From nobody Sun May 21 13:49:33 2023
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QPMQ23YGyz4CWsn
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Sun, 21 May 2023 13:49:30 +0000 (UTC)
	(envelope-from fbsd@www.zefox.net)
Received: from www.zefox.net (www.zefox.net [50.1.20.27])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "www.zefox.com", Issuer "www.zefox.com" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QPMQ02jRKz4N46
	for <freebsd-current@freebsd.org>; Sun, 21 May 2023 13:49:28 +0000 (UTC)
	(envelope-from fbsd@www.zefox.net)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	spf=none (mx1.freebsd.org: domain of fbsd@www.zefox.net has no SPF policy when checking 50.1.20.27) smtp.mailfrom=fbsd@www.zefox.net;
	dmarc=none
Received: from www.zefox.net (localhost [127.0.0.1])
	by www.zefox.net (8.17.1/8.15.2) with ESMTPS id 34LDnYiu003959
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Sun, 21 May 2023 06:49:34 -0700 (PDT)
	(envelope-from fbsd@www.zefox.net)
Received: (from fbsd@localhost)
	by www.zefox.net (8.17.1/8.15.2/Submit) id 34LDnYR7003958;
	Sun, 21 May 2023 06:49:34 -0700 (PDT)
	(envelope-from fbsd)
Date: Sun, 21 May 2023 06:49:33 -0700
From: bob prohaska <fbsd@www.zefox.net>
To: freebsd-current@freebsd.org
Cc: bob prohaska <fbsd@www.zefox.net>
Subject: Stray characters in command history
Message-ID: <ZGohbTVTRwfJkqyk@www.zefox.net>
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spamd-Result: default: False [-1.02 / 15.00];
	AUTH_NA(1.00)[];
	NEURAL_HAM_SHORT(-0.99)[-0.990];
	NEURAL_HAM_MEDIUM(-0.99)[-0.987];
	NEURAL_HAM_LONG(-0.94)[-0.940];
	MID_RHS_WWW(0.50)[];
	WWW_DOT_DOMAIN(0.50)[];
	MIME_GOOD(-0.10)[text/plain];
	MLMMJ_DEST(0.00)[freebsd-current@freebsd.org];
	R_DKIM_NA(0.00)[];
	R_SPF_NA(0.00)[no SPF record];
	ASN(0.00)[asn:7065, ipnet:50.1.16.0/20, country:US];
	FROM_EQ_ENVFROM(0.00)[];
	MIME_TRACE(0.00)[0:+];
	RCPT_COUNT_TWO(0.00)[2];
	RCVD_COUNT_THREE(0.00)[3];
	RCVD_TLS_LAST(0.00)[];
	ARC_NA(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	FROM_HAS_DN(0.00)[];
	DMARC_NA(0.00)[zefox.net];
	TO_DN_SOME(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[]
X-Rspamd-Queue-Id: 4QPMQ02jRKz4N46
X-Spamd-Bar: -
X-ThisMailContainsUnwantedMimeParts: N

Lately I've been playing with buildworld on a Pi3 running -current. The same machine
acts as a terminal server for a second Pi3 also running -current in my "cluster". 
I ssh into the first Pi3, su to root and run tip to pick up a serial connection to 
the second Pi's console. Both machines are within a week of up-to-date.

While building world on the first Pi3 the ssh connection frequently drops and must be
re-established. If there was a shell running on the serial console of the second
Pi3 it typically keeps running and when the tip session is restarted disgorges a
stream of accumulated console message. 

This morning the same thing happened, but I noticed something odd. The stream of
messages (all login failure announcements from ssh) ended with

....
May 21 06:15:00 www sshd[33562]: error: Fssh_kex_exchange_identification: banner line contains invalid characters
*+May 21 06:15:19 www sshd[33565]: error: Fssh_kex_exchange_identification: Connection closed by remote host
May 21 06:15:33 www sshd[33613]: error: Protocol major versions differ: 2 vs. 1

At that point I hit carriage return and got
*+: No match.

I did not type the *+ so it looks like the characters were somehow introduced elsewhere,
possibly from the ssh failure message. How they got into the command stream is unclear.

This strikes me as undesirable at best and possibly much worse. The shell reporting
the "no match" was a regular user shell, but if I'd been su'd to root it appears that
the unmatched characters would be seen by the root shell as input.

This more-or-less fits with the pattern seen earlier with reboots observed via serial
console halting on un-typed keystrokes. Those halts were attributed to electrical noise
on the serial line, but this looks like something injected via part of the network
login process. Reboot pauses have been an ongoing phenomenon for months, this is the 
first time I've noticed the "invalid characters" message from ssh on the console.

Thanks for reading, apologies if I'm being a worrywart.

bob prohaska