Query on Openssh

Deepti Sharma S deepti.s.sharma at ericsson.com
Thu Jan 12 09:47:40 UTC 2023


Hello Team,

Problem Statement :
Unable to connect to SFTP server hosted on Microsoft Azure using openssh-client version 7.4p1 using Subsytem SFTP.
Observation :
We are unable to connect with SFTP server using public key authentication(same with password authentication). And getting following error :
We are able to connect with the machine using our ssh-client.
After successful authentication, our client immediately send the message "type 1" to disconnect from the server as shown in logs attached.

Other observations :
We running through sftp utility, same user successfully connected with SFTP Server hosted on Azure. Logs attached
kiel1-med10:/home/ealekbl# sftp stdmpingprivwesteu01p.emmuserpass at 10.136.113.70<mailto:stdmpingprivwesteu01p.emmuserpass at 10.136.113.70>
stdmpingprivwesteu01p.emmuserp at 10.136.113.70's<mailto:stdmpingprivwesteu01p.emmuserp at 10.136.113.70's> password:
Connected to 10.136.113.70.
sftp> exit

Openssh 7.4p1 is connected successfully with sftp servers running on linux machines not hosted on Azure.

Setup Details :
              client :
                             openssh-client 7.4p1 running on RHEL
              SFTP Server : MS Azure (AzureSSH_1.0.0)

Verbose Logs :

kiel1-med1:/home/ealekbl# /opt/mediation/appl/SERVER/CXC1741717_R4N//lib/exe/ssh-client_7.4p1 -oForwardX11=no -oForwardAgent=no -oProtocol=2 -l stdmpingprivwesteu01p.emmuser -oIdentityFile=/home/mmsuper/.ssh/emmdata.pem -oNumberOfPasswordPrompts=1 -oPreferredAuthentications=publickey -oPubkeyAuthentication=yes -oRhostsAuthentication=no -oRhostsRSAAuthentication=no -oRSAAuthentication=no -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -s -oport=22 -vvv -Z "Alive and kicking" 10.136.113.70 sftp
OpenSSH_7.4p1, OpenSSL 1.0.2k  26 Jan 2017
debug2: resolving "10.136.113.70" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.136.113.70 [10.136.113.70] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /home/mmsuper/.ssh/emmdata.pem type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mmsuper/.ssh/emmdata.pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version AzureSSH_1.0.0
debug1: no match: AzureSSH_1.0.0
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.136.113.70:22 as 'stdmpingprivwesteu01p.emmuser'
debug3: hostkeys_foreach: reading file "/dev/null"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa<mailto:ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug2: ciphers ctos: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc<mailto:chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc>
debug2: ciphers stoc: chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc<mailto:chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc>
debug2: MACs ctos: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1<mailto:umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1>
debug2: MACs stoc: umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1<mailto:umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1>
debug2: compression ctos: none,zlib at openssh.com,zlib
debug2: compression stoc: none,zlib at openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,ext-info-s
debug2: host key algorithms: rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384
debug2: ciphers ctos: aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr<mailto:aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr>
debug2: ciphers stoc: aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr<mailto:aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr>
debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com
debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256-etm at openssh.com<mailto:hmac-sha2-256-etm at openssh.com> compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256-etm at openssh.com<mailto:hmac-sha2-256-etm at openssh.com> compression: none
debug3: send packet: type 30
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:0WNMHmCNJE1YFBpHNeADuT5h+PfJ/jJPtUDHCxCSrO0
debug3: hostkeys_foreach: reading file "/dev/null"
Warning: Permanently added '10.136.113.70' (ECDSA) to the list of known hosts.
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /home/mmsuper/.ssh/emmdata.pem ((nil)), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred:
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/mmsuper/.ssh/emmdata.pem
debug3: sign_and_send_pubkey: RSA SHA256:achpp3Nli3MXyIAeJJuREpdXHtYpqVvOTl5YpUsO7hI
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to 10.136.113.70 ([10.136.113.70]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: network
Alive and kickingdebug3: receive packet: type 91
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x08
debug2: client_session2_setup: id 0
debug1: Sending subsystem: sftp
debug2: channel 0: request subsystem confirm 1
debug3: send packet: type 98
debug2: callback done
debug2: channel 0: open confirm rwindow 4294967295 rmax 262143
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: subsystem request accepted on channel 0
debug3: send packet: type 1
packet_write_wait: Connection to 10.136.113.70 port 22: Broken pipe
kiel1-med1:/home/ealekbl#

Is it some known issue or please do let us know the way forward to debug it.
Is openssh 7.4p1 is compatible with AzureSSH_1.0.0?



Regards,
Deepti Sharma
PMP(r) & ITIL

From: Neeraj Gupta G <neeraj.g.gupta at ericsson.com>
Sent: 12 January 2023 12:31
To: Deepti Sharma S <deepti.s.sharma at ericsson.com>
Cc: Piyush Anand <piyush.anand at ericsson.com>
Subject: Query on Openssh
Importance: High

Hi Deepti,

We are working on a CSR regarding regarding issue in ssh connection with Azure sftp server from EM20.

So can you please raise the query on openssh community.

Query :




Thanks,
Neeraj Gupta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230112/40a5326e/attachment-0001.htm>


More information about the openssl-users mailing list