Package: openssh-server Version: 1:7.9p1-10 Severity: normal Dear Maintainer, I've been running several servers, upgraded across many Debian stable releases, with sshd_config that had been tightened down in various ways (example attached) including explicit PubkeyAcceptedKeyTypes (containing ssh-rsa). After upgrading to buster a user reported that he could no longer login with his RSA key. sshd[17025]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth] I tested and found that explicitly defining PubkeyAcceptedKeyTypes in sshd_config breaks RSA pubkey auth, even when the line merely states: PubkeyAcceptedKeyTypes ssh-rsa However when PubkeyAcceptedKeyTypes is removed from the config, the implicit defaults allow RSA to work. I've attached sshd debug logs for the two scenarios. My guess is there's some sort of config parsing glitch within ssh. -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (601, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-cloud-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssh-server depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.71 ii dpkg 1.19.7 ii libaudit1 1:2.8.4-3 ii libc6 2.28-10 ii libcom-err2 1.44.5-1 ii libgssapi-krb5-2 1.17-3 ii libkrb5-3 1.17-3 ii libpam-modules 1.3.1-5 ii libpam-runtime 1.3.1-5 ii libpam0g 1.3.1-5 ii libselinux1 2.8-1+b1 ii libssl1.1 1.1.1c-1 ii libsystemd0 241-5 ii libwrap0 7.6.q-28 ii lsb-base 10.2019051400 ii openssh-client 1:7.9p1-10 ii openssh-sftp-server 1:7.9p1-10 ii procps 2:3.3.15-2 ii ucf 3.0038+nmu1 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages openssh-server recommends: ii libpam-systemd 241-5 ii ncurses-term 6.1+20181013-2 ii xauth 1:1.0.10-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn rssh <none> pn ssh-askpass <none> pn ufw <none> -- debconf information: openssh-server/permit-root-login: true * ssh/use_old_init_script: true ssh/encrypted_host_key_but_no_keygen: ssh/disable_cr_auth: false ssh/vulnerable_host_keys: openssh-server/password-authentication: true -- Gerald Turner <gturner@unzane.com> Encrypted mail preferred! OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80 3858 EC94 2276 FDB8 716D
AllowAgentForwarding no AllowStreamLocalForwarding no AllowTcpForwarding no AllowUsers REDACTED AuthenticationMethods publickey password ChallengeResponseAuthentication no Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com ClientAliveCountMax 2 ClientAliveInterval 30 Compression no DebianBanner no DisableForwarding yes HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_rsa_key HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ssh-rsa KexAlgorithms diffie-hellman-group18-sha512,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org LoginGraceTime 10 LogLevel VERBOSE MACs hmac-sha2-512-etm@openssh.com MaxAuthTries 3 MaxStartups 2:50:10 PermitOpen none PermitRootLogin no PermitUserRC no Port 50022 PrintMotd no PubkeyAcceptedKeyTypes ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ssh-rsa RekeyLimit 1280M 53m59s Subsystem sftp /usr/lib/openssh/sftp-server TCPKeepAlive no UseDNS yes UsePAM yes
# Rejected RSA pubkey login. # ssh running with explicit "PubkeyAcceptedKeyTypes ssh-rsa" in sshd_config Aug 1 08:18:25 zoth-ommog sshd[20165]: debug1: Forked child 20167. Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: Set /proc/self/oom_score_adj to 0 Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: inetd sockets after dupping: 3, 3 Aug 1 08:18:25 zoth-ommog sshd[20167]: Connection from REDACTED port 35260 on REDACTED port 50022 Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: Client protocol version 2.0; client software version OpenSSH_7.9p1 Debian-10 Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: match: OpenSSH_7.9p1 Debian-10 pat OpenSSH* compat 0x04000000 Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: permanently_set_uid: 103/65534 [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: list_hostkey_types: ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,ssh-rsa [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: SSH2_MSG_KEXINIT sent [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: SSH2_MSG_KEXINIT received [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: kex: algorithm: diffie-hellman-group18-sha512 [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: kex: host key algorithm: ssh-ed25519-cert-v01@openssh.com [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: expecting SSH2_MSG_KEXDH_INIT [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: rekey after 83886080 blocks [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: SSH2_MSG_NEWKEYS sent [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: expecting SSH2_MSG_NEWKEYS [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: SSH2_MSG_NEWKEYS received [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: rekey after 83886080 blocks [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: KEX done [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: userauth-request for user gturner service ssh-connection method none [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: attempt 0 failures 0 [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: authentication methods list 0: publickey Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: authentication methods list 1: password Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: authentication methods list 0: publickey [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: authentication methods list 1: password [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: PAM: initializing for "gturner" Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: PAM: setting PAM_RHOST to "REDACTED" Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: PAM: setting PAM_TTY to "ssh" Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: userauth-request for user gturner service ssh-connection method publickey [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: debug1: attempt 1 failures 0 [preauth] Aug 1 08:18:25 zoth-ommog sshd[20167]: userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedKeyTypes [preauth] Aug 1 08:18:28 zoth-ommog sshd[20167]: debug1: userauth-request for user gturner service ssh-connection method password [preauth] Aug 1 08:18:28 zoth-ommog sshd[20167]: debug1: attempt 2 failures 1 [preauth] Aug 1 08:18:28 zoth-ommog sshd[20167]: pam_ecryptfs: pam_sm_authenticate: /home/gturner is already mounted Aug 1 08:18:28 zoth-ommog sshd[20167]: debug1: PAM: password authentication accepted for gturner Aug 1 08:18:28 zoth-ommog sshd[20167]: debug1: do_pam_account: called Aug 1 08:18:28 zoth-ommog sshd[20167]: Accepted password for gturner from REDACTED port 35260 ssh2 Aug 1 08:18:28 zoth-ommog sshd[20167]: debug1: monitor_child_preauth: gturner has been authenticated by privileged process Aug 1 08:18:28 zoth-ommog sshd[20167]: debug1: monitor_read_log: child log fd closed Aug 1 08:18:28 zoth-ommog sshd[20167]: debug1: PAM: establishing credentials Aug 1 08:18:28 zoth-ommog sshd[20167]: pam_unix(sshd:session): session opened for user gturner by (uid=0) Aug 1 08:18:28 zoth-ommog systemd-logind[391]: New session 243 of user gturner. Aug 1 08:18:28 zoth-ommog sshd[20167]: User child is on pid 20174 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: SELinux support disabled Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: PAM: establishing credentials Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: permanently_set_uid: 1000/100 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: rekey after 83886080 blocks Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: rekey after 83886080 blocks Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: ssh_packet_set_postauth: called Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: Entering interactive session for SSH2. Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: server_init_dispatch Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: input_session_request Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: channel 0: new [server-session] Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: session_new: session 0 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: session_open: channel 0 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: session_open: session 0: link with channel 0 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: server_input_channel_open: confirm session Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: server_input_channel_req: channel 0 request pty-req reply 1 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: session_by_channel: session 0 channel 0 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: session_input_channel_req: session 0 req pty-req Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: Allocating pty. Aug 1 08:18:28 zoth-ommog sshd[20167]: debug1: session_new: session 0 Aug 1 08:18:28 zoth-ommog sshd[20167]: debug1: SELinux support disabled Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: session_pty_req: session 0 alloc /dev/pts/20 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: server_input_channel_req: channel 0 request env reply 0 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: session_by_channel: session 0 channel 0 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: session_input_channel_req: session 0 req env Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: server_input_channel_req: channel 0 request shell reply 1 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: session_by_channel: session 0 channel 0 Aug 1 08:18:28 zoth-ommog sshd[20174]: debug1: session_input_channel_req: session 0 req shell Aug 1 08:18:28 zoth-ommog sshd[20174]: Starting session: shell on pts/20 for gturner from REDACTED port 35260 id 0 Aug 1 08:18:28 zoth-ommog sshd[20175]: debug1: Setting controlling tty using TIOCSCTTY. Aug 1 08:18:29 zoth-ommog sshd[20174]: debug1: Received SIGCHLD. Aug 1 08:18:29 zoth-ommog sshd[20174]: debug1: session_by_pid: pid 20175 Aug 1 08:18:29 zoth-ommog sshd[20174]: debug1: session_exit_message: session 0 channel 0 pid 20175 Aug 1 08:18:29 zoth-ommog sshd[20174]: debug1: session_exit_message: release channel 0 Aug 1 08:18:29 zoth-ommog sshd[20167]: debug1: session_by_tty: session 0 tty /dev/pts/20 Aug 1 08:18:29 zoth-ommog sshd[20167]: debug1: session_pty_cleanup2: session 0 release /dev/pts/20 Aug 1 08:18:29 zoth-ommog sshd[20174]: Received disconnect from REDACTED port 35260:11: disconnected by user Aug 1 08:18:29 zoth-ommog sshd[20174]: Disconnected from user gturner REDACTED port 35260 Aug 1 08:18:29 zoth-ommog sshd[20174]: debug1: do_cleanup Aug 1 08:18:29 zoth-ommog sshd[20167]: debug1: do_cleanup Aug 1 08:18:29 zoth-ommog sshd[20167]: debug1: PAM: cleanup Aug 1 08:18:29 zoth-ommog sshd[20167]: debug1: PAM: closing session Aug 1 08:18:29 zoth-ommog sshd[20167]: pam_unix(sshd:session): session closed for user gturner Aug 1 08:18:29 zoth-ommog sshd[20186]: pam_ecryptfs: Skipping automatic eCryptfs unmount Aug 1 08:18:29 zoth-ommog sshd[20167]: debug1: PAM: deleting credentials Aug 1 08:18:29 zoth-ommog sshd[20167]: debug1: audit_event: unhandled event 12 Aug 1 08:18:29 zoth-ommog systemd-logind[391]: Session 243 logged out. Waiting for processes to exit. Aug 1 08:18:29 zoth-ommog systemd-logind[391]: Removed session 243. Aug 1 08:18:37 zoth-ommog sshd[20165]: debug1: Forked child 20187. Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: Set /proc/self/oom_score_adj to 0 Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: inetd sockets after dupping: 3, 3 Aug 1 08:18:37 zoth-ommog sshd[20187]: Connection from 2001:470:e861:3::2 port 60618 on REDACTED port 50022 Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: Client protocol version 2.0; client software version OpenSSH_7.9p1 Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: match: OpenSSH_7.9p1 pat OpenSSH* compat 0x04000000 Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: permanently_set_uid: 103/65534 [preauth] Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: list_hostkey_types: ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,ssh-rsa [preauth] Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: SSH2_MSG_KEXINIT sent [preauth] Aug 1 08:18:37 zoth-ommog sshd[20187]: Connection closed by 2001:470:e861:3::2 port 60618 [preauth] Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: do_cleanup [preauth] Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: monitor_read_log: child log fd closed Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: do_cleanup Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: Killing privsep child 20189 Aug 1 08:18:37 zoth-ommog sshd[20187]: debug1: audit_event: unhandled event 12 Aug 1 08:18:53 zoth-ommog sshd[20198]: debug1: Forked child 20199. Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: Set /proc/self/oom_score_adj to 0 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: inetd sockets after dupping: 3, 3 Aug 1 08:18:53 zoth-ommog sshd[20199]: Connection from REDACTED port 35262 on REDACTED port 50022 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: Client protocol version 2.0; client software version OpenSSH_7.9p1 Debian-10 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: match: OpenSSH_7.9p1 Debian-10 pat OpenSSH* compat 0x04000000 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: permanently_set_uid: 103/65534 [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: list_hostkey_types: ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,ssh-rsa [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: SSH2_MSG_KEXINIT sent [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: SSH2_MSG_KEXINIT received [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: kex: algorithm: diffie-hellman-group18-sha512 [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: kex: host key algorithm: ssh-ed25519-cert-v01@openssh.com [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: expecting SSH2_MSG_KEXDH_INIT [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: rekey after 83886080 blocks [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: SSH2_MSG_NEWKEYS sent [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: expecting SSH2_MSG_NEWKEYS [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: SSH2_MSG_NEWKEYS received [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: rekey after 83886080 blocks [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: KEX done [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: userauth-request for user gturner service ssh-connection method none [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: attempt 0 failures 0 [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: authentication methods list 0: publickey Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: authentication methods list 1: password Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: PAM: initializing for "gturner" Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: PAM: setting PAM_RHOST to "REDACTED" Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: PAM: setting PAM_TTY to "ssh" Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: authentication methods list 0: publickey [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: authentication methods list 1: password [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: userauth-request for user gturner service ssh-connection method publickey [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: attempt 1 failures 0 [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: temporarily_use_uid: 1000/100 (e=0/0) Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: trying public key file /home/gturner/.ssh/authorized_keys Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: fd 4 clearing O_NONBLOCK Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: /home/gturner/.ssh/authorized_keys:2: matching key found: RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: /home/gturner/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Aug 1 08:18:53 zoth-ommog sshd[20199]: Accepted key RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU found at /home/gturner/.ssh/authorized_keys:2 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: restore_uid: 0/0 Aug 1 08:18:53 zoth-ommog sshd[20199]: Postponed publickey for gturner from REDACTED port 35262 ssh2 [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: userauth-request for user gturner service ssh-connection method publickey [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: attempt 2 failures 0 [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: temporarily_use_uid: 1000/100 (e=0/0) Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: trying public key file /home/gturner/.ssh/authorized_keys Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: fd 4 clearing O_NONBLOCK Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: /home/gturner/.ssh/authorized_keys:2: matching key found: RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: /home/gturner/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Aug 1 08:18:53 zoth-ommog sshd[20199]: Accepted key RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU found at /home/gturner/.ssh/authorized_keys:2 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: restore_uid: 0/0 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: auth_activate_options: setting new authentication options Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: do_pam_account: called Aug 1 08:18:53 zoth-ommog sshd[20199]: Accepted publickey for gturner from REDACTED port 35262 ssh2: RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: monitor_child_preauth: gturner has been authenticated by privileged process Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: auth_activate_options: setting new authentication options [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: monitor_read_log: child log fd closed Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: PAM: establishing credentials Aug 1 08:18:53 zoth-ommog sshd[20199]: pam_unix(sshd:session): session opened for user gturner by (uid=0) Aug 1 08:18:53 zoth-ommog systemd-logind[391]: New session 244 of user gturner. Aug 1 08:18:53 zoth-ommog sshd[20199]: User child is on pid 20206 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: SELinux support disabled Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: PAM: establishing credentials Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: permanently_set_uid: 1000/100 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: rekey after 83886080 blocks Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: rekey after 83886080 blocks Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: ssh_packet_set_postauth: called Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: Entering interactive session for SSH2. Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: server_init_dispatch Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: input_session_request Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: channel 0: new [server-session] Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_new: session 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_open: channel 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_open: session 0: link with channel 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: server_input_channel_open: confirm session Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: server_input_channel_req: channel 0 request pty-req reply 1 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_by_channel: session 0 channel 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_input_channel_req: session 0 req pty-req Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: Allocating pty. Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: session_new: session 0 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: SELinux support disabled Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_pty_req: session 0 alloc /dev/pts/20 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: server_input_channel_req: channel 0 request env reply 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_by_channel: session 0 channel 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_input_channel_req: session 0 req env Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: server_input_channel_req: channel 0 request shell reply 1 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_by_channel: session 0 channel 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_input_channel_req: session 0 req shell Aug 1 08:18:53 zoth-ommog sshd[20206]: Starting session: shell on pts/20 for gturner from REDACTED port 35262 id 0 Aug 1 08:18:53 zoth-ommog sshd[20207]: debug1: Setting controlling tty using TIOCSCTTY. Aug 1 08:18:55 zoth-ommog sshd[20206]: debug1: Received SIGCHLD. Aug 1 08:18:55 zoth-ommog sshd[20206]: debug1: session_by_pid: pid 20207 Aug 1 08:18:55 zoth-ommog sshd[20206]: debug1: session_exit_message: session 0 channel 0 pid 20207 Aug 1 08:18:55 zoth-ommog sshd[20206]: debug1: session_exit_message: release channel 0 Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: session_by_tty: session 0 tty /dev/pts/20 Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: session_pty_cleanup2: session 0 release /dev/pts/20 Aug 1 08:18:55 zoth-ommog sshd[20206]: Received disconnect from REDACTED port 35262:11: disconnected by user Aug 1 08:18:55 zoth-ommog sshd[20206]: Disconnected from user gturner REDACTED port 35262 Aug 1 08:18:55 zoth-ommog sshd[20206]: debug1: do_cleanup Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: do_cleanup Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: PAM: cleanup Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: PAM: closing session Aug 1 08:18:55 zoth-ommog sshd[20199]: pam_unix(sshd:session): session closed for user gturner Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: PAM: deleting credentials Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: audit_event: unhandled event 12 Aug 1 08:18:55 zoth-ommog systemd-logind[391]: Session 244 logged out. Waiting for processes to exit. Aug 1 08:18:55 zoth-ommog systemd-logind[391]: Removed session 244.
# Successful RSA pubkey login. # ssh had been restarted with PubkeyAcceptedKeyTypes *removed* from sshd_config Aug 1 08:18:53 zoth-ommog sshd[20198]: debug1: Forked child 20199. Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: Set /proc/self/oom_score_adj to 0 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: inetd sockets after dupping: 3, 3 Aug 1 08:18:53 zoth-ommog sshd[20199]: Connection from REDACTED port 35262 on REDACTED port 50022 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: Client protocol version 2.0; client software version OpenSSH_7.9p1 Debian-10 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: match: OpenSSH_7.9p1 Debian-10 pat OpenSSH* compat 0x04000000 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: permanently_set_uid: 103/65534 [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: list_hostkey_types: ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,ssh-rsa [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: SSH2_MSG_KEXINIT sent [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: SSH2_MSG_KEXINIT received [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: kex: algorithm: diffie-hellman-group18-sha512 [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: kex: host key algorithm: ssh-ed25519-cert-v01@openssh.com [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: expecting SSH2_MSG_KEXDH_INIT [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: rekey after 83886080 blocks [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: SSH2_MSG_NEWKEYS sent [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: expecting SSH2_MSG_NEWKEYS [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: SSH2_MSG_NEWKEYS received [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: rekey after 83886080 blocks [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: KEX done [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: userauth-request for user gturner service ssh-connection method none [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: attempt 0 failures 0 [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: authentication methods list 0: publickey Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: authentication methods list 1: password Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: PAM: initializing for "gturner" Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: PAM: setting PAM_RHOST to "REDACTED" Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: PAM: setting PAM_TTY to "ssh" Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: authentication methods list 0: publickey [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: authentication methods list 1: password [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: userauth-request for user gturner service ssh-connection method publickey [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: attempt 1 failures 0 [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: userauth_pubkey: test pkalg rsa-sha2-512 pkblob RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: temporarily_use_uid: 1000/100 (e=0/0) Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: trying public key file /home/gturner/.ssh/authorized_keys Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: fd 4 clearing O_NONBLOCK Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: /home/gturner/.ssh/authorized_keys:2: matching key found: RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: /home/gturner/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Aug 1 08:18:53 zoth-ommog sshd[20199]: Accepted key RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU found at /home/gturner/.ssh/authorized_keys:2 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: restore_uid: 0/0 Aug 1 08:18:53 zoth-ommog sshd[20199]: Postponed publickey for gturner from REDACTED port 35262 ssh2 [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: userauth-request for user gturner service ssh-connection method publickey [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: attempt 2 failures 0 [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: temporarily_use_uid: 1000/100 (e=0/0) Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: trying public key file /home/gturner/.ssh/authorized_keys Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: fd 4 clearing O_NONBLOCK Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: /home/gturner/.ssh/authorized_keys:2: matching key found: RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: /home/gturner/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Aug 1 08:18:53 zoth-ommog sshd[20199]: Accepted key RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU found at /home/gturner/.ssh/authorized_keys:2 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: restore_uid: 0/0 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: auth_activate_options: setting new authentication options Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: do_pam_account: called Aug 1 08:18:53 zoth-ommog sshd[20199]: Accepted publickey for gturner from REDACTED port 35262 ssh2: RSA SHA256:cN6+RJMBj25zximZ28B/CanFpjupWf/ABGrRGprS1LU Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: monitor_child_preauth: gturner has been authenticated by privileged process Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: auth_activate_options: setting new authentication options [preauth] Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: monitor_read_log: child log fd closed Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: PAM: establishing credentials Aug 1 08:18:53 zoth-ommog sshd[20199]: pam_unix(sshd:session): session opened for user gturner by (uid=0) Aug 1 08:18:53 zoth-ommog systemd-logind[391]: New session 244 of user gturner. Aug 1 08:18:53 zoth-ommog sshd[20199]: User child is on pid 20206 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: SELinux support disabled Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: PAM: establishing credentials Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: permanently_set_uid: 1000/100 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: rekey after 83886080 blocks Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: rekey after 83886080 blocks Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: ssh_packet_set_postauth: called Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: active: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: Entering interactive session for SSH2. Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: server_init_dispatch Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: input_session_request Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: channel 0: new [server-session] Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_new: session 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_open: channel 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_open: session 0: link with channel 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: server_input_channel_open: confirm session Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: server_input_channel_req: channel 0 request pty-req reply 1 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_by_channel: session 0 channel 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_input_channel_req: session 0 req pty-req Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: Allocating pty. Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: session_new: session 0 Aug 1 08:18:53 zoth-ommog sshd[20199]: debug1: SELinux support disabled Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_pty_req: session 0 alloc /dev/pts/20 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: server_input_channel_req: channel 0 request env reply 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_by_channel: session 0 channel 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_input_channel_req: session 0 req env Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: server_input_channel_req: channel 0 request shell reply 1 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_by_channel: session 0 channel 0 Aug 1 08:18:53 zoth-ommog sshd[20206]: debug1: session_input_channel_req: session 0 req shell Aug 1 08:18:53 zoth-ommog sshd[20206]: Starting session: shell on pts/20 for gturner from REDACTED port 35262 id 0 Aug 1 08:18:53 zoth-ommog sshd[20207]: debug1: Setting controlling tty using TIOCSCTTY. Aug 1 08:18:55 zoth-ommog sshd[20206]: debug1: Received SIGCHLD. Aug 1 08:18:55 zoth-ommog sshd[20206]: debug1: session_by_pid: pid 20207 Aug 1 08:18:55 zoth-ommog sshd[20206]: debug1: session_exit_message: session 0 channel 0 pid 20207 Aug 1 08:18:55 zoth-ommog sshd[20206]: debug1: session_exit_message: release channel 0 Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: session_by_tty: session 0 tty /dev/pts/20 Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: session_pty_cleanup2: session 0 release /dev/pts/20 Aug 1 08:18:55 zoth-ommog sshd[20206]: Received disconnect from REDACTED port 35262:11: disconnected by user Aug 1 08:18:55 zoth-ommog sshd[20206]: Disconnected from user gturner REDACTED port 35262 Aug 1 08:18:55 zoth-ommog sshd[20206]: debug1: do_cleanup Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: do_cleanup Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: PAM: cleanup Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: PAM: closing session Aug 1 08:18:55 zoth-ommog sshd[20199]: pam_unix(sshd:session): session closed for user gturner Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: PAM: deleting credentials Aug 1 08:18:55 zoth-ommog sshd[20199]: debug1: audit_event: unhandled event 12 Aug 1 08:18:55 zoth-ommog systemd-logind[391]: Session 244 logged out. Waiting for processes to exit. Aug 1 08:18:55 zoth-ommog systemd-logind[391]: Removed session 244.
Attachment:
signature.asc
Description: PGP signature