Randall S. Becker
2016-Feb-09 23:35 UTC
Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands
Thread split from my previous communication. Here is the key-commands logs on the platform. ***************** failed-regress.log ************ trace: AuthorizedKeysCommand with arguments FAIL: connect failed trace: AuthorizedKeysCommand without arguments FAIL: connect failed ***************** failed-ssh.log ************ trace: AuthorizedKeysCommand with arguments debug1: Executing proxy command: exec sh /home/git/openssh-portable/regress/sshd-log-wrapper.sh /home/git/openssh-portable/regress/sshd.log /home/git/openssh-portable/sshd -i -f /home/git/openssh-portable/regress/sshd_proxy debug1: permanently_drop_suid: 65535 debug1: identity file /home/git/openssh-portable/regress/rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/git/openssh-portable/regress/rsa-cert type -1 debug1: identity file /home/git/openssh-portable/regress/ed25519 type 4 debug1: key_load_public: No such file or directory debug1: identity file /home/git/openssh-portable/regress/ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1 debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000 debug2: fd 6 setting O_NONBLOCK debug2: fd 5 setting O_NONBLOCK debug1: Authenticating to 127.0.0.1:4242 as 'SUPER.SUPER' debug1: using hostkeyalias: localhost-with-alias debug3: hostkeys_foreach: reading file "/home/git/openssh-portable/regress/known_hosts" debug3: record_hostkey: found key type RSA in file /home/git/openssh-portable/regress/known_hosts:1 debug3: record_hostkey: found key type ED25519 in file /home/git/openssh-portable/regress/known_hosts:2 debug3: load_hostkeys: loaded 2 keys from localhost-with-alias debug3: hostkeys_foreach: reading file "/home/git/openssh-portable/regress/known_hosts" debug3: record_hostkey: found key type RSA in file /home/git/openssh-portable/regress/known_hosts:1 debug3: record_hostkey: found key type ED25519 in file /home/git/openssh-portable/regress/known_hosts:2 debug3: load_hostkeys: loaded 2 keys from localhost-with-alias debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange -sha1,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@ openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecd sa-sha2-nistp384,ecdsa-sha2-nistp521 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at o penssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac- md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hm ac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at o penssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac- md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hm ac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: first_kex_follows 0 debug2: reserved 0 debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-ed25519 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: server->client chacha20-poly1305 at openssh.com <implicit> none debug1: kex: client->server chacha20-poly1305 at openssh.com <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-ed25519 SHA256:lxDml05WuoE61IZePHCwjGYK3aZfa8URdyghBnnBMlA debug1: using hostkeyalias: localhost-with-alias debug3: hostkeys_foreach: reading file "/home/git/openssh-portable/regress/known_hosts" debug3: record_hostkey: found key type RSA in file /home/git/openssh-portable/regress/known_hosts:1 debug3: record_hostkey: found key type ED25519 in file /home/git/openssh-portable/regress/known_hosts:2 debug3: load_hostkeys: loaded 2 keys from localhost-with-alias debug3: hostkeys_foreach: reading file "/home/git/openssh-portable/regress/known_hosts" debug3: record_hostkey: found key type RSA in file /home/git/openssh-portable/regress/known_hosts:1 debug3: record_hostkey: found key type ED25519 in file /home/git/openssh-portable/regress/known_hosts:2 debug3: load_hostkeys: loaded 2 keys from localhost-with-alias debug1: Host 'localhost-with-alias' is known and matches the ED25519 host key. debug1: Found key in /home/git/openssh-portable/regress/known_hosts:2 debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/git/openssh-portable/regress/rsa (802e0c0), explicit debug2: key: /home/git/openssh-portable/regress/ed25519 (8023290), explicit debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey debug3: authmethod_lookup publickey debug3: remaining preferred: debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/git/openssh-portable/regress/rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Offering ED25519 public key: /home/git/openssh-portable/regress/ed25519 debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,password,keyboard-interactive). FAIL: connect failed trace: AuthorizedKeysCommand without arguments debug1: Executing proxy command: exec sh /home/git/openssh-portable/regress/sshd-log-wrapper.sh /home/git/openssh-portable/regress/sshd.log /home/git/openssh-portable/sshd -i -f /home/git/openssh-portable/regress/sshd_proxy debug1: permanently_drop_suid: 65535 debug1: identity file /home/git/openssh-portable/regress/rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/git/openssh-portable/regress/rsa-cert type -1 debug1: identity file /home/git/openssh-portable/regress/ed25519 type 4 debug1: key_load_public: No such file or directory debug1: identity file /home/git/openssh-portable/regress/ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1 debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000 debug2: fd 6 setting O_NONBLOCK debug2: fd 5 setting O_NONBLOCK debug1: Authenticating to 127.0.0.1:4242 as 'SUPER.SUPER' debug1: using hostkeyalias: localhost-with-alias debug3: hostkeys_foreach: reading file "/home/git/openssh-portable/regress/known_hosts" debug3: record_hostkey: found key type RSA in file /home/git/openssh-portable/regress/known_hosts:1 debug3: record_hostkey: found key type ED25519 in file /home/git/openssh-portable/regress/known_hosts:2 debug3: load_hostkeys: loaded 2 keys from localhost-with-alias debug3: hostkeys_foreach: reading file "/home/git/openssh-portable/regress/known_hosts" debug3: record_hostkey: found key type RSA in file /home/git/openssh-portable/regress/known_hosts:1 debug3: record_hostkey: found key type ED25519 in file /home/git/openssh-portable/regress/known_hosts:2 debug3: load_hostkeys: loaded 2 keys from localhost-with-alias debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange -sha1,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@ openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecd sa-sha2-nistp384,ecdsa-sha2-nistp521 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at o penssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac- md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hm ac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at o penssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac- md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hm ac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: first_kex_follows 0 debug2: reserved 0 debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-ed25519 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: server->client chacha20-poly1305 at openssh.com <implicit> none debug1: kex: client->server chacha20-poly1305 at openssh.com <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-ed25519 SHA256:lxDml05WuoE61IZePHCwjGYK3aZfa8URdyghBnnBMlA debug1: using hostkeyalias: localhost-with-alias debug3: hostkeys_foreach: reading file "/home/git/openssh-portable/regress/known_hosts" debug3: record_hostkey: found key type RSA in file /home/git/openssh-portable/regress/known_hosts:1 debug3: record_hostkey: found key type ED25519 in file /home/git/openssh-portable/regress/known_hosts:2 debug3: load_hostkeys: loaded 2 keys from localhost-with-alias debug3: hostkeys_foreach: reading file "/home/git/openssh-portable/regress/known_hosts" debug3: record_hostkey: found key type RSA in file /home/git/openssh-portable/regress/known_hosts:1 debug3: record_hostkey: found key type ED25519 in file /home/git/openssh-portable/regress/known_hosts:2 debug3: load_hostkeys: loaded 2 keys from localhost-with-alias debug1: Host 'localhost-with-alias' is known and matches the ED25519 host key. debug1: Found key in /home/git/openssh-portable/regress/known_hosts:2 debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/git/openssh-portable/regress/rsa (802e0c0), explicit debug2: key: /home/git/openssh-portable/regress/ed25519 (8023290), explicit debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey debug3: authmethod_lookup publickey debug3: remaining preferred: debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/git/openssh-portable/regress/rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Offering ED25519 public key: /home/git/openssh-portable/regress/ed25519 debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,password,keyboard-interactive). FAIL: connect failed ***************** failed-sshd.log ************ trace: AuthorizedKeysCommand with arguments debug1: inetd sockets after dupping: 4, 5 Connection from UNKNOWN port 65535 on UNKNOWN port 65535 debug1: Client protocol version 2.0; client software version OpenSSH_7.1 debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.1 debug2: fd 4 setting O_NONBLOCK debug2: fd 5 setting O_NONBLOCK debug1: list_hostkey_types: ssh-rsa,ssh-ed25519 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-ed25519 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: first_kex_follows 0 debug2: reserved 0 debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange -sha1,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@ openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecd sa-sha2-nistp384,ecdsa-sha2-nistp521 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at o penssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac- md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hm ac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at o penssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac- md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hm ac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: client->server chacha20-poly1305 at openssh.com <implicit> none debug1: kex: server->client chacha20-poly1305 at openssh.com <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_INIT debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user SUPER.SUPER service ssh-connection method none debug1: attempt 0 failures 0 debug2: parse_server_config: config reprocess config len 506 debug2: input_userauth_request: setting up authctxt for SUPER.SUPER debug2: input_userauth_request: try method none Failed none for SUPER.SUPER from UNKNOWN port 65535 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" debug1: userauth-request for user SUPER.SUPER service ssh-connection method publickey debug1: attempt 1 failures 0 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: subprocess: AuthorizedKeysCommand command "/var/run/keycommand_SUPER.SUPER SUPER.SUPER blah AAAAB3NzaC1yc2EAAAADAQABAAABAQC8RV5U3ot4/aEaY8jnK4CDa99WFPi/DmC2RBiTGrGr6IiI FRvS/JJlYBpYLE6jKcw9dhLOvJKpdII/pvzZwBAlacYQg3P2ODKLEZpccmFB9tYWqWldPFKkXViQ R5L9azEVn1sZJtUTfasiiP5008YGAdg4BrO6ipQI0x3G2nl5Wj4FT99qluAruqUblTkx+cU5v5ta yqOrlEeAXWlwqQEuEWy2Kbfe6JtS53F+DniozOQGqw4iD8HrDoSlj4QGjZgcP7hXn5iGKtBB7rHI mxCz1SvtGzlOJEy8DZzcp77Wl8ZcnxcQbHVhHt+os8rvYSIaEIVnPc1qnMPCNLzGmrYH ssh-rsa SHA256:MhINGDV8/uc+x3B2JvlET1kfV3ZBdQqFlTca3CE7wNM blah" running as SUPER.SUPER debug1: temporarily_use_uid: 65535/255 (e=65535/255) Unsafe AuthorizedKeysCommand "/var/run/keycommand_SUPER.SUPER": bad ownership or modes for file /var/run/keycommand_SUPER.SUPER debug1: restore_uid: 65535/255 debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa Failed publickey for SUPER.SUPER from UNKNOWN port 65535 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" debug1: userauth-request for user SUPER.SUPER service ssh-connection method publickey debug1: attempt 2 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: subprocess: AuthorizedKeysCommand command "/var/run/keycommand_SUPER.SUPER SUPER.SUPER blah AAAAC3NzaC1lZDI1NTE5AAAAILr++ZVA9K4U+y7msLWKQiiPg9bfje2Y0uhDl60vDVko ssh-ed25519 SHA256:lxDml05WuoE61IZePHCwjGYK3aZfa8URdyghBnnBMlA blah" running as SUPER.SUPER debug1: temporarily_use_uid: 65535/255 (e=65535/255) Unsafe AuthorizedKeysCommand "/var/run/keycommand_SUPER.SUPER": bad ownership or modes for file /var/run/keycommand_SUPER.SUPER debug1: restore_uid: 65535/255 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 Failed publickey for SUPER.SUPER from UNKNOWN port 65535 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" FAIL: connect failed trace: AuthorizedKeysCommand without arguments debug1: inetd sockets after dupping: 4, 5 Connection from UNKNOWN port 65535 on UNKNOWN port 65535 debug1: Client protocol version 2.0; client software version OpenSSH_7.1 debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.1 debug2: fd 4 setting O_NONBLOCK debug2: fd 5 setting O_NONBLOCK debug1: list_hostkey_types: ssh-rsa,ssh-ed25519 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-ed25519 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: first_kex_follows 0 debug2: reserved 0 debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange -sha1,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@ openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecd sa-sha2-nistp384,ecdsa-sha2-nistp521 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at o penssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac- md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hm ac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at o penssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac- md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hm ac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: client->server chacha20-poly1305 at openssh.com <implicit> none debug1: kex: server->client chacha20-poly1305 at openssh.com <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_INIT debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user SUPER.SUPER service ssh-connection method none debug1: attempt 0 failures 0 debug2: parse_server_config: config reprocess config len 484 debug2: input_userauth_request: setting up authctxt for SUPER.SUPER debug2: input_userauth_request: try method none Failed none for SUPER.SUPER from UNKNOWN port 65535 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" debug1: userauth-request for user SUPER.SUPER service ssh-connection method publickey debug1: attempt 1 failures 0 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: subprocess: AuthorizedKeysCommand command "/var/run/keycommand_SUPER.SUPER SUPER.SUPER" running as SUPER.SUPER debug1: temporarily_use_uid: 65535/255 (e=65535/255) Unsafe AuthorizedKeysCommand "/var/run/keycommand_SUPER.SUPER": bad ownership or modes for file /var/run/keycommand_SUPER.SUPER debug1: restore_uid: 65535/255 debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa Failed publickey for SUPER.SUPER from UNKNOWN port 65535 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" debug1: userauth-request for user SUPER.SUPER service ssh-connection method publickey debug1: attempt 2 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: subprocess: AuthorizedKeysCommand command "/var/run/keycommand_SUPER.SUPER SUPER.SUPER" running as SUPER.SUPER debug1: temporarily_use_uid: 65535/255 (e=65535/255) Unsafe AuthorizedKeysCommand "/var/run/keycommand_SUPER.SUPER": bad ownership or modes for file /var/run/keycommand_SUPER.SUPER debug1: restore_uid: 65535/255 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 Failed publickey for SUPER.SUPER from UNKNOWN port 65535 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" FAIL: connect failed ***************** regress.log ************ trace: AuthorizedKeysCommand without arguments FAIL: connect failed ***************** ssh.log ************ trace: AuthorizedKeysCommand without arguments debug1: Executing proxy command: exec sh /home/git/openssh-portable/regress/sshd-log-wrapper.sh /home/git/openssh-portable/regress/sshd.log /home/git/openssh-portable/sshd -i -f /home/git/openssh-portable/regress/sshd_proxy debug1: permanently_drop_suid: 65535 debug1: identity file /home/git/openssh-portable/regress/rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/git/openssh-portable/regress/rsa-cert type -1 debug1: identity file /home/git/openssh-portable/regress/ed25519 type 4 debug1: key_load_public: No such file or directory debug1: identity file /home/git/openssh-portable/regress/ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1 debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000 debug2: fd 6 setting O_NONBLOCK debug2: fd 5 setting O_NONBLOCK debug1: Authenticating to 127.0.0.1:4242 as 'SUPER.SUPER' debug1: using hostkeyalias: localhost-with-alias debug3: hostkeys_foreach: reading file "/home/git/openssh-portable/regress/known_hosts" debug3: record_hostkey: found key type RSA in file /home/git/openssh-portable/regress/known_hosts:1 debug3: record_hostkey: found key type ED25519 in file /home/git/openssh-portable/regress/known_hosts:2 debug3: load_hostkeys: loaded 2 keys from localhost-with-alias debug3: hostkeys_foreach: reading file "/home/git/openssh-portable/regress/known_hosts" debug3: record_hostkey: found key type RSA in file /home/git/openssh-portable/regress/known_hosts:1 debug3: record_hostkey: found key type ED25519 in file /home/git/openssh-portable/regress/known_hosts:2 debug3: load_hostkeys: loaded 2 keys from localhost-with-alias debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange -sha1,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@ openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecd sa-sha2-nistp384,ecdsa-sha2-nistp521 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at o penssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac- md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hm ac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at o penssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac- md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hm ac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: first_kex_follows 0 debug2: reserved 0 debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-ed25519 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: server->client chacha20-poly1305 at openssh.com <implicit> none debug1: kex: client->server chacha20-poly1305 at openssh.com <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-ed25519 SHA256:lxDml05WuoE61IZePHCwjGYK3aZfa8URdyghBnnBMlA debug1: using hostkeyalias: localhost-with-alias debug3: hostkeys_foreach: reading file "/home/git/openssh-portable/regress/known_hosts" debug3: record_hostkey: found key type RSA in file /home/git/openssh-portable/regress/known_hosts:1 debug3: record_hostkey: found key type ED25519 in file /home/git/openssh-portable/regress/known_hosts:2 debug3: load_hostkeys: loaded 2 keys from localhost-with-alias debug3: hostkeys_foreach: reading file "/home/git/openssh-portable/regress/known_hosts" debug3: record_hostkey: found key type RSA in file /home/git/openssh-portable/regress/known_hosts:1 debug3: record_hostkey: found key type ED25519 in file /home/git/openssh-portable/regress/known_hosts:2 debug3: load_hostkeys: loaded 2 keys from localhost-with-alias debug1: Host 'localhost-with-alias' is known and matches the ED25519 host key. debug1: Found key in /home/git/openssh-portable/regress/known_hosts:2 debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/git/openssh-portable/regress/rsa (802e0c0), explicit debug2: key: /home/git/openssh-portable/regress/ed25519 (8023290), explicit debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey debug3: authmethod_lookup publickey debug3: remaining preferred: debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/git/openssh-portable/regress/rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Offering ED25519 public key: /home/git/openssh-portable/regress/ed25519 debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboard-interactive debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,password,keyboard-interactive). FAIL: connect failed ***************** sshd.log ************ trace: AuthorizedKeysCommand without arguments debug1: inetd sockets after dupping: 4, 5 Connection from UNKNOWN port 65535 on UNKNOWN port 65535 debug1: Client protocol version 2.0; client software version OpenSSH_7.1 debug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.1 debug2: fd 4 setting O_NONBLOCK debug2: fd 5 setting O_NONBLOCK debug1: list_hostkey_types: ssh-rsa,ssh-ed25519 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-ed25519 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: none,zlib at openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: first_kex_follows 0 debug2: reserved 0 debug2: kex_parse_kexinit: curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2 -nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange -sha1,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-ed25519,ss h-rsa,ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01@ openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecd sa-sha2-nistp384,ecdsa-sha2-nistp521 debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at op enssh.com,aes256-gcm at openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,b lowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc at lysator.l iu.se debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at o penssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac- md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hm ac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.c om,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.c om,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm at o penssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at openssh.com,hmac- md5-96-etm at openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hm ac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: client->server chacha20-poly1305 at openssh.com <implicit> none debug1: kex: server->client chacha20-poly1305 at openssh.com <implicit> none debug1: expecting SSH2_MSG_KEX_ECDH_INIT debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user SUPER.SUPER service ssh-connection method none debug1: attempt 0 failures 0 debug2: parse_server_config: config reprocess config len 484 debug2: input_userauth_request: setting up authctxt for SUPER.SUPER debug2: input_userauth_request: try method none Failed none for SUPER.SUPER from UNKNOWN port 65535 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" debug1: userauth-request for user SUPER.SUPER service ssh-connection method publickey debug1: attempt 1 failures 0 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: subprocess: AuthorizedKeysCommand command "/var/run/keycommand_SUPER.SUPER SUPER.SUPER" running as SUPER.SUPER debug1: temporarily_use_uid: 65535/255 (e=65535/255) Unsafe AuthorizedKeysCommand "/var/run/keycommand_SUPER.SUPER": bad ownership or modes for file /var/run/keycommand_SUPER.SUPER debug1: restore_uid: 65535/255 debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa Failed publickey for SUPER.SUPER from UNKNOWN port 65535 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" debug1: userauth-request for user SUPER.SUPER service ssh-connection method publickey debug1: attempt 2 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: subprocess: AuthorizedKeysCommand command "/var/run/keycommand_SUPER.SUPER SUPER.SUPER" running as SUPER.SUPER debug1: temporarily_use_uid: 65535/255 (e=65535/255) Unsafe AuthorizedKeysCommand "/var/run/keycommand_SUPER.SUPER": bad ownership or modes for file /var/run/keycommand_SUPER.SUPER debug1: restore_uid: 65535/255 debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 Failed publickey for SUPER.SUPER from UNKNOWN port 65535 ssh2 debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" FAIL: connect failed -- Brief whoami: NonStop&UNIX developer since approximately UNIX(421664400)/NonStop(211288444200000000) -- In my real life, I talk too much.
Darren Tucker
2016-Feb-10 00:27 UTC
Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands
On Wed, Feb 10, 2016 at 10:35 AM, Randall S. Becker <rsbecker at nexbridge.com> wrote:> Thread split from my previous communication. Here is the key-commands logs > on the platform.[...] OK, in this case the interesting bit is in the failed-sshd.log.> Unsafe AuthorizedKeysCommand "/var/run/keycommand_SUPER.SUPER": bad > ownership or modes for file /var/run/keycommand_SUPER.SUPER > > debug1: restore_uid: 65535/255sshd ensures that the AuthorizedKeysCommand can't be modified by a non-privileged user for obvious reasons. Based on what you said earlier, your root (equivalent?) user is not uid 0. I suspect that the permissions on the keycommand file to not match sshd's expectations. The code that checks this is in auth2-pubkey.c:subprocess() which calls auth.c:auth_secure_path(). What are the file permissions on /var/run/keycommand_SUPER.SUPER and its parent directories? Did you run the test with SUDO=sudo? Where did SUPER.SUPER come from? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Randall S. Becker
2016-Feb-10 00:46 UTC
Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands
On February 9, 2016 7:28 PM, Darren Tucker wrote:> To: Randall S. Becker <rsbecker at nexbridge.com> > Cc: OpenSSH Devel List <openssh-unix-dev at mindrot.org> > Subject: Re: Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands > > On Wed, Feb 10, 2016 at 10:35 AM, Randall S. Becker > <rsbecker at nexbridge.com> wrote: > > Thread split from my previous communication. Here is the key-commands > > logs on the platform. > > [...] > > OK, in this case the interesting bit is in the failed-sshd.log. > > > Unsafe AuthorizedKeysCommand "/var/run/keycommand_SUPER.SUPER": > bad > > ownership or modes for file /var/run/keycommand_SUPER.SUPER > > > > debug1: restore_uid: 65535/255 > > sshd ensures that the AuthorizedKeysCommand can't be modified by a non- > privileged user for obvious reasons. > > Based on what you said earlier, your root (equivalent?) user is not uid 0. I > suspect that the permissions on the keycommand file to not match sshd's > expectations. The code that checks this is in > auth2-pubkey.c:subprocess() which calls auth.c:auth_secure_path(). > > What are the file permissions on /var/run/keycommand_SUPER.SUPER and > its parent directories? Did you run the test with SUDO=sudo? Where did > SUPER.SUPER come from?SUPERUSER ends up being 65535, which is root on this platform. SUPER.SUPER is the actual name of root. /var and /var/run are both 755, while /var/run/keycommand_SUPER.SUPER is 644. We do have to run the whole test suite under sudo anyway.
Seemingly Similar Threads
- Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands
- [Bug] Regression problem in transfer.sh for OpenSSH 7.1 P2 on HPE NSE above dd-size 32k
- [Bug] Regression problem in transfer.sh for OpenSSH 7.1 P2 on HPE NSE above dd-size 32k
- Test Failure OpenSSH 7.1 P2 on HPE NSE for integrity
- Test Failure OpenSSH 7.1 P2 on HPE NSE for integrity