2727 – ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 8002: message authentication code incorrect

Bug 2727 - ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 8002: message authentication code incorrect

Summary: ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 8002: message authentica...

Status:	CLOSED INVALID

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	7.5p1
Hardware:	ix86 Linux

Importance:	P5 major
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-06-07 07:16 AEST by Sarthak Chokshi
Modified:	2018-04-06 12:26 AEST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sarthak Chokshi 2017-06-07 07:16:40 AEST

After upgrading from openssh7.3 to openssh7.5p1. I see following errors.

Comment 1 Sarthak Chokshi 2017-06-07 07:17:08 AEST

ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 8002: message authentication code incorrect

Comment 2 Sarthak Chokshi 2017-06-07 09:35:36 AEST

System details -  x86_64 x86_64 x86_64 GNU/Linux

Comment 3 Darren Tucker 2017-06-07 10:29:00 AEST

Unfortunately there is insufficient info here to even guess.

What distro/version are you using?  Is the version of OpenSSH provided by the distro vendor or are you compiling the source available at openssh.com?  What's listening on port 8002?  That's not a standard ssh port.

Please create a debug log "ssh -vvv whatever" and use "Add an attachment" to attach that to this bug.

Comment 4 Sarthak Chokshi 2017-06-08 06:28:28 AEST

I compiled the source available from openssh.com https://mirrors.evowise.com/pub/OpenBSD/OpenSSH/portable/openssh-7.5p1.tar.gz

Comment 5 Darren Tucker 2017-06-08 10:00:43 AEST

You answered only one of about six questions and didn't provide the log that might provide more information.

Comment 6 Sarthak Chokshi 2017-06-10 06:46:32 AEST

I use following command:

ssh -o StrictHostKeyChecking=no -o Compression=yes -o ServerAliveInterval=5 -o ServerAliveCountMax=6 -o StreamLocalBindMask=0111 -o StreamLocalBindUnlink=yes -o ControlBindMask=0111 -o ControlAllowUsers=* -o HostKeyAlgorithms=+ssh-dss -i /home/cluster/.ssh/identity -L [/var/cluster/mysql/618005.sock]:[/var/lib/mysql/mysql.sock] -T -M -S /var/cluster/ssh/618005.sock -p 8002 cluster@127.0.0.1 /bin/cat

OpenSSH_7.5p1, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /home/spyware/code/firmware/current/etc/ssh/ssh_config
debug2: resolving "127.0.0.1" port 8002
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 8002.
debug1: connect to address 127.0.0.1 port 8002: Connection refused
ssh: connect to host 127.0.0.1 port 8002: Connection refused

Comment 7 Darren Tucker 2017-06-10 10:52:36 AEST

That debug log does not correspond to the error you are seeking help with (and you didn't use "Add an attachment" as requested) and you *still* haven't answered most of the questions I asked in comment #3.

Comment 8 Sarthak Chokshi 2017-06-14 07:57:58 AEST

Apologize as it too some time to collect logs. Please find it below.
SSH Logs:
OpenSSH_7.5p1, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /home/spyware/code/firmware/current/etc/ssh/ssh_config
debug2: resolving "127.0.0.1" port 8002
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 8002.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/cluster/.ssh/identity type 2
debug1: key_load_public: No such file or directory
debug1: identity file /home/cluster/.ssh/identity-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version Barracuda
debug1: no match: Barracuda
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:8002 as 'cluster'
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
Bad packet length 1835101741.

Sshd logs:

debug1: Bind to port 8002 on 127.0.0.1.
Server listening on 127.0.0.1 port 8002.
debug3: fd 4 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 209
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 45473 on 127.0.0.1 port 8002
debug1: Client protocol version 2.0; client software version OpenSSH_7.5
debug1: match: OpenSSH_7.5 pat OpenSSH* compat 0x04000000
debug1: Local version string BCP-2.0-Barracuda
debug1: Enabling compatibility mode for protocol 2.0
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing rlimit sandbox
debug2: Network child is on pid 10214
debug3: preauth child monitor started
debug3: privsep user:group 71:71 [preauth]
debug1: permanently_set_uid: 71/71 [preauth]
debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,zlib@openssh.com [preauth]
debug2: compression stoc: none,zlib@openssh.com [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c [preauth]
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss [preauth]
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc [preauth]
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: zlib@openssh.com,zlib,none [preauth]
debug2: compression stoc: zlib@openssh.com,zlib,none [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: algorithm: curve25519-sha256 [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com [preauth]
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: zlib@openssh.com [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Connection closed by 127.0.0.1 port 45473 [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: Killing privsep child 10214

Comment 9 Damien Miller 2017-06-14 09:42:16 AEST

Come on. Darren asked you multiple times to attach the logs rather than pasting them into the bug and you've ignored him again. If you expect us to debug your problem for free then you can at least read and follow what we ask.

Here's your problem:

debug1: Local version string BCP-2.0-Barracuda

Your server is sending garbage to the client and disconnecting. The server looks it is dervied from OpenSSH, but it isn't OpenSSH. You need to follow up with whomever gave/sold it to you. There's nothing we can do to fix it.

Comment 10 Damien Miller 2018-04-06 12:26:32 AEST

Close all resolved bugs after release of OpenSSH 7.7.