openssh bugs - Sep 2019 - [Bug 3063] New: ssh connecting to IP address -- ssh_dispatch_run_fatal: unexpected internal error

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

            Bug ID: 3063
           Summary: ssh connecting to IP address --
                    ssh_dispatch_run_fatal: unexpected internal error
           Product: Portable OpenSSH
           Version: -current
          Hardware: ix86
                OS: Mac OS X
            Status: NEW
          Severity: major
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: warren at lavall.ee

Created attachment 3317
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3317&action=edit
Config.log

When connecting via the latest SSH from git, compiled on a Mac against
libressl, connecting to an IP address with ssh commandline throws an
error:

./ssh 192.168.61.230
ssh_dispatch_run_fatal: Connection to 192.168.61.230 port 22:
unexpected internal error

But the FQDN works fine:
509 bash$ ./ssh ntp
Linux ntp 4.19.50+ #1234 Thu Jun 13 10:47:38 BST 2019 armv6l
....


sftp does work however --

510 bash$ ./sftp 192.168.61.230
*********************************************************************
This resource, including all related equipment, networks and network
devices, are provided for authorized use. Computer systems may be
monitored for all lawful purposes, including to ensure authorized
use, for management of the system, to facilitate protection against
unauthorized access and to verify security procedures and operational
procedures.  The monitoring on this system may include audits by
authorized personnel to test or verify the validity, security and
survivability of this system. During monitoring information may be
examined, recorded, copied and used for authorized purposes. All
information placed on or sent to this system may be subject to such
monitoring procedures.  Use of this computer system, authorized or
unauthorized, constitutes consent to this policy and the policies and
procedures set forth by System Owner.  Evidence of unauthorized use
collected during monitoring may be used for criminal prosecution
by System staff, legal counsel and law enforcement agencies.
*********************************************************************
Connected to 192.168.61.230.
sftp>

This bug has existed for several weeks.

511 bash$ ./ssh -V
OpenSSH_8.0p1, LibreSSL 3.0.0

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net
   Attachment #3317|application/octet-stream    |text/plain
          mime type|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
I have not been able to reproduce on:
Darwin osx-highsierra 17.7.0 Darwin Kernel Version 17.7.0: Sun Jun  2
20:31:42 PDT 2019; root:xnu-4570.71.46~1/RELEASE_X86_64 x86_64

What version of OS X are you using?  What configure flags did you give
when you built libressl and openssh?  Could you please attach to this
bug the debug output from ssh -vvv for both the working and non-working
examples?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #2 from Darren Tucker <dtucker at dtucker.net>
---
>From you config.log:
> Darwin Kernel Version 18.7.0:
presumably that's Mojave?
> ./configure --with-ssl-dir=/usr/local --with-pam
--with-pam doesn't change the behaviour of the client, so other than
that it should be a default build.

It's possible the problem you're seeing is specific to a particular
crypto method, which should show up in the comparison of the two debug
logs.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #3 from Warren Lavallee <warren at lavall.ee> ---
(In reply to Darren Tucker from comment #1)
> I have not been able to reproduce on:
> Darwin osx-highsierra 17.7.0 Darwin Kernel Version 17.7.0: Sun Jun 
> 2 20:31:42 PDT 2019; root:xnu-4570.71.46~1/RELEASE_X86_64 x86_64
> 
> What version of OS X are you using?  What configure flags did you
> give when you built libressl and openssh?  Could you please attach
> to this bug the debug output from ssh -vvv for both the working and
> non-working examples?
Good evening & Hello, how are you tonight?

macOS Mojave 10.14.6 -- latest and greatest.

Configure line confirmed.

Attached -vvv log as requested.
I can try it without the pam to see if that is the cause.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #4 from Warren Lavallee <warren at lavall.ee> ---
Created attachment 3320
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3320&action=edit
ssh -vvv log

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #5 from Warren Lavallee <warren at lavall.ee> ---
(In reply to Darren Tucker from comment #2)
> It's possible the problem you're seeing is specific to a particular
> crypto method, which should show up in the comparison of the two
> debug logs.
Are you saying the crypto method changes between:

ssh foo.bar.com

and

ssh 1.1.1.1

invocation methods?  The first one works, the second one doesn't.

(I haven't coded in C for 20+ years, I am not an expert!)

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #6 from Warren Lavallee <warren at lavall.ee> ---
(In reply to Warren Lavallee from comment #3)
> (In reply to Darren Tucker from comment #1)
> > I have not been able to reproduce on:
> > Darwin osx-highsierra 17.7.0 Darwin Kernel Version 17.7.0: Sun Jun 
> > 2 20:31:42 PDT 2019; root:xnu-4570.71.46~1/RELEASE_X86_64 x86_64
> > 
> > What version of OS X are you using?  What configure flags did you
> > give when you built libressl and openssh?  Could you please attach
> > to this bug the debug output from ssh -vvv for both the working and
> > non-working examples?
> 
> Good evening & Hello, how are you tonight?
> 
> macOS Mojave 10.14.6 -- latest and greatest.
> 
> Configure line confirmed.
> 
> Attached -vvv log as requested.
> I can try it without the pam to see if that is the cause.
I recompiled without the "with-pam" and it has the same behavior.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #7 from Warren Lavallee <warren at lavall.ee> ---
Created attachment 3321
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3321&action=edit
This may help, its my build script

Don't know if this is all still necessary, but when I started building
from git, the source wouldn't build, and I had to manually add some
defines to config.sh before the build.

I think just:
#define HAVE_GETLINE 1
#define HAVE_BZERO 1

Not sure why configure didn't find them.

back to bed now !

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #8 from Warren Lavallee <warren at lavall.ee> ---
If I download and build the latest release version -- "openssh-8.0p1"
from your website, using the same build script, it works.

So that should remove everything on my system as a possible issue.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #9 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Warren Lavallee from comment #5) 
> Are you saying the crypto method changes between:
> "ssh foo.bar.com" and "ssh 1.1.1.1"
> invocation methods?
It's possible, eg if you have a Host entry for foo.bar.com in
~/ssh/config that sets things like Ciphers, MACs or HostKeyAlgorithms,
but do not have the equivalent for 1.1.1.1.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3320|application/octet-stream    |text/plain
          mime type|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #10 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Warren Lavallee from comment #4)
> Created attachment 3320 [details]
> ssh -vvv log
That's only the non-working one.  Please include the working one too,
so that we can see what's different.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
   Attachment #3321|application/x-sh            |text/plain
          mime type|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #11 from Warren Lavallee <warren at lavall.ee> ---
Created attachment 3322
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3322&action=edit
ssh -vvv working

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3322|application/octet-stream    |text/plain
          mime type|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #12 from Warren Lavallee <warren at lavall.ee> ---
Don't look at that -- it's not the latest build -- it was the release
version from your website.

I don't know what I did, but now neither method works --

00:45 warren at WJL-MBP-15:~/src/openssh-portable
536 bash$ ./ssh goliath.openfinance.com
ssh_dispatch_run_fatal: Connection to 192.168.61.230 port 22:
unexpected internal error
00:45 warren at WJL-MBP-15:~/src/openssh-portable
537 bash$ ./ssh 192.168.61.230
ssh_dispatch_run_fatal: Connection to 192.168.61.230 port 22:
unexpected internal error
00:46 warren at WJL-MBP-15:~/src/openssh-portable
538 bash$


(In reply to Warren Lavallee from comment #11)
> Created attachment 3322 [details]
> ssh -vvv working
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #13 from Darren Tucker <dtucker at dtucker.net> ---
diffie-hellman-group-exchange-sha256 (which both sets of logs show)
involve selecting a Diffie-Hellman group (ie a set of numbers) from the
moduli file on the server.  It's possible that the behaviour varies
depending on the specific one selected.

I suggest:
 - repeating each test a number of times to see if the behaviour
changes
 - force use of the static group ("ssh -o
kexalgorithms=diffie-hellman-group14-sha1 ...").
 - try replacing the moduli file on the server with the one from the
current distribution (keep the old one, in case it's relevant :-)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3323|                            |ok?(dtucker at dtucker.net)
              Flags|                            |

--- Comment #14 from Damien Miller <djm at mindrot.org> ---
Created attachment 3323
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3323&action=edit
more kex debugging

This puts a bunch of more-proximal error messages in the key exchange
code. You'll need to apply it to git HEAD and recompile, but it may
give a better indication of where this is blowing up.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3323|ok?(dtucker at dtucker.net)    |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Warren Lavallee <warren at lavall.ee> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3320|0                           |1
        is obsolete|                            |

--- Comment #15 from Warren Lavallee <warren at lavall.ee> ---
Created attachment 3324
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3324&action=edit
ssh -vvv logs -- patched source code

I applied your patch, recompiled, and ran ssh -vvv 9 times against the
same host.  The logfiles are in the ZIP file.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #16 from Warren Lavallee <warren at lavall.ee> ---
(In reply to Darren Tucker from comment #13)
> diffie-hellman-group-exchange-sha256 (which both sets of logs show)
> involve selecting a Diffie-Hellman group (ie a set of numbers) from
> the moduli file on the server.  It's possible that the behaviour
> varies depending on the specific one selected.
> 
> I suggest:
>  - repeating each test a number of times to see if the behaviour
> changes
>  - force use of the static group ("ssh -o
> kexalgorithms=diffie-hellman-group14-sha1 ...").
>  - try replacing the moduli file on the server with the one from the
> current distribution (keep the old one, in case it's relevant :-)
ssh -o kexalgorithms=diffie-hellman-group14-sha1
works

Perhaps its a compatibility issue with LibreSSL 3.0.0
The production ssh release does work with LibreSSL 3.0.0 however.
I compile LibreSSL 3.0.0 separately and install into /usr/local -- that
is the reason for the with-SSL I configure.

macOS seems to come with LibreSSL 2.7.3 out of the box.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #17 from Damien Miller <djm at mindrot.org> ---
Here's the error:

choose_mac: unsupported MAC hmac-sha2-512

Could you please attach the output of configure and config.log
(separate attachments please)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #18 from Warren Lavallee <warren at lavall.ee> ---
Created attachment 3325
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3325&action=edit
Output from configure script

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Warren Lavallee <warren at lavall.ee> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3317|0                           |1
        is obsolete|                            |

--- Comment #19 from Warren Lavallee <warren at lavall.ee> ---
Created attachment 3326
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3326&action=edit
config.log

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3325|application/octet-stream    |text/plain
          mime type|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3326|application/octet-stream    |text/plain
          mime type|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

--- Comment #20 from Damien Miller <djm at mindrot.org> ---
The problem is that you're not regenerating configure/config.h when you
are updating the source and rebuilding. Your build script needs a call
to autoreconf between the git pull and configure invocations.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Warren Lavallee <warren at lavall.ee> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|major                       |trivial

--- Comment #21 from Warren Lavallee <warren at lavall.ee> ---
(embarrassed) that?s it!  I did an autoreconf and it works now!  I
realize you work for free. Sorry for waiting so much of your valuable
time with a non-issue.  Check your email.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3063

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #22 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.