Call for testing: OpenSSH 8.9

Nicolai nicolai-openssh at chocolatine.org
Fri Feb 18 08:03:24 AEDT 2022


On Thu, Feb 17, 2022 at 04:24:45PM +1100, Darren Tucker wrote:

> The logs in regress/failed-ssh.log and regress/failed-sshd.log should
> provide some insight about what failed.

Hope this helps, and quick reminder, this is Alpine Linux 3.15.0 x86_64,
gcc version 10.3.1 20211027 (Alpine 10.3.1_git20211027).  I'm not
normally a Linux user and only installed Alpine for the first time a
week ago, so I feel kind of lost on this machine.  Sorry I can't be more
informative or helpful.


$ cat failed-ssh.log
trace: direct connect
Executing: /home/codetest/openssh/ssh -F /home/codetest/openssh/regress/ssh_config somehost true
debug3: ssh_connect_direct: entering
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 4242.
debug3: set_sock_tos: set socket 4 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /home/codetest/openssh/regress/ssh-ed25519 type 3
debug1: identity file /home/codetest/openssh/regress/ssh-ed25519-cert type -1
debug1: identity file /home/codetest/openssh/regress/sk-ssh-ed25519 at openssh.com type 12
debug1: identity file /home/codetest/openssh/regress/sk-ssh-ed25519 at openssh.com-cert type -1
debug1: identity file /home/codetest/openssh/regress/ssh-rsa type 0
debug1: identity file /home/codetest/openssh/regress/ssh-rsa-cert type -1
debug1: identity file /home/codetest/openssh/regress/ssh-dss type 1
debug1: identity file /home/codetest/openssh/regress/ssh-dss-cert type -1
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp256 type 2
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp256-cert type -1
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp384 type 2
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp384-cert type -1
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp521 type 2
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp521-cert type -1
debug1: identity file /home/codetest/openssh/regress/sk-ecdsa-sha2-nistp256 at openssh.com type 10
debug1: identity file /home/codetest/openssh/regress/sk-ecdsa-sha2-nistp256 at openssh.com-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:4242 as 'codetest'
debug1: using hostkeyalias: localhost-with-alias
debug3: record_hostkey: found key type ED25519 in file /home/codetest/openssh/regress/known_hosts:1
debug3: record_hostkey: found key type ED25519-SK in file /home/codetest/openssh/regress/known_hosts:2
debug3: record_hostkey: found key type RSA in file /home/codetest/openssh/regress/known_hosts:3
debug3: record_hostkey: found key type DSA in file /home/codetest/openssh/regress/known_hosts:4
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:6
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:7
debug3: record_hostkey: found key type ECDSA-SK in file /home/codetest/openssh/regress/known_hosts:8
debug3: load_hostkeys_file: loaded 8 keys from localhost-with-alias
debug3: record_hostkey: found key type ED25519 in file /home/codetest/openssh/regress/known_hosts:1
debug3: record_hostkey: found key type ED25519-SK in file /home/codetest/openssh/regress/known_hosts:2
debug3: record_hostkey: found key type RSA in file /home/codetest/openssh/regress/known_hosts:3
debug3: record_hostkey: found key type DSA in file /home/codetest/openssh/regress/known_hosts:4
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:6
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:7
debug3: record_hostkey: found key type ECDSA-SK in file /home/codetest/openssh/regress/known_hosts:8
debug3: load_hostkeys_file: loaded 8 keys from localhost-with-alias
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01 at openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512 at openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com,zlib
debug2: compression stoc: none,zlib at openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512 at openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: ssh-ed25519,sk-ssh-ed25519 at openssh.com,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 at openssh.com
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com
debug2: compression stoc: none,zlib at openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 4242: Broken pipe
FAIL: ssh direct connect failed

trace: proxy connect
Executing: /home/codetest/openssh/ssh -F /home/codetest/openssh/regress/ssh_config -o proxycommand /home/codetest/openssh/regress/netcat %h %p somehost true
debug1: Executing proxy command: exec /home/codetest/openssh/regress/netcat 127.0.0.1 4242
debug1: identity file /home/codetest/openssh/regress/ssh-ed25519 type 3
debug1: identity file /home/codetest/openssh/regress/ssh-ed25519-cert type -1
debug1: identity file /home/codetest/openssh/regress/sk-ssh-ed25519 at openssh.com type 12
debug1: identity file /home/codetest/openssh/regress/sk-ssh-ed25519 at openssh.com-cert type -1
debug1: identity file /home/codetest/openssh/regress/ssh-rsa type 0
debug1: identity file /home/codetest/openssh/regress/ssh-rsa-cert type -1
debug1: identity file /home/codetest/openssh/regress/ssh-dss type 1
debug1: identity file /home/codetest/openssh/regress/ssh-dss-cert type -1
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp256 type 2
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp256-cert type -1
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp384 type 2
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp384-cert type -1
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp521 type 2
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp521-cert type -1
debug1: identity file /home/codetest/openssh/regress/sk-ecdsa-sha2-nistp256 at openssh.com type 10
debug1: identity file /home/codetest/openssh/regress/sk-ecdsa-sha2-nistp256 at openssh.com-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000
debug2: fd 6 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:4242 as 'codetest'
debug1: using hostkeyalias: localhost-with-alias
debug3: record_hostkey: found key type ED25519 in file /home/codetest/openssh/regress/known_hosts:1
debug3: record_hostkey: found key type ED25519-SK in file /home/codetest/openssh/regress/known_hosts:2
debug3: record_hostkey: found key type RSA in file /home/codetest/openssh/regress/known_hosts:3
debug3: record_hostkey: found key type DSA in file /home/codetest/openssh/regress/known_hosts:4
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:6
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:7
debug3: record_hostkey: found key type ECDSA-SK in file /home/codetest/openssh/regress/known_hosts:8
debug3: load_hostkeys_file: loaded 8 keys from localhost-with-alias
debug3: record_hostkey: found key type ED25519 in file /home/codetest/openssh/regress/known_hosts:1
debug3: record_hostkey: found key type ED25519-SK in file /home/codetest/openssh/regress/known_hosts:2
debug3: record_hostkey: found key type RSA in file /home/codetest/openssh/regress/known_hosts:3
debug3: record_hostkey: found key type DSA in file /home/codetest/openssh/regress/known_hosts:4
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:6
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:7
debug3: record_hostkey: found key type ECDSA-SK in file /home/codetest/openssh/regress/known_hosts:8
debug3: load_hostkeys_file: loaded 8 keys from localhost-with-alias
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed25519-cert-v01 at openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512 at openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com,zlib
debug2: compression stoc: none,zlib at openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512 at openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: ssh-ed25519,sk-ssh-ed25519 at openssh.com,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 at openssh.com
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com
debug2: compression stoc: none,zlib at openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
ssh_dispatch_run_fatal: Connection to UNKNOWN port 65535: Broken pipe
FAIL: ssh proxycommand connect failed



$ cat failed-sshd.log
trace: direct connect
debug3: fd 5 is not O_NONBLOCK
debug1: Forked child 13356.
debug3: send_rexec_state: entering fd = 8 config len 945
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug3: oom_adjust_restore
debug1: Set /proc/self/oom_score_adj to 0
debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
debug1: inetd sockets after dupping: 4, 4
Connection from 127.0.0.1 port 46506 on 127.0.0.1 port 4242
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing rlimit sandbox
debug2: Network child is on pid 13357
debug3: preauth child monitor started
debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
debug3: append_hostkey_type: ssh-dss key not permitted by HostkeyAlgorithms [preauth]
debug1: list_hostkey_types: ssh-ed25519,sk-ssh-ed25519 at openssh.com,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 at openssh.com [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
ssh_dispatch_run_fatal: Connection from 127.0.0.1 port 46506: Invalid argument [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive: entering
debug1: do_cleanup
debug1: Killing privsep child 13357
FAIL: ssh direct connect failed

trace: proxy connect
debug3: fd 5 is not O_NONBLOCK
debug1: Forked child 13366.
debug3: send_rexec_state: entering fd = 8 config len 945
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug3: oom_adjust_restore
debug1: Set /proc/self/oom_score_adj to 0
debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
debug1: inetd sockets after dupping: 4, 4
Connection from 127.0.0.1 port 46508 on 127.0.0.1 port 4242
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing rlimit sandbox
debug2: Network child is on pid 13367
debug3: preauth child monitor started
debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
debug3: append_hostkey_type: ssh-dss key not permitted by HostkeyAlgorithms [preauth]
debug1: list_hostkey_types: ssh-ed25519,sk-ssh-ed25519 at openssh.com,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 at openssh.com [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
ssh_dispatch_run_fatal: Connection from 127.0.0.1 port 46508: Invalid argument [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive: entering
debug1: do_cleanup
debug1: Killing privsep child 13367
FAIL: ssh proxycommand connect failed



More information about the openssh-unix-dev mailing list