Thanks Darren, will check on your response.
I am attaching sshd, ssh logs with debug flags. Please see if it gives any
hint:
when I press ^C in ssh session, no log gets printed in both server/client
side.
Best Regards,
On Wed, Jan 18, 2017 at 3:09 AM, Darren Tucker <dtucker at zip.com.au>
wrote:
> On Wed, Jan 18, 2017 at 5:10 AM, Sudarshan Soma <sudarshan12s at
gmail.com>
> wrote:
> > Thanks Ben. i am checking in linux.
> > I do have this command working:
> > ssh localhost -o password=abc123
>
> That's definitely a modified ssh binary.
>
> > will try to getback on openssh used. But is it possible to show some
> > pointers for my queries, avoid arguments in ps or /proc
>
> I don't think you reliably can.
>
> You can add a call to setproctitle() to ssh but I don't think that
> affects all sets of options to ps, and even if it did there's still a
> race between when the process starts and when you call setproctitle
> during which the password is exposed.
>
> So don't do that, instead use public-key, or if you must use a
> password read it from a suitably locked down file. You can (with some
> difficulty) get ssh to read a password via an $SSH_ASKPASS program.
>
> > and other one was on ^C not working on my ssh sessions.
>
> just a guess but check the permissions on /dev/tty on the server.
> They should look like:
> crw-rw-rw- 1 root tty 5, 0 Jan 17 19:34 /dev/tty
>
> Failing that please post the debug output of ssh -vvv and sshd -ddd
> from an unmodified (ie as available from openssh.com) client and
> server pair.
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>
-------------- next part --------------
tmp # sshd -ddd -f /etc/ssh/ssshd_config -h /etc/ssh_key
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 986
debug2: parse_server_config: config /etc/ssh/sshd_config len 986
debug3: /etc/ssh/sshd_config:2 setting Port 22
debug3: /etc/ssh/sshd_config:3 setting Protocol 2
debug3: /etc/ssh/sshd_config:4 setting PubkeyAuthentication no
debug3: /etc/ssh/sshd_config:5 setting RhostsRSAAuthentication no
debug3: /etc/ssh/sshd_config:6 setting HostbasedAuthentication no
debug3: /etc/ssh/sshd_config:7 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:8 setting PermitEmptyPasswords yes
debug3: /etc/ssh/sshd_config:9 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:10 setting AllowTcpForwarding yes
debug3: /etc/ssh/sshd_config:11 setting UsePrivilegeSeparation no
debug3: /etc/ssh/sshd_config:12 setting PidFile /tmp/sshd.pid
debug3: /etc/ssh/sshd_config:13 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:14 setting ClientAliveInterval 600
debug3: /etc/ssh/sshd_config:15 setting ClientAliveCountMax 3
debug3: /etc/ssh/sshd_config:16 setting MaxStartups 25
debug3: /etc/ssh/sshd_config:17 setting Ciphers
aes256-ctr,aes192-ctr,aes128-ctr,chacha20-poly1305 at openssh.com,aes128-gcm at
openssh.com,aes256-gcm at openssh.com
debug3: ciphers ok: [aes256-ctr,aes192-ctr,aes128-ctr,chacha20-poly1305 at
openssh.com,aes128-gcm at openssh.com,aes256-gcm at openssh.com]
debug3: /etc/ssh/sshd_config:18 setting MACs
hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm at openssh.com,hmac-sha2-256-etm
at openssh.com,hmac-sha1,hmac-sha1-etm at openssh.com
debug3: macs ok: [hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm at
openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha1,hmac-sha1-etm at
openssh.com]
debug3: /etc/ssh/sshd_config:19 setting GatewayPorts no
debug3: /etc/ssh/sshd_config:20 setting X11Forwarding no
debug3: /etc/ssh/sshd_config:21 setting AllowAgentForwarding no
debug3: /etc/ssh/sshd_config:22 setting PermitTunnel no
debug3: /etc/ssh/sshd_config:23 setting AllowUsers root guest
debug3: /etc/ssh/sshd_config:24 setting IgnoreRhosts yes
debug1: sshd version OpenSSH_6.6, OpenSSL 1.0.1h 5 Jun 2014
debug3: Incorrect RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug1: rexec_argv[0]='sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-f'
debug1: rexec_argv[3]='/etc/ssh/sshd_config'
debug1: rexec_argv[4]='-h'
debug1: rexec_argv[5]='/etc/ssh_key'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
tmp # ssh -vvv localhost
OpenSSH_6.6, OpenSSL 1.0.1h 5 Jun 2014
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: permanently_set_uid: 0/0
debug3: send_rexec_state: entering fd = 8 config len 986
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: identity file /tmp/.ssh/id_rsa type -1
debug1: identity file /tmp/.ssh/id_rsa-cert type -1
debug1: identity file /tmp/.ssh/id_dsa type -1
debug1: identity file /tmp/.ssh/id_dsa-cert type -1
debug1: identity file /tmp/.ssh/id_ecdsa type -1
debug1: identity file /tmp/.ssh/id_ecdsa-cert type -1
debug1: identity file /tmp/.ssh/id_ed25519 type -1
debug1: identity file /tmp/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug1: inetd sockets after dupping: 3, 3
Connection from ::1 port 35252 on ::1 port 22
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Client protocol version 2.0; client software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug2: fd 3 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256 at
libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr,chacha20-poly1305 at
openssh.com,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr,chacha20-poly1305 at
openssh.com,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: kex_parse_kexinit: hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm at
openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha1,hmac-sha1-etm at
openssh.com
debug2: kex_parse_kexinit: hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm at
openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha1,hmac-sha1-etm at
openssh.com
debug2: kex_parse_kexinit: none,zlib at openssh.com
debug2: kex_parse_kexinit: none,zlib at openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256 at
libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at
openssh.com,ecdsa-sha2-nistp384-cert-v01 at
openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at
openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at
openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at
openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at
openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at
openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc
at lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at
openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at
openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc
at lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,hmac-sha1-etm at
openssh.com,umac-64-etm at openssh.com,umac-128-etm at
openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at
openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at
openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at
openssh.com,umac-128 at
openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,hmac-sha1-etm at
openssh.com,umac-64-etm at openssh.com,umac-128-etm at
openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at
openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at
openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at
openssh.com,umac-128 at
openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: curve25519-sha256 at
libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01 at
openssh.com,ecdsa-sha2-nistp384-cert-v01 at
openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at
openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at
openssh.com,ssh-rsa-cert-v00 at openssh.com,ssh-dss-cert-v00 at
openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at
openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at
openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc
at lysator.liu.se
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm at
openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at
openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc
at lysator.liu.se
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,hmac-sha1-etm at
openssh.com,umac-64-etm at openssh.com,umac-128-etm at
openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at
openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at
openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at
openssh.com,umac-128 at
openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: hmac-md5-etm at openssh.com,hmac-sha1-etm at
openssh.com,umac-64-etm at openssh.com,umac-128-etm at
openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at
openssh.com,hmac-ripemd160-etm at openssh.com,hmac-sha1-96-etm at
openssh.com,hmac-md5-96-etm at openssh.com,hmac-md5,hmac-sha1,umac-64 at
openssh.com,umac-128 at
openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug2: mac_setup: setup hmac-sha1-etm at openssh.com
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib
debug1: kex: client->server aes128-ctr hmac-sha1-etm at openssh.com none
debug2: kex_parse_kexinit:
debug2: mac_setup: setup hmac-sha1-etm at openssh.com
debug2: kex_parse_kexinit:
debug1: kex: server->client aes128-ctr hmac-sha1-etm at openssh.com none
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-sha256 at
libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr,chacha20-poly1305 at
openssh.com,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: kex_parse_kexinit: aes256-ctr,aes192-ctr,aes128-ctr,chacha20-poly1305 at
openssh.com,aes128-gcm at openssh.com,aes256-gcm at openssh.com
debug2: kex_parse_kexinit: hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm at
openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha1,hmac-sha1-etm at
openssh.com
debug1: expecting SSH2_MSG_KEX_ECDH_INIT
debug2: kex_parse_kexinit: hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm at
openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha1,hmac-sha1-etm at
openssh.com
debug2: kex_parse_kexinit: none,zlib at openssh.com
debug2: kex_parse_kexinit: none,zlib at openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-sha1-etm at openssh.com
debug1: kex: server->client aes128-ctr hmac-sha1-etm at openssh.com none
debug2: mac_setup: setup hmac-sha1-etm at openssh.com
debug1: kex: client->server aes128-ctr hmac-sha1-etm at openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: Server host key: RSA c2:2c:fc:dd:62:86:0e:04:4f:46:75:4c:37:3f:e5:30
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /tmp/.ssh/id_rsa ((nil)),
debug2: key: /tmp/.ssh/id_dsa ((nil)),
debug2: key: /tmp/.ssh/id_ecdsa ((nil)),
debug2: key: /tmp/.ssh/id_ed25519 ((nil)),
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug3: Trying to reverse map address ::1.
debug2: parse_server_config: config reprocess config len 986
debug3: auth_shadow_acctexpired: today 17185 sp_expire -1 days left -17186
debug3: account expiration disabled
debug2: input_userauth_request: setting up authctxt for root
debug2: input_userauth_request: try method none
debug3: auth_shadow_pwexpired: today 17185 sp_lstchg 17183 sp_max 0
debug3: password expiration disabled
Failed none for root from ::1 port 35252 ssh2
debug3: userauth_finish: failure partial=0 next methods="password"
debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
root at localhost's password:
debug3: packet_send2: adding 64 (len 53 padlen 11 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: userauth-request for user root service ssh-connection method password
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method password
Accepted password for root from ::1 port 35252 ssh2
debug1: Entering interactive session for SSH2.
debug1: Authentication succeeded (password).
debug2: fd 4 setting O_NONBLOCK
Authenticated to localhost ([::1]:22).
debug2: fd 5 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions at openssh.com
debug1: Entering interactive session.
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessions at openssh.com
want_reply 0
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IPV6_TCLASS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/0
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/0 for root from ::1 port 35252
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IPV6_TCLASS 0x10
debug2: channel 0: rfd 8 isatty
debug2: fd 8 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Thu Jan 19 21:37:56 2017 from localhost.localdomain
debug1: permanently_set_uid: 0/0
Environment:
USER=root
LOGNAME=root
HOME=/tmp
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
MAIL=/var/mail/root
SHELL=/bin/sh
TZ=UTC
SSH_CLIENT=::1 35252 22
SSH_CONNECTION=::1 35252 ::1 22
SSH_TTY=/dev/pts/0
TERM=linux
-sh: no job control in this shell
file setup_env.sh found...
tmp # ls -ltr /dev/pts/0
crw--w---- 1 root tty 136, 0 Jan 19 21:40 /dev/pts/0
tmp #