Discussion:
^C doesnt work on ssh session
Sudarshan Soma
2017-01-16 18:04:54 UTC
Permalink
Hi ,
when i connect to sshd , the session doesnt allow me to issue ^C ^Z, it
doesnt work. Please let me know if there are any settings to control it.
telnet works fine.

my settings, version:

OpenSSH_6.6p1, OpenSSL 1.0.1h 5 Jun 2014

stty -a
speed 38400 baud; rows 24; columns 80; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt =
^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 -hupcl -cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon
-ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0
ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt
echoctl echoke



another query i had was on hiding arguments passed to ssh. I have a
requirement to spawn some ssh command like (ssh ip -o password=221 ip )
which has password in arguments. can we hide this in listing from ps ,
/proc outputs. Please suggest.

Regards,
Grover.

Regards,
Sudarshan
Ben Lindstrom
2017-01-16 19:34:43 UTC
Permalink
What platform are you on, and whose OpenSSH? Because clearly this isn't
stock:

$ ssh localhost -o password=foo
command-line: line 0: Bad configuration option: password

I don't ever remember -o password=XXX ever being a thing.

Ben
Post by Sudarshan Soma
Hi ,
when i connect to sshd , the session doesnt allow me to issue ^C ^Z, it
doesnt work. Please let me know if there are any settings to control it.
telnet works fine.
OpenSSH_6.6p1, OpenSSL 1.0.1h 5 Jun 2014
stty -a
speed 38400 baud; rows 24; columns 80; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol =<undef>;
eol2 =<undef>; swtch =<undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt =
^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 -hupcl -cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon
-ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0
ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt
echoctl echoke
another query i had was on hiding arguments passed to ssh. I have a
requirement to spawn some ssh command like (ssh ip -o password=221 ip )
which has password in arguments. can we hide this in listing from ps ,
/proc outputs. Please suggest.
Regards,
Grover.
Regards,
Sudarshan
_______________________________________________
openssh-unix-dev mailing list
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Sudarshan Soma
2017-01-17 18:10:14 UTC
Permalink
Thanks Ben. i am checking in linux.
I do have this command working:
ssh localhost -o password=abc123
SSH started with password
Could not create directory '/root/.ssh'.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).


will try to getback on openssh used. But is it possible to show some
pointers for
my queries,

avoid arguments in ps or /proc and other one was on ^C not working on my
ssh sessions.

Thanks
Post by Ben Lindstrom
What platform are you on, and whose OpenSSH? Because clearly this isn't
$ ssh localhost -o password=foo
command-line: line 0: Bad configuration option: password
I don't ever remember -o password=XXX ever being a thing.
Ben
Post by Sudarshan Soma
Hi ,
when i connect to sshd , the session doesnt allow me to issue ^C ^Z, it
doesnt work. Please let me know if there are any settings to control it.
telnet works fine.
OpenSSH_6.6p1, OpenSSL 1.0.1h 5 Jun 2014
stty -a
speed 38400 baud; rows 24; columns 80; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol =<undef>;
eol2 =<undef>; swtch =<undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt =
^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 -hupcl -cstopb cread -clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon
-ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0
ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt
echoctl echoke
another query i had was on hiding arguments passed to ssh. I have a
requirement to spawn some ssh command like (ssh ip -o password=221 ip )
which has password in arguments. can we hide this in listing from ps ,
/proc outputs. Please suggest.
Regards,
Grover.
Regards,
Sudarshan
_______________________________________________
openssh-unix-dev mailing list
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Darren Tucker
2017-01-17 21:39:28 UTC
Permalink
Post by Sudarshan Soma
Thanks Ben. i am checking in linux.
ssh localhost -o password=abc123
That's definitely a modified ssh binary.
Post by Sudarshan Soma
will try to getback on openssh used. But is it possible to show some
pointers for my queries, avoid arguments in ps or /proc
I don't think you reliably can.

You can add a call to setproctitle() to ssh but I don't think that
affects all sets of options to ps, and even if it did there's still a
race between when the process starts and when you call setproctitle
during which the password is exposed.

So don't do that, instead use public-key, or if you must use a
password read it from a suitably locked down file. You can (with some
difficulty) get ssh to read a password via an $SSH_ASKPASS program.
Post by Sudarshan Soma
and other one was on ^C not working on my ssh sessions.
just a guess but check the permissions on /dev/tty on the server.
They should look like:
crw-rw-rw- 1 root tty 5, 0 Jan 17 19:34 /dev/tty

Failing that please post the debug output of ssh -vvv and sshd -ddd
from an unmodified (ie as available from openssh.com) client and
server pair.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Sudarshan Soma
2017-01-20 06:27:21 UTC
Permalink
Thanks Darren, will check on your response.
I am attaching sshd, ssh logs with debug flags. Please see if it gives any
hint:

when I press ^C in ssh session, no log gets printed in both server/client
side.

Best Regards,
Post by Darren Tucker
Post by Sudarshan Soma
Thanks Ben. i am checking in linux.
ssh localhost -o password=abc123
That's definitely a modified ssh binary.
Post by Sudarshan Soma
will try to getback on openssh used. But is it possible to show some
pointers for my queries, avoid arguments in ps or /proc
I don't think you reliably can.
You can add a call to setproctitle() to ssh but I don't think that
affects all sets of options to ps, and even if it did there's still a
race between when the process starts and when you call setproctitle
during which the password is exposed.
So don't do that, instead use public-key, or if you must use a
password read it from a suitably locked down file. You can (with some
difficulty) get ssh to read a password via an $SSH_ASKPASS program.
Post by Sudarshan Soma
and other one was on ^C not working on my ssh sessions.
just a guess but check the permissions on /dev/tty on the server.
crw-rw-rw- 1 root tty 5, 0 Jan 17 19:34 /dev/tty
Failing that please post the debug output of ssh -vvv and sshd -ddd
from an unmodified (ie as available from openssh.com) client and
server pair.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Sudarshan Soma
2017-01-31 17:44:40 UTC
Permalink
Hi Darren, I m sending sshd logs : any suggestion/hint please ...

/usr/bin/sshd -ddd -p 2024 -f /etc/ssh/sshd_config -h /etc/ssh_key
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 764
debug2: parse_server_config: config /etc/ssh/sshd_config len 764
debug3: /etc/ssh/sshd_config:2 setting Port 22
debug3: /etc/ssh/sshd_config:3 setting Protocol 2
debug3: /etc/ssh/sshd_config:4 setting HostKey /etc/ssh/ssh_host_key
debug3: /etc/ssh/sshd_config:5 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:6 setting MACs hmac-sha1-***@openssh.com,
hmac-sha2-256-***@openssh.com,hmac-sha2-512-***@openssh.com,
hmac-ripemd160-***@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-***@openssh.com
debug3: macs ok: [hmac-sha1-***@openssh.com,hmac-sha2-256-***@openssh.com,
hmac-sha2-512-***@openssh.com,hmac-ripemd160-***@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-***@openssh.com]
debug3: /etc/ssh/sshd_config:7 setting Ciphers
aes128-ctr,aes192-ctr,aes256-ctr
debug3: ciphers ok: [aes128-ctr,aes192-ctr,aes256-ctr]
debug3: /etc/ssh/sshd_config:8 setting AllowUsers root
debug3: /etc/ssh/sshd_config:10 setting AuthorizedKeysFile
.ssh/authorized_keys
debug3: /etc/ssh/sshd_config:11 setting PermitEmptyPasswords yes
debug3: /etc/ssh/sshd_config:12 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:13 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:14 setting AllowAgentForwarding no
debug3: /etc/ssh/sshd_config:15 setting GatewayPorts no
debug3: /etc/ssh/sshd_config:16 setting X11Forwarding no
debug3: /etc/ssh/sshd_config:17 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:18 setting PidFile /tmp/sshd.pid
debug3: /etc/ssh/sshd_config:19 setting UsePrivilegeSeparation no
debug3: /etc/ssh/sshd_config:20 setting ClientAliveInterval 15
debug3: /etc/ssh/sshd_config:21 setting ClientAliveCountMax 3
debug3: /etc/ssh/sshd_config:22 setting MaxStartups 25
debug3: /etc/ssh/sshd_config:23 setting PermitTunnel no
debug3: /etc/ssh/sshd_config:24 setting DenyPortFwd 127.0.0.0/8
debug1: Deny port forwarding to host 127.0.0.0/8
debug3: /etc/ssh/sshd_config:25 setting Subsystem sftp
/usr/libexec/sftp-server
debug1: sshd version OpenSSH_6.6, OpenSSL 1.0.1h 5 Jun 2014
debug3: Incorrect RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug1: could not open key file '/etc/ssh/ssh_host_key': No such file or
directory
Could not load host key: /etc/ssh/ssh_host_key
debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': No such file
or directory
Could not load host key: /etc/ssh/ssh_host_rsa_key
debug1: rexec_argv[0]='/usr/bin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2024'
debug1: rexec_argv[4]='-f'
debug1: rexec_argv[5]='/etc/ssh/sshd_config'
debug1: rexec_argv[6]='-h'
debug1: rexec_argv[7]='/etc/ssh_key'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2024 on 0.0.0.0.
Server listening on 0.0.0.0 port 2024.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 2024 on ::.
Server listening on :: port 2024.




















debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 764
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 10.220.82.17 port 52586 on 10.100.212.166 port 2024
debug1: Client protocol version 2.0; client software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug2: fd 3 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-***@libssh.org
,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-sha1-***@openssh.com,
hmac-sha2-256-***@openssh.com,hmac-sha2-512-***@openssh.com,
hmac-ripemd160-***@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-***@openssh.com
debug2: kex_parse_kexinit: hmac-sha1-***@openssh.com,
hmac-sha2-256-***@openssh.com,hmac-sha2-512-***@openssh.com,
hmac-ripemd160-***@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-***@openssh.com
debug2: kex_parse_kexinit: none,***@openssh.com
debug2: kex_parse_kexinit: none,***@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-***@openssh.com,
ssh-dss-cert-***@openssh.com,ssh-rsa-cert-***@openssh.com,
ssh-dss-cert-***@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-***@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-***@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-***@openssh.com
,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-***@openssh.com
,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-***@openssh.com
,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-***@openssh.com
,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,***@openssh.com,zlib
debug2: kex_parse_kexinit: none,***@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug2: mac_setup: setup hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: bits set: 1088/2048
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 1005/2048
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug3: Trying to reverse map address 10.220.82.17.
debug2: parse_server_config: config reprocess config len 764
debug3: auth_shadow_acctexpired: today 17197 sp_expire -1 days left -17198
debug3: account expiration disabled
debug2: input_userauth_request: setting up authctxt for root
debug2: input_userauth_request: try method none
debug3: auth_shadow_pwexpired: today 17197 sp_lstchg 17177 sp_max 99999
Failed none for root from 10.220.82.17 port 52586 ssh2
debug3: userauth_finish: failure partial=0 next methods="publickey,password"
debug1: userauth-request for user root service ssh-connection method
password
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method password
Accepted password for root from 10.220.82.17 port 52586 ssh2
debug1: Entering interactive session for SSH2.
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max
16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-***@openssh.com
want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/2
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Ignoring env request LANG: disallowed name
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/2 for root from 10.220.82.17 port 52586
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: channel 0: rfd 8 isatty
debug2: fd 8 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug2: channel 0: request ***@openssh.com confirm 1
debug1: Got 100/12 for keepalive

debug1: Received SIGCHLD.
debug1: session_by_pid: pid 1871
debug1: session_exit_message: session 0 channel 0 pid 1871
debug2: channel 0: request exit-status confirm 0
debug1: session_exit_message: release channel 0
debug2: channel 0: write failed
debug2: channel 0: close_write
debug2: channel 0: send eow
debug2: channel 0: output open -> closed
debug1: session_pty_cleanup: session 0 release /dev/pts/2
debug2: channel 0: read<=0 rfd 8 len -1
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
debug2: channel 0: send close
debug2: notify_done: reading
debug3: channel 0: will not send data after close
debug2: channel 0: rcvd close
Received disconnect from 10.220.82.17: 11: disconnected by user
debug1: do_cleanup




ssh logs:

ssh -vvv ***@10.100.212.166 -p 2024
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.100.212.166 [10.100.212.166] port 2024.
debug1: Connection established.
debug1: identity file /home/ssoma/.ssh/identity type -1
debug1: identity file /home/ssoma/.ssh/identity-cert type -1
debug1: identity file /home/ssoma/.ssh/id_rsa type -1
debug1: identity file /home/ssoma/.ssh/id_rsa-cert type -1
debug1: identity file /home/ssoma/.ssh/id_dsa type -1
debug1: identity file /home/ssoma/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 960 bytes for a total of 981
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-***@openssh.com,
ssh-dss-cert-***@openssh.com,ssh-rsa-cert-***@openssh.com,
ssh-dss-cert-***@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-***@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-***@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-***@openssh.com
,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-***@openssh.com
,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-***@openssh.com
,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-***@openssh.com
,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,***@openssh.com,zlib
debug2: kex_parse_kexinit: none,***@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-***@libssh.org
,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-sha1-***@openssh.com,
hmac-sha2-256-***@openssh.com,hmac-sha2-512-***@openssh.com,
hmac-ripemd160-***@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-***@openssh.com
debug2: kex_parse_kexinit: hmac-sha1-***@openssh.com,
hmac-sha2-256-***@openssh.com,hmac-sha2-512-***@openssh.com,
hmac-ripemd160-***@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-***@openssh.com
debug2: kex_parse_kexinit: none,***@openssh.com
debug2: kex_parse_kexinit: none,***@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 1005
debug2: dh_gen_key: priv key bits set: 154/320
debug2: bits set: 1005/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 272 bytes for a total of 1277
debug3: put_host_port: [10.100.212.166]:2024
debug3: put_host_port: [10.100.212.166]:2024
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug1: checking without port identifier
debug3: check_host_in_hostfile: host 10.100.212.166 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host 10.100.212.166 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 135
debug1: Host '10.100.212.166' is known and matches the RSA host key.
debug1: Found key in /home/ssoma/.ssh/known_hosts:135
debug1: found matching key w/out port
debug2: bits set: 1088/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1293
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 52 bytes for a total of 1345
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ssoma/.ssh/identity ((nil))
debug2: key: /home/ssoma/.ssh/id_rsa ((nil))
debug2: key: /home/ssoma/.ssh/id_dsa ((nil))
debug3: Wrote 68 bytes for a total of 1413
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred
gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ssoma/.ssh/identity
debug3: no such identity: /home/ssoma/.ssh/identity
debug1: Trying private key: /home/ssoma/.ssh/id_rsa
debug3: no such identity: /home/ssoma/.ssh/id_rsa
debug1: Trying private key: /home/ssoma/.ssh/id_dsa
debug3: no such identity: /home/ssoma/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
***@10.100.212.166's password:
debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 148 bytes for a total of 1561
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-***@openssh.com
debug1: Entering interactive session.
debug3: Wrote 136 bytes for a total of 1697
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env CCACHE_NOSTATS
debug3: Ignored env HOSTNAME
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env SSH_CLIENT
debug3: Ignored env CCACHE_LOGFILE
debug3: Ignored env QTDIR
debug3: Ignored env QTINC
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env CSCOPE_EDITOR
debug3: Ignored env COVLM
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env MODULEPATH
debug3: Ignored env LOADEDMODULES
debug3: Ignored env P4CLIENT
debug3: Ignored env SSH_ASKPASS
debug3: Ignored env HISTCONTROL
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env LOGNAME
debug3: Ignored env QTLIB
debug3: Ignored env CVS_RSH
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env MODULESHOME
debug3: Ignored env LESSOPEN
debug3: Ignored env P4PORT
debug3: Ignored env G_BROKEN_FILENAMES
debug3: Ignored env BASH_FUNC_module()
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: Wrote 460 bytes for a total of 2157
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Tue Jan 31 16:45:24 2017 from 10.220.82.17
debug1: permanently_set_uid: 0/0
Environment:
USER=root
LOGNAME=root
HOME=/root
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
MAIL=/var/mail/root
SHELL=/bin/bash
TZ=UTC
SSH_CLIENT=10.220.82.17 52586 2024
SSH_CONNECTION=10.220.82.17 52586 10.100.212.166 2024
SSH_TTY=/dev/pts/2
TERM=xterm
-bash: no job control in this shell
file setup_env.sh found...
Post by Sudarshan Soma
Thanks Darren, will check on your response.
I am attaching sshd, ssh logs with debug flags. Please see if it gives any
when I press ^C in ssh session, no log gets printed in both server/client
side.
Best Regards,
Post by Darren Tucker
Post by Sudarshan Soma
Thanks Ben. i am checking in linux.
ssh localhost -o password=abc123
That's definitely a modified ssh binary.
Post by Sudarshan Soma
will try to getback on openssh used. But is it possible to show some
pointers for my queries, avoid arguments in ps or /proc
I don't think you reliably can.
You can add a call to setproctitle() to ssh but I don't think that
affects all sets of options to ps, and even if it did there's still a
race between when the process starts and when you call setproctitle
during which the password is exposed.
So don't do that, instead use public-key, or if you must use a
password read it from a suitably locked down file. You can (with some
difficulty) get ssh to read a password via an $SSH_ASKPASS program.
Post by Sudarshan Soma
and other one was on ^C not working on my ssh sessions.
just a guess but check the permissions on /dev/tty on the server.
crw-rw-rw- 1 root tty 5, 0 Jan 17 19:34 /dev/tty
Failing that please post the debug output of ssh -vvv and sshd -ddd
from an unmodified (ie as available from openssh.com) client and
server pair.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Sudarshan Soma
2017-01-31 18:04:31 UTC
Permalink
echo $TERM
xterm

does this variable cause issue, setting it to vt100 ( by export TERM=vt100)
, doesnt make difference.
Post by Sudarshan Soma
Hi Darren, I m sending sshd logs : any suggestion/hint please ...
/usr/bin/sshd -ddd -p 2024 -f /etc/ssh/sshd_config -h /etc/ssh_key
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 764
debug2: parse_server_config: config /etc/ssh/sshd_config len 764
debug3: /etc/ssh/sshd_config:2 setting Port 22
debug3: /etc/ssh/sshd_config:3 setting Protocol 2
debug3: /etc/ssh/sshd_config:4 setting HostKey /etc/ssh/ssh_host_key
debug3: /etc/ssh/sshd_config:5 setting HostKey /etc/ssh/ssh_host_rsa_key
hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-
debug3: /etc/ssh/sshd_config:7 setting Ciphers
aes128-ctr,aes192-ctr,aes256-ctr
debug3: ciphers ok: [aes128-ctr,aes192-ctr,aes256-ctr]
debug3: /etc/ssh/sshd_config:8 setting AllowUsers root
debug3: /etc/ssh/sshd_config:10 setting AuthorizedKeysFile
.ssh/authorized_keys
debug3: /etc/ssh/sshd_config:11 setting PermitEmptyPasswords yes
debug3: /etc/ssh/sshd_config:12 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:13 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:14 setting AllowAgentForwarding no
debug3: /etc/ssh/sshd_config:15 setting GatewayPorts no
debug3: /etc/ssh/sshd_config:16 setting X11Forwarding no
debug3: /etc/ssh/sshd_config:17 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:18 setting PidFile /tmp/sshd.pid
debug3: /etc/ssh/sshd_config:19 setting UsePrivilegeSeparation no
debug3: /etc/ssh/sshd_config:20 setting ClientAliveInterval 15
debug3: /etc/ssh/sshd_config:21 setting ClientAliveCountMax 3
debug3: /etc/ssh/sshd_config:22 setting MaxStartups 25
debug3: /etc/ssh/sshd_config:23 setting PermitTunnel no
debug3: /etc/ssh/sshd_config:24 setting DenyPortFwd 127.0.0.0/8
debug1: Deny port forwarding to host 127.0.0.0/8
debug3: /etc/ssh/sshd_config:25 setting Subsystem sftp
/usr/libexec/sftp-server
debug1: sshd version OpenSSH_6.6, OpenSSL 1.0.1h 5 Jun 2014
debug3: Incorrect RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug1: could not open key file '/etc/ssh/ssh_host_key': No such file or
directory
Could not load host key: /etc/ssh/ssh_host_key
debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': No such file
or directory
Could not load host key: /etc/ssh/ssh_host_rsa_key
debug1: rexec_argv[0]='/usr/bin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2024'
debug1: rexec_argv[4]='-f'
debug1: rexec_argv[5]='/etc/ssh/sshd_config'
debug1: rexec_argv[6]='-h'
debug1: rexec_argv[7]='/etc/ssh_key'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2024 on 0.0.0.0.
Server listening on 0.0.0.0 port 2024.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 2024 on ::.
Server listening on :: port 2024.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 764
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 10.220.82.17 port 52586 on 10.100.212.166 port 2024
debug1: Client protocol version 2.0; client software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug2: fd 3 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,diffie-hellman-group-
exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-
sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-
group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-
ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-
ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-
hmac-sha1-96,hmac-md5-96
hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug2: mac_setup: setup hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: bits set: 1088/2048
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 1005/2048
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug3: Trying to reverse map address 10.220.82.17.
debug2: parse_server_config: config reprocess config len 764
debug3: auth_shadow_acctexpired: today 17197 sp_expire -1 days left -17198
debug3: account expiration disabled
debug2: input_userauth_request: setting up authctxt for root
debug2: input_userauth_request: try method none
debug3: auth_shadow_pwexpired: today 17197 sp_lstchg 17177 sp_max 99999
Failed none for root from 10.220.82.17 port 52586 ssh2
debug3: userauth_finish: failure partial=0 next
methods="publickey,password"
debug1: userauth-request for user root service ssh-connection method
password
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method password
Accepted password for root from 10.220.82.17 port 52586 ssh2
debug1: Entering interactive session for SSH2.
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max
16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/2
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Ignoring env request LANG: disallowed name
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/2 for root from 10.220.82.17 port 52586
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: channel 0: rfd 8 isatty
debug2: fd 8 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug1: Got 100/12 for keepalive
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 1871
debug1: session_exit_message: session 0 channel 0 pid 1871
debug2: channel 0: request exit-status confirm 0
debug1: session_exit_message: release channel 0
debug2: channel 0: write failed
debug2: channel 0: close_write
debug2: channel 0: send eow
debug2: channel 0: output open -> closed
debug1: session_pty_cleanup: session 0 release /dev/pts/2
debug2: channel 0: read<=0 rfd 8 len -1
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
debug2: channel 0: send close
debug2: notify_done: reading
debug3: channel 0: will not send data after close
debug2: channel 0: rcvd close
Received disconnect from 10.220.82.17: 11: disconnected by user
debug1: do_cleanup
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.100.212.166 [10.100.212.166] port 2024.
debug1: Connection established.
debug1: identity file /home/ssoma/.ssh/identity type -1
debug1: identity file /home/ssoma/.ssh/identity-cert type -1
debug1: identity file /home/ssoma/.ssh/id_rsa type -1
debug1: identity file /home/ssoma/.ssh/id_rsa-cert type -1
debug1: identity file /home/ssoma/.ssh/id_dsa type -1
debug1: identity file /home/ssoma/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 960 bytes for a total of 981
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-
sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-
group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-
ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-
ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-
hmac-sha1-96,hmac-md5-96
hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,diffie-hellman-group-
exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 1005
debug2: dh_gen_key: priv key bits set: 154/320
debug2: bits set: 1005/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 272 bytes for a total of 1277
debug3: put_host_port: [10.100.212.166]:2024
debug3: put_host_port: [10.100.212.166]:2024
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug1: checking without port identifier
debug3: check_host_in_hostfile: host 10.100.212.166 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host 10.100.212.166 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 135
debug1: Host '10.100.212.166' is known and matches the RSA host key.
debug1: Found key in /home/ssoma/.ssh/known_hosts:135
debug1: found matching key w/out port
debug2: bits set: 1088/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1293
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 52 bytes for a total of 1345
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ssoma/.ssh/identity ((nil))
debug2: key: /home/ssoma/.ssh/id_rsa ((nil))
debug2: key: /home/ssoma/.ssh/id_dsa ((nil))
debug3: Wrote 68 bytes for a total of 1413
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-
interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ssoma/.ssh/identity
debug3: no such identity: /home/ssoma/.ssh/identity
debug1: Trying private key: /home/ssoma/.ssh/id_rsa
debug3: no such identity: /home/ssoma/.ssh/id_rsa
debug1: Trying private key: /home/ssoma/.ssh/id_dsa
debug3: no such identity: /home/ssoma/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 148 bytes for a total of 1561
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug3: Wrote 136 bytes for a total of 1697
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env CCACHE_NOSTATS
debug3: Ignored env HOSTNAME
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env SSH_CLIENT
debug3: Ignored env CCACHE_LOGFILE
debug3: Ignored env QTDIR
debug3: Ignored env QTINC
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env CSCOPE_EDITOR
debug3: Ignored env COVLM
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env MODULEPATH
debug3: Ignored env LOADEDMODULES
debug3: Ignored env P4CLIENT
debug3: Ignored env SSH_ASKPASS
debug3: Ignored env HISTCONTROL
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env LOGNAME
debug3: Ignored env QTLIB
debug3: Ignored env CVS_RSH
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env MODULESHOME
debug3: Ignored env LESSOPEN
debug3: Ignored env P4PORT
debug3: Ignored env G_BROKEN_FILENAMES
debug3: Ignored env BASH_FUNC_module()
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: Wrote 460 bytes for a total of 2157
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Tue Jan 31 16:45:24 2017 from 10.220.82.17
debug1: permanently_set_uid: 0/0
USER=root
LOGNAME=root
HOME=/root
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
MAIL=/var/mail/root
SHELL=/bin/bash
TZ=UTC
SSH_CLIENT=10.220.82.17 52586 2024
SSH_CONNECTION=10.220.82.17 52586 10.100.212.166 2024
SSH_TTY=/dev/pts/2
TERM=xterm
-bash: no job control in this shell
file setup_env.sh found...
Post by Sudarshan Soma
Thanks Darren, will check on your response.
I am attaching sshd, ssh logs with debug flags. Please see if it gives
when I press ^C in ssh session, no log gets printed in both server/client
side.
Best Regards,
Post by Darren Tucker
Post by Sudarshan Soma
Thanks Ben. i am checking in linux.
ssh localhost -o password=abc123
That's definitely a modified ssh binary.
Post by Sudarshan Soma
will try to getback on openssh used. But is it possible to show some
pointers for my queries, avoid arguments in ps or /proc
I don't think you reliably can.
You can add a call to setproctitle() to ssh but I don't think that
affects all sets of options to ps, and even if it did there's still a
race between when the process starts and when you call setproctitle
during which the password is exposed.
So don't do that, instead use public-key, or if you must use a
password read it from a suitably locked down file. You can (with some
difficulty) get ssh to read a password via an $SSH_ASKPASS program.
Post by Sudarshan Soma
and other one was on ^C not working on my ssh sessions.
just a guess but check the permissions on /dev/tty on the server.
crw-rw-rw- 1 root tty 5, 0 Jan 17 19:34 /dev/tty
Failing that please post the debug output of ssh -vvv and sshd -ddd
from an unmodified (ie as available from openssh.com) client and
server pair.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Sudarshan Soma
2017-02-06 07:44:52 UTC
Permalink
Hi Darren, I am sending openssh (unchanged ) version, can you please
comment, if it has anything to do with linked libraries , libssl, libcrypto
? any hint/suggestion, please let us know


:/root #/usr/bin/sshd -ddd -p 2024 -f /home//cliuser/sshd_config
debug2: load_server_config: filename /home//cliuser/sshd_config
debug2: load_server_config: done config len = 684
debug2: parse_server_config: config /home//cliuser/sshd_config len 684
debug3: /home//cliuser/sshd_config:2 setting Port 22
debug3: /home//cliuser/sshd_config:3 setting Protocol 2
debug3: /home//cliuser/sshd_config:4 setting HostKey /etc/ssh/ssh_host_key
debug3: /home//cliuser/sshd_config:5 setting HostKey
/etc/ssh/ssh_host_rsa_key
debug3: /home//cliuser/sshd_config:6 setting MACs hmac-sha1-***@openssh.com,
hmac-sha2-256-***@openssh.com,hmac-sha2-512-***@openssh.com,
hmac-ripemd160-***@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-***@openssh.com
debug3: macs ok: [hmac-sha1-***@openssh.com,hmac-sha2-256-***@openssh.com,
hmac-sha2-512-***@openssh.com,hmac-ripemd160-***@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-***@openssh.com]
debug3: /home//cliuser/sshd_config:7 setting Ciphers
aes128-ctr,aes192-ctr,aes256-ctr
debug3: ciphers ok: [aes128-ctr,aes192-ctr,aes256-ctr]
debug3: /home//cliuser/sshd_config:8 setting AllowUsers cliuser acli xml
sneaccess root
debug3: /home//cliuser/sshd_config:10 setting AuthorizedKeysFile
.ssh/authorized_keys
debug3: /home//cliuser/sshd_config:11 setting PermitEmptyPasswords yes
debug3: /home//cliuser/sshd_config:12 setting PasswordAuthentication yes
debug3: /home//cliuser/sshd_config:13 setting
ChallengeResponseAuthentication no
debug3: /home//cliuser/sshd_config:14 setting AllowAgentForwarding no
debug3: /home//cliuser/sshd_config:15 setting GatewayPorts no
debug3: /home//cliuser/sshd_config:16 setting X11Forwarding no
debug3: /home//cliuser/sshd_config:17 setting TCPKeepAlive yes
debug3: /home//cliuser/sshd_config:18 setting PidFile /tmp/sshd.pid
debug3: /home//cliuser/sshd_config:19 setting UsePrivilegeSeparation no
debug3: /home//cliuser/sshd_config:20 setting ClientAliveInterval 15
debug3: /home//cliuser/sshd_config:21 setting ClientAliveCountMax 3
debug3: /home//cliuser/sshd_config:22 setting MaxStartups 25
debug1: sshd version OpenSSH_6.6, OpenSSL 1.0.1h 5 Jun 2014
debug3: Incorrect RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug1: could not open key file '/etc/ssh/ssh_host_key': No such file or
directory
Could not load host key: /etc/ssh/ssh_host_key
debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': No such file
or directory
Could not load host key: /etc/ssh/ssh_host_rsa_key
debug1: rexec_argv[0]='/usr/bin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2024'
debug1: rexec_argv[4]='-f'
debug1: rexec_argv[5]='/home//cliuser/sshd_config'
debug1: rexec_argv[6]='-h'
debug1: rexec_argv[7]='/etc/ssh_key'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2024 on 0.0.0.0.
Server listening on 0.0.0.0 port 2024.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 2024 on ::.
Server listening on :: port 2024.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 684
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 10.220.82.17 port 55099 on 10.100.212.166 port 2024
debug1: Client protocol version 2.0; client software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug2: fd 3 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-***@libssh.org
,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-sha1-***@openssh.com,
hmac-sha2-256-***@openssh.com,hmac-sha2-512-***@openssh.com,
hmac-ripemd160-***@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-***@openssh.com
debug2: kex_parse_kexinit: hmac-sha1-***@openssh.com,
hmac-sha2-256-***@openssh.com,hmac-sha2-512-***@openssh.com,
hmac-ripemd160-***@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-***@openssh.com
debug2: kex_parse_kexinit: none,***@openssh.com
debug2: kex_parse_kexinit: none,***@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-***@openssh.com,
ssh-dss-cert-***@openssh.com,ssh-rsa-cert-***@openssh.com,
ssh-dss-cert-***@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-***@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-***@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-***@openssh.com
,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-***@openssh.com
,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-***@openssh.com
,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-***@openssh.com
,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,***@openssh.com,zlib
debug2: kex_parse_kexinit: none,***@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug2: mac_setup: setup hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: bits set: 991/2048
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 1045/2048
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug3: Trying to reverse map address 10.220.82.17.
debug2: parse_server_config: config reprocess config len 684
debug3: auth_shadow_acctexpired: today 17203 sp_expire -1 days left -17204
debug3: account expiration disabled
debug2: input_userauth_request: setting up authctxt for root
debug2: input_userauth_request: try method none
debug3: auth_shadow_pwexpired: today 17203 sp_lstchg 17177 sp_max 99999
Failed none for root from 10.220.82.17 port 55099 ssh2
debug3: userauth_finish: failure partial=0 next methods="publickey,password"
debug1: userauth-request for user root service ssh-connection method
password
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method password
Accepted password for root from 10.220.82.17 port 55099 ssh2
debug1: Entering interactive session for SSH2.
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max
16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-***@openssh.com
want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/1
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Ignoring env request LANG: disallowed name
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/1 for root from 10.220.82.17 port 55099
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: channel 0: rfd 8 isatty
debug2: fd 8 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK

debug2: channel 0: request ***@openssh.com confirm 1
debug1: Got 100/21 for keepalive
debug2: channel 0: request ***@openssh.com confirm 1
debug1: Got 100/22 for keepalive
debug2: channel 0: request ***@openssh.com confirm 1
debug1: Got 100/23 for keepalive
^CExiting on signal 2
debug1: do_cleanup
debug1: session_pty_cleanup: session 0 release /dev/pts/1

:/root #






client logs:
ssh -vvv ***@10.100.212.166 -p 2024
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.100.212.166 [10.100.212.166] port 2024.
debug1: Connection established.
debug1: identity file /home/ssoma/.ssh/identity type -1
debug1: identity file /home/ssoma/.ssh/identity-cert type -1
debug1: identity file /home/ssoma/.ssh/id_rsa type -1
debug1: identity file /home/ssoma/.ssh/id_rsa-cert type -1
debug1: identity file /home/ssoma/.ssh/id_dsa type -1
debug1: identity file /home/ssoma/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 960 bytes for a total of 981
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-***@openssh.com,
ssh-dss-cert-***@openssh.com,ssh-rsa-cert-***@openssh.com,
ssh-dss-cert-***@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-***@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,
rijndael-***@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-***@openssh.com
,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-***@openssh.com
,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-***@openssh.com
,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-***@openssh.com
,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,***@openssh.com,zlib
debug2: kex_parse_kexinit: none,***@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: curve25519-***@libssh.org
,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-sha1-***@openssh.com,
hmac-sha2-256-***@openssh.com,hmac-sha2-512-***@openssh.com,
hmac-ripemd160-***@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-***@openssh.com
debug2: kex_parse_kexinit: hmac-sha1-***@openssh.com,
hmac-sha2-256-***@openssh.com,hmac-sha2-512-***@openssh.com,
hmac-ripemd160-***@openssh.com
,hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-***@openssh.com
debug2: kex_parse_kexinit: none,***@openssh.com
debug2: kex_parse_kexinit: none,***@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 1005
debug2: dh_gen_key: priv key bits set: 165/320
debug2: bits set: 1045/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 272 bytes for a total of 1277
debug3: put_host_port: [10.100.212.166]:2024
debug3: put_host_port: [10.100.212.166]:2024
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug1: checking without port identifier
debug3: check_host_in_hostfile: host 10.100.212.166 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host 10.100.212.166 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 135
debug1: Host '10.100.212.166' is known and matches the RSA host key.
debug1: Found key in /home/ssoma/.ssh/known_hosts:135
debug1: found matching key w/out port
debug2: bits set: 991/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1293
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 52 bytes for a total of 1345
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ssoma/.ssh/identity ((nil))
debug2: key: /home/ssoma/.ssh/id_rsa ((nil))
debug2: key: /home/ssoma/.ssh/id_dsa ((nil))
debug3: Wrote 68 bytes for a total of 1413
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred
gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ssoma/.ssh/identity
debug3: no such identity: /home/ssoma/.ssh/identity
debug1: Trying private key: /home/ssoma/.ssh/id_rsa
debug3: no such identity: /home/ssoma/.ssh/id_rsa
debug1: Trying private key: /home/ssoma/.ssh/id_dsa
debug3: no such identity: /home/ssoma/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
***@10.100.212.166's password:
debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 148 bytes for a total of 1561
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-***@openssh.com
debug1: Entering interactive session.
debug3: Wrote 136 bytes for a total of 1697
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env CCACHE_NOSTATS
debug3: Ignored env HOSTNAME
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env SSH_CLIENT
debug3: Ignored env CCACHE_LOGFILE
debug3: Ignored env QTDIR
debug3: Ignored env OLDPWD
debug3: Ignored env QTINC
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env CSCOPE_EDITOR
debug3: Ignored env COVLM
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env MODULEPATH
debug3: Ignored env LOADEDMODULES
debug3: Ignored env P4CLIENT
debug3: Ignored env SSH_ASKPASS
debug3: Ignored env HISTCONTROL
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env LOGNAME
debug3: Ignored env QTLIB
debug3: Ignored env CVS_RSH
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env MODULESHOME
debug3: Ignored env LESSOPEN
debug3: Ignored env P4PORT
debug3: Ignored env G_BROKEN_FILENAMES
debug3: Ignored env BASH_FUNC_module()
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: Wrote 460 bytes for a total of 2157
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Mon Feb 6 06:46:17 2017 from 10.220.82.17
debug1: permanently_set_uid: 0/0
Environment:
USER=root
LOGNAME=root
HOME=/root
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
MAIL=/var/mail/root
SHELL=/bin/bash
TZ=UTC
SSH_CLIENT=10.220.82.17 55099 2024
SSH_CONNECTION=10.220.82.17 55099 10.100.212.166 2024
SSH_TTY=/dev/pts/1
TERM=xterm
-bash: no job control in this shell
file setup_env.sh found...
CX1200F-166:1-1*:/root # debug3: Wrote 52 bytes for a total of 2209
debug3: Wrote 52 bytes for a total of 2261
debug3: Wrote 52 bytes for a total of 2313
sd debug3: Wrote 52 bytes for a total of 2365
debug3: Wrote 52 bytes for a total of 2417
debug3: Wrote 52 bytes for a total of 2469
debug3: Wrote 52 bytes for a total of 2521
sdebug3: Wrote 52 bytes for a total of 2573
debug3: Wrote 52 bytes for a total of 2625
debug1: client_input_channel_req: channel 0 rtype ***@openssh.com
reply 1
debug3: Wrote 36 bytes for a total of 2661
debug1: client_input_channel_req: channel 0 rtype ***@openssh.com
reply 1
debug3: Wrote 36 bytes for a total of 2697
debug1: client_input_channel_req: channel 0 rtype ***@openssh.com
reply 1
debug3: Wrote 36 bytes for a total of 2733
debug3: Wrote 68 bytes for a total of 2801
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 5/6 cfd -1)

debug3: channel 0: close_fds r 5 w 6 e 7 c -1
Connection to 10.100.212.166 closed by remote host.
Connection to 10.100.212.166 closed.
Transferred: sent 2360, received 3088 bytes, in 58.3 seconds
Bytes per second: sent 40.5, received 53.0
Post by Sudarshan Soma
echo $TERM
xterm
does this variable cause issue, setting it to vt100 ( by export
TERM=vt100) , doesnt make difference.
Post by Sudarshan Soma
Hi Darren, I m sending sshd logs : any suggestion/hint please ...
/usr/bin/sshd -ddd -p 2024 -f /etc/ssh/sshd_config -h /etc/ssh_key
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 764
debug2: parse_server_config: config /etc/ssh/sshd_config len 764
debug3: /etc/ssh/sshd_config:2 setting Port 22
debug3: /etc/ssh/sshd_config:3 setting Protocol 2
debug3: /etc/ssh/sshd_config:4 setting HostKey /etc/ssh/ssh_host_key
debug3: /etc/ssh/sshd_config:5 setting HostKey /etc/ssh/ssh_host_rsa_key
ac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripe
debug3: /etc/ssh/sshd_config:7 setting Ciphers
aes128-ctr,aes192-ctr,aes256-ctr
debug3: ciphers ok: [aes128-ctr,aes192-ctr,aes256-ctr]
debug3: /etc/ssh/sshd_config:8 setting AllowUsers root
debug3: /etc/ssh/sshd_config:10 setting AuthorizedKeysFile
.ssh/authorized_keys
debug3: /etc/ssh/sshd_config:11 setting PermitEmptyPasswords yes
debug3: /etc/ssh/sshd_config:12 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:13 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:14 setting AllowAgentForwarding no
debug3: /etc/ssh/sshd_config:15 setting GatewayPorts no
debug3: /etc/ssh/sshd_config:16 setting X11Forwarding no
debug3: /etc/ssh/sshd_config:17 setting TCPKeepAlive yes
debug3: /etc/ssh/sshd_config:18 setting PidFile /tmp/sshd.pid
debug3: /etc/ssh/sshd_config:19 setting UsePrivilegeSeparation no
debug3: /etc/ssh/sshd_config:20 setting ClientAliveInterval 15
debug3: /etc/ssh/sshd_config:21 setting ClientAliveCountMax 3
debug3: /etc/ssh/sshd_config:22 setting MaxStartups 25
debug3: /etc/ssh/sshd_config:23 setting PermitTunnel no
debug3: /etc/ssh/sshd_config:24 setting DenyPortFwd 127.0.0.0/8
debug1: Deny port forwarding to host 127.0.0.0/8
debug3: /etc/ssh/sshd_config:25 setting Subsystem sftp
/usr/libexec/sftp-server
debug1: sshd version OpenSSH_6.6, OpenSSL 1.0.1h 5 Jun 2014
debug3: Incorrect RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug1: could not open key file '/etc/ssh/ssh_host_key': No such file or
directory
Could not load host key: /etc/ssh/ssh_host_key
debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': No such file
or directory
Could not load host key: /etc/ssh/ssh_host_rsa_key
debug1: rexec_argv[0]='/usr/bin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2024'
debug1: rexec_argv[4]='-f'
debug1: rexec_argv[5]='/etc/ssh/sshd_config'
debug1: rexec_argv[6]='-h'
debug1: rexec_argv[7]='/etc/ssh_key'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 2024 on 0.0.0.0.
Server listening on 0.0.0.0 port 2024.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 2024 on ::.
Server listening on :: port 2024.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 764
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 10.220.82.17 port 52586 on 10.100.212.166 port 2024
debug1: Client protocol version 2.0; client software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug2: fd 3 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
cdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diff
ie-hellman-group-exchange-sha256,diffie-hellman-group-exchan
ge-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-
sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-c
tr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-c
tr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,
,hmac-sha1-96,hmac-md5-96
,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug2: mac_setup: setup hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
WARNING: /usr/local/etc/moduli does not exist, using fixed modulus
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: bits set: 1088/2048
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 1005/2048
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug3: Trying to reverse map address 10.220.82.17.
debug2: parse_server_config: config reprocess config len 764
debug3: auth_shadow_acctexpired: today 17197 sp_expire -1 days left -17198
debug3: account expiration disabled
debug2: input_userauth_request: setting up authctxt for root
debug2: input_userauth_request: try method none
debug3: auth_shadow_pwexpired: today 17197 sp_lstchg 17177 sp_max 99999
Failed none for root from 10.220.82.17 port 52586 ssh2
debug3: userauth_finish: failure partial=0 next
methods="publickey,password"
debug1: userauth-request for user root service ssh-connection method
password
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method password
Accepted password for root from 10.220.82.17 port 52586 ssh2
debug1: Entering interactive session for SSH2.
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max
16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_pty_req: session 0 alloc /dev/pts/2
debug1: server_input_channel_req: channel 0 request env reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req env
debug2: Ignoring env request LANG: disallowed name
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/2 for root from 10.220.82.17 port 52586
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: channel 0: rfd 8 isatty
debug2: fd 8 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug1: Got 100/12 for keepalive
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 1871
debug1: session_exit_message: session 0 channel 0 pid 1871
debug2: channel 0: request exit-status confirm 0
debug1: session_exit_message: release channel 0
debug2: channel 0: write failed
debug2: channel 0: close_write
debug2: channel 0: send eow
debug2: channel 0: output open -> closed
debug1: session_pty_cleanup: session 0 release /dev/pts/2
debug2: channel 0: read<=0 rfd 8 len -1
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
debug2: channel 0: send close
debug2: notify_done: reading
debug3: channel 0: will not send data after close
debug2: channel 0: rcvd close
Received disconnect from 10.220.82.17: 11: disconnected by user
debug1: do_cleanup
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.100.212.166 [10.100.212.166] port 2024.
debug1: Connection established.
debug1: identity file /home/ssoma/.ssh/identity type -1
debug1: identity file /home/ssoma/.ssh/identity-cert type -1
debug1: identity file /home/ssoma/.ssh/id_rsa type -1
debug1: identity file /home/ssoma/.ssh/id_rsa-cert type -1
debug1: identity file /home/ssoma/.ssh/id_dsa type -1
debug1: identity file /home/ssoma/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug2: fd 4 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug3: Wrote 960 bytes for a total of 981
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-
sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-c
tr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-c
tr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,
,hmac-sha1-96,hmac-md5-96
,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
cdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diff
ie-hellman-group-exchange-sha256,diffie-hellman-group-exchan
ge-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-sha1
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug2: mac_setup: found hmac-sha1
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: Wrote 24 bytes for a total of 1005
debug2: dh_gen_key: priv key bits set: 154/320
debug2: bits set: 1005/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: Wrote 272 bytes for a total of 1277
debug3: put_host_port: [10.100.212.166]:2024
debug3: put_host_port: [10.100.212.166]:2024
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: host [10.100.212.166]:2024 filename
/etc/ssh/ssh_known_hosts
debug1: checking without port identifier
debug3: check_host_in_hostfile: host 10.100.212.166 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: host 10.100.212.166 filename
/home/ssoma/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 135
debug1: Host '10.100.212.166' is known and matches the RSA host key.
debug1: Found key in /home/ssoma/.ssh/known_hosts:135
debug1: found matching key w/out port
debug2: bits set: 1088/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: Wrote 16 bytes for a total of 1293
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug3: Wrote 52 bytes for a total of 1345
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ssoma/.ssh/identity ((nil))
debug2: key: /home/ssoma/.ssh/id_rsa ((nil))
debug2: key: /home/ssoma/.ssh/id_dsa ((nil))
debug3: Wrote 68 bytes for a total of 1413
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,p
ublickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ssoma/.ssh/identity
debug3: no such identity: /home/ssoma/.ssh/identity
debug1: Trying private key: /home/ssoma/.ssh/id_rsa
debug3: no such identity: /home/ssoma/.ssh/id_rsa
debug1: Trying private key: /home/ssoma/.ssh/id_dsa
debug3: no such identity: /home/ssoma/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug3: packet_send2: adding 64 (len 57 padlen 7 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 148 bytes for a total of 1561
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug3: Wrote 136 bytes for a total of 1697
debug2: callback start
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env CCACHE_NOSTATS
debug3: Ignored env HOSTNAME
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env HISTSIZE
debug3: Ignored env SSH_CLIENT
debug3: Ignored env CCACHE_LOGFILE
debug3: Ignored env QTDIR
debug3: Ignored env QTINC
debug3: Ignored env SSH_TTY
debug3: Ignored env USER
debug3: Ignored env LS_COLORS
debug3: Ignored env CSCOPE_EDITOR
debug3: Ignored env COVLM
debug3: Ignored env MAIL
debug3: Ignored env PATH
debug3: Ignored env PWD
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env MODULEPATH
debug3: Ignored env LOADEDMODULES
debug3: Ignored env P4CLIENT
debug3: Ignored env SSH_ASKPASS
debug3: Ignored env HISTCONTROL
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env LOGNAME
debug3: Ignored env QTLIB
debug3: Ignored env CVS_RSH
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env MODULESHOME
debug3: Ignored env LESSOPEN
debug3: Ignored env P4PORT
debug3: Ignored env G_BROKEN_FILENAMES
debug3: Ignored env BASH_FUNC_module()
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug2: fd 4 setting TCP_NODELAY
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug3: Wrote 460 bytes for a total of 2157
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Last login: Tue Jan 31 16:45:24 2017 from 10.220.82.17
debug1: permanently_set_uid: 0/0
USER=root
LOGNAME=root
HOME=/root
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
MAIL=/var/mail/root
SHELL=/bin/bash
TZ=UTC
SSH_CLIENT=10.220.82.17 52586 2024
SSH_CONNECTION=10.220.82.17 52586 10.100.212.166 2024
SSH_TTY=/dev/pts/2
TERM=xterm
-bash: no job control in this shell
file setup_env.sh found...
Post by Sudarshan Soma
Thanks Darren, will check on your response.
I am attaching sshd, ssh logs with debug flags. Please see if it gives
when I press ^C in ssh session, no log gets printed in both
server/client side.
Best Regards,
Post by Darren Tucker
Post by Sudarshan Soma
Thanks Ben. i am checking in linux.
ssh localhost -o password=abc123
That's definitely a modified ssh binary.
Post by Sudarshan Soma
will try to getback on openssh used. But is it possible to show some
pointers for my queries, avoid arguments in ps or /proc
I don't think you reliably can.
You can add a call to setproctitle() to ssh but I don't think that
affects all sets of options to ps, and even if it did there's still a
race between when the process starts and when you call setproctitle
during which the password is exposed.
So don't do that, instead use public-key, or if you must use a
password read it from a suitably locked down file. You can (with some
difficulty) get ssh to read a password via an $SSH_ASKPASS program.
Post by Sudarshan Soma
and other one was on ^C not working on my ssh sessions.
just a guess but check the permissions on /dev/tty on the server.
crw-rw-rw- 1 root tty 5, 0 Jan 17 19:34 /dev/tty
Failing that please post the debug output of ssh -vvv and sshd -ddd
from an unmodified (ie as available from openssh.com) client and
server pair.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Loading...