On Tue, Oct 27 2020, Damien Miller <[email protected]> wrote: > On Mon, 26 Oct 2020, Jeremie Courreges-Anglas wrote: > >> > I think these were the problems that I fixed around 2020/10/14. If >> > you remove line 12 from your known_hosts and reconnect with a ssh >> > built after that then you should be fine. >> >> Indeed I'm fine after removing line 12: >> >> --8<-- >> russell ~$ ssh -6 [email protected] >> PTY allocation request failed on channel 0 >> >> To use anonymous CVS install the latest version of CVS on your local machine. >> Then set your CVSROOT environment variable to the following value: >> [email protected]:/cvs >> >> -->8-- >> >> But if I later try to connect using IPv4: > > Could you try removing line 12 and reconnect with -vvv in the flags? > I'd like to see what UpdateHostKeys is doing...
Sure, see below. > Thanks for spending time looking at this. The interactions between > UpdateHostkeys and CheckHostIP are not fun :( FWIW I'm using the stock /etc/ssh/ssh_config, no ~/.ssh/config. russell ~$ ssh -vvv -4 [email protected] OpenSSH_8.4, LibreSSL 3.2.2 debug1: Reading configuration data /etc/ssh/ssh_config debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/jca/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/jca/.ssh/known_hosts2' debug2: resolving "ftp.hostserver.de" port 22 debug3: ssh_connect_direct: entering debug1: Connecting to ftp.hostserver.de [217.31.80.35] port 22. debug1: Connection established. debug1: identity file /home/jca/.ssh/id_rsa type -1 debug1: identity file /home/jca/.ssh/id_rsa-cert type -1 debug1: identity file /home/jca/.ssh/id_dsa type -1 debug1: identity file /home/jca/.ssh/id_dsa-cert type -1 debug1: identity file /home/jca/.ssh/id_ecdsa type -1 debug1: identity file /home/jca/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/jca/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/jca/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/jca/.ssh/id_ed25519 type -1 debug1: identity file /home/jca/.ssh/id_ed25519-cert type -1 debug1: identity file /home/jca/.ssh/id_ed25519_sk type -1 debug1: identity file /home/jca/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/jca/.ssh/id_xmss type -1 debug1: identity file /home/jca/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.4 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1 debug1: match: OpenSSH_8.1 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to ftp.hostserver.de:22 as 'anoncvs' debug3: hostkeys_foreach: reading file "/home/jca/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/jca/.ssh/known_hosts:1 debug3: record_hostkey: found key type RSA in file /home/jca/.ssh/known_hosts:11 debug3: load_hostkeys: loaded 2 keys from ftp.hostserver.de debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected] debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected],zlib debug2: compression stoc: none,[email protected],zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected] debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,[email protected] debug2: compression stoc: none,[email protected] debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:v6G11hMFfS2+zPh44hhZcpUqDEppyvGQe0vzmrtIHA8 debug3: hostkeys_foreach: reading file "/home/jca/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/jca/.ssh/known_hosts:1 debug3: record_hostkey: found key type RSA in file /home/jca/.ssh/known_hosts:11 debug3: load_hostkeys: loaded 2 keys from ftp.hostserver.de debug3: hostkeys_foreach: reading file "/home/jca/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /home/jca/.ssh/known_hosts:1 debug3: record_hostkey: found key type RSA in file /home/jca/.ssh/known_hosts:11 debug3: load_hostkeys: loaded 2 keys from 217.31.80.35 debug1: Host 'ftp.hostserver.de' is known and matches the ECDSA host key. debug1: Found key in /home/jca/.ssh/known_hosts:1 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug1: Will attempt key: /home/jca/.ssh/id_rsa debug1: Will attempt key: /home/jca/.ssh/id_dsa debug1: Will attempt key: /home/jca/.ssh/id_ecdsa debug1: Will attempt key: /home/jca/.ssh/id_ecdsa_sk debug1: Will attempt key: /home/jca/.ssh/id_ed25519 debug1: Will attempt key: /home/jca/.ssh/id_ed25519_sk debug1: Will attempt key: /home/jca/.ssh/id_xmss debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 52 debug1: Authentication succeeded (none). Authenticated to ftp.hostserver.de ([217.31.80.35]:22). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug3: send packet: type 90 debug1: Requesting [email protected] debug3: send packet: type 80 debug1: Entering interactive session. debug1: pledge: filesystem full debug3: receive packet: type 80 debug1: client_input_global_request: rtype [email protected] want_reply 0 debug3: client_input_hostkeys: received RSA key SHA256:XrjDaKqJ6J02iSQ/eoiqII0LxJX9D/41eeC6pSQAJXs debug3: client_input_hostkeys: received ECDSA key SHA256:v6G11hMFfS2+zPh44hhZcpUqDEppyvGQe0vzmrtIHA8 debug3: client_input_hostkeys: received ED25519 key SHA256:KeG1InAfAnQKqpCewmXw/Egb+4UZZuIMGdlYVG+uxNg debug1: client_input_hostkeys: searching /home/jca/.ssh/known_hosts for ftp.hostserver.de / 217.31.80.35 debug3: hostkeys_foreach: reading file "/home/jca/.ssh/known_hosts" debug3: hostkeys_find: found ecdsa-sha2-nistp256 key at /home/jca/.ssh/known_hosts:1 debug3: hostkeys_find: found ssh-rsa key at /home/jca/.ssh/known_hosts:11 debug1: client_input_hostkeys: searching /home/jca/.ssh/known_hosts2 for ftp.hostserver.de / 217.31.80.35 debug1: client_input_hostkeys: hostkeys file /home/jca/.ssh/known_hosts2 does not exist debug3: client_input_hostkeys: 3 server keys: 1 new, 1 retained, 1 incomplete match. 0 to remove debug3: client_input_hostkeys: asking server to prove ownership for 1 keys debug3: send packet: type 80 debug3: receive packet: type 91 debug2: channel_input_open_confirmation: channel 0: callback start debug2: fd 3 setting TCP_NODELAY debug3: ssh_packet_set_tos: set IP_TOS 0x48 debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug3: send packet: type 98 debug2: channel 0: request shell confirm 1 debug3: send packet: type 98 debug2: channel_input_open_confirmation: channel 0: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug3: receive packet: type 81 Learned new hostkey: ED25519 SHA256:KeG1InAfAnQKqpCewmXw/Egb+4UZZuIMGdlYVG+uxNg debug3: hostkeys_foreach: reading file "/home/jca/.ssh/known_hosts" debug3: host_delete: ECDSA key already at /home/jca/.ssh/known_hosts:1 debug3: host_delete: RSA key already at /home/jca/.ssh/known_hosts:11 Adding new key for ftp.hostserver.de,217.31.80.35 to /home/jca/.ssh/known_hosts: ssh-ed25519 SHA256:KeG1InAfAnQKqpCewmXw/Egb+4UZZuIMGdlYVG+uxNg debug1: update_known_hosts: known hosts file /home/jca/.ssh/known_hosts2 does not exist debug3: receive packet: type 100 debug2: channel_input_status_confirm: type 100 id 0 PTY allocation request failed on channel 0 debug2: channel 0: rcvd adjust 2097152 debug3: receive packet: type 99 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 debug2: channel 0: rcvd ext data 146 debug2: channel 0: rcvd ext data 33 To use anonymous CVS install the latest version of CVS on your local machine. Then set your CVSROOT environment variable to the following value: [email protected]:/cvs debug2: channel 0: written 179 to efd 6 ^Cdebug3: send packet: type 1 debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t4 r0 i0/0 o0/0 e[write]/0 fd 4/5/6 sock -1 cc -1) debug3: fd 1 is not O_NONBLOCK Killed by signal 2. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
