-09-01T09:00:58.641+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: Killing privsep child 5502
2025-09-01T09:00:58.645+00:00 Chassis1 auth.debug WTM4800 sshd.29539
debug1: child_close: enter
2025-09-01T09:00:58.645+00:00 Chassis1 auth.debug WTM4800 sshd.29539
debug1: child_reap: preauth child 5500 for connection from <client-ip>
to <server-ip> exited with status 255
2025-09-01T09:00:58.645+00:00 Chassis1 auth.info WTM4800 sshd.29539
srclimit_penalise: ipv4: new <client-ip>/32 deferred penalty of 1
seconds for penalty: connections without attempting authentication
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.29539
debug3: fd 8 is not O_NONBLOCK
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.29539
debug2: fd 9 setting O_NONBLOCK
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.29539
debug1: Forked child 5500.
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.5500
debug3: oom_adjust_restore
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.5500
debug1: Set /proc/self/oom_score_adj to 0
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.5500
debug1: rexec start in 8 out 8 newsock 8 config_s 9/10
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800 sshd.29539
debug2: server_accept_loop: child 5500 for connection from <client-ip>
to <server-ip> received config
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: network sockets: 7, 7
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: server_process_channel_timeouts: setting 0
timeouts
2025-09-01T09:00:58.493+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: channel_clear_timeouts: clearing
2025-09-01T09:00:58.519+00:00 Chassis1 auth.info WTM4800
sshd-session.5500 Connection from <client-ip> port 34166 on <server-ip>
port 22 rdomain ""
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: Local version string SSH-2.0-OpenSSH_10.0
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: Remote protocol version 2.0, remote software
version OpenSSH_9.6p1 Ubuntu-3ubuntu13.13
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: compat_banner: match: OpenSSH_9.6p1
Ubuntu-3ubuntu13.13 pat OpenSSH* compat 0x04000000
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: fd 7 setting O_NONBLOCK
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: Network child is on pid 5502
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: preauth child monitor started
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: mm_request_receive: entering
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: monitor_read: checking request 51
2025-09-01T09:00:58.519+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: mm_answer_state: config len 3640
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: mm_request_send: entering, type 52
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: mm_answer_state: done
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: monitor_read: 51 used once, disabling now
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: server_process_channel_timeouts: setting 0
timeouts [preauth]
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: channel_clear_timeouts: clearing [preauth]
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: fd 5 is O_NONBLOCK [preauth]
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: ssh_sandbox_init: preparing seccomp filter
sandbox [preauth]
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: privsep user:group 997:996 [preauth]
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: permanently_set_uid: 997/996 [preauth]
2025-09-01T09:00:58.561+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: ssh_sandbox_child_debugging: installing
SIGSYS handler [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: ssh_sandbox_child: setting
PR_SET_NO_NEW_PRIVS [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: ssh_sandbox_child: attaching seccomp filter
program [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: ssh_sandbox_child: prctl(PR_SET_SECCOMP):
Invalid argument [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: append_hostkey_type: ssh-rsa key not
permitted by HostkeyAlgorithms [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: list_hostkey_types:
rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256 [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: send packet: type 20 [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: SSH2_MSG_KEXINIT sent [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: receive packet: type 20 [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: SSH2_MSG_KEXINIT received [preauth]
2025-09-01T09:00:58.565+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: local server KEXINIT proposal [preauth]
2025-09-01T09:00:58.588+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: KEX algorithms:
diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,kex-strict-s-v00 at openssh.com
[preauth]
2025-09-01T09:00:58.588+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: host key algorithms:
rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256 [preauth]
2025-09-01T09:00:58.588+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: ciphers ctos:
aes128-ctr,aes128-gcm at openssh.com,aes256-ctr,aes256-gcm at openssh.com
[preauth]
2025-09-01T09:00:58.588+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: ciphers stoc:
aes128-ctr,aes128-gcm at openssh.com,aes256-ctr,aes256-gcm at openssh.com
[preauth]
2025-09-01T09:00:58.588+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512
[preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512
[preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: compression ctos: none,zlib at openssh.com
[preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: compression stoc: none,zlib at openssh.com
[preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: languages ctos: [preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: languages stoc: [preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: first_kex_follows 0 [preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: reserved 0 [preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: peer client KEXINIT proposal [preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: KEX algorithms:
sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00 at openssh.com
[preauth]
2025-09-01T09:00:58.607+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: host key algorithms:
ssh-ed25519-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256
[preaut
2025-09-01T09:00:58.614+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: ciphers ctos:
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
[preauth]
2025-09-01T09:00:58.614+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: ciphers stoc:
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
[preauth]
2025-09-01T09:00:58.614+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: MACs ctos:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
2025-09-01T09:00:58.614+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: MACs stoc:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
2025-09-01T09:00:58.614+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: compression ctos: none,zlib at openssh.com,zlib
[preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: compression stoc: none,zlib at openssh.com,zlib
[preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: languages ctos: [preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: languages stoc: [preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: first_kex_follows 0 [preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug2: reserved 0 [preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: kex_choose_conf: will use strict KEX ordering
[preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: kex: algorithm: ecdh-sha2-nistp256 [preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: kex: host key algorithm: ecdsa-sha2-nistp256
[preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: kex: client->server cipher: aes128-ctr MAC:
hmac-sha2-256 compression: none [preauth]
2025-09-01T09:00:58.632+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: kex: server->client cipher: aes128-ctr MAC:
hmac-sha2-256 compression: none [preauth]
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: receive packet: type 30 [preauth]
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
2025-09-01T09:00:58.635+00:00 Chassis1 auth.info WTM4800
sshd-session.5500 ssh_dispatch_run_fatal: Connection from <client-ip>
port 34166: error in libcrypto [preauth]
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: monitor_read_log: child log fd closed
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: mm_request_receive: entering
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: mm_request_receive: monitor fd closed
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: mm_reap: preauth child exited with status 255
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: do_cleanup
2025-09-01T09:00:58.635+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug3: PAM: sshpam_thread_cleanup entering
2025-09-01T09:00:58.641+00:00 Chassis1 auth.debug WTM4800
sshd-session.5500 debug1: Killing privsep child 5502
2025-09-01T09:00:58.645+00:00 Chassis1 auth.debug WTM4800 sshd.29539
debug1: child_close: enter
2025-09-01T09:00:58.645+00:00 Chassis1 auth.debug WTM4800 sshd.29539
debug1: child_reap: preauth child 5500 for connection from <client-ip>
to <server-ip> exited with status 255
2025-09-01T09:00:58.645+00:00 Chassis1 auth.info WTM4800 sshd.29539
srclimit_penalise: ipv4: new <client-ip>/32 deferred penalty of 1
seconds for penalty: connections without attempting authentication
"
Also, I can tell you that wolfSSL fails in lines:
https://github.com/wolfSSL/wolfssl/blob/v5.6.4-stable/wolfcrypt/src/random.c#L3690-L3695
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list