NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: misc/58420: ssh silently fails attempting to authenticate from NetBSD to another host
The following reply was made to PR misc/58420; it has been noted by GNATS.
From: Duncan Greatwood <dgbulk%gmail.com@localhost>
To: Martin Husemann <martin%duskware.de@localhost>
Cc: gnats-bugs%netbsd.org@localhost
Subject: Re: misc/58420: ssh silently fails attempting to authenticate from
NetBSD to another host
Date: Sun, 14 Jul 2024 10:17:42 -0700
--000000000000fc9ccb061d384aa7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
>
> I am not sure what "explicitly supported" here means
[DG] When a new VM is created in Ubuntu Virtual Manager, before accessing
the to-be-installed OS's iso, Virtual Manager offers a drop down to allow
the user to specify exactly which OS is being installed, and so to have the
install go ahead with the best virtualization configuration for that OS.
The newest NetBSD on that dropdown list is NetBSD 9.0.
Can you show the output of ssh -vvvv user@somehost
[DG] Sure - please see below. Do you see anything there?
BTW, looking at permissions in .ssh, pub keys are:
-rw-r--r--
while private keys are:
-rw-------
which is what I would expect.
Also, noting again that the same failing behaviour shows up when trying to
ssh as root.
-bash-5.2$ ssh -vvvv <username>@<host>
OpenSSH_9.6 NetBSD_Secure_Shell-20231220-hpn13v14-lpk, OpenSSL 1.1.1t 7
Feb 2023
debug1: Reading configuration data /home/<username>/.ssh/config
debug1: /home/<username>/.ssh/config line 41: Applying options for <host>
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname <host IP> is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' ->
'/home/<username>/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' ->
'/home/<username>/.ssh/known_hosts2'
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to <host IP> [<host IP>] port 22.
debug3: ssh_set_sock_tos: set socket 3 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /home/<username>/.ssh/xps131-pair.pem type -1
debug1: identity file /home/<username>/.ssh/xps131-pair.pem-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.6
NetBSD_Secure_Shell-20231220-hpn13v14-lpk
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.3
debug1: compat_banner: match: OpenSSH_9.3 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to <host IP>:22 as '<username>'
debug1: load_hostkeys: fopen /home/<username>/.ssh/known_hosts2: No such
file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or
directory
debug3: order_hostkeyalgs: no algorithms matched; accept original
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512%openssh.com@localhost
,curve25519-sha256,curve25519-sha256%libssh.org@localhost
,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-gr=
oup-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sh=
a512,diffie-hellman-group14-sha256,ext-info-c,
kex-strict-c-v00%openssh.com@localhost
debug2: host key algorithms: ssh-ed25519-cert-v01%openssh.com@localhost,
ecdsa-sha2-nistp256-cert-v01%openssh.com@localhost,
ecdsa-sha2-nistp384-cert-v01%openssh.com@localhost,
ecdsa-sha2-nistp521-cert-v01%openssh.com@localhost,sk-ssh-ed25519-cert-v01%openssh.co@localhost=
m
,sk-ecdsa-sha2-nistp256-cert-v01%openssh.com@localhost,
rsa-sha2-512-cert-v01%openssh.com@localhost,rsa-sha2-256-cert-v01%openssh.com@localhost
,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
sk-ssh-ed25519%openssh.com@localhost,sk-ecdsa-sha2-nistp256%openssh.com@localhost
,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305%openssh.com@localhost
,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm%openssh.com@localhost,
aes256-gcm%openssh.com@localhost
debug2: ciphers stoc: chacha20-poly1305%openssh.com@localhost
,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm%openssh.com@localhost,
aes256-gcm%openssh.com@localhost
debug2: MACs ctos: umac-64-etm%openssh.com@localhost,umac-128-etm%openssh.com@localhost,
hmac-sha2-256-etm%openssh.com@localhost,hmac-sha2-512-etm%openssh.com@localhost,
hmac-sha1-etm%openssh.com@localhost,umac-64%openssh.com@localhost,umac-128%openssh.com@localhost
,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm%openssh.com@localhost,umac-128-etm%openssh.com@localhost,
hmac-sha2-256-etm%openssh.com@localhost,hmac-sha2-512-etm%openssh.com@localhost,
hmac-sha1-etm%openssh.com@localhost,umac-64%openssh.com@localhost,umac-128%openssh.com@localhost
,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib%openssh.com@localhost,zlib
debug2: compression stoc: none,zlib%openssh.com@localhost,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512%openssh.com@localhost
,curve25519-sha256,curve25519-sha256%libssh.org@localhost
,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-gr=
oup-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sh=
a512,diffie-hellman-group14-sha256,
kex-strict-s-v00%openssh.com@localhost
debug2: host key algorithms:
rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305%openssh.com@localhost
,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm%openssh.com@localhost,
aes256-gcm%openssh.com@localhost
debug2: ciphers stoc: chacha20-poly1305%openssh.com@localhost
,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm%openssh.com@localhost,
aes256-gcm%openssh.com@localhost
debug2: MACs ctos: umac-64-etm%openssh.com@localhost,umac-128-etm%openssh.com@localhost,
hmac-sha2-256-etm%openssh.com@localhost,hmac-sha2-512-etm%openssh.com@localhost,
hmac-sha1-etm%openssh.com@localhost,umac-64%openssh.com@localhost,umac-128%openssh.com@localhost
,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm%openssh.com@localhost,umac-128-etm%openssh.com@localhost,
hmac-sha2-256-etm%openssh.com@localhost,hmac-sha2-512-etm%openssh.com@localhost,
hmac-sha1-etm%openssh.com@localhost,umac-64%openssh.com@localhost,umac-128%openssh.com@localhost
,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib%openssh.com@localhost
debug2: compression stoc: none,zlib%openssh.com@localhost
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: sntrup761x25519-sha512%openssh.com@localhost
debug1: kex: host key algorithm: ssh-ed25519
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305%openssh.com@localhost'
debug1: kex: server->client cipher: chacha20-poly1305%openssh.com@localhost MAC:
<implicit> compression: none
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305%openssh.com@localhost'
debug1: kex: client->server cipher: chacha20-poly1305%openssh.com@localhost MAC:
<implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:<sha256>
debug1: load_hostkeys: fopen /home/<username>/.ssh/known_hosts2: No such
file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or
directory
debug3: hostkeys_find_by_key_hostfile: trying user hostfile
"/home/<username>/.ssh/known_hosts"
debug3: ssh_hostkeys_foreach: reading file
"/home/<username>/.ssh/known_hosts"
debug3: hostkeys_find_by_key_hostfile: trying user hostfile
"/home/<username>/.ssh/known_hosts2"
debug1: hostkeys_find_by_key_hostfile: hostkeys file
/home/<username>/.ssh/known_hosts2 does not exist
debug3: hostkeys_find_by_key_hostfile: trying system hostfile
"/etc/ssh/ssh_known_hosts"
debug3: ssh_hostkeys_foreach: reading file "/etc/ssh/ssh_known_hosts"
debug3: hostkeys_find_by_key_hostfile: trying system hostfile
"/etc/ssh/ssh_known_hosts2"
debug1: hostkeys_find_by_key_hostfile: hostkeys file
/etc/ssh/ssh_known_hosts2 does not exist
The authenticity of host '<host IP> (<host IP>)' can't be established.
ED25519 key fingerprint is SHA256:<sha256>.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
-bash-5.2$
Also note zero size known_hosts after the above:
-bash-5.2$ ls -l .ssh/known_hosts
-rw-r--r-- 1 <username> users 0 Jul 11 11:55 .ssh/known_hosts
If I now remove .ssh/known_hosts and run ssh again, it once again
prompts for "continue connecting" and then exits silently, but no
known_hosts is created.
On Sun, Jul 14, 2024 at 12:18=E2=80=AFAM Martin Husemann <martin@duskware.d=
e> wrote:
> On Sat, Jul 13, 2024 at 05:26:26PM -0700, Duncan Greatwood wrote:
> > The specific answer to your question is that NetBSD 9.0 is the most
> recent
> > version of NetBSD explicitly supported by the default version of QEMU/K=
VM
>
> I am not sure what "explicitly supported" here means, but that is not
> very important for this PR.
>
> > Nonetheless. I cloned the VM and upgraded it to NetBSD 9.4 using:
>
> Thanks. Can you show the output of
>
> ssh -vvvv user@somehost
>
> for the non-working case?
>
> Since your ssh shows the host key fingerprint it obviously is already
> talking
> to the peer (so anything on the network layer works), and the problem mus=
t
> be something local (like wrong permissions on your ~/.ssh directory).
>
> The more verbose output should point at that.
>
> Martin
>
--000000000000fc9ccb061d384aa7
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px =
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I am not=
sure what "explicitly supported" here means</blockquote><div>[DG=
] When a new VM is created in Ubuntu Virtual Manager, before accessing the =
to-be-installed OS's iso, Virtual Manager offers a drop down to allow t=
he user to specify exactly which OS is being installed, and so=C2=A0to=C2=
=A0have the install go ahead with the best virtualization configuration for=
that OS. The newest NetBSD on that dropdown list is NetBSD 9.0.</div><div>=
<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8=
ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Can you show th=
e output of=C2=A0ssh -vvvv user@somehost</blockquote><div>[DG] Sure - pleas=
e see below. Do you see anything there?</div><div><br></div><div>BTW, looki=
ng at permissions in .ssh, pub keys are:</div><div><blockquote style=3D"mar=
gin:0 0 0 40px;border:none;padding:0px"><div>-rw-r--r--<br></div></blockquo=
te></div><div>while private keys are:</div><div><blockquote style=3D"margin=
:0 0 0 40px;border:none;padding:0px"><div>-rw-------<br></div></blockquote>=
</div><div>which is what I would expect.</div><div><br></div><div>Also, not=
ing again that the same failing behaviour shows up when trying to ssh as ro=
ot.</div><div><br></div><div>-bash-5.2$ ssh -vvvv <username>@<host=
><br>OpenSSH_9.6 NetBSD_Secure_Shell-20231220-hpn13v14-lpk, OpenSSL 1.1.=
1t =C2=A07 Feb 2023<br>debug1: Reading configuration data /home/<usernam=
e>/.ssh/config<br>debug1: /home/<username>/.ssh/config line 41: Ap=
plying options for <host><br>debug1: Reading configuration data /etc/=
ssh/ssh_config<br>debug2: resolve_canonicalize: hostname <host IP> is=
address<br>debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts'=
; -> '/home/<username>/.ssh/known_hosts'<br>debug3: expand=
ed UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/<us=
ername>/.ssh/known_hosts2'<br>debug3: channel_clear_timeouts: cleari=
ng<br>debug3: ssh_connect_direct: entering<br>debug1: Connecting to <hos=
t IP> [<host IP>] port 22.<br>debug3: ssh_set_sock_tos: set socket=
3 IP_TOS 0x48<br>debug1: Connection established.<br>debug1: identity file =
/home/<username>/.ssh/xps131-pair.pem type -1<br>debug1: identity fil=
e /home/<username>/.ssh/xps131-pair.pem-cert type -1<br>debug1: Local=
version string SSH-2.0-OpenSSH_9.6 NetBSD_Secure_Shell-20231220-hpn13v14-l=
pk<br>debug1: Remote protocol version 2.0, remote software version OpenSSH_=
9.3<br>debug1: compat_banner: match: OpenSSH_9.3 pat OpenSSH* compat 0x0400=
0000<br>debug2: fd 3 setting O_NONBLOCK<br>debug1: Authenticating to <ho=
st IP>:22 as '<username>'<br>debug1: load_hostkeys: fopen =
/home/<username>/.ssh/known_hosts2: No such file or directory<br>debu=
g1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directo=
ry<br>debug3: order_hostkeyalgs: no algorithms matched; accept original<br>=
debug3: send packet: type 20<br>debug1: SSH2_MSG_KEXINIT sent<br>debug3: re=
ceive packet: type 20<br>debug1: SSH2_MSG_KEXINIT received<br>debug2: local=
client KEXINIT proposal<br>debug2: KEX algorithms: <a href=3D"mailto:sntru=
p761x25519-sha512%openssh.com@localhost">sntrup761x25519-sha512%openssh.com@localhost</a>,curve=
25519-sha256,<a href=3D"mailto:curve25519-sha256%libssh.org@localhost";>curve25519-sha=
256%libssh.org@localhost</a>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521=
,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-=
hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,<a href=3D"=
mailto:kex-strict-c-v00%openssh.com@localhost";>kex-strict-c-v00%openssh.com@localhost</a><br>de=
bug2: host key algorithms: <a href=3D"mailto:ssh-ed25519-cert-v01@openssh.c=
om">ssh-ed25519-cert-v01%openssh.com@localhost</a>,<a href=3D"mailto:ecdsa-sha2-nistp=
256-cert-v01%openssh.com@localhost">ecdsa-sha2-nistp256-cert-v01%openssh.com@localhost</a>,<a h=
ref=3D"mailto:ecdsa-sha2-nistp384-cert-v01%openssh.com@localhost";>ecdsa-sha2-nistp384=
-cert-v01%openssh.com@localhost</a>,<a href=3D"mailto:ecdsa-sha2-nistp521-cert-v01@op=
enssh.com">ecdsa-sha2-nistp521-cert-v01%openssh.com@localhost</a>,<a href=3D"mailto:s=
k-ssh-ed25519-cert-v01%openssh.com@localhost">sk-ssh-ed25519-cert-v01%openssh.com@localhost</a>=
,<a href=3D"mailto:sk-ecdsa-sha2-nistp256-cert-v01%openssh.com@localhost";>sk-ecdsa-sh=
a2-nistp256-cert-v01%openssh.com@localhost</a>,<a href=3D"mailto:rsa-sha2-512-cert-v0=
1%openssh.com@localhost">rsa-sha2-512-cert-v01%openssh.com@localhost</a>,<a href=3D"mailto:rsa-=
sha2-256-cert-v01%openssh.com@localhost">rsa-sha2-256-cert-v01%openssh.com@localhost</a>,ssh-ed=
25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,<a href=
=3D"mailto:sk-ssh-ed25519%openssh.com@localhost";>sk-ssh-ed25519%openssh.com@localhost</a>,<a hr=
ef=3D"mailto:sk-ecdsa-sha2-nistp256%openssh.com@localhost";>sk-ecdsa-sha2-nistp256@ope=
nssh.com</a>,rsa-sha2-512,rsa-sha2-256<br>debug2: ciphers ctos: <a href=3D"=
mailto:chacha20-poly1305%openssh.com@localhost";>chacha20-poly1305%openssh.com@localhost</a>,aes=
128-ctr,aes192-ctr,aes256-ctr,<a href=3D"mailto:aes128-gcm%openssh.com@localhost";>aes=
128-gcm%openssh.com@localhost</a>,<a href=3D"mailto:aes256-gcm%openssh.com@localhost";>aes256-gc=
m%openssh.com@localhost</a><br>debug2: ciphers stoc: <a href=3D"mailto:chacha20-poly1=
305%openssh.com@localhost">chacha20-poly1305%openssh.com@localhost</a>,aes128-ctr,aes192-ctr,ae=
s256-ctr,<a href=3D"mailto:aes128-gcm%openssh.com@localhost";>aes128-gcm%openssh.com@localhost</=
a>,<a href=3D"mailto:aes256-gcm%openssh.com@localhost";>aes256-gcm%openssh.com@localhost</a><br>=
debug2: MACs ctos: <a href=3D"mailto:umac-64-etm%openssh.com@localhost";>umac-64-etm@o=
penssh.com</a>,<a href=3D"mailto:umac-128-etm%openssh.com@localhost";>umac-128-etm@ope=
nssh.com</a>,<a href=3D"mailto:hmac-sha2-256-etm%openssh.com@localhost";>hmac-sha2-256=
-etm%openssh.com@localhost</a>,<a href=3D"mailto:hmac-sha2-512-etm%openssh.com@localhost";>hmac-=
sha2-512-etm%openssh.com@localhost</a>,<a href=3D"mailto:hmac-sha1-etm%openssh.com@localhost";>h=
mac-sha1-etm%openssh.com@localhost</a>,<a href=3D"mailto:umac-64%openssh.com@localhost";>umac-64=
@openssh.com</a>,<a href=3D"mailto:umac-128%openssh.com@localhost";>umac-128@openssh.c=
om</a>,hmac-sha2-256,hmac-sha2-512,hmac-sha1<br>debug2: MACs stoc: <a href=
=3D"mailto:umac-64-etm%openssh.com@localhost";>umac-64-etm%openssh.com@localhost</a>,<a href=3D"=
mailto:umac-128-etm%openssh.com@localhost";>umac-128-etm%openssh.com@localhost</a>,<a href=3D"ma=
ilto:hmac-sha2-256-etm%openssh.com@localhost">hmac-sha2-256-etm%openssh.com@localhost</a>,<a hr=
ef=3D"mailto:hmac-sha2-512-etm%openssh.com@localhost";>hmac-sha2-512-etm%openssh.com@localhost</=
a>,<a href=3D"mailto:hmac-sha1-etm%openssh.com@localhost";>hmac-sha1-etm%openssh.com@localhost</=
a>,<a href=3D"mailto:umac-64%openssh.com@localhost";>umac-64%openssh.com@localhost</a>,<a href=
=3D"mailto:umac-128%openssh.com@localhost";>umac-128%openssh.com@localhost</a>,hmac-sha2-256,hma=
c-sha2-512,hmac-sha1<br>debug2: compression ctos: none,<a href=3D"mailto:zl=
ib%openssh.com@localhost">zlib%openssh.com@localhost</a>,zlib<br>debug2: compression stoc: none=
,<a href=3D"mailto:zlib%openssh.com@localhost";>zlib%openssh.com@localhost</a>,zlib<br>debug2: l=
anguages ctos:<br>debug2: languages stoc:<br>debug2: first_kex_follows 0<br=
>debug2: reserved 0<br>debug2: peer server KEXINIT proposal<br>debug2: KEX =
algorithms: <a href=3D"mailto:sntrup761x25519-sha512%openssh.com@localhost";>sntrup761=
x25519-sha512%openssh.com@localhost</a>,curve25519-sha256,<a href=3D"mailto:curve2551=
9-sha256%libssh.org@localhost">curve25519-sha256%libssh.org@localhost</a>,ecdh-sha2-nistp256,ec=
dh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,di=
ffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-gr=
oup14-sha256,<a href=3D"mailto:kex-strict-s-v00%openssh.com@localhost";>kex-strict-s-v=
00%openssh.com@localhost</a><br>debug2: host key algorithms: rsa-sha2-512,rsa-sha2-25=
6,ecdsa-sha2-nistp256,ssh-ed25519<br>debug2: ciphers ctos: <a href=3D"mailt=
o:chacha20-poly1305%openssh.com@localhost">chacha20-poly1305%openssh.com@localhost</a>,aes128-c=
tr,aes192-ctr,aes256-ctr,<a href=3D"mailto:aes128-gcm%openssh.com@localhost";>aes128-g=
cm%openssh.com@localhost</a>,<a href=3D"mailto:aes256-gcm%openssh.com@localhost";>aes256-gcm@ope=
nssh.com</a><br>debug2: ciphers stoc: <a href=3D"mailto:chacha20-poly1305@o=
penssh.com">chacha20-poly1305%openssh.com@localhost</a>,aes128-ctr,aes192-ctr,aes256-=
ctr,<a href=3D"mailto:aes128-gcm%openssh.com@localhost";>aes128-gcm%openssh.com@localhost</a>,<a=
href=3D"mailto:aes256-gcm%openssh.com@localhost";>aes256-gcm%openssh.com@localhost</a><br>debug=
2: MACs ctos: <a href=3D"mailto:umac-64-etm%openssh.com@localhost";>umac-64-etm@openss=
h.com</a>,<a href=3D"mailto:umac-128-etm%openssh.com@localhost";>umac-128-etm@openssh.=
com</a>,<a href=3D"mailto:hmac-sha2-256-etm%openssh.com@localhost";>hmac-sha2-256-etm@=
openssh.com</a>,<a href=3D"mailto:hmac-sha2-512-etm%openssh.com@localhost";>hmac-sha2-=
512-etm%openssh.com@localhost</a>,<a href=3D"mailto:hmac-sha1-etm%openssh.com@localhost";>hmac-s=
ha1-etm%openssh.com@localhost</a>,<a href=3D"mailto:umac-64%openssh.com@localhost";>umac-64@open=
ssh.com</a>,<a href=3D"mailto:umac-128%openssh.com@localhost";>umac-128%openssh.com@localhost</a=
>,hmac-sha2-256,hmac-sha2-512,hmac-sha1<br>debug2: MACs stoc: <a href=3D"ma=
ilto:umac-64-etm%openssh.com@localhost">umac-64-etm%openssh.com@localhost</a>,<a href=3D"mailto=
:umac-128-etm%openssh.com@localhost">umac-128-etm%openssh.com@localhost</a>,<a href=3D"mailto:h=
mac-sha2-256-etm%openssh.com@localhost">hmac-sha2-256-etm%openssh.com@localhost</a>,<a href=3D"=
mailto:hmac-sha2-512-etm%openssh.com@localhost";>hmac-sha2-512-etm%openssh.com@localhost</a>,<a =
href=3D"mailto:hmac-sha1-etm%openssh.com@localhost";>hmac-sha1-etm%openssh.com@localhost</a>,<a =
href=3D"mailto:umac-64%openssh.com@localhost";>umac-64%openssh.com@localhost</a>,<a href=3D"mail=
to:umac-128%openssh.com@localhost">umac-128%openssh.com@localhost</a>,hmac-sha2-256,hmac-sha2-5=
12,hmac-sha1<br>debug2: compression ctos: none,<a href=3D"mailto:zlib@opens=
sh.com">zlib%openssh.com@localhost</a><br>debug2: compression stoc: none,<a href=3D"m=
ailto:zlib%openssh.com@localhost">zlib%openssh.com@localhost</a><br>debug2: languages ctos:<br>=
debug2: languages stoc:<br>debug2: first_kex_follows 0<br>debug2: reserved =
0<br>debug3: kex_choose_conf: will use strict KEX ordering<br>debug1: kex: =
algorithm: <a href=3D"mailto:sntrup761x25519-sha512%openssh.com@localhost";>sntrup761x=
25519-sha512%openssh.com@localhost</a><br>debug1: kex: host key algorithm: ssh-ed2551=
9<br>debug1: REQUESTED <a href=3D"http://ENC.NAME";>ENC.NAME</a> is '<a =
href=3D"mailto:chacha20-poly1305%openssh.com@localhost";>chacha20-poly1305%openssh.com@localhost=
</a>'<br>debug1: kex: server->client cipher: <a href=3D"mailto:chach=
a20-poly1305%openssh.com@localhost">chacha20-poly1305%openssh.com@localhost</a> MAC: <implic=
it> compression: none<br>debug1: REQUESTED <a href=3D"http://ENC.NAME";>E=
NC.NAME</a> is '<a href=3D"mailto:chacha20-poly1305%openssh.com@localhost";>chacha=
20-poly1305%openssh.com@localhost</a>'<br>debug1: kex: client->server cipher: =
<a href=3D"mailto:chacha20-poly1305%openssh.com@localhost";>chacha20-poly1305@openssh.=
com</a> MAC: <implicit> compression: none<br>debug3: send packet: typ=
e 30<br>debug1: expecting SSH2_MSG_KEX_ECDH_REPLY<br>debug3: receive packet=
: type 31<br>debug1: SSH2_MSG_KEX_ECDH_REPLY received<br>debug1: Server hos=
t key: ssh-ed25519 SHA256:<sha256><br>debug1: load_hostkeys: fopen /h=
ome/<username>/.ssh/known_hosts2: No such file or directory<br>debug1=
: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory=
<br>debug3: hostkeys_find_by_key_hostfile: trying user hostfile "/home=
/<username>/.ssh/known_hosts"<br>debug3: ssh_hostkeys_foreach: r=
eading file "/home/<username>/.ssh/known_hosts"<br>debug3: =
hostkeys_find_by_key_hostfile: trying user hostfile "/home/<usernam=
e>/.ssh/known_hosts2"<br>debug1: hostkeys_find_by_key_hostfile: hos=
tkeys file /home/<username>/.ssh/known_hosts2 does not exist<br>debug=
3: hostkeys_find_by_key_hostfile: trying system hostfile "/etc/ssh/ssh=
_known_hosts"<br>debug3: ssh_hostkeys_foreach: reading file "/etc=
/ssh/ssh_known_hosts"<br>debug3: hostkeys_find_by_key_hostfile: trying=
system hostfile "/etc/ssh/ssh_known_hosts2"<br>debug1: hostkeys_=
find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exis=
t<br>The authenticity of host '<host IP> (<host IP>)' c=
an't be established.<br>ED25519 key fingerprint is SHA256:<sha256>=
;.<br>This key is not known by any other names.<br>Are you sure you want to=
continue connecting (yes/no/[fingerprint])? yes<br>-bash-5.2$<br></div><di=
v><br></div><div>Also note zero size=C2=A0known_hosts=C2=A0after the above:=
</div><div>-bash-5.2$ ls -l .ssh/known_hosts<br>-rw-r--r-- =C2=A01 <user=
name>=C2=A0 users =C2=A00 Jul 11 11:55 .ssh/known_hosts<br></div><div>If=
I now remove .ssh/known_hosts and run ssh again, it once again prompts=C2=
=A0for "continue connecting" and then exits silently, but no know=
n_hosts is created.</div></div><br><div class=3D"gmail_quote"><div dir=3D"l=
tr" class=3D"gmail_attr">On Sun, Jul 14, 2024 at 12:18=E2=80=AFAM Martin Hu=
semann <<a href=3D"mailto:martin%duskware.de@localhost";>martin%duskware.de@localhost</a>>=
wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px =
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Sat, =
Jul 13, 2024 at 05:26:26PM -0700, Duncan Greatwood wrote:<br>
> The specific answer to your question is that NetBSD 9.0 is the most re=
cent<br>
> version of NetBSD explicitly supported by the default version of QEMU/=
KVM<br>
<br>
I am not sure what "explicitly supported" here means, but that is=
not<br>
very important for this PR.<br>
<br>
> Nonetheless. I cloned the VM and upgraded it to NetBSD 9.4 using:<br>
<br>
Thanks. Can you show the output of<br>
<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 ssh -vvvv user@somehost<br>
<br>
for the non-working case?<br>
<br>
Since your ssh shows the host key fingerprint it obviously is already talki=
ng<br>
to the peer (so anything on the network layer works), and the problem must<=
br>
be something local (like wrong permissions on your ~/.ssh directory).<br>
<br>
The more verbose output should point at that.<br>
<br>
Martin<br>
</blockquote></div>
--000000000000fc9ccb061d384aa7--
Home |
Main Index |
Thread Index |
Old Index