openssh bugs - Jun 2022 - [Bug 3442] New: Regression: ssh -d with -o Connecttimeout= - does not show 'connection established' in the debug1 output

https://bugzilla.mindrot.org/show_bug.cgi?id=3442

            Bug ID: 3442
           Summary: Regression: ssh -d with -o Connecttimeout= - does not
                    show 'connection established' in the debug1 output
           Product: Portable OpenSSH
           Version: 8.1p1
          Hardware: ix86
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: robert.mathieu at davita.com

REGRESSION: using -d with -o Connecttimeout= no longer displays
"debug1: Connection established." 


In OpenSSH_7.4p1 one could use the -o connecttimeout= to prevent the
connection attempt
hanging forever, and still check for the "debug1: Connection
established."
message to indicate that the TCP connection worked. 

In OpenSSH_8.1p1 the connection terminates without such a message, this
prevents
ssh -v -p PORT being used as network testing tool instead of telnet
host PORT.

I think this is a regression as when the -d option is used one would
always want to know
if the TCP connection was established as part of the debugging process.

ssh command used on RHEL 5,6,7,8, AIX 7.1, 7.2

Sample outputs below ( removed debug1: identity file lines )
names masked by: SERVER_NAME and 8.8.8.8

OpenSSH_5.3p1 - ssh -v -o connecttimeout=5

'''
ssh -V ; date ; ssh -v -o connecttimeout=5 -p 636 SERVER_NAME 2>&1 ;
date 
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Fri Jun  3 12:57:24 PDT 2022
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to SERVER_NAME [8.8.8.8] port 636.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: permanently_set_uid: 0/0
Connection timed out during banner exchange
Fri Jun  3 12:57:29 PDT 2022
'''

OpenSSH_7.4p1 ssh -v

'''
# ssh -V ; date ; ssh -v -p 636 SERVER_NAME 2>&1 ; date
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
Fri Jun  3 14:15:12 MDT 2022
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to SERVER_NAME [8.8.8.8] port 636.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
ssh_exchange_identification: read: Connection reset by peer
Fri Jun  3 14:15:12 MDT 2022
'''

OpenSSH_7.4p1 ssh -v -o connecttimeout=5

'''
# ssh -V ; date ; ssh -v -o connecttimeout=5 -p 636 SERVER_NAME 2>&1 ;
date 
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
Fri Jun  3 12:58:40 PDT 2022
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to SERVER_NAME [8.8.8.8] port 636.
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
ssh_exchange_identification: read: Connection reset by peer
Fri Jun  3 12:58:40 PDT 2022
# 
'''

OpenSSH_8.1p1 - ssh -v 

'''
# ssh -V ; date ; ssh -v -p 636 SERVER_NAME 2>&1 ; date                 
OpenSSH_8.1p1, OpenSSL 1.0.2u  20 Dec 2019
Fri Jun  3 13:05:03 PDT 2022
OpenSSH_8.1p1, OpenSSL 1.0.2u  20 Dec 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: init_func_ptrs success
debug1: Value of krb5 is 1
debug1: Value of gssapi is 1
debug1: Connecting to SERVER_NAME [8.8.8.8] port 636.
debug1: Connection established.
debug1: Local version string SSH-2.0-OpenSSH_8.1
kex_exchange_identification: read: Connection reset by peer
Fri Jun  3 13:05:03 PDT 2022
# 
'''

OpenSSH_8.1p1 - ssh -v -o connecttimeout=5

'''
# ssh -V ; date ; ssh -o connecttimeout=5 -v -p 636 SERVER_NAME 2>&1 ;
date 
OpenSSH_8.1p1, OpenSSL 1.0.2u  20 Dec 2019
Fri Jun  3 12:59:20 PDT 2022
OpenSSH_8.1p1, OpenSSL 1.0.2u  20 Dec 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: init_func_ptrs success
debug1: Value of krb5 is 1
debug1: Value of gssapi is 1
debug1: Connecting to SERVER_NAME [8.8.8.8] port 636.
debug1: connect to address 8.8.8.8 port 636: Connection timed out
ssh: connect to host SERVER_NAME port 636: Connection timed out
Fri Jun  3 12:59:25 PDT 2022
# 
'''

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3442

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
First, you don't seem to be using the OpenSSH that we ship but rather a
3rd-party modified FIPS version. You should seek assistance from
whomever you got that from

Second, we make no promises with regards to the stability of debug
messages. They are not intended for consumption by anything other than
humans.

Finally, the message is still there
https://github.com/openssh/openssh-portable/blob/V_9_0_P1/sshconnect.c#L522
- it hasn't been touched this century.

It's possible that your modified version changed or removed the
message, but we didn't.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3442

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Closing bugs from OpenSSH 9.1 release cycle

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.