Re: sshd signal 11 on -current
- In reply to: bob prohaska : "Re: sshd signal 11 on -current"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 18 Jan 2024 17:57:04 UTC
On Jan 18, 2024, at 09:32, bob prohaska <fbsd@www.zefox.net> wrote: > > On Thu, Jan 18, 2024 at 09:45:51AM -0500, Paul Mather wrote: >> On 17 Jan 2024, at 8:51???pm, bob prohaska <fbsd@www.zefox.net> wrote: >> >>> >>> I'm not sure which MAC (as in ethernet MAC) is being referred >>> to. Might a different kind of MAC exist, unrelated to ethernet? >> >> >> If this error is from SSH then it is likely unrelated to Ethernet. It likely refers to Message Authentication Code (MAC), which is used to ensure data integrity. See man ssh_config(5) for details. > > That puts a very different light on the problem. On ns2.zefox.net, > the host at the server end of the failed ssh connections, running > bob@ns2:~ % ssh -Q mac > hmac-sha1 > hmac-sha1-96 > hmac-sha2-256 > hmac-sha2-512 > hmac-md5 > hmac-md5-96 > umac-64@openssh.com > umac-128@openssh.com > hmac-sha1-etm@openssh.com > hmac-sha1-96-etm@openssh.com > hmac-sha2-256-etm@openssh.com > hmac-sha2-512-etm@openssh.com > hmac-md5-etm@openssh.com > hmac-md5-96-etm@openssh.com > umac-64-etm@openssh.com > umac-128-etm@openssh.com > bob@ns2:~ % It looks like when connecting to ns2.zefox.net you could use: # ssh -G . . . for it to report the configuration ssh is actually using, including the MAC. If it turns out that macOS uses one vs. rpi4 RasPiOS workstation and Windows 10 laptop use something different, you may want to change the MAC actually used for those failing contexts. > At the same time, there was a typo (mine!) in /etc/ssh/sshd_conf, > MACs -*etm@openssh.co > introduced when adding the workaround in CVE-2023-48795. > > The error has been corrected and ns2.zefox.net rebooted. > But, no difference in behavior. Here's the transcript, > taken from my Raspberry Pi4 workstation: > > bob@raspberrypi:~ $ ssh ns2.zefox.net > Password for bob@ns2.zefox.net: > Last login: Thu Jan 18 08:36:07 2024 > FreeBSD 12.4-STABLE r373269 GENERIC > > Welcome to FreeBSD! > > Release Notes, Errata: https://www.FreeBSD.org/releases/ > Security Advisories: https://www.FreeBSD.org/security/ > FreeBSD Handbook: https://www.FreeBSD.org/handbook/ > FreeBSD FAQ: https://www.FreeBSD.org/faq/ > Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ > FreeBSD Forums: https://forums.FreeBSD.org/ > > Documents installed with the system are in the /usr/local/share/doc/freebsd/ > directory, or can be installed later with: pkg install en-freebsd-doc > For other languages, replace "en" with a language code like de or fr. > > Show the version of FreeBSD installed: freebsd-version ; uname -a > Please include that output and any error messages when posting questions. > Introduction to manual pages: man man > FreeBSD directory layout: man hier > > Edit /etc/motd to change this login announcement. > You can use /etc/make.conf to control the options used to compile software > on this system. Example entries are in > /usr/share/examples/etc/make.conf and in make.conf(5). > For options that are set for building FreeBSD's kernel and its world, see > src.conf(5). > bob@ns2:~ % grep -i ssh /var/log/messages > Jan 1 00:38:20 ns2 sshd[8068]: error: Fssh_kex_exchange_identification: Connection closed by remote host > Jan 1 01:04:47 ns2 sshd[8182]: error: Fssh_kex_exchange_identification: Connection closed by remote host > Jan 1 01:49:21 ns2 sshd[8242]: error: PAM: Authentication error for illegal user info from 185.11.61.234 > Jan 1 02:19:41 ns2 sshd[8292]: error: PAM: Authentication error for illegal user cromados from 85.209.11.226 > Jan 1 02:26:04 ns2 sshd[8308]: error: Fssh_kex_exchange_identification: Connection closed by remote host > Corrupted MAC on input. > ssh_dispatch_run_fatal: Connection to 50.1.20.30 port 22: message authentication code incorrect > bob@raspberrypi:~ $ > > It does seem likely I've been barking up the wrong tree, but the > new tree I picked is still wrong and there are several. > > A web search discovered an old (2016) thread which reports: > "I got this problem to go away by disabling AVB/EAV mode on the advanced settings > for the Ethernet adapter on the Mac (under Big Sur)." That suggests an Ethernet > problem IIUC. === Mark Millard marklmi at yahoo.com