From nobody Thu Jan 18 17:57:04 2024 X-Original-To: freebsd-arm@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TG9SJ3YZVz56bvY for ; Thu, 18 Jan 2024 17:57:20 +0000 (UTC) (envelope-from marklmi@yahoo.com) Received: from sonic306-20.consmr.mail.gq1.yahoo.com (sonic306-20.consmr.mail.gq1.yahoo.com [98.137.68.83]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4TG9SH4GFxz4Cvp for ; Thu, 18 Jan 2024 17:57:19 +0000 (UTC) (envelope-from marklmi@yahoo.com) Authentication-Results: mx1.freebsd.org; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1705600637; bh=NpUfhsbTJ5XDL7ovs/aECfMUy4rKmfOuAuI519Kyho4=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From:Subject:Reply-To; b=j20GVR78vpN4ERyDcAogKEI+5RKeuhpp8Pf828Rz/rpJBCGUI8RgojcYH97nWMi0sH+t6fY09hQJLbaG2csN3xG8lgghZSX0Z/vRh5f5rgi+cmnutzO1GpNNRyDGCKF63PfJOUp3O6/h2B8ZPfi7ybj5t2Rj/TQX2DdIBTlUajXub546Ztmb1DQ6ejshp3oY9AqnPiCdLuAmn0myi2uKm9mlT+BohNDKfLuDNlGNXOnqgbur3T4We21KcNvGXZQ2qcc+0v9Q75q/0Q0+E6vKlomulqQpEBQXJET2za3E23Dc41G6zh85nxh5JgxWn+k52S9ZyXQPnFmnQt1dhV3Hyw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1705600637; bh=53NaW+FSnUnxg00bBbJ0df5DwNRVeJGSl9Gpr7YF/bY=; h=X-Sonic-MF:Subject:From:Date:To:From:Subject; b=J3ZNPt5AzJm9Jg3IANO70M12f767JlxkShjLMbfy0ARzfOIdAq2gk0yEFW4Zr63MY2jFvwOHHqGQ5thh08p2fYOdja8Ax90RM/ysMmiHFiAx4g5ywfz5/tOUqMuWD4XhRwl0cqD9C03zlYPSVQAdK1OYI1MNwwcGhIPCKxYYyaaN+rOpWyhco4EwF4u7CvKIJpstb3DRBE5RtDOZerLQhOh1U4iTmAMHCorUCp3UPFDdL4fCBXcHt58kpGvXx/zRI0+jmP8G7UowjW5hJhs0bp6M1XtsaSHwQIIU1z5UaYAO+vSEm2FcLUF8JQ1wlUdoyetMlkoEjBHoMCR3SOcxiQ== X-YMail-OSG: 8f85m.gVM1lRiTh2vmG5e6zKpR.gOKBimXqhVSSVeLHVXje7HeF6MC39dQs4257 0e_L8d7RbOeH1Z5ZxjYhZnc49Ajlb0PyCREY780qBMwYuxVvTWHA3U1KCfLzjebVg1j9PM.HkiAf xSnhPyNoFbivhhu43DW4Og4n5K1QebDdYVPKcbHjQHrIYkSzNmxFIlnH0jo_FopUMrAtZwvGjkri rvYkha0NdlhhcyDJ9xBEooht6AvjaA1GVDbY9fgZXdF8ALuRTAGO.B7wizWjDL.1560LAgpX0OvH 6uU_u_ElXRCg4Uz_3UupS1YCdryvwddXAErf6I_4FEz5PzueuPI2wuH_WtRIfZwdsRnkejzPuxkv SSduX8TBGZ4c.uPNBGWUtrGjHNCcUDkLvTP2_c08RkX.neQ5K6mg7kKqhBnOrreG9NdYy89gh9eM Md3gjWnOy.xcNzrqaeDBK1zQxqXFpKbY6_ArPPbAgwM72N.yATZc5NAx7kjC7LLSfmwLy9d.sKan QnPn4gEXzD2aYbKVkRIHZ11UuILBRjr7PMVIfvzCPt6o3W4f4bw0mS8FZKcNNC0sYtBYQGRTMDnI .7oIq.dp6PsJiotk6ZTbm1P3ghJDiNw1j.0XQgA1ossoxU2vETASeXKg5o9pP_ReKVDAtOHf5Pgw AzrmFUREORuXAn8O8DXTLSSBy_oNDFEOws_jEB0wKDglO.xSYO6etkUOc7Uh_7VgmjN4v6xkFvnX 7I6Q3jmN0QCtT78Pz3ZcPCKlHWv.o2fehWVPbRU_Ew0sb6TeEO50UqgtxxJFx8UXyasGLTZBfdmT aHxsJH8H_t0o2TFDDHnLkLCttNSqlf93ZBx1PG8619ZiFZPCKoZtnzHTLmSO3RcsVwHUhZFLyvlx .6UBrMXB.iWYlwOew5bVrMk2ZJaX.wAy7.3aHh_XVy_XROGWi7TY.io3OoQrxfnpau9ar_dNQ2H1 VSw8CBveKg.Za753n1Vh0rVVDJpPDpj7BOrwmQUXIZo2yeoPQCANolmKXQEfMI3KSzzkHEq1B3Ml CeSdi9UfjBhiSh7U.yiGd5NBpDNp3vgeaVOGxSB1WJGnvk_b1dqSHUC3SI6puTzbXqU_2_BMhKcc lgSLZgGDTpdcqjWsjjh58pmmvPM2HHCiYB_2nd8Yz0s6vW7nXDCL2lpwwDbW0TVwDihSpLG3XPQE .OXHuIyveUvZHVM4ldf9OMxyoO3_CMUM6Fh21mUOlaXlp.xpnkuO4YrTNdEj.mqRPbj05VEKXKmu 0vKOXu0A2AmZ80E_zLZYsFJJYdO.mVkaZMo0J9HbJvfvDUgjzcRst6PsDP.zHHlNgVGHdcYLSCla GtcyMsORpkuj05sHirUNBuPcI0aQjAm0zMZO5pQuheyknbd561ju6l4gbsTNz8objK_utS.pLFRE B3PZgS8Ayb49f1kHgPxLzppgp4YNWRrR8OgLLChtzC7OdWgh43khSblCIQtuI0sDkkztTO67gyu5 zoezE7nBagys6IhZg4.oyINdBqyZuudRczb2C89JYJkynuQ0hFQSeOxRSq42Kij8T1jPsgpaEh0F TdbU.hd1r9XZkBNiniznC97YYltSFhufA.gJgO7Dd_uXscCjR_mjgnDpNzwIWckXwfq4quNSJ4ar ogm3a8W3e4ziYOM4Q1zIuqKsnKag_Bs7UqBuXmgXMFbYNziPjCx2U.3UJohjjOETOF5tUaw.T4ny 7q2aOZkPJMfyYk_xTVHJdj1D5Ylm.U_qnZBpYmzrU8h2CBy8PXc8WjeaOfRh4Ficw_3GmxlxalA4 BWIErGXxNnuwqP5LcIuZMutsHmHmiOUV0Q2fuYBymh4I_f4YUuRPGoNIGRwRPmEUiKHJfq_YHqN5 Dy7ah6lNUXlSke5LYqpYzjgyyLZ6gMBdmjInibU0pqYRM186XYZw6pKDdJM_j3eo0YkTWJHR8wa_ SQljYO9n8mKyMQ.Mm6C4aIv1prTDpIdJt7FSetVi_OX48uAkzwkJXvs9zm63vWbxg58MycW_5UOR fvfdxtb6PB5UNbfLNalpNkADqZWqYDbbDBnwutGAxAGBP9hLgKFfsB.bQwV2idkmz4WyOwF.DCfh FPWMhc8c69mUe3W7n4yeB1vGat46z8fyCBIut9wYA3ijYAT9zz5Ul1pYqy1xmWhp2Zf86q_YtUiw .Qauhv.puFhTVrye7A1krhHRL_FgkjAC7.25ttqJS1xofHyC7RQQLs2nd3CpuVY8iNGBN9q7Jw4i dpDMZ14r1UDTXWsMfYnG65J_BxpuEzK4u8UIcpki0L9HLSo3S3qwHtxngRaGHGLeG0egPfv9UMXe XzA-- X-Sonic-MF: X-Sonic-ID: a205d86f-3cc4-4e5e-b21b-5e32fadd3d48 Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.gq1.yahoo.com with HTTP; Thu, 18 Jan 2024 17:57:17 +0000 Received: by hermes--production-gq1-78d49cd6df-szbbq (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 54d77744c55f9be13ddca67e74a7b0c1; Thu, 18 Jan 2024 17:57:15 +0000 (UTC) Content-Type: text/plain; charset=us-ascii List-Id: Porting FreeBSD to ARM processors List-Archive: https://lists.freebsd.org/archives/freebsd-arm List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arm@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.300.61.1.2\)) Subject: Re: sshd signal 11 on -current From: Mark Millard In-Reply-To: Date: Thu, 18 Jan 2024 09:57:04 -0800 Cc: Paul Mather , freebsd-arm@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <0401BE64-5F62-4481-91E6-7B2DC5D8759B@yahoo.com> References: <7EF12F55-70E4-4780-BF73-3C7B963C3781@yahoo.com> <47E5939E-0DCF-4666-AB62-4A8E8A3F3204@gromit.dlib.vt.edu> To: bob prohaska X-Mailer: Apple Mail (2.3774.300.61.1.2) X-Rspamd-Queue-Id: 4TG9SH4GFxz4Cvp X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:36647, ipnet:98.137.64.0/20, country:US] On Jan 18, 2024, at 09:32, bob prohaska wrote: >=20 > On Thu, Jan 18, 2024 at 09:45:51AM -0500, Paul Mather wrote: >> On 17 Jan 2024, at 8:51???pm, bob prohaska = wrote: >>=20 >>>=20 >>> I'm not sure which MAC (as in ethernet MAC) is being referred >>> to. Might a different kind of MAC exist, unrelated to ethernet? >>=20 >>=20 >> If this error is from SSH then it is likely unrelated to Ethernet. = It likely refers to Message Authentication Code (MAC), which is used to = ensure data integrity. See man ssh_config(5) for details. >=20 > That puts a very different light on the problem. On ns2.zefox.net, > the host at the server end of the failed ssh connections, running=20 > bob@ns2:~ % ssh -Q mac > hmac-sha1 > hmac-sha1-96 > hmac-sha2-256 > hmac-sha2-512 > hmac-md5 > hmac-md5-96 > umac-64@openssh.com > umac-128@openssh.com > hmac-sha1-etm@openssh.com > hmac-sha1-96-etm@openssh.com > hmac-sha2-256-etm@openssh.com > hmac-sha2-512-etm@openssh.com > hmac-md5-etm@openssh.com > hmac-md5-96-etm@openssh.com > umac-64-etm@openssh.com > umac-128-etm@openssh.com > bob@ns2:~ % It looks like when connecting to ns2.zefox.net you could use: # ssh -G . . . for it to report the configuration ssh is actually using, including the MAC. If it turns out that macOS uses one vs. rpi4 RasPiOS workstation and Windows 10 laptop use something different, you may want to change the MAC actually used for those failing contexts. > At the same time, there was a typo (mine!) in /etc/ssh/sshd_conf, > MACs -*etm@openssh.co > introduced when adding the workaround in CVE-2023-48795.=20 >=20 > The error has been corrected and ns2.zefox.net rebooted. > But, no difference in behavior. Here's the transcript, > taken from my Raspberry Pi4 workstation: >=20 > bob@raspberrypi:~ $ ssh ns2.zefox.net > Password for bob@ns2.zefox.net: > Last login: Thu Jan 18 08:36:07 2024 > FreeBSD 12.4-STABLE r373269 GENERIC=20 >=20 > Welcome to FreeBSD! >=20 > Release Notes, Errata: https://www.FreeBSD.org/releases/ > Security Advisories: https://www.FreeBSD.org/security/ > FreeBSD Handbook: https://www.FreeBSD.org/handbook/ > FreeBSD FAQ: https://www.FreeBSD.org/faq/ > Questions List: = https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ > FreeBSD Forums: https://forums.FreeBSD.org/ >=20 > Documents installed with the system are in the = /usr/local/share/doc/freebsd/ > directory, or can be installed later with: pkg install en-freebsd-doc > For other languages, replace "en" with a language code like de or fr. >=20 > Show the version of FreeBSD installed: freebsd-version ; uname -a > Please include that output and any error messages when posting = questions. > Introduction to manual pages: man man > FreeBSD directory layout: man hier >=20 > Edit /etc/motd to change this login announcement. > You can use /etc/make.conf to control the options used to compile = software > on this system. Example entries are in > /usr/share/examples/etc/make.conf and in make.conf(5). > For options that are set for building FreeBSD's kernel and its world, = see > src.conf(5). > bob@ns2:~ % grep -i ssh /var/log/messages > Jan 1 00:38:20 ns2 sshd[8068]: error: = Fssh_kex_exchange_identification: Connection closed by remote host > Jan 1 01:04:47 ns2 sshd[8182]: error: = Fssh_kex_exchange_identification: Connection closed by remote host > Jan 1 01:49:21 ns2 sshd[8242]: error: PAM: Authentication error for = illegal user info from 185.11.61.234 > Jan 1 02:19:41 ns2 sshd[8292]: error: PAM: Authentication error for = illegal user cromados from 85.209.11.226 > Jan 1 02:26:04 ns2 sshd[8308]: error: = Fssh_kex_exchange_identification: Connection closed by remote host > Corrupted MAC on input. > ssh_dispatch_run_fatal: Connection to 50.1.20.30 port 22: message = authentication code incorrect > bob@raspberrypi:~ $=20 >=20 > It does seem likely I've been barking up the wrong tree, but the > new tree I picked is still wrong and there are several.=20 >=20 > A web search discovered an old (2016) thread which reports: > "I got this problem to go away by disabling AVB/EAV mode on the = advanced settings > for the Ethernet adapter on the Mac (under Big Sur)." That suggests an = Ethernet > problem IIUC. =3D=3D=3D Mark Millard marklmi at yahoo.com