Re: sshd signal 11 on -current
- Reply: Mark Millard : "Re: sshd signal 11 on -current"
- In reply to: Mark Millard : "Re: sshd signal 11 on -current"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 18 Jan 2024 00:22:59 UTC
On Wed, Jan 17, 2024 at 12:24:53PM -0800, Mark Millard wrote: > > Does connecting to ns2.zefox.net from the Mac workstation > also end up seeing "Corrupted MAC on input" eventually > when you then look at /various/log/messages somehow (more, > grep, . . .)? Ssh from the Mac workstation (10.7.5, so old) to ns2.zefox.net worked and produced normal output > > Does connecting to ns2.zefox.net from "pi4 RasPiOS workstation" > also end up seeing "Corrupted MAC on input" eventually? Ssh from Pi4 workstation to ns2.zefox.net is successful, but running grep triggers the "corrupted Mac..." error in mid-output. > Does connecting to ns2.zefox.net from "gateway.zefox.net" > also end up seeing "Corrupted MAC on input" eventually? > Gateway.zefox.net is the name of the router. Since RPi4 workstation and Mac workstation are both on the lan their traffic passes through the router. Mac works, the Pi4 doesn't. > Does connecting to ns2.zefox.net from "ns1.zefox.net" > also end up seeing "Corrupted MAC on input" eventually? > Yes, but see the puzzling observation below. > > Does connecting to ns2.zefox.net from "www.zefox.org" > also end up seeing "Corrupted MAC on input" eventually? > Yes > Which see the problem and which do not (if any)? > It appears that the (very old) Mac connects without a problem. The newer hosts have difficulties. Meanwhile the ssh connection from RasPiOS workstation to nemesis.zefox.com and tip session to the serial console of ns2.zefox.net stayed up with a login prompt. After logging in it was possible to view /var/log/messages with more and even use grep to search for instances of ssh in the file. Here's a puzzling observation: If I ssh from Mac to ns1 then ssh from ns1 to ns2, no corrupted MAC. If I ssh from RPi4 to ns1 then ssh to ns2, corrupted MAC is reported and the connection detaches leaving me at the rpi4 workstation. The workaround for CVE-2023-48795 was applied to the Raspberry Pi2v1.1 hosts (ns1.zefox.net, ns2.zefox.net and www.zefox.net) back in December. Might that be part of the trouble? I didn't notice any misbehavior then, but ssh attacks have increased since, at least in quantity. I'm becoming skeptical this is related to the sshd segfaults on nemesis.zefox.com. Thanks for reading! bob prohaska