Re: sshd signal 11 on -current

Reply: Mark Millard : "Re: sshd signal 11 on -current"
In reply to: Paul Mather : "Re: sshd signal 11 on -current"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: bob prohaska <fbsd_at_www.zefox.net>
Date: Thu, 18 Jan 2024 17:32:48 UTC
On Thu, Jan 18, 2024 at 09:45:51AM -0500, Paul Mather wrote:
> On 17 Jan 2024, at 8:51???pm, bob prohaska <fbsd@www.zefox.net> wrote:
> 
> > 
> > I'm not sure which MAC (as in ethernet MAC) is being referred
> > to. Might a different kind of MAC exist, unrelated to ethernet?
> 
> 
> If this error is from SSH then it is likely unrelated to Ethernet.  It likely refers to Message Authentication Code (MAC), which is used to ensure data integrity.  See man ssh_config(5) for details.

That puts a very different light on the problem. On ns2.zefox.net,
the host at the server end of the failed ssh connections, running 
bob@ns2:~ % ssh -Q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com
bob@ns2:~ % 

At the same time, there was a typo (mine!) in /etc/ssh/sshd_conf,
MACs -*etm@openssh.co
introduced when adding the workaround in CVE-2023-48795. 

The error has been corrected and ns2.zefox.net rebooted.
But, no difference in behavior. Here's the transcript,
taken from my Raspberry Pi4 workstation:

bob@raspberrypi:~ $ ssh ns2.zefox.net
Password for bob@ns2.zefox.net:
Last login: Thu Jan 18 08:36:07 2024
FreeBSD 12.4-STABLE r373269 GENERIC 

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
You can use /etc/make.conf to control the options used to compile software
on this system.  Example entries are in
/usr/share/examples/etc/make.conf and in make.conf(5).
For options that are set for building FreeBSD's kernel and its world, see
src.conf(5).
bob@ns2:~ % grep -i ssh /var/log/messages
Jan  1 00:38:20 ns2 sshd[8068]: error: Fssh_kex_exchange_identification: Connection closed by remote host
Jan  1 01:04:47 ns2 sshd[8182]: error: Fssh_kex_exchange_identification: Connection closed by remote host
Jan  1 01:49:21 ns2 sshd[8242]: error: PAM: Authentication error for illegal user info from 185.11.61.234
Jan  1 02:19:41 ns2 sshd[8292]: error: PAM: Authentication error for illegal user cromados from 85.209.11.226
Jan  1 02:26:04 ns2 sshd[8308]: error: Fssh_kex_exchange_identification: Connection closed by remote host
Corrupted MAC on input.
ssh_dispatch_run_fatal: Connection to 50.1.20.30 port 22: message authentication code incorrect
bob@raspberrypi:~ $ 

It does seem likely I've been barking up the wrong tree, but the
new tree I picked is still wrong and there are several. 

A web search discovered an old (2016) thread which reports:
"I got this problem to go away by disabling AVB/EAV mode on the advanced settings
for the Ethernet adapter on the Mac (under Big Sur)." That suggests an Ethernet
problem IIUC.

Any other suggestions are welcome!

Thanks for writing,

bob prohaska