Re: sshd signal 11 on -current

From: bob prohaska <fbsd_at_www.zefox.net>
Date: Wed, 17 Jan 2024 19:55:49 UTC
On Wed, Jan 17, 2024 at 09:34:28AM -0800, Mark Millard wrote:
> On Jan 17, 2024, at 08:00, bob prohaska <fbsd@www.zefox.net> wrote:
> 
> > A Pi4 running -current reported:
> > 
> > Jan 13 16:23:10 nemesis kernel: pid 53604 (sshd), jid 0, uid 22: exited on signal 11 (no core dump - bad address)
> > repeatedly. 
> 
> I assume that the pid changed from message to message, in addition
> to the time but the rest of each message text matched exactly.
> 

I've put a copy of the relevant lines from nemesis's /var/log/messages
at http://www.zefox.net/~fbsd/tiptrouble/sshfaults.log

 
> > There's no obvious  disruption of operation, existing
> > ssh connections seem undisturbed.
> 

I'll take that statement back. The host ns2.zefox.net
crashed and rebooted while I was writing this note.

After logging back in to ns2.zefox.net the session was again
terminated by a "Corrupted MAC on input message:

Last login: Wed Jan 17 11:28:45 2024 from nemesis.zefox.com
FreeBSD 12.4-STABLE r373269 GENERIC 

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
To change an environment variable in tcsh you use: setenv NAME "value"
where NAME is the name of the variable and "value" its new value.
bob@ns2:~ % uptime
11:30AM  up 21 mins, 1 user, load averages: 0.00, 0.00, 0.00
bob@ns2:~ % grep -i ssh /var/log/messages
Jan  1 00:38:20 ns2 sshd[8068]: error: Fssh_kex_exchange_identification: Connection closed by remote host
Jan  1 01:04:47 ns2 sshd[8182]: error: Fssh_kex_exchange_identification: Connection closed by remote host
Jan  1 01:49:21 ns2 sshd[8242]: error: PAM: Authentication error for illegal user info from 185.11.61.234
Jan  1 02:19:41 ns2 sshd[8292]: error: PAM: Authentication error for illegal user cromados from 85.209.11.226
Jan  1 02:26:04 ns2 sshd[8308]: error: Fssh_kex_exchange_identification: Connection closed by remote host
Jan  1 03:09:31 ns2 sshd[8623]: error: Fssh_kex_exchange_identification: Connection closed by remote host
Corrupted MAC on input.
ssh_dispatch_run_fatal: Connection to 50.1.20.30 port 22: message authentication code incorrect
bob@raspberrypi:~ $ 
 

It's very curious that logging back in to ns2.zefox.net goes 
without error, but attempts to look at /var/log/messages
simply repeats the "corrupted MAC..." message with ssh disconnection:

Last login: Wed Jan 17 11:41:19 2024 from gateway.zefox.net
FreeBSD 12.4-STABLE r373269 GENERIC 

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
When using ZFS as the file system the "df" command is reporting the pool size
and not file system sizes. It also does not know about descendent ZFS
datasets, snapshots, quotas, and reservations with their individual space usage. 
Use the built-in "zfs list" command to get a better overview of space usage:

zfs list -o space

		-- Benedict Reuschling <bcr@FreeBSD.org>
bob@ns2:~ % more /var/log/messages
Corrupted MAC on input.
ssh_dispatch_run_fatal: Connection to 50.1.20.30 port 22: message authentication code incorrect

bob@raspberrypi:~ $ 

Despite this ns2.zefox.net still answers queries sent via
nslookup:

bob@raspberrypi:~ $ nslookup
> server ns2.zefox.net
Default server: ns2.zefox.net
Address: 50.1.20.30#53
> www.zefox.org
Server:		ns2.zefox.net
Address:	50.1.20.30#53

Name:	www.zefox.org
Address: 50.1.20.28
> www.zefox.net
Server:		ns2.zefox.net
Address:	50.1.20.30#53

Name:	www.zefox.net
Address: 50.1.20.27

Outwardly, ns2.zefox.net appears to work as intended. 

Thanks for reading!

bob prohaska