Damien Miller <djm@xxxxxxxxxxx> writes: > > Hi, > > I'm having trouble replicating this failure by making changes to the > existing hostkey-agent.sh regress test. > > Can you share a bit more about how it happens? Debug traces from the > client and server would be very helpful. > > Thanks, > Damien Miller Hi Damien, Thanks for your response. I'm currently working on reproducing this with the hostkey-agent.sh test, but I can consistently reproduce it using a clean OpenSSH repository. Here’s how: 1. Start the SSH agent. 2. Add two ECDSA keys to the agent. 3. Modify sshd_config: Set HostKeyAgent as the agent path. Add the public parts of the ECDSA keys to the configuration. 4. Start sshd. 5. Run the SSH client: Use default configuration, with no prior server keys in the known_hosts file. In this setup, the server and client complete the key exchange successfully. However, when the server attempts to prove the authenticity of the second ECDSA key, the process fails as described. I've attached logs and my configuration files for reference. Let me know if I’m missing anything or if there’s anything else I should provide to help replicate the issue. Please tell me if i'm doing anything wrong, multiple mails. Apologies for the multiple emails. I forgot to include the mailing list in my previous reply. Maxime Rey
debug2: load_server_config: filename /usr/local/etc/sshd_config debug2: load_server_config: done config len = 3651 debug2: parse_server_config_depth: config /usr/local/etc/sshd_config len 3651 debug3: /usr/local/etc/sshd_config:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key.pub debug3: /usr/local/etc/sshd_config:26 setting HostKey /etc/ssh/ssh_host_ecdsa_key2.pub debug3: /usr/local/etc/sshd_config:32 setting HostKeyAgent /tmp/ssh-XXXXXXylicM7/agent.85320 debug3: /usr/local/etc/sshd_config:39 setting SshdSessionPath /home/maxime/Projects/Dev/openssh-portable/sshd-session debug3: /usr/local/etc/sshd_config:56 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /usr/local/etc/sshd_config:124 setting Subsystem sftp /usr/lib/ssh/sftp-server debug1: sshd version OpenSSH_9.9, OpenSSL 3.3.2 3 Sep 2024 debug3: ssh_get_authentication_socket_path: path '/tmp/ssh-XXXXXXylicM7/agent.85320' Unable to load host key "/etc/ssh/ssh_host_ecdsa_key.pub": error in libcrypto debug1: will rely on agent for hostkey /etc/ssh/ssh_host_ecdsa_key.pub debug1: agent host key #0: ecdsa-sha2-nistp256 SHA256:YkIO1IvDg3w8IaG+jWWJ8qSL5dr/NTZ+4xAA0Wau5Fc Unable to load host key "/etc/ssh/ssh_host_ecdsa_key2.pub": error in libcrypto debug1: will rely on agent for hostkey /etc/ssh/ssh_host_ecdsa_key2.pub debug1: agent host key #1: ecdsa-sha2-nistp521 SHA256:3jTqlIIrC33dsPwveXAP2Qqi24vo9Olaq2M1WIA+A3I debug1: rexec_argv[1]='-ddd' debug3: using /home/maxime/Projects/Dev/openssh-portable/sshd-session for re-exec debug3: oom_adjust_setup debug1: Set /proc/self/oom_score_adj from 100 to -1000 debug2: fd 7 setting O_NONBLOCK debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug2: fd 8 setting O_NONBLOCK debug3: sock_set_v6only: set socket 8 IPV6_V6ONLY debug1: Bind to port 22 on ::. Server listening on :: port 22. debug3: fd 9 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 12 config len 3651 debug3: ssh_msg_send: type 0 len 3971 debug3: ssh_msg_send: done debug3: send_rexec_state: done debug1: rexec start in 9 out 9 newsock 9 pipe -1 sock 12/13 debug1: sshd version OpenSSH_9.9, OpenSSL 3.3.2 3 Sep 2024 debug3: recv_rexec_state: entering fd = 5 debug3: ssh_msg_recv entering debug2: parse_hostkeys: pubkey 0: ecdsa-sha2-nistp256 debug2: parse_hostkeys: pubkey 1: ecdsa-sha2-nistp521 debug3: recv_rexec_state: done debug2: parse_server_config_depth: config rexec len 3651 debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key.pub debug3: rexec:26 setting HostKey /etc/ssh/ssh_host_ecdsa_key2.pub debug3: rexec:32 setting HostKeyAgent /tmp/ssh-XXXXXXylicM7/agent.85320 debug3: rexec:39 setting SshdSessionPath /home/maxime/Projects/Dev/openssh-portable/sshd-session debug3: rexec:56 setting AuthorizedKeysFile .ssh/authorized_keys debug3: rexec:124 setting Subsystem sftp /usr/lib/ssh/sftp-server debug3: ssh_get_authentication_socket_path: path '/tmp/ssh-XXXXXXylicM7/agent.85320' debug1: network sockets: 7, 7 debug3: server_process_channel_timeouts: setting 0 timeouts debug3: channel_clear_timeouts: clearing Connection from 127.0.0.1 port 37054 on 127.0.0.1 port 22 rdomain "" debug1: Local version string SSH-2.0-OpenSSH_9.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9 debug1: compat_banner: match: OpenSSH_9.9 pat OpenSSH* compat 0x04000000 debug2: fd 7 setting O_NONBLOCK debug2: Network child is on pid 86786 debug3: ssh_get_authentication_socket_path: path '/tmp/ssh-XXXXXXylicM7/agent.85320' debug3: preauth child monitor started debug1: sshd version OpenSSH_9.9, OpenSSL 3.3.2 3 Sep 2024 [preauth] debug1: network sockets: 5, 5 [preauth] debug3: recv_privsep_state: begin [preauth] debug3: mm_get_state: entering [preauth] debug3: mm_request_send: entering, type 51 [preauth] debug3: mm_get_state: waiting for MONITOR_ANS_STATE [preauth] debug3: mm_request_receive_expect: entering, type 52 [preauth] debug3: mm_request_receive: entering [preauth] debug3: mm_request_receive: entering debug3: monitor_read: checking request 51 debug1: mm_answer_state: config len 3651 debug3: mm_request_send: entering, type 52 debug3: mm_answer_state: done debug2: monitor_read: 51 used once, disabling now debug3: mm_get_state: done [preauth] debug2: parse_hostkeys: key 0: ecdsa-sha2-nistp256 [preauth] debug2: parse_hostkeys: key 1: ecdsa-sha2-nistp521 [preauth] debug3: recv_privsep_state: done [preauth] debug2: parse_server_config_depth: config rexec len 3651 [preauth] debug3: rexec:23 setting HostKey /etc/ssh/ssh_host_ecdsa_key.pub [preauth] debug3: rexec:26 setting HostKey /etc/ssh/ssh_host_ecdsa_key2.pub [preauth] debug3: rexec:32 setting HostKeyAgent /tmp/ssh-XXXXXXylicM7/agent.85320 [preauth] debug3: rexec:39 setting SshdSessionPath /home/maxime/Projects/Dev/openssh-portable/sshd-session [preauth] debug3: rexec:56 setting AuthorizedKeysFile .ssh/authorized_keys [preauth] debug3: rexec:124 setting Subsystem sftp /usr/lib/ssh/sftp-server [preauth] debug3: ssh_get_authentication_socket_path: path '/tmp/ssh-XXXXXXylicM7/agent.85320' [preauth] debug3: server_process_channel_timeouts: setting 0 timeouts [preauth] debug3: channel_clear_timeouts: clearing [preauth] debug3: fd 5 is O_NONBLOCK [preauth] debug3: ssh_sandbox_init: preparing seccomp filter sandbox [preauth] debug3: privsep user:group 34:34 [preauth] debug1: permanently_set_uid: 34/34 [preauth] debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] debug1: list_hostkey_types: ecdsa-sha2-nistp256,ecdsa-sha2-nistp521 [preauth] debug3: send packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug3: receive packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug2: local server KEXINIT proposal [preauth] debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@xxxxxxxxxxx,curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,kex-strict-s-v00@xxxxxxxxxxx [preauth] debug2: host key algorithms: ecdsa-sha2-nistp256,ecdsa-sha2-nistp521 [preauth] debug2: ciphers ctos: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx [preauth] debug2: ciphers stoc: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx [preauth] debug2: MACs ctos: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: MACs stoc: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: compression ctos: none,zlib@xxxxxxxxxxx [preauth] debug2: compression stoc: none,zlib@xxxxxxxxxxx [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug2: peer client KEXINIT proposal [preauth] debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@xxxxxxxxxxx,curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@xxxxxxxxxxx [preauth] debug2: host key algorithms: ssh-ed25519-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,sk-ssh-ed25519-cert-v01@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,rsa-sha2-512-cert-v01@xxxxxxxxxxx,rsa-sha2-256-cert-v01@xxxxxxxxxxx,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-256 [preauth] debug2: ciphers ctos: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx [preauth] debug2: ciphers stoc: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx [preauth] debug2: MACs ctos: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: MACs stoc: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: compression ctos: none,zlib@xxxxxxxxxxx [preauth] debug2: compression stoc: none,zlib@xxxxxxxxxxx [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug3: kex_choose_conf: will use strict KEX ordering [preauth] debug1: kex: algorithm: mlkem768x25519-sha256 [preauth] debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth] debug1: kex: client->server cipher: chacha20-poly1305@xxxxxxxxxxx MAC: <implicit> compression: none [preauth] debug1: kex: server->client cipher: chacha20-poly1305@xxxxxxxxxxx MAC: <implicit> compression: none [preauth] debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth] debug3: receive packet: type 30 [preauth] debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth] debug3: mm_sshkey_sign: entering [preauth] debug3: mm_request_send: entering, type 6 [preauth] debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth] debug3: mm_request_receive_expect: entering, type 7 [preauth] debug3: mm_request_receive: entering [preauth] debug3: mm_request_receive: entering debug3: monitor_read: checking request 6 debug3: mm_answer_sign: entering debug1: mm_answer_sign: hostkey ecdsa-sha2-nistp256 index 0 debug3: mm_answer_sign: ecdsa-sha2-nistp256 KEX signature len=100 debug3: mm_request_send: entering, type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_sshkey_sign: ecdsa-sha2-nistp256 signature len=100 [preauth] debug3: send packet: type 31 [preauth] debug3: send packet: type 21 [preauth] debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 [preauth] debug2: ssh_set_newkeys: mode 1 [preauth] debug1: rekey out after 134217728 blocks [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: Sending SSH2_MSG_EXT_INFO [preauth] debug3: send packet: type 7 [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug3: receive packet: type 21 [preauth] debug1: ssh_packet_read_poll2: resetting read seqnr 3 [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug2: ssh_set_newkeys: mode 0 [preauth] debug1: rekey in after 134217728 blocks [preauth] debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@xxxxxxxxxxx,curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,kex-strict-s-v00@xxxxxxxxxxx [preauth] debug2: host key algorithms: ecdsa-sha2-nistp256,ecdsa-sha2-nistp521 [preauth] debug2: ciphers ctos: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx [preauth] debug2: ciphers stoc: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx [preauth] debug2: MACs ctos: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: MACs stoc: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: compression ctos: none,zlib@xxxxxxxxxxx [preauth] debug2: compression stoc: none,zlib@xxxxxxxxxxx [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug1: KEX done [preauth] debug3: receive packet: type 7 [preauth] debug1: SSH2_MSG_EXT_INFO received [preauth] debug3: kex_input_ext_info: extension ext-info-in-auth@xxxxxxxxxxx [preauth] debug1: kex_ext_info_check_ver: ext-info-in-auth@xxxxxxxxxxx=<0> [preauth] debug3: receive packet: type 5 [preauth] debug3: send packet: type 6 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user maxime service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug3: mm_getpwnamallow: entering [preauth] debug3: mm_request_send: entering, type 8 [preauth] debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] debug3: mm_request_receive_expect: entering, type 9 [preauth] debug3: mm_request_receive: entering [preauth] debug3: mm_request_receive: entering debug3: monitor_read: checking request 8 debug3: mm_answer_pwnamallow: entering debug2: parse_server_config_depth: config reprocess config len 3651 debug3: auth_shadow_acctexpired: today 20027 sp_expire -1 days left -20028 debug3: account expiration disabled debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send: entering, type 9 debug2: monitor_read: 8 used once, disabling now debug3: server_process_channel_timeouts: setting 0 timeouts [preauth] debug3: channel_clear_timeouts: clearing [preauth] debug2: input_userauth_request: setting up authctxt for maxime [preauth] debug3: mm_inform_authserv: entering [preauth] debug3: mm_request_send: entering, type 4 [preauth] debug1: kex_server_update_ext_info: Sending SSH2_MSG_EXT_INFO [preauth] debug3: send packet: type 7 [preauth] debug2: input_userauth_request: try method none [preauth] debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] debug3: send packet: type 51 [preauth] debug3: mm_request_receive: entering debug3: monitor_read: checking request 4 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 4 used once, disabling now debug3: receive packet: type 50 [preauth] debug1: userauth-request for user maxime service ssh-connection method publickey [preauth] debug1: attempt 1 failures 0 [preauth] debug2: input_userauth_request: try method publickey [preauth] debug2: userauth_pubkey: valid user maxime querying public key ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1eB+ms1FCh9bRMbu2BmsoWNYrru+tS1wVOPzSMEEYU [preauth] debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:19J+iR0fmy8ExjxEopqcxD5iaa9u71VZ1+LeJx1Mr/A [preauth] debug3: mm_key_allowed: entering [preauth] debug3: mm_request_send: entering, type 22 [preauth] debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth] debug3: mm_request_receive_expect: entering, type 23 [preauth] debug3: mm_request_receive: entering [preauth] debug3: mm_request_receive: entering debug3: monitor_read: checking request 22 debug3: mm_answer_keyallowed: entering debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /home/maxime/.ssh/authorized_keys debug1: fd 8 clearing O_NONBLOCK debug2: auth_check_authkeys_file: /home/maxime/.ssh/authorized_keys: processed 1/1 lines debug1: restore_uid: 0/0 debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is not allowed Failed publickey for maxime from 127.0.0.1 port 37054 ssh2: ED25519 SHA256:19J+iR0fmy8ExjxEopqcxD5iaa9u71VZ1+LeJx1Mr/A debug3: mm_request_send: entering, type 23 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth] debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 3.061ms, delaying 5.020ms (requested 8.081ms) [preauth] debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] debug3: send packet: type 51 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user maxime service ssh-connection method keyboard-interactive [preauth] debug1: attempt 2 failures 1 [preauth] debug2: input_userauth_request: try method keyboard-interactive [preauth] debug1: keyboard-interactive devs [preauth] debug1: auth2_challenge: user=maxime devs= [preauth] debug1: kbdint_alloc: devices '' [preauth] debug2: auth2_challenge_start: devices [preauth] debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 0.061ms, delaying 8.020ms (requested 8.081ms) [preauth] debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] debug3: send packet: type 51 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user maxime service ssh-connection method password [preauth] debug1: attempt 3 failures 2 [preauth] debug2: input_userauth_request: try method password [preauth] debug3: mm_auth_password: entering [preauth] debug3: mm_request_send: entering, type 12 [preauth] debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth] debug3: mm_request_receive_expect: entering, type 13 [preauth] debug3: mm_request_receive: entering [preauth] debug3: mm_request_receive: entering debug3: monitor_read: checking request 12 debug3: auth_shadow_pwexpired: today 20027 sp_lstchg 19946 sp_max 99999 debug3: mm_answer_authpassword: sending result 1 debug3: mm_answer_authpassword: sending result 1 debug3: mm_request_send: entering, type 13 Accepted password for maxime from 127.0.0.1 port 37054 ssh2 debug1: monitor_child_preauth: user maxime authenticated by privileged process debug3: mm_get_keystate: Waiting for new keys debug3: mm_request_receive_expect: entering, type 26 debug3: mm_request_receive: entering debug3: mm_get_keystate: GOT new keys debug3: mm_auth_password: user authenticated [preauth] debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 27.344ms, delaying 4.980ms (requested 8.081ms) [preauth] debug3: send packet: type 52 [preauth] debug3: mm_request_send: entering, type 26 [preauth] debug3: mm_send_keystate: Finished sending state [preauth] debug1: monitor_read_log: child log fd closed User child is on pid 86788 debug1: permanently_set_uid: 1000/1000 debug3: monitor_apply_keystate: packet_set_state debug2: ssh_set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug2: ssh_set_newkeys: mode 1 debug1: rekey out after 134217728 blocks debug1: ssh_packet_set_postauth: called debug3: ssh_packet_set_state: done debug3: notify_hostkeys: key 0: ecdsa-sha2-nistp256 SHA256:YkIO1IvDg3w8IaG+jWWJ8qSL5dr/NTZ+4xAA0Wau5Fc debug3: notify_hostkeys: key 1: ecdsa-sha2-nistp521 SHA256:3jTqlIIrC33dsPwveXAP2Qqi24vo9Olaq2M1WIA+A3I debug3: notify_hostkeys: sent 2 hostkeys debug3: send packet: type 80 debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug1: Entering interactive session for SSH2. debug1: server_init_dispatch debug3: receive packet: type 90 debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 debug1: input_session_request debug1: channel 0: new session [server-session] (inactive timeout: 0) debug2: session_new: allocate (allocated 0 max 10) debug3: session_unused: session id 0 unused debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug3: send packet: type 91 debug3: receive packet: type 80 debug1: server_input_global_request: rtype no-more-sessions@xxxxxxxxxxx want_reply 0 debug3: receive packet: type 80 debug1: server_input_global_request: rtype hostkeys-prove-00@xxxxxxxxxxx want_reply 1 debug3: server_input_hostkeys_prove: sign ECDSA key (index 1) using sigalg default debug3: mm_sshkey_sign: entering debug3: mm_request_send: entering, type 6 debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive: entering debug3: mm_request_receive_expect: entering, type 7 debug3: monitor_read: checking request 6 debug3: mm_request_receive: entering debug3: mm_answer_sign: entering debug1: mm_answer_sign: hostkey ecdsa-sha2-nistp521 index 1 mm_answer_sign: agent sign: invalid argument debug1: do_cleanup debug3: mm_request_receive: monitor fd closed debug1: do_cleanup
~ Projects/Dev/openssh-portable/ssh 127.0.0.1 -vvv OpenSSH_9.9p1, OpenSSL 3.3.2 3 Sep 2024 debug1: Reading configuration data /usr/local/etc/ssh_config debug3: /usr/local/etc/ssh_config line 2: Including file /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf debug2: resolve_canonicalize: hostname 127.0.0.1 is address debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/maxime/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/maxime/.ssh/known_hosts2' debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling debug3: channel_clear_timeouts: clearing debug3: ssh_connect_direct: entering debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22. debug3: set_sock_tos: set socket 3 IP_TOS 0x48 debug1: Connection established. debug1: identity file /home/maxime/.ssh/id_rsa type -1 debug1: identity file /home/maxime/.ssh/id_rsa-cert type -1 debug1: identity file /home/maxime/.ssh/id_ecdsa type -1 debug1: identity file /home/maxime/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/maxime/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/maxime/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/maxime/.ssh/id_ed25519 type 3 debug1: identity file /home/maxime/.ssh/id_ed25519-cert type -1 debug1: identity file /home/maxime/.ssh/id_ed25519_sk type -1 debug1: identity file /home/maxime/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/maxime/.ssh/id_xmss type -1 debug1: identity file /home/maxime/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9 debug1: compat_banner: match: OpenSSH_9.9 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 127.0.0.1:22 as 'maxime' debug1: load_hostkeys: fopen /home/maxime/.ssh/known_hosts: No such file or directory debug1: load_hostkeys: fopen /home/maxime/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /usr/local/etc/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /usr/local/etc/ssh_known_hosts2: No such file or directory debug3: order_hostkeyalgs: no algorithms matched; accept original debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@xxxxxxxxxxx,curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@xxxxxxxxxxx debug2: host key algorithms: ssh-ed25519-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,sk-ssh-ed25519-cert-v01@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,rsa-sha2-512-cert-v01@xxxxxxxxxxx,rsa-sha2-256-cert-v01@xxxxxxxxxxx,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-256 debug2: ciphers ctos: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx debug2: ciphers stoc: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx debug2: MACs ctos: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@xxxxxxxxxxx debug2: compression stoc: none,zlib@xxxxxxxxxxx debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@xxxxxxxxxxx,curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,ext-info-s,kex-strict-s-v00@xxxxxxxxxxx debug2: host key algorithms: ecdsa-sha2-nistp256,ecdsa-sha2-nistp521 debug2: ciphers ctos: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx debug2: ciphers stoc: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx debug2: MACs ctos: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@xxxxxxxxxxx debug2: compression stoc: none,zlib@xxxxxxxxxxx debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug3: kex_choose_conf: will use strict KEX ordering debug1: kex: algorithm: mlkem768x25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@xxxxxxxxxxx MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@xxxxxxxxxxx MAC: <implicit> compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ecdsa-sha2-nistp256 SHA256:YkIO1IvDg3w8IaG+jWWJ8qSL5dr/NTZ+4xAA0Wau5Fc debug1: load_hostkeys: fopen /home/maxime/.ssh/known_hosts: No such file or directory debug1: load_hostkeys: fopen /home/maxime/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /usr/local/etc/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /usr/local/etc/ssh_known_hosts2: No such file or directory debug3: hostkeys_find_by_key_hostfile: trying user hostfile "/home/maxime/.ssh/known_hosts" debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/maxime/.ssh/known_hosts does not exist debug3: hostkeys_find_by_key_hostfile: trying user hostfile "/home/maxime/.ssh/known_hosts2" debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/maxime/.ssh/known_hosts2 does not exist debug3: hostkeys_find_by_key_hostfile: trying system hostfile "/usr/local/etc/ssh_known_hosts" debug1: hostkeys_find_by_key_hostfile: hostkeys file /usr/local/etc/ssh_known_hosts does not exist debug3: hostkeys_find_by_key_hostfile: trying system hostfile "/usr/local/etc/ssh_known_hosts2" debug1: hostkeys_find_by_key_hostfile: hostkeys file /usr/local/etc/ssh_known_hosts2 does not exist The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:YkIO1IvDg3w8IaG+jWWJ8qSL5dr/NTZ+4xAA0Wau5Fc. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. debug3: send packet: type 21 debug1: ssh_packet_send2_wrapped: resetting send seqnr 3 debug2: ssh_set_newkeys: mode 1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: Sending SSH2_MSG_EXT_INFO debug3: send packet: type 7 debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: ssh_packet_read_poll2: resetting read seqnr 3 debug1: SSH2_MSG_NEWKEYS received debug2: ssh_set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug2: KEX algorithms: mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@xxxxxxxxxxx,curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@xxxxxxxxxxx debug2: host key algorithms: ssh-ed25519-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,sk-ssh-ed25519-cert-v01@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,rsa-sha2-512-cert-v01@xxxxxxxxxxx,rsa-sha2-256-cert-v01@xxxxxxxxxxx,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-256 debug2: ciphers ctos: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx debug2: ciphers stoc: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx debug2: MACs ctos: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@xxxxxxxxxxx debug2: compression stoc: none,zlib@xxxxxxxxxxx debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug3: kex_input_ext_info: extension server-sig-algs debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-256> debug3: kex_input_ext_info: extension publickey-hostbound@xxxxxxxxxxx debug1: kex_ext_info_check_ver: publickey-hostbound@xxxxxxxxxxx=<0> debug3: kex_input_ext_info: extension ping@xxxxxxxxxxx debug1: kex_ext_info_check_ver: ping@xxxxxxxxxxx=<0> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug3: kex_input_ext_info: extension server-sig-algs debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@xxxxxxxxxxx,sk-ecdsa-sha2-nistp256@xxxxxxxxxxx,rsa-sha2-512,rsa-sha2-256> debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Will attempt key: /home/maxime/.ssh/id_rsa debug1: Will attempt key: /home/maxime/.ssh/id_ecdsa debug1: Will attempt key: /home/maxime/.ssh/id_ecdsa_sk debug1: Will attempt key: /home/maxime/.ssh/id_ed25519 ED25519 SHA256:19J+iR0fmy8ExjxEopqcxD5iaa9u71VZ1+LeJx1Mr/A debug1: Will attempt key: /home/maxime/.ssh/id_ed25519_sk debug1: Will attempt key: /home/maxime/.ssh/id_xmss debug2: pubkey_prepare: done debug1: Trying private key: /home/maxime/.ssh/id_rsa debug3: no such identity: /home/maxime/.ssh/id_rsa: No such file or directory debug1: Trying private key: /home/maxime/.ssh/id_ecdsa debug3: no such identity: /home/maxime/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /home/maxime/.ssh/id_ecdsa_sk debug3: no such identity: /home/maxime/.ssh/id_ecdsa_sk: No such file or directory debug1: Offering public key: /home/maxime/.ssh/id_ed25519 ED25519 SHA256:19J+iR0fmy8ExjxEopqcxD5iaa9u71VZ1+LeJx1Mr/A debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Trying private key: /home/maxime/.ssh/id_ed25519_sk debug3: no such identity: /home/maxime/.ssh/id_ed25519_sk: No such file or directory debug1: Trying private key: /home/maxime/.ssh/id_xmss debug3: no such identity: /home/maxime/.ssh/id_xmss: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug3: send packet: type 50 debug2: we sent a keyboard-interactive packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: userauth_kbdint: disable: no info_req_seen debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: Next authentication method: password maxime@127.0.0.1's password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 52 Authenticated to 127.0.0.1 ([127.0.0.1]:22) using "password". debug1: channel 0: new session [client-session] (inactive timeout: 0) debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug3: send packet: type 90 debug1: Requesting no-more-sessions@xxxxxxxxxxx debug3: send packet: type 80 debug1: Entering interactive session. debug1: pledge: filesystem debug3: client_repledge: enter debug3: receive packet: type 80 debug1: client_input_global_request: rtype hostkeys-00@xxxxxxxxxxx want_reply 0 debug3: client_input_hostkeys: received ECDSA key SHA256:YkIO1IvDg3w8IaG+jWWJ8qSL5dr/NTZ+4xAA0Wau5Fc debug3: client_input_hostkeys: received ECDSA key SHA256:3jTqlIIrC33dsPwveXAP2Qqi24vo9Olaq2M1WIA+A3I debug1: client_input_hostkeys: searching /home/maxime/.ssh/known_hosts for 127.0.0.1 / (none) debug3: hostkeys_foreach: reading file "/home/maxime/.ssh/known_hosts" debug3: hostkeys_find: found ecdsa-sha2-nistp256 key at /home/maxime/.ssh/known_hosts:1 debug1: client_input_hostkeys: searching /home/maxime/.ssh/known_hosts2 for 127.0.0.1 / (none) debug1: client_input_hostkeys: hostkeys file /home/maxime/.ssh/known_hosts2 does not exist debug3: client_input_hostkeys: 2 server keys: 1 new, 0 retained, 1 incomplete match. 0 to remove debug3: client_input_hostkeys: asking server to prove ownership for 1 keys debug3: send packet: type 80 debug3: receive packet: type 91 debug2: channel_input_open_confirmation: channel 0: callback start debug2: fd 3 setting TCP_NODELAY debug3: set_sock_tos: set socket 3 IP_TOS 0x48 debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug3: send packet: type 98 debug2: channel 0: request shell confirm 1 debug3: send packet: type 98 debug3: client_repledge: enter debug2: channel_input_open_confirmation: channel 0: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 Read from remote host 127.0.0.1: Connection reset by peer Connection to 127.0.0.1 closed. debug3: send packet: type 1 client_loop: send disconnect: Broken pipe
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev