From nobody Tue Jan 11 05:34:43 2022 X-Original-To: freebsd-arm@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7E0BE1934DD7 for ; Tue, 11 Jan 2022 05:34:42 +0000 (UTC) (envelope-from fbsd@www.zefox.net) Received: from www.zefox.net (www.zefox.net [50.1.20.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "www.zefox.com", Issuer "www.zefox.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JXzsZ1rYtz3F4Z for ; Tue, 11 Jan 2022 05:34:42 +0000 (UTC) (envelope-from fbsd@www.zefox.net) Received: from www.zefox.net (localhost [127.0.0.1]) by www.zefox.net (8.16.1/8.15.2) with ESMTPS id 20B5Yi5u075437 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Mon, 10 Jan 2022 21:34:44 -0800 (PST) (envelope-from fbsd@www.zefox.net) Received: (from fbsd@localhost) by www.zefox.net (8.16.1/8.15.2/Submit) id 20B5YiTE075436; Mon, 10 Jan 2022 21:34:44 -0800 (PST) (envelope-from fbsd) Date: Mon, 10 Jan 2022 21:34:43 -0800 From: bob prohaska To: Mark Millard Cc: freebsd-arm@freebsd.org Subject: Re: SSH login failing on stable/13 Message-ID: <20220111053443.GA73926@www.zefox.net> References: <20220110193917.GA74116@www.zefox.net> <19F80CC0-B7B0-4929-9FA0-460BBF35AADE@yahoo.com> List-Id: Porting FreeBSD to ARM processors List-Archive: https://lists.freebsd.org/archives/freebsd-arm List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arm@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <19F80CC0-B7B0-4929-9FA0-460BBF35AADE@yahoo.com> X-Rspamd-Queue-Id: 4JXzsZ1rYtz3F4Z X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N Status: O Content-Length: 3652 Lines: 91 On Mon, Jan 10, 2022 at 12:34:57PM -0800, Mark Millard wrote: > On 2022-Jan-10, at 11:39, bob prohaska wrote: > > > A Pi3 running stable/13 updated yesterday has stopped accepting ssh logins. > > The problem appeared after an update a couple days ago. The update was > > repeated yesterday in hopes of catching some missing details, but no luck. > > > > A session originated from RaspiOS with -vvv ends showing only > > debug3: authmethod_lookup keyboard-interactive > > debug3: remaining preferred: password > > debug3: authmethod_is_enabled keyboard-interactive > > debug1: Next authentication method: keyboard-interactive > > debug2: userauth_kbdint > > debug3: send packet: type 50 > > debug2: we sent a keyboard-interactive packet, wait for reply > > debug3: receive packet: type 60 > > debug2: input_userauth_info_req > > debug2: input_userauth_info_req: num_prompts 1 > > Password for bob@pelorus.zefox.org: > > debug3: send packet: type 61 > > 61 is, apparently, SSH_MSG_USERAUTH_INFO_RESPONSE > (No surprise.) > > > Connection closed by 50.1.20.24 port 22 > > > > The "connection closed" took a couple of minutes to appear. > > Other ssh connections to older versions of FreeBSD seem to > > work normally. I looked at bugzilla, nothing recent about > > ssh. > > As a means of information gathering, when the RPi3 is running > and older FreeBSD, can you try the -vvv activity and report > the debug output, going a few packets past the type 61 notice > to see what would normally be next? > Alas, no. I updated both of my Pi3's recently, and both seem to have similar problems. > Also, do you have an alternative to using RaspiOS (or, even, > avoiding Linux) for such a test?: checking if it is somehow > specific to FreeBDS vs. RaspiOS/Linux or not? (Another FreeBSD > or NetBSD or . . . For FreeBSD, trying having both machines > using the problematical FreeBDS version could be interesting > if that is the only combination that works, for example.) > Yes, I've tried a Pi2 running 12.3, which ends with debug2: we sent a keyboard-interactive packet, wait for reply debug3: receive packet: type 60 debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password for bob@pelorus.zefox.org: debug3: send packet: type 61 Connection closed by 50.1.20.24 port 22 Also tried 14-current, same outcome. > Have you checked for any console messages, dmesg -a output, > or less /var/log/messages output that might be related? > (This likely would require serial console access.) Yes, I have serial console access and there's been nothing on the console. One oddity, however. If I send pings to the troublesome host one or two packets make it back with normal round trip time. Then silence. Then a few more packets: bob@nemesis:~ % ping pelorus.zefox.org PING pelorus.zefox.org (50.1.20.24): 56 data bytes 64 bytes from 50.1.20.24: icmp_seq=0 ttl=63 time=2.976 ms 64 bytes from 50.1.20.24: icmp_seq=1 ttl=63 time=2.073 ms 64 bytes from 50.1.20.24: icmp_seq=58 ttl=63 time=1.662 ms 64 bytes from 50.1.20.24: icmp_seq=117 ttl=63 time=1.519 ms 64 bytes from 50.1.20.24: icmp_seq=118 ttl=63 time=1.555 ms 64 bytes from 50.1.20.24: icmp_seq=176 ttl=63 time=1.570 ms 64 bytes from 50.1.20.24: icmp_seq=177 ttl=63 time=1.586 ms 64 bytes from 50.1.20.24: icmp_seq=235 ttl=63 time=1.528 ms I'll let it run overnight, perhaps a pattern will emerge. Bootup is normal, time setting is successful and outgoing connections seem normal. I'm trying to finish an update to the Pi3 running -current (via serial console) and will shortly see if that works any better. Thanks for writing! bob prohaska