Bug#970332: libcurl4: Public key authentication failure

Mon, 14 Sep 2020 16:22:43 -0700 

Package: libcurl4
Version: 7.72.0-1
Severity: normal

Dear maintainer

The version of libcurl4 in testing (7.72.0-1) fails to successfully negotiate
public key authentication and closes the connection early.

I have tested using the attached script against both stable and testing
versions of openssh-server (1:7.9p1-10+deb10u2 and 1:8.3p1-1).

Testing with the same script and the stable version of libcurl4
(7.64.0-4+deb10u1) is successful so this looks like a regression?

I have attached openssh-server logs from a machine running openssh-server
1:8.3p1-1, showing success from "old" libcurl4 and "failure" from new libcurl4.

(Note that the stable version was tested using a TCP connection to localhost so
the IPs of server and client are the same in that case.)

Not sure what the next diagnostic / debugging steps are here but happy to
provide any assistance?

Many thanks,

Sam Kemp




-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.7.0-3-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libcurl4 depends on:
ii  libbrotli1        1.0.9-2
ii  libc6             2.31-3
ii  libgssapi-krb5-2  1.17-10
ii  libidn2-0         2.3.0-1
ii  libldap-2.4-2     2.4.53+dfsg-1
ii  libnghttp2-14     1.41.0-3
ii  libpsl5           0.21.0-1.1
ii  librtmp1          2.4+20151223.gitfa8646d.1-2+b2
ii  libssh2-1         1.8.0-2.1
ii  libssl1.1         1.1.1g-1
ii  zlib1g            1:1.2.11.dfsg-2

Versions of packages libcurl4 recommends:
ii  ca-certificates  20200601

libcurl4 suggests no packages.

-- no debconf information

debug3: oom_adjust_restore
debug1: Set /proc/self/oom_score_adj to 0
debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from [CLIENT IP] port [CLIENT PORT] on [SERVER IP] port 22
debug1: Client protocol version 2.0; client software version libssh2_1.8.0
debug1: no match: libssh2_1.8.0
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 20979
debug3: preauth child monitor started
debug3: privsep user:group 106:65534 [preauth]
debug1: permanently_set_uid: 106/65534 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: 
rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: 
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
 [preauth]
debug2: host key algorithms: 
rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: ciphers ctos: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
 [preauth]
debug2: ciphers stoc: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
 [preauth]
debug2: MACs ctos: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
 [preauth]
debug2: MACs stoc: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
 [preauth]
debug2: compression ctos: none,z...@openssh.com [preauth]
debug2: compression stoc: none,z...@openssh.com [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: 
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 [preauth]
debug2: host key algorithms: ssh-rsa,ssh-dss [preauth]
debug2: ciphers ctos: 
aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc
 [preauth]
debug2: ciphers stoc: 
aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc
 [preauth]
debug2: MACs ctos: 
hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd...@openssh.com
 [preauth]
debug2: MACs stoc: 
hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd...@openssh.com
 [preauth]
debug2: compression ctos: none [preauth]
debug2: compression stoc: none [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
debug1: kex: host key algorithm: ssh-rsa [preauth]
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: 
none [preauth]
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: 
none [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth]
debug3: receive packet: type 34 [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug3: mm_request_send entering: type 0 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 2048 2048 2048
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth]
debug3: mm_request_receive_expect entering: type 1 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_choose_dh: remaining 0 [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
debug3: send packet: type 31 [preauth]
debug2: bits set: 1044/2048 [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
debug3: receive packet: type 32 [preauth]
debug2: bits set: 1048/2048 [preauth]
debug3: mm_sshkey_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: hostkey proof signature 0x55e62ee3f810(271)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: send packet: type 33 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: receive packet: type 21 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug3: receive packet: type 5 [preauth]
debug3: send packet: type 6 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user [USER] service ssh-connection method none 
[preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug2: parse_server_config: config reprocess config len 340
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug2: input_userauth_request: setting up authctxt for [USER] [preauth]
debug3: mm_start_pam entering [preauth]
debug3: mm_request_send entering: type 100 [preauth]
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 6.615ms, delaying 2.300ms (requested 
8.916ms) [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 100
debug1: PAM: initializing for "[USER]"
debug1: PAM: setting PAM_RHOST to "[CLIENT IP]"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 100 used once, disabling now
debug3: userauth_finish: failure partial=0 next methods="publickey,password" 
[preauth]
debug3: send packet: type 51 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=, role=
debug2: monitor_read: 4 used once, disabling now
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user [USER] service ssh-connection method 
publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug1: userauth_pubkey: test pkalg ssh-rsa pkblob RSA SHA256:[FINGERPRINT] 
[preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x55e62ee4b960
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /[HOME]/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: /[HOME]/.ssh/authorized_keys:2: matching key found: RSA 
SHA256:[FINGERPRINT]
debug1: /[HOME]/.ssh/authorized_keys:2: key options: agent-forwarding 
port-forwarding pty user-rc x11-forwarding
Accepted key RSA SHA256:[FINGERPRINT] found at /[HOME]/.ssh/authorized_keys:2
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: publickey authentication test: RSA key is allowed
debug3: mm_request_send entering: type 23
debug3: send packet: type 60 [preauth]
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 4.852ms, delaying 4.064ms (requested 
8.916ms) [preauth]
Postponed publickey for [USER] from [CLIENT IP] port [CLIENT PORT] ssh2 
[preauth]
Connection closed by authenticating user [USER] [CLIENT IP] port [CLIENT PORT] 
[preauth]
debug1: do_cleanup [preauth]
debug3: PAM: sshpam_thread_cleanup entering [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 20979
debug1: audit_event: unhandled event 12

debug3: oom_adjust_restore
debug1: Set /proc/self/oom_score_adj to 0
debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from [SERVER IP] port [CLIENT PORT] on [SERVER IP] port 22
debug1: Client protocol version 2.0; client software version libssh2_1.8.0
debug1: no match: libssh2_1.8.0
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 20953
debug3: preauth child monitor started
debug3: privsep user:group 106:65534 [preauth]
debug1: permanently_set_uid: 106/65534 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug1: list_hostkey_types: 
rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: 
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
 [preauth]
debug2: host key algorithms: 
rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: ciphers ctos: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
 [preauth]
debug2: ciphers stoc: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com
 [preauth]
debug2: MACs ctos: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
 [preauth]
debug2: MACs stoc: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
 [preauth]
debug2: compression ctos: none,z...@openssh.com [preauth]
debug2: compression stoc: none,z...@openssh.com [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: 
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
 [preauth]
debug2: host key algorithms: ssh-rsa,ssh-dss [preauth]
debug2: ciphers ctos: 
aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc
 [preauth]
debug2: ciphers stoc: 
aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc
 [preauth]
debug2: MACs ctos: 
hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd...@openssh.com
 [preauth]
debug2: MACs stoc: 
hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd...@openssh.com
 [preauth]
debug2: compression ctos: none [preauth]
debug2: compression stoc: none [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
debug1: kex: host key algorithm: ssh-rsa [preauth]
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: 
none [preauth]
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: 
none [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth]
debug3: receive packet: type 34 [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug3: mm_request_send entering: type 0 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 2048 2048 2048
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth]
debug3: mm_request_receive_expect entering: type 1 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_choose_dh: remaining 0 [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
debug3: send packet: type 31 [preauth]
debug2: bits set: 1023/2048 [preauth]
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
debug3: receive packet: type 32 [preauth]
debug2: bits set: 1047/2048 [preauth]
debug3: mm_sshkey_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: hostkey proof signature 0x56374f6ea810(271)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: send packet: type 33 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: receive packet: type 21 [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: rekey after 4294967296 blocks [preauth]
debug1: KEX done [preauth]
debug3: receive packet: type 5 [preauth]
debug3: send packet: type 6 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user [USER] service ssh-connection method none 
[preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug2: parse_server_config: config reprocess config len 340
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug2: input_userauth_request: setting up authctxt for [USER] [preauth]
debug3: mm_start_pam entering [preauth]
debug3: mm_request_send entering: type 100 [preauth]
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 2.386ms, delaying 6.530ms (requested 
8.916ms) [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 100
debug1: PAM: initializing for "[USER]"
debug1: PAM: setting PAM_RHOST to "[SERVER IP]"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 100 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=, role=
debug2: monitor_read: 4 used once, disabling now
debug3: userauth_finish: failure partial=0 next methods="publickey,password" 
[preauth]
debug3: send packet: type 51 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user [USER] service ssh-connection method 
publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug1: userauth_pubkey: test pkalg ssh-rsa pkblob RSA SHA256:[FINGERPRINT] 
[preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x56374f6f6910
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /[HOME]/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: /[HOME]/.ssh/authorized_keys:5: matching key found: RSA 
SHA256:[FINGERPRINT]
debug1: /[HOME]/.ssh/authorized_keys:5: key options: agent-forwarding 
port-forwarding pty user-rc x11-forwarding
Accepted key RSA SHA256:[FINGERPRINT] found at /[HOME]/.ssh/authorized_keys:5
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: publickey authentication test: RSA key is allowed
debug3: mm_request_send entering: type 23
debug3: send packet: type 60 [preauth]
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 8.431ms, delaying 0.485ms (requested 
8.916ms) [preauth]
Postponed publickey for [USER] from [SERVER IP] port [CLIENT PORT] ssh2 
[preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user [USER] service ssh-connection method 
publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug3: userauth_pubkey: have ssh-rsa signature for RSA SHA256:[FINGERPRINT] 
[preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x56374f6f6910
debug1: temporarily_use_uid: 1000/1000 (e=0/0)
debug1: trying public key file /[HOME]/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: /[HOME]/.ssh/authorized_keys:5: matching key found: RSA 
SHA256:[FINGERPRINT]
debug1: /[HOME]/.ssh/authorized_keys:5: key options: agent-forwarding 
port-forwarding pty user-rc x11-forwarding
Accepted key RSA SHA256:[FINGERPRINT] found at /[HOME]/.ssh/authorized_keys:5
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: publickey authentication: RSA key is allowed
debug3: mm_request_send entering: type 23
debug3: mm_sshkey_verify entering [preauth]
debug3: mm_request_send entering: type 24 [preauth]
debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
debug3: mm_request_receive_expect entering: type 25 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 24
debug3: mm_answer_keyverify: publickey 0x56374f6f6c90 signature verified
debug1: auth_activate_options: setting new authentication options
debug3: mm_request_send entering: type 25
debug3: mm_request_receive_expect entering: type 102
debug3: mm_request_receive entering
debug1: do_pam_account: called
debug2: do_pam_account: auth information in SSH_AUTH_INFO_0
debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)
debug3: mm_request_send entering: type 103
Accepted publickey for [USER] from [SERVER IP] port [CLIENT PORT] ssh2: RSA 
SHA256:[FINGERPRINT]
debug1: monitor_child_preauth: [USER] has been authenticated by privileged 
process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 26
debug3: mm_request_receive entering
debug3: mm_get_keystate: GOT new keys
debug1: auth_activate_options: setting new authentication options [preauth]
debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa [preauth]
debug3: user_specific_delay: user specific delay 0.000ms [preauth]
debug3: ensure_minimum_time_since: elapsed 6.077ms, delaying 2.839ms (requested 
8.916ms) [preauth]
debug3: mm_do_pam_account entering [preauth]
debug3: mm_request_send entering: type 102 [preauth]
debug3: mm_request_receive_expect entering: type 103 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_do_pam_account returning 1 [preauth]
debug3: send packet: type 52 [preauth]
debug3: mm_request_send entering: type 26 [preauth]
debug3: mm_send_keystate: Finished sending state [preauth]
debug1: monitor_read_log: child log fd closed
debug3: ssh_sandbox_parent_finish: finished
debug1: PAM: establishing credentials
debug3: PAM: opening session
debug2: do_pam_session: auth information in SSH_AUTH_INFO_0
pam_unix(sshd:session): session opened for user [USER] by (uid=0)
debug3: PAM: sshpam_store_conv called with 1 messages
debug3: PAM: sshpam_store_conv called with 1 messages
User child is on pid 20960
debug3: mm_request_receive entering
debug3: monitor_read: checking request 113
debug3: mm_answer_audit_command entering
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
pam_unix(sshd:session): session closed for user [USER]
debug1: PAM: deleting credentials
debug3: PAM: sshpam_thread_cleanup entering
debug1: audit_event: unhandled event 12

#!/usr/bin/perl
use strict; use warnings;
use utf8; use open qw/:std :utf8/;
my $server = $ARGV[0]; # server to try is passed as argument
use WWW::Curl::Easy;
my $scp = WWW::Curl::Easy->new;
$scp->setopt(CURLOPT_URL, sprintf 'sftp://%s/~/curltest', $server);
$scp->setopt(CURLOPT_USERNAME, '[abc123]');
$scp->setopt(CURLOPT_SSH_PUBLIC_KEYFILE, '[fq path to pubkey]');
$scp->setopt(CURLOPT_SSH_PRIVATE_KEYFILE, '[fq path to privkey]');
$scp->setopt(CURLOPT_SSH_AUTH_TYPES, CURLSSH_AUTH_PUBLICKEY);
$scp->setopt(CURLOPT_READDATA, *STDOUT);
$scp->setopt(CURLOPT_VERBOSE, 1);
$scp->perform or die "Curl error: ", $scp->errbuf;

Reply via email to