Re: Query on Openssh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This does not appear to have anything to do with OpenSSL and is mostl likely a problem with SSH.

Start by running SSH on the destination server in debug mode. That is the best way I have found to determine client issues. 

Regards
Mark Hack



On Thu, 2023-01-12 at 09:47 +0000, Deepti Sharma S via openssl-users wrote:

Hello Team,

 

Problem Statement :

Unable to connect to SFTP server hosted on Microsoft Azure using openssh-client version 7.4p1 using Subsytem SFTP.

Observation :

We are unable to connect with SFTP server using public key authentication(same with password authentication). And getting following error :

We are able to connect with the machine using our ssh-client.

After successful authentication, our client immediately send the message "type 1" to disconnect from the server as shown in logs attached.

 

Other observations :

We running through sftp utility, same user successfully connected with SFTP Server hosted on Azure. Logs attached

kiel1-med10:/home/ealekbl# sftp stdmpingprivwesteu01p.emmuserpass@10.136.113.70

stdmpingprivwesteu01p.emmuserp@10.136.113.70's password:

Connected to 10.136.113.70.

sftp> exit

 

Openssh 7.4p1 is connected successfully with sftp servers running on linux machines not hosted on Azure.

 

Setup Details :

              client :

                             openssh-client 7.4p1 running on RHEL

              SFTP Server : MS Azure (AzureSSH_1.0.0)

             

Verbose Logs :

 

kiel1-med1:/home/ealekbl# /opt/mediation/appl/SERVER/CXC1741717_R4N//lib/exe/ssh-client_7.4p1 -oForwardX11=no -oForwardAgent=no -oProtocol=2 -l stdmpingprivwesteu01p.emmuser -oIdentityFile=/home/mmsuper/.ssh/emmdata.pem -_oNumberOfPasswordPrompts_=1 -oPreferredAuthentications=publickey -oPubkeyAuthentication=yes -oRhostsAuthentication=no -oRhostsRSAAuthentication=no -oRSAAuthentication=no -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -s -oport=22 -vvv -Z "Alive and kicking" 10.136.113.70 sftp

OpenSSH_7.4p1, OpenSSL 1.0.2k  26 Jan 2017

debug2: resolving "10.136.113.70" port 22

debug2: ssh_connect_direct: needpriv 0

debug1: Connecting to 10.136.113.70 [10.136.113.70] port 22.

debug1: Connection established.

debug1: permanently_set_uid: 0/0

debug1: key_load_public: No such file or directory

debug1: identity file /home/mmsuper/.ssh/emmdata.pem type -1

debug1: key_load_public: No such file or directory

debug1: identity file /home/mmsuper/.ssh/emmdata.pem-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_7.4

debug1: Remote protocol version 2.0, remote software version AzureSSH_1.0.0

debug1: no match: AzureSSH_1.0.0

debug2: fd 3 setting O_NONBLOCK

debug1: Authenticating to 10.136.113.70:22 as 'stdmpingprivwesteu01p.emmuser'

debug3: hostkeys_foreach: reading file "/dev/null"

debug3: send packet: type 20

debug1: SSH2_MSG_KEXINIT sent

debug3: receive packet: type 20

debug1: SSH2_MSG_KEXINIT received

debug2: local client KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c

debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx,ssh-ed25519-cert-v01@xxxxxxxxxxx,ssh-rsa-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

debug2: ciphers ctos: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx,aes128-cbc,aes192-cbc,aes256-cbc

debug2: ciphers stoc: chacha20-poly1305@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx,aes128-cbc,aes192-cbc,aes256-cbc

debug2: MACs ctos: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: umac-64-etm@xxxxxxxxxxx,umac-128-etm@xxxxxxxxxxx,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-64@xxxxxxxxxxx,umac-128@xxxxxxxxxxx,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,zlib@xxxxxxxxxxx,zlib

debug2: compression stoc: none,zlib@xxxxxxxxxxx,zlib

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug2: peer server KEXINIT proposal

debug2: KEX algorithms: ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,ext-info-s

debug2: host key algorithms: rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384

debug2: ciphers ctos: aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr

debug2: ciphers stoc: aes128-gcm@xxxxxxxxxxx,aes256-gcm@xxxxxxxxxxx,aes128-ctr,aes192-ctr,aes256-ctr

debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx

debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx

debug2: compression ctos: none

debug2: compression stoc: none

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug1: kex: algorithm: ecdh-sha2-nistp256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256-etm@xxxxxxxxxxx compression: none

debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256-etm@xxxxxxxxxxx compression: none

debug3: send packet: type 30

debug1: sending SSH2_MSG_KEX_ECDH_INIT

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug3: receive packet: type 31

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:0WNMHmCNJE1YFBpHNeADuT5h+PfJ/jJPtUDHCxCSrO0

debug3: hostkeys_foreach: reading file "/dev/null"

Warning: Permanently added '10.136.113.70' (ECDSA) to the list of known hosts.

debug3: send packet: type 21

debug2: set_newkeys: mode 1

debug1: rekey after 4294967296 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug3: receive packet: type 21

debug1: SSH2_MSG_NEWKEYS received

debug2: set_newkeys: mode 0

debug1: rekey after 4294967296 blocks

debug2: key: /home/mmsuper/.ssh/emmdata.pem ((nil)), explicit

debug3: send packet: type 5

debug3: receive packet: type 7

debug1: SSH2_MSG_EXT_INFO received

debug3: receive packet: type 6

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug3: send packet: type 50

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey,password

debug3: start over, passed a different list publickey,password

debug3: preferred publickey

debug3: authmethod_lookup publickey

debug3: remaining preferred:

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Trying private key: /home/mmsuper/.ssh/emmdata.pem

debug3: sign_and_send_pubkey: RSA SHA256:achpp3Nli3MXyIAeJJuREpdXHtYpqVvOTl5YpUsO7hI

debug3: send packet: type 50

debug2: we sent a publickey packet, wait for reply

debug3: receive packet: type 52

debug1: Authentication succeeded (publickey).

Authenticated to 10.136.113.70 ([10.136.113.70]:22).

debug1: channel 0: new [client-session]

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug3: send packet: type 90

debug1: Entering interactive session.

debug1: pledge: network

Alive and kickingdebug3: receive packet: type 91

debug2: callback start

debug2: fd 3 setting TCP_NODELAY

debug3: ssh_packet_set_tos: set IP_TOS 0x08

debug2: client_session2_setup: id 0

debug1: Sending subsystem: sftp

debug2: channel 0: request subsystem confirm 1

debug3: send packet: type 98

debug2: callback done

debug2: channel 0: open confirm rwindow 4294967295 rmax 262143

debug3: receive packet: type 99

debug2: channel_input_status_confirm: type 99 id 0

debug2: subsystem request accepted on channel 0

debug3: send packet: type 1

packet_write_wait: Connection to 10.136.113.70 port 22: Broken pipe

kiel1-med1:/home/ealekbl#

 

Is it some known issue or please do let us know the way forward to debug it.

Is openssh 7.4p1 is compatible with AzureSSH_1.0.0?

 

 

 

Regards,

Deepti Sharma
PMP® & ITIL

 

From: Neeraj Gupta G <neeraj.g.gupta@xxxxxxxxxxxx>
Sent: 12 January 2023 12:31
To: Deepti Sharma S <deepti.s.sharma@xxxxxxxxxxxx>
Cc: Piyush Anand <piyush.anand@xxxxxxxxxxxx>
Subject: Query on Openssh
Importance: High

 

Hi Deepti,

 

We are working on a CSR regarding regarding issue in ssh connection with Azure sftp server from EM20.

 

So can you please raise the query on openssh community.

 

Query :

 

 

 

 

Thanks,

Neeraj Gupta


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux