From nobody Thu Jan 18 01:09:32 2024 X-Original-To: freebsd-arm@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TFl5l55sGz57Dlp for ; Thu, 18 Jan 2024 01:09:47 +0000 (UTC) (envelope-from marklmi@yahoo.com) Received: from sonic304-25.consmr.mail.gq1.yahoo.com (sonic304-25.consmr.mail.gq1.yahoo.com [98.137.68.206]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4TFl5l2Y4tz4Ygx for ; Thu, 18 Jan 2024 01:09:47 +0000 (UTC) (envelope-from marklmi@yahoo.com) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1705540185; bh=Qpmi/YTJxCx0cvgeKraA8H2+XaSXfjcfXad2HYcXbYM=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From:Subject:Reply-To; b=tNcGgK1i+ITczd0Lg/8JzvVUfTerXPkMOQo1a52fjLWmbC6kbrTO6KAMiFLq6zu1KhxPmsaO01K8wCy0Oq4BG8lsU/yFFjS/hTyA7VNjjZjIre/au3JM/JB7hJcdsEeDCkXGOrq9zdBDqU2nzjF8PinreNLSZcmIsx+sC5QafUfpFjYZhtGaILp7QQnLwY5KPPMD68D6Pc8qyFQ0V7y6WAXSNjb+CXTIoG+mbAYdfrv2Wp6J2zYW/IAATJoxJyvKu/xZhzUhV8RPQqwltvOQHNCQyi7nhO2lmeD8NNKZx+PeU7btS1GxxVXsEOsF8XZLZVwzf2qL/DHTqYjonTdnDg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1705540185; bh=9zx/TVsLp+INy+BIyn/xrjFa5WUl1MD7sAvs5zg28bX=; h=X-Sonic-MF:Subject:From:Date:To:From:Subject; b=K39MFlRFuu4jstRCRmHWvL994zHfoKZp4KCnT4acEB9RdLAjclsKR6HS+z4M45b+5E9rpbPBcgZfB/shFsdZQPwSLvdiWpBG9kcNUyQGvGD+T3/i6jnCXHB9s7xD1Dl9Nr7rssXOsuRRqGG2rq8NJTjV+OjzkWVxfiHexYL6XcB3H13oPgGvP8TAHukfrRhdvKv7nQ+H5bw8MGjXh1G6qh6NJ0SkPzDLNVpYxHjwH9KmcTlVkEu/3edbnwFL57oBZaMeeKJd+DYECP38vp1XHwBMW6oRC+hYoVOiArznvdOXqHUZ7mEmwiWT89MclJFPtwDdeIsDfdAX7vrCZ33Abg== X-YMail-OSG: _.imnoUVM1k0.w0sVNHdfDoRabYzQGx5ek8gYN9d4TtOO5z.1mdNNiM835f4Ibt mHpbhXTsaMp5l7ALLJMFvMxaDPRL1S..PESHS.fb3yGQR48xx7uUiXJ.4gfNl9.cN5JWgJGYkc3Z gBY7xW.eJkbcdaTGN_iMauFLgKOOt8rYA2TjhXJ4VI2zkNG9ZNPmOAioPQLleXRcWTY22V7EK69x F_Qxmp7Z6kkL0oVSF34SVwwmDPni6Z_4VVPilh_xLRV9G4prJgioVP4M.BH7A9XFm0vYJh3UKqbG P2YOWsVMkUyh.XZC7l20274MuS8s1DxBPihEHF4tiNY0.lfy9pC4Xx_sUENqp2pixbt8BxdEKGei 0dpdwWzOkB9OiVWMNXXnDVbI2dc8r_fVJpYDuy9ZVXFIq3_llLdKTk1taNuj0aSGRv_FZvYGSxaS 6RtSW_e9Y9VbUZXIGAV5pavfuIXTlfQLPWealPEuNu._a.nNdKwTjBPr3rlSjgYgtkbocfpDVPRy jL0ZS0wbAi6CtpD1MfuYk0oGgjblKPB9P5R5jLqcogvyr6IxUxVhT1AHuWD.d4H_Wz0gUIDSFgUZ WRnwSILPK4KfcnsVAaYJ820_J2US7VgMU40aHOkToMxdW.HM8PXIxylUTuvvFIsiSb38.pl_4i0B UoIsDuF6ZVRK_Z69F42gKqNvkFKebJPA8h1.VtOSSUixtK9a21hLbYqh28D3DwOOIW2AY7pemJ0q jR9aXw_t4kK9I3Qa8JM_M2HtrFsjR0ClKkxQ.QH45DJLHY5clZMRXBHSiUx4FJ4CNyzTt6dKg2jg G3KzpmvRziTg9xITFiG9Qy6DQnji8_VuovTfDF.URTGD4bt9esdQqW6a1KA56xL.WPCrpVXSPayf O2KNn18.8CECbJvzBAKujHGr8fD4OcpjK8BCS04Tc4JxZ9QULke7ATfaodD2OrvS98xH2Bp_Fob5 WAVXDcFZSd4e2nIKMB0u.QUeGsytIe6mO6ffUTOfXbzGB3mmQU6jbTwSKpu_VZlbf.KJ1oveLMpI nHd.uaFKgmae8A8lHHQyUqqFNlJ0eqQnPZ8U4LhAV4uh79VGhPu8StQNEMRr80SdaONnSm3UIxkX vuIHlFSyO_.fz2a0jCGhUjGynB3RT4WyADzpyrh8fAQKWh03GBvF7c5qoiGekTtCKg.qzW42XOG6 XBg6x.YjfWy8moEO7IUPKJSHlmJWO_OedLCD11gkB8h9FlXFTrLYINFK_K0PLcOJ_idWgu3vaDyJ GpN71sLQ..SZ6Oe9MSKGkDr.Sjm_bqMFaAfI_Lt5oShab41b_GAga7XGPuRbtZb6KVT4OibvVRvM FDOmdUyElursmmksbSGfGbS.FUDMU2ecXa.wVAyqw_zV3CCzP31veFIKlD6AKYOg2zbyKt5tgxMj HpqO_rsXvEKVvTw.AmY.2CayB.w62X0elKklCfEwmQOmVnjwJzNpgE8.vdZ_FDymDk0KOdkQZ.yB 61p2CO6LUznPijS9QWdLg77Q162SFC1eD59gk1MM2WuVvo9rHKPSXXi2RSSzacNRwchAckjkZGVv ZifhpzWYYUMYcXpAK3MZpYRzuWlRvKJTr.9bTXiphY_RhxLJEb0Gh4s6S0QrwwYZvp77lij8gSCg xMFgBm2TPa6smfjOi52nQ2fzP53Y5BX1VNZXjdLXGTwEXS9Vg4w0VdWI7n.LHVhLkFl1.PrBzVEZ 17EpCY3vft20SRHyPQSBJ5CA31qOxYfR.m4bT4CMMggFYucRDuwDCE5qSp3v4cScICTVzsIBvvQz kgf9WRJruWU79pdS1LZgbgTi0_9tVvW2sOK9GdA6X5l_5Dhyo5XjD.25lewBSWmJ0jy9TjVvSC2q r_wzm_Oi0y2erGlAGbyn91ZLV9iwKUXJSZovyqfzYNhYl19DJyI8b3Kc8uyAvcsdrnYZZ5VA1EPd uACmYI0Mfk_rXxZ0M3L45vXRE2hBRG8viNVaMHitoh_yYMq7tBAubfBZXTTvHed7IxOqtQ4EFSwk gZK3vNx4VXeZbPvBt_s1gki3zm8b01ff9TFPcDCqUyk75pL98_rdFxdkyj1E1brA44H6tUViQXe6 lzTP05YY.K3lBxP1ktRGGgK5ox9AOAPYtpsU2.mCAw8kvSMT25YcWegSybx8yhUJJbKGVbqQpGp7 sxJgVHiQWsnOMXVkOqkLzcpf991Hiplk3FRmHRRW9Hd2fWyP2vmbHOmocBYSpxOHQLOasVyRxNvA rOGQuaZPgoPF0kzYbLv2zOavV7YOBqoeGTZRAqZ.xE.EmOsuVFEW582aVq8uNflfmtx2vrDQGLQ- - X-Sonic-MF: X-Sonic-ID: 53aad9ad-7ba1-40f5-9d13-095b2c673324 Received: from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.gq1.yahoo.com with HTTP; Thu, 18 Jan 2024 01:09:45 +0000 Received: by hermes--production-gq1-78d49cd6df-4xktb (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID c484fa3d221d729acbb3a53d9394e220; Thu, 18 Jan 2024 01:09:42 +0000 (UTC) Content-Type: text/plain; charset=us-ascii List-Id: Porting FreeBSD to ARM processors List-Archive: https://lists.freebsd.org/archives/freebsd-arm List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arm@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.300.61.1.2\)) Subject: Re: sshd signal 11 on -current From: Mark Millard In-Reply-To: Date: Wed, 17 Jan 2024 17:09:32 -0800 Cc: freebsd-arm@freebsd.org Content-Transfer-Encoding: 7bit Message-Id: References: <7EF12F55-70E4-4780-BF73-3C7B963C3781@yahoo.com> To: bob prohaska X-Mailer: Apple Mail (2.3774.300.61.1.2) X-Rspamd-Queue-Id: 4TFl5l2Y4tz4Ygx X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:36647, ipnet:98.137.64.0/20, country:US] On Jan 17, 2024, at 16:22, bob prohaska wrote: > On Wed, Jan 17, 2024 at 12:24:53PM -0800, Mark Millard wrote: >> >> Does connecting to ns2.zefox.net from the Mac workstation >> also end up seeing "Corrupted MAC on input" eventually >> when you then look at /various/log/messages somehow (more, >> grep, . . .)? > > Ssh from the Mac workstation (10.7.5, so old) to ns2.zefox.net > worked and produced normal output >> >> Does connecting to ns2.zefox.net from "pi4 RasPiOS workstation" >> also end up seeing "Corrupted MAC on input" eventually? > > Ssh from Pi4 workstation to ns2.zefox.net is successful, > but running grep triggers the "corrupted Mac..." error > in mid-output. > >> Does connecting to ns2.zefox.net from "gateway.zefox.net" >> also end up seeing "Corrupted MAC on input" eventually? >> > Gateway.zefox.net is the name of the router. Since RPi4 > workstation and Mac workstation are both on the lan their > traffic passes through the router. Mac works, the Pi4 > doesn't. You have published material indicating the prior login was from gateway.zefox.net . That was why I referenced it. >> Does connecting to ns2.zefox.net from "ns1.zefox.net" >> also end up seeing "Corrupted MAC on input" eventually? Was pi4 RasPiOS workstation involved in the sequence? If yes, what happens if you use the mac for that stage instead of pi4 RasPiOS workstation? A question is if you ever get the problem when pi4 RasPiOS workstation is not involved at all. > Yes, but see the puzzling observation below. >> >> Does connecting to ns2.zefox.net from "www.zefox.org" >> also end up seeing "Corrupted MAC on input" eventually? >> > Yes >> Which see the problem and which do not (if any)? >> > It appears that the (very old) Mac connects without > a problem. The newer hosts have difficulties. Did all the "newer hosts" tests involve using pi4 RasPiOS workstation ? If yes, what happens if you avoid involving pi4 RasPiOS workstation ? > Meanwhile the ssh connection from RasPiOS workstation > to nemesis.zefox.com and tip session to the serial console > of ns2.zefox.net stayed up with a login prompt. After logging > in it was possible to view /var/log/messages with more and > even use grep to search for instances of ssh in the file. > > Here's a puzzling observation: > > If I ssh from Mac to ns1 then ssh from ns1 to ns2, no corrupted MAC. > > If I ssh from RPi4 to ns1 then ssh to ns2, corrupted MAC is reported > and the connection detaches leaving me at the rpi4 workstation. So you started experiments I suggest above relative to pi4 RasPiOS workstation use. So far it sounds like the problem requires pi4 RasPiOS workstation behavior to be involved to get the problem. Can you do something to avoid all use of RasPiOS, possibly using a different OS on that RPi4B for some experiments? > The workaround for CVE-2023-48795 was applied to the Raspberry > Pi2v1.1 hosts (ns1.zefox.net, ns2.zefox.net and www.zefox.net) back > in December. Might that be part of the trouble? No clue. But, right now the common point seems to be pi4 RasPiOS workstation being involved. It might be the OS or the hardware if its involvement is essential to the problem. Thus the suggested test of avoiding RasPiOS on that RPi4B for some experiments, using another OS. > I didn't notice > any misbehavior then, but ssh attacks have increased since, at > least in quantity. > > I'm becoming skeptical this is related to the sshd segfaults on > nemesis.zefox.com. Agreed: At this point we have nothing tying the corrupted MAC issue with the segfaults issue. === Mark Millard marklmi at yahoo.com