Package: sshuttle Version: 0.78.4-1 Severity: normal I'm seeing this problem on multiple local networks, connecting to multiple remote servers. joey@darkstar:~>sshuttle -vNHr kitenet.net 0/0 Starting sshuttle proxy. firewall manager: Starting firewall with Python version 3.6.5 firewall manager: ready method name nat. IPv6 enabled: False UDP enabled: False DNS enabled: False User enabled: False TCP redirector listening on ('127.0.0.1', 12300). Starting client with Python version 3.6.5 c : connecting to server... Starting server with Python version 3.6.5 s: latency control setting = True s: available routes: s: 2/66.228.36.0/24 c : Connected. c : seed_hosts: [] firewall manager: setting up. >> iptables -t nat -N sshuttle-12300 >> iptables -t nat -F sshuttle-12300 >> iptables -t nat -I OUTPUT 1 -j sshuttle-12300 >> iptables -t nat -I PREROUTING 1 -j sshuttle-12300 >> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.1/32 -p tcp >> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 66.228.36.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42 >> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 0.0.0.0/0 -p tcp --to-ports 12300 -m ttl ! --ttl 42 packet_write_wait: Connection to 66.228.36.95 port 22: Broken pipe firewall manager: undoing changes. >> iptables -t nat -D OUTPUT -j sshuttle-12300 >> iptables -t nat -D PREROUTING -j sshuttle-12300 >> iptables -t nat -F sshuttle-12300 >> iptables -t nat -X sshuttle-12300 c : fatal: server died with error code 255 - exit 99 The servers are running debian testing/unstable with openssh 1:7.7p1-2, and stable with 1:7.4p1-10+deb9u2. This happens when I move .ssh/config out of the way too, so it's apparently not due to a local configuration. (/etc/ssh/ssh_config seems stock and is attached below) Intriguingly, ssh itself seems to be crashed by something sshuttle does. So, I think this might really be a ssh bug (and am ccing its maintainers). To show ssh is crashing, I used ssh connection multiplexing, opening the ssh master connection first: ssh -oControlMaster=auto -vS /tmp/ssh.sock kitenet.net Then running sshuttle over the same ssh connection: sshuttle -e 'ssh -oControlMaster=auto -vS /tmp/ssh.sock' -vNHr kitenet.net 0/0 This crashed the *whole* ssh connection. In the master ssh connection's window, it prints: debug1: multiplexing control connection debug1: channel 2: new [mux-control] debug1: channel 3: new [client-session] debug1: Sending environment. debug1: Sending env LANG = en_US.utf8 debug1: Sending env LC_COLLATE = C debug1: Sending env LC_TIME = C debug1: Sending command: exec /bin/sh -c 'P=python3; $P -V 2>/dev/null || P=python; exec "$P" -c '"'"'import sys, os; verbosity=1; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(1082), "assembler.py", "exec"))'"'"'' packet_write_wait: Connection to 66.228.36.95 port 22: Broken pipe And ssh dies with exit code 255. On the server, the journal contains only this for such a connection: May 10 10:21:29 kite sshd[32759]: rexec line 16: Deprecated option UsePrivilegeSeparation May 10 10:21:29 kite sshd[32759]: rexec line 19: Deprecated option KeyRegenerationInterval May 10 10:21:29 kite sshd[32759]: rexec line 20: Deprecated option ServerKeyBits May 10 10:21:29 kite sshd[32759]: rexec line 31: Deprecated option RSAAuthentication May 10 10:21:29 kite sshd[32759]: rexec line 38: Deprecated option RhostsRSAAuthentication May 10 10:21:29 kite sshd[32759]: reprocess config line 31: Deprecated option RSAAuthentication May 10 10:21:29 kite sshd[32759]: reprocess config line 38: Deprecated option RhostsRSAAuthentication May 10 10:21:29 kite sshd[32759]: Accepted publickey for joey from 67.223.12.39 port 47306 ssh2: RSA SHA256:b6mfcGYiKZh/Vb6JRyv8uGb7BBGxjGKOJeSCo7Ojhsg May 10 10:21:29 kite sshd[32759]: pam_unix(sshd:session): session opened for user joey by (uid=0) And intestingly, systemctl status on the server still shows me as logged in from that persistent ssh session, even though it seemed to crash. │ ├─user-1000.slice │ │ ├─session-29583.scope │ │ │ ├─32736 sshd: joey [priv] │ │ │ ├─32742 sshd: joey@notty │ │ │ └─32743 python3 -c import sys, os; verbosity=5; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(1082), "assembler.py", "exec")) │ │ ├─session-29586.scope │ │ │ ├─412 sshd: joey [priv] │ │ │ ├─418 sshd: joey@pts/3 │ │ │ ├─419 -bash │ │ │ └─474 python3 -c import sys, os; verbosity=1; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(1082), "assembler.py", "exec")) So, the crash must be on the local side, and in a way the ssh server doesn't notice it's disconnected. (Incidentially, this server has logind configured with KillUserProcesses=no.) I have used sshuttle successfully for years; IIRC I first saw this failure sometime within the past 6 months although I at first thought it was specific to some network I was on at the time. One more sshuttle transcript, with more verbosity and asking it to do less: joey@darkstar:~>sshuttle -vvvvvNr kitenet.net Starting sshuttle proxy. firewall manager: Starting firewall with Python version 3.6.5 firewall manager: ready method name nat. IPv6 enabled: False UDP enabled: False DNS enabled: False User enabled: False Binding redirector: 12300 TCP redirector listening on ('127.0.0.1', 12300). TCP redirector listening with <socket.socket fd=5, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 12300)>. Starting client with Python version 3.6.5 c : connecting to server... c : executing: ['ssh', 'kitenet.net', '--', 'exec /bin/sh -c \'P=python3; $P -V 2>/dev/null || P=python; exec "$P" -c \'"\'"\'import sys, os; verbosity=5; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(1082), "assembler.py", "exec"))\'"\'"\'\''] c : > channel=0 cmd=PING len=7 (fullness=0) server: assembling 'sshuttle' (7 bytes) server: assembling 'sshuttle.cmdline_options' (62 bytes) server: assembling 'sshuttle.helpers' (944 bytes) server: assembling 'sshuttle.ssnet' (5647 bytes) server: assembling 'sshuttle.hostwatch' (2386 bytes) server: assembling 'sshuttle.server' (3775 bytes) Starting server with Python version 3.6.5 s: latency control setting = True s: available routes: s: 2/66.228.36.0/24 s: > channel=0 cmd=PING len=7 (fullness=0) s: > channel=0 cmd=ROUTES len=17 (fullness=7) s: Waiting: 1 r=[4] w=[5] x=[] (fullness=24/0) s: Ready: 1 r=[] w=[5] x=[] s: mux wrote: 15/15 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=24/0) s: Ready: 1 r=[] w=[5] x=[] s: mux wrote: 25/25 s: Waiting: 1 r=[4] w=[] x=[] (fullness=24/0) c : Connected. c : Waiting: 2 r=[5, 8] w=[8] x=[] (fullness=7/0) c : Ready: 2 r=[8] w=[8] x=[] c : < channel=0 cmd=PING len=7 c : > channel=0 cmd=PONG len=7 (fullness=7) c : < channel=0 cmd=ROUTES len=17 c : Adding auto net 2/66.228.36.0/24 firewall manager: Got subnets: [(2, 24, False, '66.228.36.0', 0, 0), (2, 32, True, '127.0.0.1', 0, 0)] firewall manager: Got nslist: [] firewall manager: Got ports: 0,12300,0,0 firewall manager: Got udp: False, user: None firewall manager: setting up. firewall manager: setting up IPv4. >> iptables -t nat -N sshuttle-12300 >> iptables -t nat -F sshuttle-12300 >> iptables -t nat -I OUTPUT 1 -j sshuttle-12300 >> iptables -t nat -I PREROUTING 1 -j sshuttle-12300 >> iptables -t nat -A sshuttle-12300 -j RETURN --dest 127.0.0.1/32 -p tcp >> iptables -t nat -A sshuttle-12300 -j REDIRECT --dest 66.228.36.0/24 -p tcp --to-ports 12300 -m ttl ! --ttl 42 c : mux wrote: 15/15 c : mux wrote: 15/15 c : Waiting: 2 r=[5, 8] w=[] x=[] (fullness=14/0) packet_write_wait: Connection to 66.228.36.95 port 22: Broken pipe c : Ready: 2 r=[8] w=[] x=[] firewall manager: undoing changes. firewall manager: undoing IPv4 changes. >> iptables -t nat -D OUTPUT -j sshuttle-12300 >> iptables -t nat -D PREROUTING -j sshuttle-12300 >> iptables -t nat -F sshuttle-12300 >> iptables -t nat -X sshuttle-12300 firewall manager: undoing /etc/hosts changes. c : fatal: server died with error code 255 - exit 99 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.15.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages sshuttle depends on: ii iptables 1.6.2-1 ii openssh-client [ssh-client] 1:7.7p1-2 ii python3 3.6.5-3 ii python3-pkg-resources 39.0.1-2 Versions of packages sshuttle recommends: ii sudo 1.8.23-1 Versions of packages sshuttle suggests: pn autossh <none> -- no debconf information /etc/ssh/ssh_config: Host * SendEnv LANG LC_* HashKnownHosts yes GSSAPIAuthentication yes -- see shy jo
Attachment:
signature.asc
Description: PGP signature