[PATCH] Specify signature algorithm during server hostkeys prove
Maxime Rey
maximejeanrey at gmail.com
Fri Nov 1 01:05:16 AEDT 2024
Damien Miller <djm at mindrot.org> writes:
>
> Hi,
>
> I'm having trouble replicating this failure by making changes to the
> existing hostkey-agent.sh regress test.
>
> Can you share a bit more about how it happens? Debug traces from the
> client and server would be very helpful.
>
> Thanks,
> Damien Miller
Hi Damien,
Thanks for your response.
I'm currently working on reproducing this with the hostkey-agent.sh test, but
I can consistently reproduce it using a clean OpenSSH repository. Here’s how:
1. Start the SSH agent.
2. Add two ECDSA keys to the agent.
3. Modify sshd_config:
Set HostKeyAgent as the agent path.
Add the public parts of the ECDSA keys to the configuration.
4. Start sshd.
5. Run the SSH client:
Use default configuration, with no prior server keys in the known_hosts file.
In this setup, the server and client complete the key exchange
successfully. However, when the server attempts to prove the authenticity of
the second ECDSA key, the process fails as described.
I've attached logs and my configuration files for reference. Let me know if
I’m missing anything or if there’s anything else I should provide to help
replicate the issue.
Please tell me if i'm doing anything wrong, multiple mails.
Apologies for the multiple emails. I forgot to include the mailing list in my previous reply.
Maxime Rey
-------------- next part --------------
debug2: load_server_config: filename /usr/local/etc/sshd_config
debug2: load_server_config: done config len = 3651
debug2: parse_server_config_depth: config /usr/local/etc/sshd_config len 3651
debug3: /usr/local/etc/sshd_config:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key.pub
debug3: /usr/local/etc/sshd_config:26 setting HostKey /etc/ssh/ssh_host_ecdsa_key2.pub
debug3: /usr/local/etc/sshd_config:32 setting HostKeyAgent /tmp/ssh-XXXXXXylicM7/agent.85320
debug3: /usr/local/etc/sshd_config:39 setting SshdSessionPath /home/maxime/Projects/Dev/openssh-portable/sshd-session
debug3: /usr/local/etc/sshd_config:56 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /usr/local/etc/sshd_config:124 setting Subsystem sftp /usr/lib/ssh/sftp-server
debug1: sshd version OpenSSH_9.9, OpenSSL 3.3.2 3 Sep 2024
debug3: ssh_get_authentication_socket_path: path '/tmp/ssh-XXXXXXylicM7/agent.85320'
Unable to load host key "/etc/ssh/ssh_host_ecdsa_key.pub": error in libcrypto
debug1: will rely on agent for hostkey /etc/ssh/ssh_host_ecdsa_key.pub
debug1: agent host key #0: ecdsa-sha2-nistp256 SHA256:YkIO1IvDg3w8IaG+jWWJ8qSL5dr/NTZ+4xAA0Wau5Fc
Unable to load host key "/etc/ssh/ssh_host_ecdsa_key2.pub": error in libcrypto
debug1: will rely on agent for hostkey /etc/ssh/ssh_host_ecdsa_key2.pub
debug1: agent host key #1: ecdsa-sha2-nistp521 SHA256:3jTqlIIrC33dsPwveXAP2Qqi24vo9Olaq2M1WIA+A3I
debug1: rexec_argv[1]='-ddd'
debug3: using /home/maxime/Projects/Dev/openssh-portable/sshd-session for re-exec
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 100 to -1000
debug2: fd 7 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 8 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 8 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug3: fd 9 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 12 config len 3651
debug3: ssh_msg_send: type 0 len 3971
debug3: ssh_msg_send: done
debug3: send_rexec_state: done
debug1: rexec start in 9 out 9 newsock 9 pipe -1 sock 12/13
debug1: sshd version OpenSSH_9.9, OpenSSL 3.3.2 3 Sep 2024
debug3: recv_rexec_state: entering fd = 5
debug3: ssh_msg_recv entering
debug2: parse_hostkeys: pubkey 0: ecdsa-sha2-nistp256
debug2: parse_hostkeys: pubkey 1: ecdsa-sha2-nistp521
debug3: recv_rexec_state: done
debug2: parse_server_config_depth: config rexec len 3651
debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key.pub
debug3: rexec:26 setting HostKey /etc/ssh/ssh_host_ecdsa_key2.pub
debug3: rexec:32 setting HostKeyAgent /tmp/ssh-XXXXXXylicM7/agent.85320
debug3: rexec:39 setting SshdSessionPath /home/maxime/Projects/Dev/openssh-portable/sshd-session
debug3: rexec:56 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: rexec:124 setting Subsystem sftp /usr/lib/ssh/sftp-server
debug3: ssh_get_authentication_socket_path: path '/tmp/ssh-XXXXXXylicM7/agent.85320'
debug1: network sockets: 7, 7
debug3: server_process_channel_timeouts: setting 0 timeouts
debug3: channel_clear_timeouts: clearing
Connection from 127.0.0.1 port 37054 on 127.0.0.1 port 22 rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9
debug1: compat_banner: match: OpenSSH_9.9 pat OpenSSH* compat 0x04000000
debug2: fd 7 setting O_NONBLOCK
debug2: Network child is on pid 86786
debug3: ssh_get_authentication_socket_path: path '/tmp/ssh-XXXXXXylicM7/agent.85320'
debug3: preauth child monitor started
debug1: sshd version OpenSSH_9.9, OpenSSL 3.3.2 3 Sep 2024 [preauth]
debug1: network sockets: 5, 5 [preauth]
debug3: recv_privsep_state: begin [preauth]
debug3: mm_get_state: entering [preauth]
debug3: mm_request_send: entering, type 51 [preauth]
debug3: mm_get_state: waiting for MONITOR_ANS_STATE [preauth]
debug3: mm_request_receive_expect: entering, type 52 [preauth]
debug3: mm_request_receive: entering [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 51
debug1: mm_answer_state: config len 3651
debug3: mm_request_send: entering, type 52
debug3: mm_answer_state: done
debug2: monitor_read: 51 used once, disabling now
debug3: mm_get_state: done [preauth]
debug2: parse_hostkeys: key 0: ecdsa-sha2-nistp256 [preauth]
debug2: parse_hostkeys: key 1: ecdsa-sha2-nistp521 [preauth]
debug3: recv_privsep_state: done [preauth]
debug2: parse_server_config_depth: config rexec len 3651 [preauth]
debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key.pub [preauth]
debug3: rexec:26 setting HostKey /etc/ssh/ssh_host_ecdsa_key2.pub [preauth]
debug3: rexec:32 setting HostKeyAgent /tmp/ssh-XXXXXXylicM7/agent.85320 [preauth]
debug3: rexec:39 setting SshdSessionPath /home/maxime/Projects/Dev/openssh-portable/sshd-session [preauth]
debug3: rexec:56 setting AuthorizedKeysFile .ssh/authorized_keys [preauth]
debug3: rexec:124 setting Subsystem sftp /usr/lib/ssh/sftp-server [preauth]
debug3: ssh_get_authentication_socket_path: path '/tmp/ssh-XXXXXXylicM7/agent.85320' [preauth]
debug3: server_process_channel_timeouts: setting 0 timeouts [preauth]
debug3: channel_clear_timeouts: clearing [preauth]
debug3: fd 5 is O_NONBLOCK [preauth]
debug3: ssh_sandbox_init: preparing seccomp filter sandbox [preauth]
debug3: privsep user:group 34:34 [preauth]
debug1: permanently_set_uid: 34/34 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: ecdsa-sha2-nistp256,ecdsa-sha2-nistp521 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,kex-strict-s-v00 at openssh.com [preauth]
debug2: host key algorithms: ecdsa-sha2-nistp256,ecdsa-sha2-nistp521 [preauth]
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com [preauth]
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,zlib at openssh.com [preauth]
debug2: compression stoc: none,zlib at openssh.com [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00 at openssh.com [preauth]
debug2: host key algorithms: ssh-ed25519-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256 [preauth]
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com [preauth]
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,zlib at openssh.com [preauth]
debug2: compression stoc: none,zlib at openssh.com [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug3: kex_choose_conf: will use strict KEX ordering [preauth]
debug1: kex: algorithm: mlkem768x25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: receive packet: type 30 [preauth]
debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
debug3: mm_sshkey_sign: entering [preauth]
debug3: mm_request_send: entering, type 6 [preauth]
debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect: entering, type 7 [preauth]
debug3: mm_request_receive: entering [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign: entering
debug1: mm_answer_sign: hostkey ecdsa-sha2-nistp256 index 0
debug3: mm_answer_sign: ecdsa-sha2-nistp256 KEX signature len=100
debug3: mm_request_send: entering, type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_sshkey_sign: ecdsa-sha2-nistp256 signature len=100 [preauth]
debug3: send packet: type 31 [preauth]
debug3: send packet: type 21 [preauth]
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth]
debug2: ssh_set_newkeys: mode 1 [preauth]
debug1: rekey out after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: Sending SSH2_MSG_EXT_INFO [preauth]
debug3: send packet: type 7 [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: receive packet: type 21 [preauth]
debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug2: ssh_set_newkeys: mode 0 [preauth]
debug1: rekey in after 134217728 blocks [preauth]
debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,kex-strict-s-v00 at openssh.com [preauth]
debug2: host key algorithms: ecdsa-sha2-nistp256,ecdsa-sha2-nistp521 [preauth]
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com [preauth]
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,zlib at openssh.com [preauth]
debug2: compression stoc: none,zlib at openssh.com [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug1: KEX done [preauth]
debug3: receive packet: type 7 [preauth]
debug1: SSH2_MSG_EXT_INFO received [preauth]
debug3: kex_input_ext_info: extension ext-info-in-auth at openssh.com [preauth]
debug1: kex_ext_info_check_ver: ext-info-in-auth at openssh.com=<0> [preauth]
debug3: receive packet: type 5 [preauth]
debug3: send packet: type 6 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user maxime service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow: entering [preauth]
debug3: mm_request_send: entering, type 8 [preauth]
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect: entering, type 9 [preauth]
debug3: mm_request_receive: entering [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow: entering
debug2: parse_server_config_depth: config reprocess config len 3651
debug3: auth_shadow_acctexpired: today 20027 sp_expire -1 days left -20028
debug3: account expiration disabled
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send: entering, type 9
debug2: monitor_read: 8 used once, disabling now
debug3: server_process_channel_timeouts: setting 0 timeouts [preauth]
debug3: channel_clear_timeouts: clearing [preauth]
debug2: input_userauth_request: setting up authctxt for maxime [preauth]
debug3: mm_inform_authserv: entering [preauth]
debug3: mm_request_send: entering, type 4 [preauth]
debug1: kex_server_update_ext_info: Sending SSH2_MSG_EXT_INFO [preauth]
debug3: send packet: type 7 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
debug3: send packet: type 51 [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 4 used once, disabling now
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user maxime service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug2: userauth_pubkey: valid user maxime querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1eB+ms1FCh9bRMbu2BmsoWNYrru+tS1wVOPzSMEEYU [preauth]
debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:19J+iR0fmy8ExjxEopqcxD5iaa9u71VZ1+LeJx1Mr/A [preauth]
debug3: mm_key_allowed: entering [preauth]
debug3: mm_request_send: entering, type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect: entering, type 23 [preauth]
debug3: mm_request_receive: entering [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed: entering
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /home/maxime/.ssh/authorized_keys
debug1: fd 8 clearing O_NONBLOCK
debug2: auth_check_authkeys_file: /home/maxime/.ssh/authorized_keys: processed 1/1 lines
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed
Failed publickey for maxime from 127.0.0.1 port 37054 ssh2: ED25519 SHA256:19J+iR0fmy8ExjxEopqcxD5iaa9u71VZ1+LeJx1Mr/A
debug3: mm_request_send: entering, type 23
debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 3.061ms, delaying 5.020ms (requested 8.081ms) [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
debug3: send packet: type 51 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user maxime service ssh-connection method keyboard-interactive [preauth]
debug1: attempt 2 failures 1 [preauth]
debug2: input_userauth_request: try method keyboard-interactive [preauth]
debug1: keyboard-interactive devs [preauth]
debug1: auth2_challenge: user=maxime devs= [preauth]
debug1: kbdint_alloc: devices '' [preauth]
debug2: auth2_challenge_start: devices [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 0.061ms, delaying 8.020ms (requested 8.081ms) [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth]
debug3: send packet: type 51 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user maxime service ssh-connection method password [preauth]
debug1: attempt 3 failures 2 [preauth]
debug2: input_userauth_request: try method password [preauth]
debug3: mm_auth_password: entering [preauth]
debug3: mm_request_send: entering, type 12 [preauth]
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
debug3: mm_request_receive_expect: entering, type 13 [preauth]
debug3: mm_request_receive: entering [preauth]
debug3: mm_request_receive: entering
debug3: monitor_read: checking request 12
debug3: auth_shadow_pwexpired: today 20027 sp_lstchg 19946 sp_max 99999
debug3: mm_answer_authpassword: sending result 1
debug3: mm_answer_authpassword: sending result 1
debug3: mm_request_send: entering, type 13
Accepted password for maxime from 127.0.0.1 port 37054 ssh2
debug1: monitor_child_preauth: user maxime authenticated by privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect: entering, type 26
debug3: mm_request_receive: entering
debug3: mm_get_keystate: GOT new keys
debug3: mm_auth_password: user authenticated [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 27.344ms, delaying 4.980ms (requested 8.081ms) [preauth]
debug3: send packet: type 52 [preauth]
debug3: mm_request_send: entering, type 26 [preauth]
debug3: mm_send_keystate: Finished sending state [preauth]
debug1: monitor_read_log: child log fd closed
User child is on pid 86788
debug1: permanently_set_uid: 1000/1000
debug3: monitor_apply_keystate: packet_set_state
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: ssh_packet_set_postauth: called
debug3: ssh_packet_set_state: done
debug3: notify_hostkeys: key 0: ecdsa-sha2-nistp256 SHA256:YkIO1IvDg3w8IaG+jWWJ8qSL5dr/NTZ+4xAA0Wau5Fc
debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp521 SHA256:3jTqlIIrC33dsPwveXAP2Qqi24vo9Olaq2M1WIA+A3I
debug3: notify_hostkeys: sent 2 hostkeys
debug3: send packet: type 80
debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch
debug3: receive packet: type 90
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new session [server-session] (inactive timeout: 0)
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug3: send packet: type 91
debug3: receive packet: type 80
debug1: server_input_global_request: rtype no-more-sessions at openssh.com want_reply 0
debug3: receive packet: type 80
debug1: server_input_global_request: rtype hostkeys-prove-00 at openssh.com want_reply 1
debug3: server_input_hostkeys_prove: sign ECDSA key (index 1) using sigalg default
debug3: mm_sshkey_sign: entering
debug3: mm_request_send: entering, type 6
debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN
debug3: mm_request_receive: entering
debug3: mm_request_receive_expect: entering, type 7
debug3: monitor_read: checking request 6
debug3: mm_request_receive: entering
debug3: mm_answer_sign: entering
debug1: mm_answer_sign: hostkey ecdsa-sha2-nistp521 index 1
mm_answer_sign: agent sign: invalid argument
debug1: do_cleanup
debug3: mm_request_receive: monitor fd closed
debug1: do_cleanup
-------------- next part --------------
~ Projects/Dev/openssh-portable/ssh 127.0.0.1 -vvv
OpenSSH_9.9p1, OpenSSL 3.3.2 3 Sep 2024
debug1: Reading configuration data /usr/local/etc/ssh_config
debug3: /usr/local/etc/ssh_config line 2: Including file /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/maxime/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/maxime/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /home/maxime/.ssh/id_rsa type -1
debug1: identity file /home/maxime/.ssh/id_rsa-cert type -1
debug1: identity file /home/maxime/.ssh/id_ecdsa type -1
debug1: identity file /home/maxime/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/maxime/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/maxime/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/maxime/.ssh/id_ed25519 type 3
debug1: identity file /home/maxime/.ssh/id_ed25519-cert type -1
debug1: identity file /home/maxime/.ssh/id_ed25519_sk type -1
debug1: identity file /home/maxime/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/maxime/.ssh/id_xmss type -1
debug1: identity file /home/maxime/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9
debug1: compat_banner: match: OpenSSH_9.9 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:22 as 'maxime'
debug1: load_hostkeys: fopen /home/maxime/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /home/maxime/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /usr/local/etc/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /usr/local/etc/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: no algorithms matched; accept original
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00 at openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com
debug2: compression stoc: none,zlib at openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,kex-strict-s-v00 at openssh.com
debug2: host key algorithms: ecdsa-sha2-nistp256,ecdsa-sha2-nistp521
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com
debug2: compression stoc: none,zlib at openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: mlkem768x25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305 at openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:YkIO1IvDg3w8IaG+jWWJ8qSL5dr/NTZ+4xAA0Wau5Fc
debug1: load_hostkeys: fopen /home/maxime/.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /home/maxime/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /usr/local/etc/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /usr/local/etc/ssh_known_hosts2: No such file or directory
debug3: hostkeys_find_by_key_hostfile: trying user hostfile "/home/maxime/.ssh/known_hosts"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/maxime/.ssh/known_hosts does not exist
debug3: hostkeys_find_by_key_hostfile: trying user hostfile "/home/maxime/.ssh/known_hosts2"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/maxime/.ssh/known_hosts2 does not exist
debug3: hostkeys_find_by_key_hostfile: trying system hostfile "/usr/local/etc/ssh_known_hosts"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /usr/local/etc/ssh_known_hosts does not exist
debug3: hostkeys_find_by_key_hostfile: trying system hostfile "/usr/local/etc/ssh_known_hosts2"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /usr/local/etc/ssh_known_hosts2 does not exist
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:YkIO1IvDg3w8IaG+jWWJ8qSL5dr/NTZ+4xAA0Wau5Fc.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
debug3: send packet: type 21
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: Sending SSH2_MSG_EXT_INFO
debug3: send packet: type 7
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512 at openssh.com,curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00 at openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01 at openssh.com,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,sk-ssh-ed25519-cert-v01 at openssh.com,sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256-cert-v01 at openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib at openssh.com
debug2: compression stoc: none,zlib at openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug3: kex_input_ext_info: extension server-sig-algs
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256>
debug3: kex_input_ext_info: extension publickey-hostbound at openssh.com
debug1: kex_ext_info_check_ver: publickey-hostbound at openssh.com=<0>
debug3: kex_input_ext_info: extension ping at openssh.com
debug1: kex_ext_info_check_ver: ping at openssh.com=<0>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug3: kex_input_ext_info: extension server-sig-algs
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519 at openssh.com,sk-ecdsa-sha2-nistp256 at openssh.com,rsa-sha2-512,rsa-sha2-256>
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Will attempt key: /home/maxime/.ssh/id_rsa
debug1: Will attempt key: /home/maxime/.ssh/id_ecdsa
debug1: Will attempt key: /home/maxime/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/maxime/.ssh/id_ed25519 ED25519 SHA256:19J+iR0fmy8ExjxEopqcxD5iaa9u71VZ1+LeJx1Mr/A
debug1: Will attempt key: /home/maxime/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/maxime/.ssh/id_xmss
debug2: pubkey_prepare: done
debug1: Trying private key: /home/maxime/.ssh/id_rsa
debug3: no such identity: /home/maxime/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/maxime/.ssh/id_ecdsa
debug3: no such identity: /home/maxime/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/maxime/.ssh/id_ecdsa_sk
debug3: no such identity: /home/maxime/.ssh/id_ecdsa_sk: No such file or directory
debug1: Offering public key: /home/maxime/.ssh/id_ed25519 ED25519 SHA256:19J+iR0fmy8ExjxEopqcxD5iaa9u71VZ1+LeJx1Mr/A
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /home/maxime/.ssh/id_ed25519_sk
debug3: no such identity: /home/maxime/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /home/maxime/.ssh/id_xmss
debug3: no such identity: /home/maxime/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: userauth_kbdint: disable: no info_req_seen
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
maxime at 127.0.0.1's password:
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 52
Authenticated to 127.0.0.1 ([127.0.0.1]:22) using "password".
debug1: channel 0: new session [client-session] (inactive timeout: 0)
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions at openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: filesystem
debug3: client_repledge: enter
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com want_reply 0
debug3: client_input_hostkeys: received ECDSA key SHA256:YkIO1IvDg3w8IaG+jWWJ8qSL5dr/NTZ+4xAA0Wau5Fc
debug3: client_input_hostkeys: received ECDSA key SHA256:3jTqlIIrC33dsPwveXAP2Qqi24vo9Olaq2M1WIA+A3I
debug1: client_input_hostkeys: searching /home/maxime/.ssh/known_hosts for 127.0.0.1 / (none)
debug3: hostkeys_foreach: reading file "/home/maxime/.ssh/known_hosts"
debug3: hostkeys_find: found ecdsa-sha2-nistp256 key at /home/maxime/.ssh/known_hosts:1
debug1: client_input_hostkeys: searching /home/maxime/.ssh/known_hosts2 for 127.0.0.1 / (none)
debug1: client_input_hostkeys: hostkeys file /home/maxime/.ssh/known_hosts2 does not exist
debug3: client_input_hostkeys: 2 server keys: 1 new, 0 retained, 1 incomplete match. 0 to remove
debug3: client_input_hostkeys: asking server to prove ownership for 1 keys
debug3: send packet: type 80
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug3: client_repledge: enter
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
Read from remote host 127.0.0.1: Connection reset by peer
Connection to 127.0.0.1 closed.
debug3: send packet: type 1
client_loop: send disconnect: Broken pipe
More information about the openssh-unix-dev
mailing list