On Thu, Apr 28, 2016 at 11:41:39 +0100, Colin Watson wrote:
> Are you sure that you were affected by this in 1:7.2p2-5, and not in
> 1:7.2p2-4 or earlier versions?
Hi Colin
I'm using a propietary tool which calls OpenSSH, called scaleFT
second bastion: i-9a366215 52.196.150.130
target server: i-c2a3f64d 10.0.0.21
$ sft ssh i-c2a3f64d --via=gust9547@bastion --via=i-9a366215
debug1: Executing proxy command: exec /usr/bin/sft _ssh-chain
remote_user@52.196.150.130\342\213\256/home/gust9547/.local/share/ScaleFT/ssh/08917140d1a421d4b705bf92a77bc99eb2d93af60,/home/gust9547/.local/share/ScaleFT/ssh_known_hosts/4d6d5469f19216a407c5757f848f86e1ef1b8ceb
gust9547@bastion --netcat 10.0.0.21:22
debug1: permanently_drop_suid: 1000
debug1: key_load_public: No such file or directory
debug1: identity file
/home/gust9547/.local/share/ScaleFT/ssh/08917140d1a421d4b705bf92a77bc99eb2d93af60
type -1
debug1: identity file
/home/gust9547/.local/share/ScaleFT/ssh/08917140d1a421d4b705bf92a77bc99eb2d93af60-cert
type 5
debug1: identity file /home/gust9547/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gust9547/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Debian-5
debug1: Executing proxy command: exec /usr/bin/sft _ssh-chain gust9547@bastion
--netcat 52.196.150.130:22
debug1: permanently_drop_suid: 1000
debug1: key_load_public: No such file or directory
debug1: identity file
/home/gust9547/.local/share/ScaleFT/ssh/08917140d1a421d4b705bf92a77bc99eb2d93af60
type -1
debug1: identity file
/home/gust9547/.local/share/ScaleFT/ssh/08917140d1a421d4b705bf92a77bc99eb2d93af60-cert
type 5
debug1: identity file /home/gust9547/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gust9547/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Debian-5
debug1: Connecting to bastion [10.11.57.10] port 22.
debug1: Connection established.
debug1: identity file /home/gust9547/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gust9547/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Debian-5
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4* compat 0x00000000
debug1: Authenticating to bastion:22 as 'gust9547'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group-exchange-sha1
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<7680<8192) sent
debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: ssh-rsa
SHA256:zDv30XNTXeXQA3kophOAMmZb+uIHcehGPo4L840l+ro
debug1: Host 'bastion' is known and matches the RSA host key.
debug1: Found key in /home/gust9547/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/gust9547/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to bastion ([10.11.57.10]:22).
debug1: channel_connect_stdio_fwd 52.196.150.130:22
debug1: channel 0: new [stdio-forward]
debug1: getpeername failed: Bad file descriptor
debug1: Entering interactive session.
debug1: pledge: network
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: Authenticating to 52.196.150.130:22 as 'remote_user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha...@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC:
<implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:GS4hAJXHiSRmkkhbvaKNnlA1vve+iZSNWYDAGQJQp5g
debug1: Host '52.196.150.130' is known and matches the ECDSA host key.
debug1: Found key in
/home/gust9547/.local/share/ScaleFT/ssh_known_hosts/4d6d5469f19216a407c5757f848f86e1ef1b8ceb:5
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/gust9547/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key:
/home/gust9547/.local/share/ScaleFT/ssh/08917140d1a421d4b705bf92a77bc99eb2d93af60
debug1: Authentications that can continue: publickey
debug1: Offering RSA-CERT public key:
/home/gust9547/.local/share/ScaleFT/ssh/08917140d1a421d4b705bf92a77bc99eb2d93af60-cert
debug1: Server accepts key: pkalg ssh-rsa-cert-...@openssh.com blen 1134
debug1: sign_and_send_pubkey: no separate private key for certificate
"/home/gust9547/.local/share/ScaleFT/ssh/08917140d1a421d4b705bf92a77bc99eb2d93af60-cert"
no such identity:
/home/gust9547/.local/share/ScaleFT/ssh/08917140d1a421d4b705bf92a77bc99eb2d93af60-cert:
No such file or directory
debug1: No more authentication methods to try.
Permission denied (publickey).
debug1: channel 0: free: direct-tcpip: listening port 0 for 52.196.150.130 port
22, connect from 127.0.0.1 port 65535 to UNKNOWN port 65536, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Killed by signal 1.
ssh_exchange_identification: Connection closed by remote host
Using 6.7
$ sft ssh i-c2a3f64d --via=gust9547@bastion --via=i-9a366215
debug1: Executing proxy command: exec /usr/bin/sft _ssh-chain
remote_user@52.196.150.130\342\213\256/home/gust9547/.local/share/ScaleFT/ssh/9e82b236398848d3d13d392613296e8dbab4e5980,/home/gust9547/.local/share/ScaleFT/ssh_known_hosts/4d6d5469f19216a407c5757f848f86e1ef1b8ceb
gust9547@bastion --netcat 10.0.0.21:22
debug1: permanently_drop_suid: 1000
debug1: key_load_public: No such file or directory
debug1: identity file
/home/gust9547/.local/share/ScaleFT/ssh/9e82b236398848d3d13d392613296e8dbab4e5980
type -1
debug1: identity file
/home/gust9547/.local/share/ScaleFT/ssh/9e82b236398848d3d13d392613296e8dbab4e5980-cert
type 5
debug1: identity file /home/gust9547/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gust9547/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2
debug1: Executing proxy command: exec /usr/bin/sft _ssh-chain gust9547@bastion
--netcat 52.196.150.130:22
debug1: permanently_drop_suid: 1000
debug1: key_load_public: No such file or directory
debug1: identity file
/home/gust9547/.local/share/ScaleFT/ssh/9e82b236398848d3d13d392613296e8dbab4e5980
type -1
debug1: identity file
/home/gust9547/.local/share/ScaleFT/ssh/9e82b236398848d3d13d392613296e8dbab4e5980-cert
type 5
debug1: identity file /home/gust9547/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gust9547/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2
debug1: Connecting to bastion [10.11.57.10] port 22.
debug1: Connection established.
debug1: identity file /home/gust9547/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gust9547/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4* compat 0x00000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA ee:9b:af:ae:77:f8:92:7e:34:2b:95:9a:33:8f:f3:21
debug1: Host 'bastion' is known and matches the RSA host key.
debug1: Found key in /home/gust9547/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/gust9547/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to bastion ([10.11.57.10]:22).
debug1: channel_connect_stdio_fwd 52.196.150.130:22
debug1: channel 0: new [stdio-forward]
debug1: getpeername failed: Bad file descriptor
debug1: Entering interactive session.
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64-...@openssh.com none
debug1: kex: client->server aes128-ctr umac-64-...@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 1f:a2:35:73:01:dc:69:09:97:c4:87:75:08:49:41:11
debug1: Host '52.196.150.130' is known and matches the ECDSA host key.
debug1: Found key in
/home/gust9547/.local/share/ScaleFT/ssh_known_hosts/4d6d5469f19216a407c5757f848f86e1ef1b8ceb:5
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/gust9547/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key:
/home/gust9547/.local/share/ScaleFT/ssh/9e82b236398848d3d13d392613296e8dbab4e5980
debug1: Authentications that can continue: publickey
debug1: Offering RSA-CERT public key:
/home/gust9547/.local/share/ScaleFT/ssh/9e82b236398848d3d13d392613296e8dbab4e5980
debug1: Server accepts key: pkalg ssh-rsa-cert-...@openssh.com blen 1134
debug1: Authentication succeeded (publickey).
Authenticated to 52.196.150.130 (via proxy).
debug1: channel_connect_stdio_fwd 10.0.0.21:22
debug1: channel 0: new [stdio-forward]
debug1: getpeername failed: Bad file descriptor
debug1: Requesting no-more-sessi...@openssh.com
debug1: Entering interactive session.
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64-...@openssh.com none
debug1: kex: client->server aes128-ctr umac-64-...@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA db:a7:47:e5:fb:8c:cd:5d:a7:39:82:50:59:4f:30:82
debug1: Host '10.0.0.21' is known and matches the ECDSA host key.
debug1: Found key in
/home/gust9547/.local/share/ScaleFT/ssh_known_hosts/4d6d5469f19216a407c5757f848f86e1ef1b8ceb:9
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/gust9547/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key:
/home/gust9547/.local/share/ScaleFT/ssh/9e82b236398848d3d13d392613296e8dbab4e5980
debug1: Authentications that can continue: publickey
debug1: Offering RSA-CERT public key:
/home/gust9547/.local/share/ScaleFT/ssh/9e82b236398848d3d13d392613296e8dbab4e5980
debug1: Server accepts key: pkalg ssh-rsa-cert-...@openssh.com blen 1134
debug1: Authentication succeeded (publickey).
Authenticated to 10.0.0.21 (via proxy).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessi...@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_CTYPE = en_US.UTF-8
debug1: Sending env LC_NUMERIC = en_US.UTF-8
debug1: Sending env LC_TIME = en_DK.UTF-8
debug1: Sending env LC_COLLATE = C
debug1: Sending env LC_MONETARY = en_US.UTF-8
debug1: Sending env LC_PAPER = en_US.UTF-8
debug1: Sending env LC_NAME = en_US.UTF-8
debug1: Sending env LC_ADDRESS = en_US.UTF-8
debug1: Sending env LC_TELEPHONE = en_US.UTF-8
debug1: Sending env LC_MEASUREMENT = en_DK.UTF-8
debug1: Sending env LC_IDENTIFICATION = en_US.UTF-8
debug1: Sending env LC_MESSAGES = en_US.UTF-8
Last login: Fri Apr 29 01:19:59 2016 from 10.0.0.127
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2016.03-release-notes/
I can see the patch you've applied comes from an scaleFT person, so it should
work
Let me play with a clean sid chroot, to see if i can reproduce this bug, i'll
test with the ubuntu pkg too
thanks
--
1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333
keybase: http://keybase.io/gfa
