[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Description changed: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - - sandboxing code on big endian - - allowing hw accel iocls in the sandbox + - sandboxing code on big endian + - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf - sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf + sudo sed -i '10i openssl_conf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fheimes/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/fheimes/.ssh/id_dsa debug1: Trying private key: /home/fheimes/.ssh/id_ecdsa debug1: Trying private key: /home/fheimes/.ssh/id_ed25519 debug1: Next authentication method: password ubuntu@10.245.208.7's password: debug1: Authentication succeeded (password). Authen
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
--- Comment From heinz-werner_se...@de.ibm.com 2018-01-17 08:56 EDT--- IBM Bugzilla status -> closed, Fix Released by Canonical. ** Tags removed: verification-failed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Fix Released Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: Invalid Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
closing this ticket - since Zesty ran out of support on Jan the 13th: https://www.google.de/url?https://lists.ubuntu.com/archives/ubuntu-announce/2018-January/000227.html and kernel 4.10 is no longer supported. Even on Xenial we moved the HWE kernel already from 4.10 to 4.13 ** Changed in: openssh (Ubuntu Zesty) Status: Confirmed => Invalid ** Changed in: ubuntu-z-systems Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Fix Released Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: Invalid Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: reke
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Tags added: id-597a835aabb9be94fe80eb45 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: In Progress Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: Confirmed Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fheimes/.ssh/id_rsa debug1: Authenticati
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Tags added: id-59a6de69fde9c920947b3d4b -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: In Progress Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: Confirmed Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fheimes/.ssh/id_rsa debug1: Authenticati
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
Is there any plan to release this fix into Zesty (zesty-updates) ? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: In Progress Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: Confirmed Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fheimes/.ssh/id_rs
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
This bug was fixed in the package openssh - 1:7.5p1-5ubuntu1 --- openssh (1:7.5p1-5ubuntu1) artful; urgency=low * Merge from Debian unstable. Remaining changes: - Cherrypick updated patchset to open up sandbox, when openssl engine calls into OpenCryptoki for hardware accelerated encryption. LP: #1686618 openssh (1:7.5p1-5) unstable; urgency=medium * Upload to unstable. * Fix syntax error in debian/copyright. openssh (1:7.5p1-4) experimental; urgency=medium * Drop README.Debian section on privilege separation, as it's no longer optional. * Only call "initctl set-env" from agent-launch if $UPSTART_SESSION is set (LP: #1689299). * Fix incoming compression statistics (thanks, Russell Coker; closes: #797964). * Relicense debian/* under a two-clause BSD licence for bidirectional compatibility with upstream, with permission from Matthew Vernon and others. -- Dimitri John Ledkov Fri, 28 Jul 2017 14:13:11 +0100 ** Changed in: openssh (Ubuntu Artful) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: In Progress Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: Confirmed Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
--- Comment From ebarre...@br.ibm.com 2017-07-28 16:01 EDT--- (In reply to comment #23) > If the patch isn't getting any review on the upstream mailing list, then > please open a bug on https://bugzilla.mindrot.org/ so that it doesn't fall > through the cracks permanently. Done: https://bugzilla.mindrot.org/show_bug.cgi?id=2752 ** Bug watch added: OpenSSH Portable Bugzilla #2752 https://bugzilla.mindrot.org/show_bug.cgi?id=2752 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: In Progress Status in openssh package in Ubuntu: Fix Committed Status in openssh source package in Zesty: Confirmed Status in openssh source package in Artful: Fix Committed Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NE
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
If the patch isn't getting any review on the upstream mailing list, then please open a bug on https://bugzilla.mindrot.org/ so that it doesn't fall through the cracks permanently. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: In Progress Status in openssh package in Ubuntu: Fix Committed Status in openssh source package in Zesty: Confirmed Status in openssh source package in Artful: Fix Committed Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,p
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Changed in: ubuntu-z-systems Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: In Progress Status in openssh package in Ubuntu: Fix Committed Status in openssh source package in Zesty: Confirmed Status in openssh source package in Artful: Fix Committed Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fheimes/.ssh/
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Changed in: openssh (Ubuntu Artful) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Triaged Status in openssh package in Ubuntu: Fix Committed Status in openssh source package in Zesty: Confirmed Status in openssh source package in Artful: Fix Committed Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fheimes/
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
I am preparing a test build of openssh as part of merging changes from Debian, with the updated patchset that opens up more syscalls. This will land in artful shortly - but currently artful is very busy with many migration thus it may take some time before the package migrates from proposed into the released pocket. This should be done for artful by end of next week the latest. After that I will prepare an updated SRU into zesty that previously failed verification with all the cherrypicks from 7.5 and the updated not-yet-merged patchset for all the extra syscalls. So zesty will get these fixes later in August. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Triaged Status in openssh package in Ubuntu: Triaged Status in openssh source package in Zesty: Confirmed Status in openssh source package in Artful: Triaged Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key.
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Changed in: openssh (Ubuntu Artful) Status: Fix Released => Triaged ** Changed in: openssh (Ubuntu Artful) Importance: High => Critical ** Changed in: openssh (Ubuntu Zesty) Status: In Progress => Confirmed ** Changed in: openssh (Ubuntu Zesty) Importance: High => Critical ** Changed in: ubuntu-z-systems Status: Fix Committed => Triaged ** Changed in: ubuntu-z-systems Importance: High => Critical -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Triaged Status in openssh package in Ubuntu: Triaged Status in openssh source package in Zesty: Confirmed Status in openssh source package in Artful: Triaged Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey a
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
This bug was fixed in the package openssh - 1:7.5p1-3ubuntu1 --- openssh (1:7.5p1-3ubuntu1) artful; urgency=medium * On s390x, allow geteuid syscall in the sandbox, to allow openssh connections to work when hw accelerated cryptography is enabled. This patch is to be replaced by the one accepted upstream, when reviewed. LP: #1686618 -- Dimitri John Ledkov Mon, 22 May 2017 13:13:59 +0100 ** Changed in: openssh (Ubuntu Artful) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Fix Committed Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: In Progress Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Changed in: openssh (Ubuntu Artful) Status: Triaged => Fix Committed ** Changed in: openssh (Ubuntu Zesty) Status: Fix Committed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Fix Committed Status in openssh package in Ubuntu: Fix Committed Status in openssh source package in Zesty: In Progress Status in openssh source package in Artful: Fix Committed Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debu
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
Excellent. We need patch for 7.5p as well, because that is the release in artful, current development series. If you could forward that one as well to us, that would be great. Regards, Dimitri. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Fix Committed Status in openssh package in Ubuntu: Triaged Status in openssh source package in Zesty: Fix Committed Status in openssh source package in Artful: Triaged Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue:
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
May 05 10:45:13 s1lp15 sshd[138567]: fatal: ssh_sandbox_violation: unexpected system call (arch:0x8016,syscall:201 @ 0x3ffb853fb32) [preauth] Syscall 201 is { "geteuid", 201 }, from seccomp sources. It seems like more syscalls are used, when encryption enabled, at least on Ubuntu, when hardware accelerated crypto is enabled. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Fix Committed Status in openssh package in Ubuntu: Triaged Status in openssh source package in Zesty: Fix Committed Status in openssh source package in Artful: Triaged Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
May 05 10:45:13 s1lp15 sshd[138567]: debug3: send packet: type 52 [preauth] May 05 10:45:13 s1lp15 sshd[138567]: debug1: Enabling compression at level 6. [preauth] May 05 10:45:13 s1lp15 sshd[138567]: debug3: mm_request_send entering: type 26 [preauth] May 05 10:45:13 s1lp15 sshd[138567]: debug3: mm_send_keystate: Finished sending state [preauth] May 05 10:45:13 s1lp15 sshd[138567]: fatal: ssh_sandbox_violation: unexpected system call (arch:0x8016,syscall:201 @ 0x3ffb853fb32) [preauth] May 05 10:45:13 s1lp15 sshd[138567]: debug1: monitor_read_log: child log fd closed May 05 10:45:13 s1lp15 sshd[138567]: fatal: privsep_preauth: preauth child exited with status 1 May 05 10:45:13 s1lp15 sshd[138567]: debug1: do_cleanup May 05 10:45:13 s1lp15 sshd[138567]: debug3: PAM: sshpam_thread_cleanup entering -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Fix Committed Status in openssh package in Ubuntu: Triaged Status in openssh source package in Zesty: Fix Committed Status in openssh source package in Artful: Triaged Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
This does not appear to work with 7.5 either ** Changed in: openssh (Ubuntu Artful) Status: Fix Released => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Fix Committed Status in openssh package in Ubuntu: Triaged Status in openssh source package in Zesty: Fix Committed Status in openssh source package in Artful: Triaged Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debu
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Tags removed: verification-needed ** Tags added: verification-failed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Fix Committed Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: Fix Committed Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fheimes
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
ubuntu@zlin42:~$ sudo sh -c "echo 'deb http://ports.ubuntu.com/ubuntu-ports $(lsb_release -sc)-proposed restricted main multiverse universe' >> /etc/apt/sources.list.d/proposed-repositories.list" ubuntu@zlin42:~$ sudo apt -y update -qq 12 packages can be upgraded. Run 'apt list --upgradable' to see them. ubuntu@zlin42:~$ apt list --upgradable Listing... Done linux-firmware/zesty-proposed 1.164.1 all [upgradable from: 1.164] linux-generic/zesty-proposed 4.10.0.21.23 s390x [upgradable from: 4.10.0.20.22] linux-headers-generic/zesty-proposed 4.10.0.21.23 s390x [upgradable from: 4.10.0.20.22] linux-image-generic/zesty-proposed 4.10.0.21.23 s390x [upgradable from: 4.10.0.20.22] linux-libc-dev/zesty-proposed 4.10.0-21.23 s390x [upgradable from: 4.10.0-20.22] openssh-client/zesty-proposed 1:7.4p1-10ubuntu0.1 s390x [upgradable from: 1:7.4p1-10] openssh-server/zesty-proposed 1:7.4p1-10ubuntu0.1 s390x [upgradable from: 1:7.4p1-10] openssh-sftp-server/zesty-proposed 1:7.4p1-10ubuntu0.1 s390x [upgradable from: 1:7.4p1-10] snap-confine/zesty-proposed 2.25+17.04 s390x [upgradable from: 2.24.1+17.04] snapd/zesty-proposed 2.25+17.04 s390x [upgradable from: 2.24.1+17.04] sosreport/zesty-proposed 3.4-1~ubuntu17.04.1 s390x [upgradable from: 3.3+git50-g3c0349b-2] unattended-upgrades/zesty-proposed 0.93.1ubuntu2.1 all [upgradable from: 0.93.1ubuntu2] ubuntu@zlin42:~$ ### ubuntu@zlin42:~$ sudo vi /etc/ssh/sshd_config ubuntu@zlin42:~$ sudo systemctl restart sshd ubuntu@zlin42:~$ apt-cache policy openssh-server openssh-server: Installed: 1:7.4p1-10 Candidate: 1:7.4p1-10ubuntu0.1 Version table: 1:7.4p1-10ubuntu0.1 500 500 http://ports.ubuntu.com/ubuntu-ports zesty-proposed/main s390x Packages *** 1:7.4p1-10 500 500 http://us.ports.ubuntu.com/ubuntu-ports zesty/main s390x Packages 100 /var/lib/dpkg/status ubuntu@zlin42:~$ me@WS:~$ ssh ubuntu@zlin42 ubuntu@zlin42's password: Welcome to Ubuntu 17.04 (GNU/Linux 4.10.0-20-generic s390x) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/advantage 0 packages can be updated. 0 updates are security updates. Last login: Fri May 5 03:22:00 2017 from 10.172.66.66 ubuntu@zlin42:~$ exit logout Connection to zlin42 closed. me@WS:~$ ### activate hw crypto for ssl / ibmca engine ubuntu@zlin42:~$ sudo vi /etc/ssl/openssl.cnf # set: openssl_conf = openssl_def ubuntu@zlin42:~$ openssl engine (dynamic) Dynamic engine loading support (ibmca) Ibmca hardware engine support ubuntu@zlin42:~$ ### negative test - expecting the problem to occur me@WS:~$ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. me@WS:~$ ubuntu@zlin42:~$ sudo apt install openssh-server Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: openssh-client openssh-sftp-server Suggested packages: keychain libpam-ssh monkeysphere ssh-askpass molly-guard rssh The following packages will be upgraded: openssh-client openssh-server openssh-sftp-server 3 upgraded, 0 newly installed, 0 to remove and 9 not upgraded. Need to get 928 kB of archives. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://ports.ubuntu.com/ubuntu-ports zesty-proposed/main s390x openssh-sftp-server s390x 1:7.4p1-10ubuntu0.1 [38.0 kB] Get:2 http://ports.ubuntu.com/ubuntu-ports zesty-proposed/main s390x openssh-server s390x 1:7.4p1-10ubuntu0.1 [316 kB] Get:3 http://ports.ubuntu.com/ubuntu-ports zesty-proposed/main s390x openssh-client s390x 1:7.4p1-10ubuntu0.1 [574 kB] Fetched 928 kB in 1s (722 kB/s) Preconfiguring packages ... (Reading database ... 134327 files and directories currently installed.) Preparing to unpack .../openssh-sftp-server_1%3a7.4p1-10ubuntu0.1_s390x.deb ... Unpacking openssh-sftp-server (1:7.4p1-10ubuntu0.1) over (1:7.4p1-10) ... Preparing to unpack .../openssh-server_1%3a7.4p1-10ubuntu0.1_s390x.deb ... Unpacking openssh-server (1:7.4p1-10ubuntu0.1) over (1:7.4p1-10) ... Preparing to unpack .../openssh-client_1%3a7.4p1-10ubuntu0.1_s390x.deb ... Unpacking openssh-client (1:7.4p1-10ubuntu0.1) over (1:7.4p1-10) ... Processing triggers for ufw (0.35-4) ... Processing triggers for ureadahead (0.100.0-19) ... Processing triggers for systemd (232-21ubuntu3) ... Processing triggers for man-db (2.7.6.1-2) ... Setting up openssh-client (1:7.4p1-10ubuntu0.1) ... Setting up openssh-sftp-server (1:7.4p1-10ubuntu0.1) ... Setting up openssh-server (1:7.4p1-10ubuntu0.1) ... ubuntu@zlin42:~$ ubuntu@zlin42:~$ exit logout Connection to zlin42 closed. me@WS:~$ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. me@WS:~$ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 close
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Changed in: ubuntu-z-systems Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Fix Committed Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: Fix Committed Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fhe
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
Hello Frank, or anyone else affected, Accepted openssh into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssh/1:7.4p1-10ubuntu0.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: openssh (Ubuntu Zesty) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: In Progress Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: Fix Committed Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Tags added: architecture-s39064 bugnameltc-153940 severity-high targetmilestone-inin1704 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: In Progress Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: In Progress Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public ke
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Changed in: ubuntu-z-systems Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: In Progress Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: In Progress Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fheimes/.ssh/
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Changed in: openssh (Ubuntu Zesty) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Triaged Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: In Progress Status in openssh source package in Artful: Fix Released Bug description: [ Impact ] * Unable to ssh into Ubuntu, using default sshd configuration, when hw acceleration is enabled in openssl. [ Proposed solution ] * Cherrypick upstream fixes for: - sandboxing code on big endian - allowing hw accel iocls in the sandbox short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ [Test case] long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fheimes/.ss
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Description changed: + [ Impact ] + + * Unable to ssh into Ubuntu, using default sshd configuration, when hw + acceleration is enabled in openssl. + + [ Proposed solution ] + + * Cherrypick upstream fixes for: + - sandboxing code on big endian + - allowing hw accel iocls in the sandbox + short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ + [Test case] + long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: - sudo apt-get install openssh-ibmca libica-utils libica2 + sudo apt-get install openssl-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 - ubuntu@zlin42's password: + ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: - Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 + Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fheimes/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/fheimes/.ssh/id_dsa debug1: Trying private key: /home/fheimes/.ssh/id_ecdsa
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
7.5 is now in artful. https://launchpad.net/ubuntu/+source/openssh/1:7.5p1-2 ** Changed in: openssh (Ubuntu Artful) Status: Triaged => Fix Released ** Changed in: openssh (Ubuntu Zesty) Assignee: (unassigned) => Dimitri John Ledkov (xnox) ** Changed in: openssh (Ubuntu Zesty) Milestone: None => zesty-updates ** Changed in: openssh (Ubuntu Zesty) Status: New => Triaged ** Changed in: openssh (Ubuntu Zesty) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Triaged Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Zesty: Triaged Status in openssh source package in Artful: Fix Released Bug description: short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssh-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Changed in: ubuntu-z-systems Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: Triaged Status in openssh package in Ubuntu: Triaged Status in openssh source package in Zesty: New Status in openssh source package in Artful: Triaged Bug description: short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssh-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fheimes/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/fheimes/.ssh/id_dsa debug1: Trying private key: /home/fheimes/.ssh/id_ecdsa debug1: Trying private key: /home/fheimes/.ssh/id_ed25519 debug1: Next authentication method: password ubuntu@10.245.208.
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Changed in: openssh (Ubuntu) Status: New => Triaged ** Changed in: openssh (Ubuntu) Importance: Undecided => High ** Changed in: openssh (Ubuntu) Assignee: (unassigned) => Dimitri John Ledkov (xnox) ** Changed in: openssh (Ubuntu) Milestone: None => ubuntu-17.05 ** Also affects: openssh (Ubuntu Artful) Importance: High Assignee: Dimitri John Ledkov (xnox) Status: Triaged ** Also affects: openssh (Ubuntu Zesty) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: New Status in openssh package in Ubuntu: Triaged Status in openssh source package in Zesty: New Status in openssh source package in Artful: Triaged Bug description: short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssh-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue:
[Touch-packages] [Bug 1686618] Re: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04
** Also affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1686618 Title: ssh connection attempts fail if hw crypto support on s390x is enabled on 17.04 Status in Ubuntu on IBM z Systems: New Status in openssh package in Ubuntu: New Bug description: short: after investigations the following commits are needed by openssh-server version 7.4p1 that is part of 17.04: - 5f1596e11d55539678c41f68aed358628d33d86f - 9e96b41682aed793fadbea5ccd472f862179fb02 on master branch in https://github.com/openssh/openssh-portable that belong to openssh 7.5 release notes statement: "sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor." __ long: enable z hw crypto support for openssh on an Ubuntu host (zlin42) on s390x like this: sudo apt-get install openssh-ibmca libica-utils libica2 sudo tee -a /etc/ssl/openssl.cnf < /usr/share/doc/openssl-ibmca/examples/openssl.cnf.sample sudo sed -i 's/^\(openssl_conf = openssl_def.*$\)/# \1/g' /etc/ssl/openssl.cnf sudo sed -i '10i openssl_cnf = openssl_def' /etc/ssl/openssl.cnf afterwards ssh login attempts fail: $ ssh ubuntu@zlin42 ubuntu@zlin42's password: Connection to zlin42 closed by remote host. Connection to zlin42 closed. the normal logs don't provide any interesting details: mit log: Apr 24 12:37:52 zlin42 kernel: [933567.994312] audit: type=1326 audit(1493051872.112:29): auid=4294967295 uid=107 gid=65534 ses=4294967295 pid=25105 comm="sshd" exe="/usr/sbin/sshd" sig=31 arch=8016 syscall=201 compat=0 ip=0x3ffb8a3fb32 code=0x0 Verbose: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /home/fheimes/.ssh/config debug1: /home/fheimes/.ssh/config line 6: Deprecated option "useroaming" debug1: /home/fheimes/.ssh/config line 7: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 10.245.208.7 [10.245.208.7] port 22. debug1: Connection established. debug1: identity file /home/fheimes/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/fheimes/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Ubuntu-10 debug1: match: OpenSSH_7.4p1 Ubuntu-10 pat OpenSSH* compat 0x0400 debug1: Authenticating to 10.245.208.7:22 as 'ubuntu' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha...@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:ss9j12+jMMKL9u2vxNeb3XjOeH0E9lw24IG5LxUeJXk debug1: Host '10.245.208.7' is known and matches the ECDSA host key. debug1: Found key in /home/fheimes/.ssh/known_hosts:87 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs= debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/fheimes/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/fheimes/.ssh/id_dsa debug1: Trying private key: /home/fheimes/.ssh/id_ecdsa debug1: Trying private key: /home/fheimes/.ssh/id_ed25519 debug1: Next authentication method: password ubuntu@10.245.208.7's password: debug1: Authentication succeeded (password). Authenticated to 10.245.208.7 (