Whenever I try to ssh into a server, ssh exits with the message "ssh: read1: eof". I've tried it with -v but I don't see anything that is an obvious cause. The behavior is the same on multiple servers, most recently tty.sdf.org? Could it be an issue with secstore or Factotum?
Quoth aeggenberger@sdf.org:
> Whenever I try to ssh into a server, ssh exits with the message
> "ssh: read1: eof". I've tried it with -v but I don't see anything that
> is an obvious cause. The behavior is the same on multiple servers,
> most recently tty.sdf.org? Could it be an issue with secstore or
> Factotum?
>
you want '-d', not '-v', and you want to paste it so that someone
else can see what could be a cause.
it could be factotum containing the wrong keys, but without seeing
the output I have no idea.
> Whenever I try to ssh into a server, ssh exits with the message > "ssh: read1: eof". I've tried it with -v but I don't see anything that > is an obvious cause. The behavior is the same on multiple servers, > most recently tty.sdf.org? Could it be an issue with secstore or > Factotum? I had the same issue when using ssh for the first time on 9front. You probably have to sysupdate and build the new sources (See 5.2.2 FQA). This contains the most recent version of the ssh client which updates some algorithm logic. For more details see: https://inbox.vuxu.org/9front/CABO6shfqKpXSXYArxfWo8SaWsXKvpjSMFMKdc134AxPCqZrvJA@mail.gmail.com/
Quoth aeggenberger@sdf.org:
> Thanks. I tried building and installing everything, but the problem persists.
this may be obvious, but: did you sysupdate before building and installing?
what's the output of:
@{cd /dist/plan9front/ && git/query HEAD}
Quoth aeggenberger@sdf.org:
> Yes. I did sysupdate first. The output of that command is
>
> 7ca997bf7efdca16416b22488ebc7b70c419fd44
and as a final sanity check:
% g rsa-sha2 /sys/src/cmd/ssh.c
/sys/src/cmd/ssh.c:401: static char rsasha256[] = "rsa-sha2-256";
if you don't see rsa-sha2-256:
bind -ac /dist/plan9front / && git/revert ssh.c
then, to be 100% sure you're running the right one:
% cd /sys/src/cmd && rm 6.ssh ssh.6
% mk ssh.install
are there any servers that you can log into, or are they
all broken?
Quoth aeggenberger@sdf.org:
> That first `g' didn't turn up the expected line, so I followed the rest of the steps and it's working now. Thanks for your help. Was sysupdate refusing to update ssh.c because it was detecting some local change?
>
It should say if it does.
there was a point early after switching to git where
git would remove write permissions to files, and then
fail to update them. You may have been bitten by that.
Quoth chris@chrisfroeschl.de:
>
> I had the same issue when using ssh for the first time on 9front.
>
> You probably have to sysupdate and build the new sources (See 5.2.2 FQA).
> This contains the most recent version of the ssh client which updates
> some algorithm logic.
>
> For more details see:
>
> https://inbox.vuxu.org/9front/CABO6shfqKpXSXYArxfWo8SaWsXKvpjSMFMKdc134AxPCqZrvJA@mail.gmail.com/
Thanks. I tried building and installing everything, but the problem persists.
Here's the output of ssh -d aeggenberger@sdf.org.
term% ssh -d aeggenberger@sdf.org
server version: SSH-2.0-OpenSSH_8.8
kexalgs: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
hostalgs: rsa-sha2-512,rsa-sha2-256,ssh-ed25519
cipher1: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
cipher2: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
mac1: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
mac2: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
zip1: none,zlib@openssh.com
zip2: none,zlib@openssh.com
lang1:
lang2:
ssh: read1: eof
Quoth chris@chrisfroeschl.de:
> I had the same issue when using ssh for the first time on 9front.
>
> You probably have to sysupdate and build the new sources (See 5.2.2 FQA).
> This contains the most recent version of the ssh client which updates
> some algorithm logic.
>
> For more details see:
>
> https://inbox.vuxu.org/9front/CABO6shfqKpXSXYArxfWo8SaWsXKvpjSMFMKdc134AxPCqZrvJA@mail.gmail.com/
Thanks. I tried building and installing everything, but the problem persists.
Here's the output of ssh -d aeggenberger@sdf.org.
term% ssh -d aeggenberger@sdf.org
server version: SSH-2.0-OpenSSH_8.8
kexalgs: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
hostalgs: rsa-sha2-512,rsa-sha2-256,ssh-ed25519
cipher1: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
cipher2: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
mac1: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
mac2: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
zip1: none,zlib@openssh.com
zip2: none,zlib@openssh.com
lang1:
lang2:
ssh: read1: eof
Yes. I did sysupdate first. The output of that command is
7ca997bf7efdca16416b22488ebc7b70c419fd44
Quoth ori@eigenstate.org:
> Quoth aeggenberger@sdf.org:
> > Thanks. I tried building and installing everything, but the problem persists.
>
> this may be obvious, but: did you sysupdate before building and installing?
>
> what's the output of:
>
> @{cd /dist/plan9front/ && git/query HEAD}
>
>
That first `g' didn't turn up the expected line, so I followed the rest of the steps and it's working now. Thanks for your help. Was sysupdate refusing to update ssh.c because it was detecting some local change?
Quoth ori@eigenstate.org:
> Quoth aeggenberger@sdf.org:
> > Yes. I did sysupdate first. The output of that command is
> >
> > 7ca997bf7efdca16416b22488ebc7b70c419fd44
>
> and as a final sanity check:
>
> % g rsa-sha2 /sys/src/cmd/ssh.c
> /sys/src/cmd/ssh.c:401: static char rsasha256[] = "rsa-sha2-256";
>
> if you don't see rsa-sha2-256:
>
> bind -ac /dist/plan9front / && git/revert ssh.c
>
> then, to be 100% sure you're running the right one:
>
> % cd /sys/src/cmd && rm 6.ssh ssh.6
> % mk ssh.install
>
> are there any servers that you can log into, or are they
> all broken?
>
>
>
I don't have access to my 9front system to verify this but I remember getting that error and having to revert a change to address it. IIRC I had to turn the below from "<=" to "<" to be able to log into some servers. SDF may be one of those. /sys/src/libsec/port/tlshand.c // reject dh primes that is susceptible to logjam if(p->len <= 1024/8) return nil;