Subsystem sftp invoked even though forced command created

MCMANUS, MICHAEL P mm1072 at att.com
Tue Jul 4 05:32:14 AEST 2023


OK, I have obtained debug logs. The first one is from running the client; the second one is from WinSCP. The client has multiple keys embedded so the client selected an ECDSA key in place of the RSA key. However, the pen tester used the RSA key to demonstrate the issue so that is what was exported for the use of WinSCP.

Mike McManus
Principal – Technology Security
GTO Security Governance Team - Unix
P: He/Him/His

AT&T Services, Inc.
20205 North Creek Pkwy, Bothell, WA 98011
michael.mcmanus at att.com  

-----Original Message-----
From: Brian Candler <b.candler at pobox.com> 
Sent: Friday, June 30, 2023 2:21 AM
To: MCMANUS, MICHAEL P <mm1072 at att.com>
Cc: openssh-unix-dev at mindrot.org
Subject: Re: Subsystem sftp invoked even though forced command created

On 30/06/2023 09:56, Damien Miller wrote:
> It's very hard to figure out what is happening here without a debug log.
>
> You can get one by stopping the listening sshd and running it manually
> in debug mode, e.g. "/usr/sbin/sshd -ddd"

Or starting one in debug mode on a different port, e.g. "-p99 -ddd"

-------------- next part --------------
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 1228
debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 1228
debug3: /etc/ssh/sshd_config:22 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:24 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: /etc/ssh/sshd_config:40 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:46 setting PermitRootLogin no
debug3: /etc/ssh/sshd_config:48 setting MaxAuthTries 6
debug3: /etc/ssh/sshd_config:55 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:73 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:77 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:87 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:88 setting GSSAPICleanupCredentials no
debug3: /etc/ssh/sshd_config:104 setting UsePAM yes
debug3: /etc/ssh/sshd_config:109 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:116 setting PrintMotd no
debug3: /etc/ssh/sshd_config:134 setting Banner /etc/issue.net
debug3: /etc/ssh/sshd_config:137 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:138 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:139 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:140 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:143 setting Subsystem sftp	/usr/libexec/openssh/sftp-server
debug3: /etc/ssh/sshd_config:151 setting Ciphers chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug3: /etc/ssh/sshd_config:152 setting MACs hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha2-512
debug3: /etc/ssh/sshd_config:153 setting kexalgorithms curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug3: kex names ok: [curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256]
debug1: sshd version OpenSSH_8.0, OpenSSL 1.1.1k  FIPS 25 Mar 2021
debug1: private host key #0: ssh-rsa SHA256:R0PLSvzUNaecllMDQafSNA3hcq+5JJCVERBNkEJp20Q
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:n+AxJCHUjTK8jzGKH1k4qWWOIQeJEd/q0/Hs9ty5+jw
debug1: private host key #2: ssh-ed25519 SHA256:Otq5//GgVS5tqMWe2klWNgAIzdT38Zt7qpdX/ZpWfYc
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-p99'
debug1: rexec_argv[2]='-ddd'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 5 setting O_NONBLOCK
debug1: Bind to port 99 on 0.0.0.0.
Server listening on 0.0.0.0 port 99.
debug2: fd 7 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 7 IPV6_V6ONLY
debug1: Bind to port 99 on ::.
Server listening on :: port 99.
debug3: fd 8 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 11 config len 1228
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 8 out 8 newsock 8 pipe -1 sock 11
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config_depth: config rexec len 1228
debug3: rexec:22 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: rexec:24 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: rexec:40 setting SyslogFacility AUTHPRIV
debug3: rexec:46 setting PermitRootLogin no
debug3: rexec:48 setting MaxAuthTries 6
debug3: rexec:55 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: rexec:73 setting PasswordAuthentication yes
debug3: rexec:77 setting ChallengeResponseAuthentication no
debug3: rexec:87 setting GSSAPIAuthentication yes
debug3: rexec:88 setting GSSAPICleanupCredentials no
debug3: rexec:104 setting UsePAM yes
debug3: rexec:109 setting X11Forwarding yes
debug3: rexec:116 setting PrintMotd no
debug3: rexec:134 setting Banner /etc/issue.net
debug3: rexec:137 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: rexec:138 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: rexec:139 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: rexec:140 setting AcceptEnv XMODIFIERS
debug3: rexec:143 setting Subsystem sftp	/usr/libexec/openssh/sftp-server
debug3: rexec:151 setting Ciphers chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug3: rexec:152 setting MACs hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha2-512
debug3: rexec:153 setting kexalgorithms curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug3: kex names ok: [curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256]
debug1: sshd version OpenSSH_8.0, OpenSSL 1.1.1k  FIPS 25 Mar 2021
debug1: private host key #0: ssh-rsa SHA256:R0PLSvzUNaecllMDQafSNA3hcq+5JJCVERBNkEJp20Q
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:n+AxJCHUjTK8jzGKH1k4qWWOIQeJEd/q0/Hs9ty5+jw
debug1: private host key #2: ssh-ed25519 SHA256:Otq5//GgVS5tqMWe2klWNgAIzdT38Zt7qpdX/ZpWfYc
debug1: inetd sockets after dupping: 4, 4
Connection from 135.165.245.53 port 36556 on 135.50.115.58 port 99
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.7
debug1: match: OpenSSH_8.7 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 3747295
debug3: preauth child monitor started
debug1: SELinux support disabled [preauth]
debug3: privsep user:group 74:74 [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com [preauth]
debug2: MACs ctos: hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
debug2: MACs stoc: hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
debug2: compression ctos: none,zlib at openssh.com [preauth]
debug2: compression stoc: none,zlib at openssh.com [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,ext-info-c [preauth]
debug2: host key algorithms: ssh-ed25519-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
debug2: ciphers ctos: aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes256-ctr,aes128-gcm at openssh.com,aes128-ctr [preauth]
debug2: ciphers stoc: aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes256-ctr,aes128-gcm at openssh.com,aes128-ctr [preauth]
debug2: MACs ctos: hmac-sha2-256-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha1,umac-128 at openssh.com,hmac-sha2-512 [preauth]
debug2: MACs stoc: hmac-sha2-256-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha1,umac-128 at openssh.com,hmac-sha2-512 [preauth]
debug2: compression ctos: none,zlib at openssh.com,zlib [preauth]
debug2: compression stoc: none,zlib at openssh.com,zlib [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ssh-ed25519 [preauth]
debug1: kex: client->server cipher: aes256-gcm at openssh.com MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: aes256-gcm at openssh.com MAC: <implicit> compression: none [preauth]
debug1: kex: curve25519-sha256 need=32 dh_need=32 [preauth]
debug3: mm_request_send entering: type 120 [preauth]
debug3: mm_request_receive_expect entering: type 121 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 120
debug3: mm_request_send entering: type 121
debug1: kex: curve25519-sha256 need=32 dh_need=32 [preauth]
debug3: mm_request_send entering: type 120 [preauth]
debug3: mm_request_receive_expect entering: type 121 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 120
debug3: mm_request_send entering: type 121
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: receive packet: type 30 [preauth]
debug3: mm_sshkey_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: hostkey proof signature 0x560af71d8450(83)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: send packet: type 31 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey out after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: send packet: type 7 [preauth]
debug3: receive packet: type 21 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: rekey in after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug3: receive packet: type 5 [preauth]
debug3: send packet: type 6 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user m61586 service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug2: parse_server_config_depth: config reprocess config len 1228
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug2: input_userauth_request: setting up authctxt for m61586 [preauth]
debug3: mm_start_pam entering [preauth]
debug3: mm_request_send entering: type 100 [preauth]
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug3: mm_inform_authrole entering [preauth]
debug3: mm_request_send entering: type 80 [preauth]
debug3: mm_auth2_read_banner entering [preauth]
debug3: mm_request_send entering: type 10 [preauth]
debug3: mm_request_receive_expect entering: type 11 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 100
debug1: PAM: initializing for "m61586"
debug1: PAM: setting PAM_RHOST to "135.165.245.53"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 100 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 80
debug3: mm_answer_authrole: role=
debug2: monitor_read: 80 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 10
debug3: mm_request_send entering: type 11
debug2: monitor_read: 10 used once, disabling now
debug3: send packet: type 53 [preauth]
debug1: userauth_send_banner: sent [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 7.331ms, delaying 0.795ms (requested 8.126ms) [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password" [preauth]
debug3: send packet: type 51 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user m61586 service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug2: userauth_pubkey: valid user m61586 querying public key ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBCITSNvKpVRcRvfBPaB5/uS6oIM0/QBNOcX87rEbgCFAkhFV3QMm8Sy/Yvol63Ini7KO+AzR/XQhZn+9wa7i7WYiGl/6o7cRYB6VfnxB6ujskWgRpJnvWpYq7LmMRTR7pQ== [preauth]
debug1: userauth_pubkey: test pkalg ecdsa-sha2-nistp384 pkblob ECDSA SHA256:Bj9HCFXIvtvYC0uJPVZxqjBAKtPVkDcELaUa9X2llOY [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x560af71de900
debug1: temporarily_use_uid: 35250/1419 (e=0/0)
debug1: trying public key file /home/m61586/.ssh/authorized_keys
debug1: fd 10 clearing O_NONBLOCK
debug2: /home/m61586/.ssh/authorized_keys:4: check options: 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVmgfiFB5Y6sHOuvNvOU+rM5semFVRq9EVpHcdrWCpJ4AtFXCQYwh5/7V3m+VI28ERET7itbpCsLjX3Q8n2B8EWjRqmSkxxa2ldh+4XblhRQjM3OuPjn9fJOSGnlqT96QIerImMWI7JMX/dVfyp59yAyrd6QyUI2fu291QfOA5s= 
'
debug2: /home/m61586/.ssh/authorized_keys:4: advance: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVmgfiFB5Y6sHOuvNvOU+rM5semFVRq9EVpHcdrWCpJ4AtFXCQYwh5/7V3m+VI28ERET7itbpCsLjX3Q8n2B8EWjRqmSkxxa2ldh+4XblhRQjM3OuPjn9fJOSGnlqT96QIerImMWI7JMX/dVfyp59yAyrd6QyUI2fu291QfOA5s= 
'
debug2: /home/m61586/.ssh/authorized_keys:6: check options: 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0ZKVQ88fjC9wb9HPzwXEKZKvD5uIAwQZjEnMvI1fgXwAkbIxcrc2kwDaQD4crkuSfNJTYH9c/0w9BNAhG7UlfCtkrMctGeWiUPtYu8IV7g8FeiSlk+HHFZa3Id+EtVtOaYSZRbJiVDdgMuXUwGVHsMiR0avtC4e9vinjg06AVhZg5xv0BpOJ+zjcF8rIZPLE573n7dXBCBCbIMlMo752DJff83WEuLehy+O9ydbySBJWZWt3uIId3OJiQ0UCgKEyk29fTduvfUBSI8UzyxnzEDmi8T/v6HQ1FCIwR0XuswmN8uAtRWZK3rs09oGYoDvHH5xBRWXgg9P2YQw7Kjfx/nGvY80enBzYQg8wPju7whqBgOFAb1GxR997/QI0KBawnOofjvL0cdCoMBuoZSJJpfrLUpijPfBdsjypaZZQV1UP9a49yiovzSm5hgVTZ+6N5b+7y3aP3hsu7Myh+BdbU2pzB3sBQuPqoyAkyXWFqlLXLohwbZsJeq4jIkLlHP8jKzTzgl/6Y/laa45xjAqG6up04kVhfeDkolJzEVnxxI/BGuXofEXfcBIJMsrVuNVV/3JQfqZ1/Zp1i1YlSXIKjtF3T2bpu5vDvpCYuPPmQuZUSJbXGSvLEsSUDvGaD+e8xSE9kgWN2xpNQBNDfAw8+VNPnwid1NQvWMmVh3W9Q8Q== sact_xml
'
debug2: /home/m61586/.ssh/authorized_keys:6: advance: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0ZKVQ88fjC9wb9HPzwXEKZKvD5uIAwQZjEnMvI1fgXwAkbIxcrc2kwDaQD4crkuSfNJTYH9c/0w9BNAhG7UlfCtkrMctGeWiUPtYu8IV7g8FeiSlk+HHFZa3Id+EtVtOaYSZRbJiVDdgMuXUwGVHsMiR0avtC4e9vinjg06AVhZg5xv0BpOJ+zjcF8rIZPLE573n7dXBCBCbIMlMo752DJff83WEuLehy+O9ydbySBJWZWt3uIId3OJiQ0UCgKEyk29fTduvfUBSI8UzyxnzEDmi8T/v6HQ1FCIwR0XuswmN8uAtRWZK3rs09oGYoDvHH5xBRWXgg9P2YQw7Kjfx/nGvY80enBzYQg8wPju7whqBgOFAb1GxR997/QI0KBawnOofjvL0cdCoMBuoZSJJpfrLUpijPfBdsjypaZZQV1UP9a49yiovzSm5hgVTZ+6N5b+7y3aP3hsu7Myh+BdbU2pzB3sBQuPqoyAkyXWFqlLXLohwbZsJeq4jIkLlHP8jKzTzgl/6Y/laa45xjAqG6up04kVhfeDkolJzEVnxxI/BGuXofEXfcBIJMsrVuNVV/3JQfqZ1/Zp1i1YlSXIKjtF3T2bpu5vDvpCYuPPmQuZUSJbXGSvLEsSUDvGaD+e8xSE9kgWN2xpNQBNDfAw8+VNPnwid1NQvWMmVh3W9Q8Q== sact_xml
'
debug2: /home/m61586/.ssh/authorized_keys:8: check options: 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh" ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBCITSNvKpVRcRvfBPaB5/uS6oIM0/QBNOcX87rEbgCFAkhFV3QMm8Sy/Yvol63Ini7KO+AzR/XQhZn+9wa7i7WYiGl/6o7cRYB6VfnxB6ujskWgRpJnvWpYq7LmMRTR7pQ== m61586 at zldy39590
'
debug1: /home/m61586/.ssh/authorized_keys:8: matching key found: ECDSA SHA256:Bj9HCFXIvtvYC0uJPVZxqjBAKtPVkDcELaUa9X2llOY
debug1: /home/m61586/.ssh/authorized_keys:8: key options: command user-rc
debug1: /home/m61586/.ssh/authorized_keys:8: forced command: "/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh"
Accepted key ECDSA SHA256:Bj9HCFXIvtvYC0uJPVZxqjBAKtPVkDcELaUa9X2llOY found at /home/m61586/.ssh/authorized_keys:8
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: publickey authentication test: ECDSA key is allowed
debug3: mm_request_send entering: type 23
debug3: send packet: type 60 [preauth]
debug2: userauth_pubkey: authenticated 0 pkalg ecdsa-sha2-nistp384 [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 8.566ms, delaying 7.686ms (requested 8.126ms) [preauth]
Postponed publickey for m61586 from 135.165.245.53 port 36556 ssh2 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user m61586 service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug2: userauth_pubkey: valid user m61586 attempting public key ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBCITSNvKpVRcRvfBPaB5/uS6oIM0/QBNOcX87rEbgCFAkhFV3QMm8Sy/Yvol63Ini7KO+AzR/XQhZn+9wa7i7WYiGl/6o7cRYB6VfnxB6ujskWgRpJnvWpYq7LmMRTR7pQ== [preauth]
debug3: userauth_pubkey: have ecdsa-sha2-nistp384 signature for ECDSA SHA256:Bj9HCFXIvtvYC0uJPVZxqjBAKtPVkDcELaUa9X2llOY [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x560af71ec420
debug1: temporarily_use_uid: 35250/1419 (e=0/0)
debug1: trying public key file /home/m61586/.ssh/authorized_keys
debug1: fd 10 clearing O_NONBLOCK
debug2: /home/m61586/.ssh/authorized_keys:4: check options: 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVmgfiFB5Y6sHOuvNvOU+rM5semFVRq9EVpHcdrWCpJ4AtFXCQYwh5/7V3m+VI28ERET7itbpCsLjX3Q8n2B8EWjRqmSkxxa2ldh+4XblhRQjM3OuPjn9fJOSGnlqT96QIerImMWI7JMX/dVfyp59yAyrd6QyUI2fu291QfOA5s= 
'
debug2: /home/m61586/.ssh/authorized_keys:4: advance: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVmgfiFB5Y6sHOuvNvOU+rM5semFVRq9EVpHcdrWCpJ4AtFXCQYwh5/7V3m+VI28ERET7itbpCsLjX3Q8n2B8EWjRqmSkxxa2ldh+4XblhRQjM3OuPjn9fJOSGnlqT96QIerImMWI7JMX/dVfyp59yAyrd6QyUI2fu291QfOA5s= 
'
debug2: /home/m61586/.ssh/authorized_keys:6: check options: 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0ZKVQ88fjC9wb9HPzwXEKZKvD5uIAwQZjEnMvI1fgXwAkbIxcrc2kwDaQD4crkuSfNJTYH9c/0w9BNAhG7UlfCtkrMctGeWiUPtYu8IV7g8FeiSlk+HHFZa3Id+EtVtOaYSZRbJiVDdgMuXUwGVHsMiR0avtC4e9vinjg06AVhZg5xv0BpOJ+zjcF8rIZPLE573n7dXBCBCbIMlMo752DJff83WEuLehy+O9ydbySBJWZWt3uIId3OJiQ0UCgKEyk29fTduvfUBSI8UzyxnzEDmi8T/v6HQ1FCIwR0XuswmN8uAtRWZK3rs09oGYoDvHH5xBRWXgg9P2YQw7Kjfx/nGvY80enBzYQg8wPju7whqBgOFAb1GxR997/QI0KBawnOofjvL0cdCoMBuoZSJJpfrLUpijPfBdsjypaZZQV1UP9a49yiovzSm5hgVTZ+6N5b+7y3aP3hsu7Myh+BdbU2pzB3sBQuPqoyAkyXWFqlLXLohwbZsJeq4jIkLlHP8jKzTzgl/6Y/laa45xjAqG6up04kVhfeDkolJzEVnxxI/BGuXofEXfcBIJMsrVuNVV/3JQfqZ1/Zp1i1YlSXIKjtF3T2bpu5vDvpCYuPPmQuZUSJbXGSvLEsSUDvGaD+e8xSE9kgWN2xpNQBNDfAw8+VNPnwid1NQvWMmVh3W9Q8Q== sact_xml
'
debug2: /home/m61586/.ssh/authorized_keys:6: advance: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0ZKVQ88fjC9wb9HPzwXEKZKvD5uIAwQZjEnMvI1fgXwAkbIxcrc2kwDaQD4crkuSfNJTYH9c/0w9BNAhG7UlfCtkrMctGeWiUPtYu8IV7g8FeiSlk+HHFZa3Id+EtVtOaYSZRbJiVDdgMuXUwGVHsMiR0avtC4e9vinjg06AVhZg5xv0BpOJ+zjcF8rIZPLE573n7dXBCBCbIMlMo752DJff83WEuLehy+O9ydbySBJWZWt3uIId3OJiQ0UCgKEyk29fTduvfUBSI8UzyxnzEDmi8T/v6HQ1FCIwR0XuswmN8uAtRWZK3rs09oGYoDvHH5xBRWXgg9P2YQw7Kjfx/nGvY80enBzYQg8wPju7whqBgOFAb1GxR997/QI0KBawnOofjvL0cdCoMBuoZSJJpfrLUpijPfBdsjypaZZQV1UP9a49yiovzSm5hgVTZ+6N5b+7y3aP3hsu7Myh+BdbU2pzB3sBQuPqoyAkyXWFqlLXLohwbZsJeq4jIkLlHP8jKzTzgl/6Y/laa45xjAqG6up04kVhfeDkolJzEVnxxI/BGuXofEXfcBIJMsrVuNVV/3JQfqZ1/Zp1i1YlSXIKjtF3T2bpu5vDvpCYuPPmQuZUSJbXGSvLEsSUDvGaD+e8xSE9kgWN2xpNQBNDfAw8+VNPnwid1NQvWMmVh3W9Q8Q== sact_xml
'
debug2: /home/m61586/.ssh/authorized_keys:8: check options: 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh" ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBCITSNvKpVRcRvfBPaB5/uS6oIM0/QBNOcX87rEbgCFAkhFV3QMm8Sy/Yvol63Ini7KO+AzR/XQhZn+9wa7i7WYiGl/6o7cRYB6VfnxB6ujskWgRpJnvWpYq7LmMRTR7pQ== m61586 at zldy39590
'
debug1: /home/m61586/.ssh/authorized_keys:8: matching key found: ECDSA SHA256:Bj9HCFXIvtvYC0uJPVZxqjBAKtPVkDcELaUa9X2llOY
debug1: /home/m61586/.ssh/authorized_keys:8: key options: command user-rc
debug1: /home/m61586/.ssh/authorized_keys:8: forced command: "/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh"
Accepted key ECDSA SHA256:Bj9HCFXIvtvYC0uJPVZxqjBAKtPVkDcELaUa9X2llOY found at /home/m61586/.ssh/authorized_keys:8
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: publickey authentication: ECDSA key is allowed
debug3: mm_request_send entering: type 23
debug3: mm_sshkey_verify entering [preauth]
debug3: mm_request_send entering: type 24 [preauth]
debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
debug3: mm_request_receive_expect entering: type 25 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 24
debug3: mm_answer_keyverify: publickey 0x560af71de900 signature verified
debug1: auth_activate_options: setting new authentication options
debug3: mm_request_send entering: type 25
debug3: mm_request_receive_expect entering: type 102
debug3: mm_request_receive entering
debug1: do_pam_account: called
debug2: do_pam_account: auth information in SSH_AUTH_INFO_0
debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)
debug3: mm_request_send entering: type 103
Accepted publickey for m61586 from 135.165.245.53 port 36556 ssh2: ECDSA SHA256:Bj9HCFXIvtvYC0uJPVZxqjBAKtPVkDcELaUa9X2llOY
debug1: monitor_child_preauth: m61586 has been authenticated by privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 26
debug3: mm_request_receive entering
debug3: mm_get_keystate: GOT new keys
debug3: mm_request_receive_expect entering: type 122
debug3: mm_request_receive entering
debug3: mm_request_send entering: type 123
debug1: auth_activate_options: setting new authentication options [preauth]
debug2: userauth_pubkey: authenticated 1 pkalg ecdsa-sha2-nistp384 [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 8.186ms, delaying 8.066ms (requested 8.126ms) [preauth]
debug3: mm_do_pam_account entering [preauth]
debug3: mm_request_send entering: type 102 [preauth]
debug3: mm_request_receive_expect entering: type 103 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_do_pam_account returning 1 [preauth]
debug3: send packet: type 52 [preauth]
debug3: mm_request_send entering: type 26 [preauth]
debug3: mm_send_keystate: Finished sending state [preauth]
debug3: mm_request_send entering: type 122 [preauth]
debug3: mm_request_receive_expect entering: type 123 [preauth]
debug3: mm_request_receive entering [preauth]
debug1: monitor_read_log: child log fd closed
debug3: ssh_sandbox_parent_finish: finished
debug1: audit_event: unhandled event 2
debug1: temporarily_use_uid: 35250/1419 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: SELinux support disabled
debug1: PAM: establishing credentials
debug3: PAM: opening session
debug2: do_pam_session: auth information in SSH_AUTH_INFO_0
debug3: PAM: sshpam_store_conv called with 1 messages
User child is on pid 3747296
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 35250/1419
debug3: monitor_apply_keystate: packet_set_state
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: ssh_packet_set_postauth: called
debug3: ssh_packet_set_state: done
debug3: notify_hostkeys: key 0: ssh-rsa SHA256:R0PLSvzUNaecllMDQafSNA3hcq+5JJCVERBNkEJp20Q
debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:n+AxJCHUjTK8jzGKH1k4qWWOIQeJEd/q0/Hs9ty5+jw
debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:Otq5//GgVS5tqMWe2klWNgAIzdT38Zt7qpdX/ZpWfYc
debug3: notify_hostkeys: sent 3 hostkeys
debug3: send packet: type 80
debug1: active: key options: command user-rc
debug1: active: forced command: "/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh"
debug3: sending debug message: /home/m61586/.ssh/authorized_keys:8: key options: command user-rc
debug3: send packet: type 4
debug3: sending debug message: /home/m61586/.ssh/authorized_keys:8: key options: command user-rc
debug3: send packet: type 4
debug1: Entering interactive session for SSH2.
debug2: fd 11 setting O_NONBLOCK
debug2: fd 12 setting O_NONBLOCK
debug1: server_init_dispatch
debug3: receive packet: type 90
debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug3: send packet: type 91
debug3: receive packet: type 80
debug1: server_input_global_request: rtype no-more-sessions at openssh.com want_reply 0
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request exec reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req exec
Starting session: forced-command (key-option) '/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh' for m61586 from 135.165.245.53 port 36556 id 0
debug3: mm_audit_run_command entering command /opt/app/workload/secgov/opt/sact-central/bin/receive.ksh
debug3: mm_request_send entering: type 114
debug3: mm_request_receive_expect entering: type 115
debug3: mm_request_receive entering
debug3: mm_request_receive entering
debug3: monitor_read: checking request 114
debug3: mm_answer_audit_command entering
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug3: mm_request_send entering: type 115
debug2: fd 4 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x20
debug2: fd 17 setting O_NONBLOCK
debug2: fd 16 setting O_NONBLOCK
debug2: fd 19 setting O_NONBLOCK
debug3: mm_forward_audit_messages: entering
debug3: send packet: type 99
debug2: channel 0: read 313 from efd 19
debug2: channel 0: rwin 2097152 elen 313 euse 1
debug2: channel 0: sent ext data 313
debug3: mm_request_receive entering
debug3: monitor_read: checking request 124
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: chan_shutdown_write (i0 o1 sock -1 wfd 16 efd 19 [read])
debug2: channel 0: output drain -> closed
debug2: channel 0: read<=0 rfd 17 len 0
debug2: channel 0: read failed
debug2: channel 0: chan_shutdown_read (i0 o3 sock -1 wfd 17 efd 19 [read])
debug2: channel 0: input open -> drain
debug2: channel 0: read 0 from efd 19
debug2: channel 0: closing read-efd 19
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug3: send packet: type 96
debug2: channel 0: input drain -> closed
debug2: notify_done: reading
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 3747297
debug1: session_exit_message: session 0 channel 0 pid 3747297
debug2: channel 0: request exit-status confirm 0
debug3: send packet: type 98
debug1: session_exit_message: release channel 0
debug2: channel 0: send close
debug3: send packet: type 97
debug3: channel 0: will not send data after close
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: receive packet: type 1
Received disconnect from 135.165.245.53 port 36556:11: disconnected by user
debug3: mm_request_send entering: type 122
debug3: mm_request_receive_expect entering: type 123
debug3: mm_request_receive entering
debug3: mm_request_receive entering
debug3: monitor_read: checking request 122
debug3: mm_request_send entering: type 123
Disconnected from user m61586 135.165.245.53 port 36556
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug3: mm_request_send entering: type 124
debug3: mm_request_receive entering
debug3: monitor_read: checking request 124
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials
debug3: PAM: sshpam_thread_cleanup entering
-------------- next part --------------
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 1228
debug2: parse_server_config_depth: config /etc/ssh/sshd_config len 1228
debug3: /etc/ssh/sshd_config:22 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:24 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: /etc/ssh/sshd_config:40 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:46 setting PermitRootLogin no
debug3: /etc/ssh/sshd_config:48 setting MaxAuthTries 6
debug3: /etc/ssh/sshd_config:55 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:73 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:77 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:87 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:88 setting GSSAPICleanupCredentials no
debug3: /etc/ssh/sshd_config:104 setting UsePAM yes
debug3: /etc/ssh/sshd_config:109 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:116 setting PrintMotd no
debug3: /etc/ssh/sshd_config:134 setting Banner /etc/issue.net
debug3: /etc/ssh/sshd_config:137 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:138 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:139 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:140 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:143 setting Subsystem sftp	/usr/libexec/openssh/sftp-server
debug3: /etc/ssh/sshd_config:151 setting Ciphers chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug3: /etc/ssh/sshd_config:152 setting MACs hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha2-512
debug3: /etc/ssh/sshd_config:153 setting kexalgorithms curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug3: kex names ok: [curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256]
debug1: sshd version OpenSSH_8.0, OpenSSL 1.1.1k  FIPS 25 Mar 2021
debug1: private host key #0: ssh-rsa SHA256:R0PLSvzUNaecllMDQafSNA3hcq+5JJCVERBNkEJp20Q
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:n+AxJCHUjTK8jzGKH1k4qWWOIQeJEd/q0/Hs9ty5+jw
debug1: private host key #2: ssh-ed25519 SHA256:Otq5//GgVS5tqMWe2klWNgAIzdT38Zt7qpdX/ZpWfYc
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-p99'
debug1: rexec_argv[2]='-ddd'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 5 setting O_NONBLOCK
debug1: Bind to port 99 on 0.0.0.0.
Server listening on 0.0.0.0 port 99.
debug2: fd 7 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 7 IPV6_V6ONLY
debug1: Bind to port 99 on ::.
Server listening on :: port 99.
debug3: fd 8 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 11 config len 1228
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 8 out 8 newsock 8 pipe -1 sock 11
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug3: recv_rexec_state: done
debug2: parse_server_config_depth: config rexec len 1228
debug3: rexec:22 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: rexec:24 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: rexec:40 setting SyslogFacility AUTHPRIV
debug3: rexec:46 setting PermitRootLogin no
debug3: rexec:48 setting MaxAuthTries 6
debug3: rexec:55 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: rexec:73 setting PasswordAuthentication yes
debug3: rexec:77 setting ChallengeResponseAuthentication no
debug3: rexec:87 setting GSSAPIAuthentication yes
debug3: rexec:88 setting GSSAPICleanupCredentials no
debug3: rexec:104 setting UsePAM yes
debug3: rexec:109 setting X11Forwarding yes
debug3: rexec:116 setting PrintMotd no
debug3: rexec:134 setting Banner /etc/issue.net
debug3: rexec:137 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: rexec:138 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: rexec:139 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: rexec:140 setting AcceptEnv XMODIFIERS
debug3: rexec:143 setting Subsystem sftp	/usr/libexec/openssh/sftp-server
debug3: rexec:151 setting Ciphers chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug3: rexec:152 setting MACs hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha2-512
debug3: rexec:153 setting kexalgorithms curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug3: kex names ok: [curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256]
debug1: sshd version OpenSSH_8.0, OpenSSL 1.1.1k  FIPS 25 Mar 2021
debug1: private host key #0: ssh-rsa SHA256:R0PLSvzUNaecllMDQafSNA3hcq+5JJCVERBNkEJp20Q
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:n+AxJCHUjTK8jzGKH1k4qWWOIQeJEd/q0/Hs9ty5+jw
debug1: private host key #2: ssh-ed25519 SHA256:Otq5//GgVS5tqMWe2klWNgAIzdT38Zt7qpdX/ZpWfYc
debug1: inetd sockets after dupping: 4, 4
Connection from 135.99.45.25 port 49734 on 135.50.115.58 port 99
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version WinSCP_release_5.21.8
debug1: no match: WinSCP_release_5.21.8
debug2: fd 4 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 3747496
debug3: preauth child monitor started
debug1: SELinux support disabled [preauth]
debug3: privsep user:group 74:74 [preauth]
debug1: permanently_set_uid: 74/74 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 [preauth]
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com [preauth]
debug2: MACs ctos: hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
debug2: MACs stoc: hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha2-256,hmac-sha2-512 [preauth]
debug2: compression ctos: none,zlib at openssh.com [preauth]
debug2: compression stoc: none,zlib at openssh.com [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: curve448-sha512,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,rsa2048-sha256,rsa1024-sha1,diffie-hellman-group1-sha1,ext-info-c [preauth]
debug2: host key algorithms: ssh-ed448,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss [preauth]
debug2: ciphers ctos: aes256-ctr,aes256-cbc,rijndael-cbc at lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,chacha20-poly1305 at openssh.com,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
debug2: ciphers stoc: aes256-ctr,aes256-cbc,rijndael-cbc at lysator.liu.se,aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,chacha20-poly1305 at openssh.com,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc,arcfour256,arcfour128 [preauth]
debug2: MACs ctos: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-sha2-256-etm at openssh.com,hmac-sha1-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-md5-etm at openssh.com [preauth]
debug2: MACs stoc: hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-sha2-256-etm at openssh.com,hmac-sha1-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac-md5-etm at openssh.com [preauth]
debug2: compression ctos: none,zlib,zlib at openssh.com [preauth]
debug2: compression stoc: none,zlib,zlib at openssh.com [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ssh-ed25519 [preauth]
debug1: kex: client->server cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: kex: server->client cipher: aes256-ctr MAC: hmac-sha2-256 compression: none [preauth]
debug1: kex: curve25519-sha256 need=32 dh_need=32 [preauth]
debug3: mm_request_send entering: type 120 [preauth]
debug3: mm_request_receive_expect entering: type 121 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 120
debug3: mm_request_send entering: type 121
debug1: kex: curve25519-sha256 need=32 dh_need=32 [preauth]
debug3: mm_request_send entering: type 120 [preauth]
debug3: mm_request_receive_expect entering: type 121 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 120
debug3: mm_request_send entering: type 121
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: receive packet: type 30 [preauth]
debug3: mm_sshkey_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: hostkey proof signature 0x5615209f5450(83)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: send packet: type 31 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey out after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: send packet: type 7 [preauth]
debug3: receive packet: type 21 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: rekey in after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug3: receive packet: type 5 [preauth]
debug3: send packet: type 6 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user m61586 service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug2: parse_server_config_depth: config reprocess config len 1228
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug2: input_userauth_request: setting up authctxt for m61586 [preauth]
debug3: mm_start_pam entering [preauth]
debug3: mm_request_send entering: type 100 [preauth]
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug3: mm_inform_authrole entering [preauth]
debug3: mm_request_send entering: type 80 [preauth]
debug3: mm_auth2_read_banner entering [preauth]
debug3: mm_request_send entering: type 10 [preauth]
debug3: mm_request_receive_expect entering: type 11 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 100
debug1: PAM: initializing for "m61586"
debug1: PAM: setting PAM_RHOST to "135.99.45.25"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 100 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 80
debug3: mm_answer_authrole: role=
debug2: monitor_read: 80 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 10
debug3: mm_request_send entering: type 11
debug2: monitor_read: 10 used once, disabling now
debug3: send packet: type 53 [preauth]
debug1: userauth_send_banner: sent [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 6.052ms, delaying 2.074ms (requested 8.126ms) [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,gssapi-keyex,gssapi-with-mic,password" [preauth]
debug3: send packet: type 51 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user m61586 service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug2: userauth_pubkey: valid user m61586 querying public key rsa-sha2-512 AAAAB3NzaC1yc2EAAAADAQABAAACAQD0ZKVQ88fjC9wb9HPzwXEKZKvD5uIAwQZjEnMvI1fgXwAkbIxcrc2kwDaQD4crkuSfNJTYH9c/0w9BNAhG7UlfCtkrMctGeWiUPtYu8IV7g8FeiSlk+HHFZa3Id+EtVtOaYSZRbJiVDdgMuXUwGVHsMiR0avtC4e9vinjg06AVhZg5xv0BpOJ+zjcF8rIZPLE573n7dXBCBCbIMlMo752DJff83WEuLehy+O9ydbySBJWZWt3uIId3OJiQ0UCgKEyk29fTduvfUBSI8UzyxnzEDmi8T/v6HQ1FCIwR0XuswmN8uAtRWZK3rs09oGYoDvHH5xBRWXgg9P2YQw7Kjfx/nGvY80enBzYQg8wPju7whqBgOFAb1GxR997/QI0KBawnOofjvL0cdCoMBuoZSJJpfrLUpijPfBdsjypaZZQV1UP9a49yiovzSm5hgVTZ+6N5b+7y3aP3hsu7Myh+BdbU2pzB3sBQuPqoyAkyXWFqlLXLohwbZsJeq4jIkLlHP8jKzTzgl/6Y/laa45xjAqG6up04kVhfeDkolJzEVnxxI/BGuXofEXfcBIJMsrVuNVV/3JQfqZ1/Zp1i1YlSXIKjtF3T2bpu5vDvpCYuPPmQuZUSJbXGSvLEsSUDvGaD+e8xSE9kgWN2xpNQBNDfAw8+VNPnwid1NQvWMmVh3W9Q8Q== [preauth]
debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA SHA256:WxiUjuxARPO2ZcmzGrh3qs67fHaDvMaSU1Ouc8SDlv8 [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x5615209fb580
debug1: temporarily_use_uid: 35250/1419 (e=0/0)
debug1: trying public key file /home/m61586/.ssh/authorized_keys
debug1: fd 9 clearing O_NONBLOCK
debug2: /home/m61586/.ssh/authorized_keys:4: check options: 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVmgfiFB5Y6sHOuvNvOU+rM5semFVRq9EVpHcdrWCpJ4AtFXCQYwh5/7V3m+VI28ERET7itbpCsLjX3Q8n2B8EWjRqmSkxxa2ldh+4XblhRQjM3OuPjn9fJOSGnlqT96QIerImMWI7JMX/dVfyp59yAyrd6QyUI2fu291QfOA5s= 
'
debug2: /home/m61586/.ssh/authorized_keys:6: check options: 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0ZKVQ88fjC9wb9HPzwXEKZKvD5uIAwQZjEnMvI1fgXwAkbIxcrc2kwDaQD4crkuSfNJTYH9c/0w9BNAhG7UlfCtkrMctGeWiUPtYu8IV7g8FeiSlk+HHFZa3Id+EtVtOaYSZRbJiVDdgMuXUwGVHsMiR0avtC4e9vinjg06AVhZg5xv0BpOJ+zjcF8rIZPLE573n7dXBCBCbIMlMo752DJff83WEuLehy+O9ydbySBJWZWt3uIId3OJiQ0UCgKEyk29fTduvfUBSI8UzyxnzEDmi8T/v6HQ1FCIwR0XuswmN8uAtRWZK3rs09oGYoDvHH5xBRWXgg9P2YQw7Kjfx/nGvY80enBzYQg8wPju7whqBgOFAb1GxR997/QI0KBawnOofjvL0cdCoMBuoZSJJpfrLUpijPfBdsjypaZZQV1UP9a49yiovzSm5hgVTZ+6N5b+7y3aP3hsu7Myh+BdbU2pzB3sBQuPqoyAkyXWFqlLXLohwbZsJeq4jIkLlHP8jKzTzgl/6Y/laa45xjAqG6up04kVhfeDkolJzEVnxxI/BGuXofEXfcBIJMsrVuNVV/3JQfqZ1/Zp1i1YlSXIKjtF3T2bpu5vDvpCYuPPmQuZUSJbXGSvLEsSUDvGaD+e8xSE9kgWN2xpNQBNDfAw8+VNPnwid1NQvWMmVh3W9Q8Q== sact_xml
'
debug1: /home/m61586/.ssh/authorized_keys:6: matching key found: RSA SHA256:WxiUjuxARPO2ZcmzGrh3qs67fHaDvMaSU1Ouc8SDlv8
debug1: /home/m61586/.ssh/authorized_keys:6: key options: command user-rc
debug1: /home/m61586/.ssh/authorized_keys:6: forced command: "/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh"
Accepted key RSA SHA256:WxiUjuxARPO2ZcmzGrh3qs67fHaDvMaSU1Ouc8SDlv8 found at /home/m61586/.ssh/authorized_keys:6
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: publickey authentication test: RSA key is allowed
debug3: mm_request_send entering: type 23
debug3: send packet: type 60 [preauth]
debug2: userauth_pubkey: authenticated 0 pkalg rsa-sha2-512 [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 2.993ms, delaying 5.133ms (requested 8.126ms) [preauth]
Postponed publickey for m61586 from 135.99.45.25 port 49734 ssh2 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user m61586 service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug2: userauth_pubkey: valid user m61586 attempting public key rsa-sha2-512 AAAAB3NzaC1yc2EAAAADAQABAAACAQD0ZKVQ88fjC9wb9HPzwXEKZKvD5uIAwQZjEnMvI1fgXwAkbIxcrc2kwDaQD4crkuSfNJTYH9c/0w9BNAhG7UlfCtkrMctGeWiUPtYu8IV7g8FeiSlk+HHFZa3Id+EtVtOaYSZRbJiVDdgMuXUwGVHsMiR0avtC4e9vinjg06AVhZg5xv0BpOJ+zjcF8rIZPLE573n7dXBCBCbIMlMo752DJff83WEuLehy+O9ydbySBJWZWt3uIId3OJiQ0UCgKEyk29fTduvfUBSI8UzyxnzEDmi8T/v6HQ1FCIwR0XuswmN8uAtRWZK3rs09oGYoDvHH5xBRWXgg9P2YQw7Kjfx/nGvY80enBzYQg8wPju7whqBgOFAb1GxR997/QI0KBawnOofjvL0cdCoMBuoZSJJpfrLUpijPfBdsjypaZZQV1UP9a49yiovzSm5hgVTZ+6N5b+7y3aP3hsu7Myh+BdbU2pzB3sBQuPqoyAkyXWFqlLXLohwbZsJeq4jIkLlHP8jKzTzgl/6Y/laa45xjAqG6up04kVhfeDkolJzEVnxxI/BGuXofEXfcBIJMsrVuNVV/3JQfqZ1/Zp1i1YlSXIKjtF3T2bpu5vDvpCYuPPmQuZUSJbXGSvLEsSUDvGaD+e8xSE9kgWN2xpNQBNDfAw8+VNPnwid1NQvWMmVh3W9Q8Q== [preauth]
debug3: userauth_pubkey: have rsa-sha2-512 signature for RSA SHA256:WxiUjuxARPO2ZcmzGrh3qs67fHaDvMaSU1Ouc8SDlv8 [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x5615209ed4b0
debug1: temporarily_use_uid: 35250/1419 (e=0/0)
debug1: trying public key file /home/m61586/.ssh/authorized_keys
debug1: fd 9 clearing O_NONBLOCK
debug2: /home/m61586/.ssh/authorized_keys:4: check options: 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVmgfiFB5Y6sHOuvNvOU+rM5semFVRq9EVpHcdrWCpJ4AtFXCQYwh5/7V3m+VI28ERET7itbpCsLjX3Q8n2B8EWjRqmSkxxa2ldh+4XblhRQjM3OuPjn9fJOSGnlqT96QIerImMWI7JMX/dVfyp59yAyrd6QyUI2fu291QfOA5s= 
'
debug2: /home/m61586/.ssh/authorized_keys:6: check options: 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0ZKVQ88fjC9wb9HPzwXEKZKvD5uIAwQZjEnMvI1fgXwAkbIxcrc2kwDaQD4crkuSfNJTYH9c/0w9BNAhG7UlfCtkrMctGeWiUPtYu8IV7g8FeiSlk+HHFZa3Id+EtVtOaYSZRbJiVDdgMuXUwGVHsMiR0avtC4e9vinjg06AVhZg5xv0BpOJ+zjcF8rIZPLE573n7dXBCBCbIMlMo752DJff83WEuLehy+O9ydbySBJWZWt3uIId3OJiQ0UCgKEyk29fTduvfUBSI8UzyxnzEDmi8T/v6HQ1FCIwR0XuswmN8uAtRWZK3rs09oGYoDvHH5xBRWXgg9P2YQw7Kjfx/nGvY80enBzYQg8wPju7whqBgOFAb1GxR997/QI0KBawnOofjvL0cdCoMBuoZSJJpfrLUpijPfBdsjypaZZQV1UP9a49yiovzSm5hgVTZ+6N5b+7y3aP3hsu7Myh+BdbU2pzB3sBQuPqoyAkyXWFqlLXLohwbZsJeq4jIkLlHP8jKzTzgl/6Y/laa45xjAqG6up04kVhfeDkolJzEVnxxI/BGuXofEXfcBIJMsrVuNVV/3JQfqZ1/Zp1i1YlSXIKjtF3T2bpu5vDvpCYuPPmQuZUSJbXGSvLEsSUDvGaD+e8xSE9kgWN2xpNQBNDfAw8+VNPnwid1NQvWMmVh3W9Q8Q== sact_xml
'
debug1: /home/m61586/.ssh/authorized_keys:6: matching key found: RSA SHA256:WxiUjuxARPO2ZcmzGrh3qs67fHaDvMaSU1Ouc8SDlv8
debug1: /home/m61586/.ssh/authorized_keys:6: key options: command user-rc
debug1: /home/m61586/.ssh/authorized_keys:6: forced command: "/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh"
Accepted key RSA SHA256:WxiUjuxARPO2ZcmzGrh3qs67fHaDvMaSU1Ouc8SDlv8 found at /home/m61586/.ssh/authorized_keys:6
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: publickey authentication: RSA key is allowed
debug3: mm_request_send entering: type 23
debug3: mm_sshkey_verify entering [preauth]
debug3: mm_request_send entering: type 24 [preauth]
debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
debug3: mm_request_receive_expect entering: type 25 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 24
debug3: mm_answer_keyverify: publickey 0x561520a0b0a0 signature verified
debug1: auth_activate_options: setting new authentication options
debug3: mm_request_send entering: type 25
debug3: mm_request_receive_expect entering: type 102
debug3: mm_request_receive entering
debug1: do_pam_account: called
debug2: do_pam_account: auth information in SSH_AUTH_INFO_0
debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)
debug3: mm_request_send entering: type 103
Accepted publickey for m61586 from 135.99.45.25 port 49734 ssh2: RSA SHA256:WxiUjuxARPO2ZcmzGrh3qs67fHaDvMaSU1Ouc8SDlv8
debug1: monitor_child_preauth: m61586 has been authenticated by privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 26
debug3: mm_request_receive entering
debug3: mm_get_keystate: GOT new keys
debug3: mm_request_receive_expect entering: type 122
debug3: mm_request_receive entering
debug3: mm_request_send entering: type 123
debug1: auth_activate_options: setting new authentication options [preauth]
debug2: userauth_pubkey: authenticated 1 pkalg rsa-sha2-512 [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 1.419ms, delaying 6.707ms (requested 8.126ms) [preauth]
debug3: mm_do_pam_account entering [preauth]
debug3: mm_request_send entering: type 102 [preauth]
debug3: mm_request_receive_expect entering: type 103 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_do_pam_account returning 1 [preauth]
debug3: send packet: type 52 [preauth]
debug3: mm_request_send entering: type 26 [preauth]
debug3: mm_send_keystate: Finished sending state [preauth]
debug3: mm_request_send entering: type 122 [preauth]
debug3: mm_request_receive_expect entering: type 123 [preauth]
debug3: mm_request_receive entering [preauth]
debug1: monitor_read_log: child log fd closed
debug3: ssh_sandbox_parent_finish: finished
debug1: audit_event: unhandled event 2
debug1: temporarily_use_uid: 35250/1419 (e=0/0)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/0
debug1: SELinux support disabled
debug1: PAM: establishing credentials
debug3: PAM: opening session
debug2: do_pam_session: auth information in SSH_AUTH_INFO_0
debug3: PAM: sshpam_store_conv called with 1 messages
User child is on pid 3747533
debug1: PAM: establishing credentials
debug1: permanently_set_uid: 35250/1419
debug3: monitor_apply_keystate: packet_set_state
debug2: set_newkeys: mode 0
debug1: rekey in after 4294967296 blocks
debug2: set_newkeys: mode 1
debug1: rekey out after 4294967296 blocks
debug1: ssh_packet_set_postauth: called
debug3: ssh_packet_set_state: done
debug3: notify_hostkeys: key 0: ssh-rsa SHA256:R0PLSvzUNaecllMDQafSNA3hcq+5JJCVERBNkEJp20Q
debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp256 SHA256:n+AxJCHUjTK8jzGKH1k4qWWOIQeJEd/q0/Hs9ty5+jw
debug3: notify_hostkeys: key 2: ssh-ed25519 SHA256:Otq5//GgVS5tqMWe2klWNgAIzdT38Zt7qpdX/ZpWfYc
debug3: notify_hostkeys: sent 3 hostkeys
debug3: send packet: type 80
debug1: active: key options: command user-rc
debug1: active: forced command: "/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh"
debug3: sending debug message: /home/m61586/.ssh/authorized_keys:6: key options: command user-rc
debug3: send packet: type 4
debug3: sending debug message: /home/m61586/.ssh/authorized_keys:6: key options: command user-rc
debug3: send packet: type 4
debug1: Entering interactive session for SSH2.
debug2: fd 11 setting O_NONBLOCK
debug2: fd 12 setting O_NONBLOCK
debug1: server_init_dispatch
debug3: receive packet: type 90
debug1: server_input_channel_open: ctype session rchan 256 win 2147483647 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug3: send packet: type 91
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request simple at putty.projects.tartarus.org reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req simple at putty.projects.tartarus.org
debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request subsystem reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req subsystem
debug2: subsystem request for sftp by user m61586
debug1: subsystem: exec() /usr/libexec/openssh/sftp-server
Starting session: forced-command (key-option) '/opt/app/workload/secgov/opt/sact-central/bin/receive.ksh' for m61586 from 135.99.45.25 port 49734 id 0
debug3: mm_audit_run_command entering command /opt/app/workload/secgov/opt/sact-central/bin/receive.ksh
debug3: mm_request_send entering: type 114
debug3: mm_request_receive_expect entering: type 115
debug3: mm_request_receive entering
debug3: mm_request_receive entering
debug3: monitor_read: checking request 114
debug3: mm_answer_audit_command entering
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug3: mm_request_send entering: type 115
debug2: fd 4 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x20
debug2: fd 17 setting O_NONBLOCK
debug2: fd 16 setting O_NONBLOCK
debug2: fd 19 setting O_NONBLOCK
debug3: mm_forward_audit_messages: entering
debug3: send packet: type 99
debug2: channel 0: read 330 from efd 19
debug3: channel 0: discard efd
debug3: mm_request_receive entering
debug3: monitor_read: checking request 124
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: chan_shutdown_write (i0 o1 sock -1 wfd 16 efd 19 [ignore])
debug2: channel 0: output drain -> closed
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 3747535
debug1: session_exit_message: session 0 channel 0 pid 3747535
debug2: channel 0: request exit-status confirm 0
debug3: send packet: type 98
debug1: session_exit_message: release channel 0
debug2: channel 0: read<=0 rfd 17 len 0
debug2: channel 0: read failed
debug2: channel 0: chan_shutdown_read (i0 o3 sock -1 wfd 17 efd 19 [ignore])
debug2: channel 0: input open -> drain
debug2: channel 0: read 0 from efd 19
debug2: channel 0: closing read-efd 19
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug3: send packet: type 96
debug2: channel 0: input drain -> closed
debug2: channel 0: send close
debug3: send packet: type 97
debug2: notify_done: reading
debug3: channel 0: will not send data after close
Connection closed by 135.99.45.25 port 49734
debug1: channel 0: free: server-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 server-session (t4 r256 i3/0 o3/0 e[closed]/0 fd -1/-1/-1 sock -1 cc -1)

Close session: user m61586 from 135.99.45.25 port 49734 id 0
debug3: mm_audit_end_command entering command /opt/app/workload/secgov/opt/sact-central/bin/receive.ksh
debug3: mm_request_send entering: type 116
debug3: session_unused: session id 0 unused
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug3: mm_request_send entering: type 122
debug3: mm_request_receive_expect entering: type 123
debug3: mm_request_receive entering
debug3: mm_request_receive entering
debug3: monitor_read: checking request 116
debug3: mm_answer_audit_end_command entering
debug3: mm_session_close: session 0 pid 0
debug3: mm_session_close: command 0
debug3: session_unused: session id 0 unused
debug3: mm_request_receive entering
debug3: monitor_read: checking request 122
debug3: mm_request_send entering: type 123
debug3: mm_request_send entering: type 124
Transferred: sent 8080, received 4040 bytes
Closing connection to 135.99.45.25 port 49734
debug3: mm_audit_event entering
debug3: mm_request_send entering: type 112
debug3: mm_request_send entering: type 50
debug3: mm_request_receive entering
debug3: monitor_read: checking request 124
debug3: mm_request_receive entering
debug3: monitor_read: checking request 112
debug3: mm_answer_audit_event entering
debug3: mm_request_receive entering
debug3: monitor_read: checking request 50
debug3: mm_answer_term: tearing down sessions
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials


More information about the openssh-unix-dev mailing list