Query on Openssh

Mark Hack markhack at markhack.com
Thu Jan 12 20:09:33 UTC 2023 

This does not appear to have anything to do with OpenSSL and is mostl
likely a problem with SSH.
Start by running SSH on the destination server in debug mode. That is
the best way I have found to determine client issues. 
RegardsMark Hack


On Thu, 2023-01-12 at 09:47 +0000, Deepti Sharma S via openssl-users
wrote:
> Hello Team,
>  
> Problem Statement : 
> Unable to connect to SFTP server hosted on Microsoft Azure using
> openssh-client version 7.4p1 using Subsytem SFTP.
> Observation :
> We are unable to connect with SFTP server using public key
> authentication(same with password authentication). And getting
> following error :
> We are able to connect with the machine using our ssh-client.
> 
> After successful authentication, our client immediately send the
> message "type 1" to disconnect from the server as shown in logs
> attached.
>  
> Other observations :
> We running through sftp utility, same user successfully connected
> with SFTP Server hosted on Azure. Logs attached
> 
> kiel1-med10:/home/ealekbl# sftp 
> stdmpingprivwesteu01p.emmuserpass at 10.136.113.70
> stdmpingprivwesteu01p.emmuserp at 10.136.113.70's password:
> Connected to 10.136.113.70.
> sftp> exit
>  
> Openssh 7.4p1 is connected successfully with sftp servers running on
> linux machines not hosted on Azure.
>  
> Setup Details : 
>               client : 
>                              openssh-client 7.4p1 running on RHEL
>               SFTP Server : MS Azure (AzureSSH_1.0.0)
>               
> Verbose Logs : 
>  
> kiel1-med1:/home/ealekbl#
> /opt/mediation/appl/SERVER/CXC1741717_R4N//lib/exe/ssh-client_7.4p1
> -oForwardX11=no -oForwardAgent=no -oProtocol=2 -l
> stdmpingprivwesteu01p.emmuser
> -oIdentityFile=/home/mmsuper/.ssh/emmdata.pem
> -oNumberOfPasswordPrompts=1
>  -oPreferredAuthentications=publickey -oPubkeyAuthentication=yes
> -oRhostsAuthentication=no -oRhostsRSAAuthentication=no
> -oRSAAuthentication=no -oUserKnownHostsFile=/dev/null
> -oStrictHostKeyChecking=no -s -oport=22 -vvv -Z "Alive and kicking"
> 10.136.113.70 sftp
> OpenSSH_7.4p1, OpenSSL 1.0.2k  26 Jan 2017
> debug2: resolving "10.136.113.70" port 22
> debug2: ssh_connect_direct: needpriv 0
> debug1: Connecting to 10.136.113.70 [10.136.113.70] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/mmsuper/.ssh/emmdata.pem type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/mmsuper/.ssh/emmdata.pem-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.4
> debug1: Remote protocol version 2.0, remote software version
> AzureSSH_1.0.0
> debug1: no match: AzureSSH_1.0.0
> debug2: fd 3 setting O_NONBLOCK
> debug1: Authenticating to 10.136.113.70:22 as
> 'stdmpingprivwesteu01p.emmuser'
> debug3: hostkeys_foreach: reading file "/dev/null"
> debug3: send packet: type 20
> debug1: SSH2_MSG_KEXINIT sent
> debug3: receive packet: type 20
> debug1: SSH2_MSG_KEXINIT received
> debug2: local client KEXINIT proposal
> debug2: KEX algorithms: curve25519-sha256,
> curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-
> nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-
> sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-
> sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-
> sha256,diffie-hellman-group14-sha1,ext-info-c
> debug2: host key algorithms: 
> ecdsa-sha2-nistp256-cert-v01 at openssh.com,
> ecdsa-sha2-nistp384-cert-v01 at openssh.com,
> ecdsa-sha2-nistp521-cert-v01 at openssh.com,
> ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ecdsa-
> sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-
> ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
> debug2: ciphers ctos: 
> chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,
> aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-
> cbc,aes256-cbc
> debug2: ciphers stoc: 
> chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,
> aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-cbc,aes192-
> cbc,aes256-cbc
> debug2: MACs ctos: 
> umac-64-etm at openssh.com,umac-128-etm at openssh.com,
> hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
> hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hm
> ac-sha2-256,hmac-sha2-512,hmac-sha1
> debug2: MACs stoc: 
> umac-64-etm at openssh.com,umac-128-etm at openssh.com,
> hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com,
> hmac-sha1-etm at openssh.com,umac-64 at openssh.com,umac-128 at openssh.com,hm
> ac-sha2-256,hmac-sha2-512,hmac-sha1
> debug2: compression ctos: none,zlib at openssh.com,zlib
> debug2: compression stoc: none,zlib at openssh.com,zlib
> debug2: languages ctos:
> debug2: languages stoc:
> debug2: first_kex_follows 0
> debug2: reserved 0
> debug2: peer server KEXINIT proposal
> debug2: KEX algorithms: ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-
> hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-
> group-exchange-sha256,ext-info-s
> debug2: host key algorithms: rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-
> nistp256,ecdsa-sha2-nistp384
> debug2: ciphers ctos: 
> aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-ctr,aes192-
> ctr,aes256-ctr
> debug2: ciphers stoc: 
> aes128-gcm at openssh.com,aes256-gcm at openssh.com,aes128-ctr,aes192-
> ctr,aes256-ctr
> debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,
> hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com
> debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,
> hmac-sha2-256-etm at openssh.com,hmac-sha2-512-etm at openssh.com
> debug2: compression ctos: none
> debug2: compression stoc: none
> debug2: languages ctos:
> debug2: languages stoc:
> debug2: first_kex_follows 0
> debug2: reserved 0
> debug1: kex: algorithm: ecdh-sha2-nistp256
> debug1: kex: host key algorithm: ecdsa-sha2-nistp256
> debug1: kex: server->client cipher: aes128-ctr MAC: 
> hmac-sha2-256-etm at openssh.com compression: none
> debug1: kex: client->server cipher: aes128-ctr MAC: 
> hmac-sha2-256-etm at openssh.com compression: none
> debug3: send packet: type 30
> debug1: sending SSH2_MSG_KEX_ECDH_INIT
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug3: receive packet: type 31
> debug1: Server host key: ecdsa-sha2-nistp256
> SHA256:0WNMHmCNJE1YFBpHNeADuT5h+PfJ/jJPtUDHCxCSrO0
> debug3: hostkeys_foreach: reading file "/dev/null"
> Warning: Permanently added '10.136.113.70' (ECDSA) to the list of
> known hosts.
> debug3: send packet: type 21
> debug2: set_newkeys: mode 1
> debug1: rekey after 4294967296 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug3: receive packet: type 21
> debug1: SSH2_MSG_NEWKEYS received
> debug2: set_newkeys: mode 0
> debug1: rekey after 4294967296 blocks
> debug2: key: /home/mmsuper/.ssh/emmdata.pem ((nil)), explicit
> debug3: send packet: type 5
> debug3: receive packet: type 7
> debug1: SSH2_MSG_EXT_INFO received
> debug3: receive packet: type 6
> debug2: service_accept: ssh-userauth
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug3: send packet: type 50
> debug3: receive packet: type 51
> debug1: Authentications that can continue: publickey,password
> debug3: start over, passed a different list publickey,password
> debug3: preferred publickey
> debug3: authmethod_lookup publickey
> debug3: remaining preferred:
> debug3: authmethod_is_enabled publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/mmsuper/.ssh/emmdata.pem
> debug3: sign_and_send_pubkey: RSA
> SHA256:achpp3Nli3MXyIAeJJuREpdXHtYpqVvOTl5YpUsO7hI
> debug3: send packet: type 50
> debug2: we sent a publickey packet, wait for reply
> debug3: receive packet: type 52
> debug1: Authentication succeeded (publickey).
> Authenticated to 10.136.113.70 ([10.136.113.70]:22).
> debug1: channel 0: new [client-session]
> debug3: ssh_session2_open: channel_new: 0
> debug2: channel 0: send open
> debug3: send packet: type 90
> debug1: Entering interactive session.
> debug1: pledge: network
> Alive and kickingdebug3: receive packet: type 91
> debug2: callback start
> debug2: fd 3 setting TCP_NODELAY
> debug3: ssh_packet_set_tos: set IP_TOS 0x08
> debug2: client_session2_setup: id 0
> debug1: Sending subsystem: sftp
> debug2: channel 0: request subsystem confirm 1
> debug3: send packet: type 98
> debug2: callback done
> debug2: channel 0: open confirm rwindow 4294967295 rmax 262143
> debug3: receive packet: type 99
> debug2: channel_input_status_confirm: type 99 id 0
> debug2: subsystem request accepted on channel 0
> debug3: send packet: type 1
> packet_write_wait: Connection to 10.136.113.70 port 22: Broken pipe
> kiel1-med1:/home/ealekbl#
>  
> Is it some known issue or please do let us know the way forward to
> debug it.
> Is openssh 7.4p1 is compatible with AzureSSH_1.0.0?
>  
>  
> 
>  
> Regards,
> Deepti Sharma
> 
> 
> PMP® & ITIL 
> 
>  
> 
> 
> From: Neeraj Gupta G <neeraj.g.gupta at ericsson.com>
> 
> 
> Sent: 12 January 2023 12:31
> 
> To: Deepti Sharma S <deepti.s.sharma at ericsson.com>
> 
> Cc: Piyush Anand <piyush.anand at ericsson.com>
> 
> Subject: Query on Openssh
> 
> Importance: High
> 
> 
>  
> Hi Deepti,
>  
> We are working on a CSR regarding regarding issue in ssh connection
> with Azure sftp server from EM20.
>  
> So can you please raise the query on openssh community. 
> 
>  
> Query : 
>  
>  
>  
>  
> Thanks,
> Neeraj Gupta
> 
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230112/004c603a/attachment-0001.htm>

More information about the openssl-users mailing list