* Connection issue in OpenBMC image @ 2020-09-11 11:18 Jayashree D 2020-09-14 9:32 ` Jayashree D 0 siblings, 1 reply; 14+ messages in thread From: Jayashree D @ 2020-09-11 11:18 UTC (permalink / raw) To: openbmc [-- Attachment #1: Type: text/plain, Size: 1971 bytes --] Classification: HCL Internal Hi Team, In openbmc build, after flashing the latest image (September first week) we are not able to connect tiogapass and yosemitev2 through SSH. We tried flashing old image (August last week) in tiogapass & yosemitev2 and we are able to connect both. After flashing latest image, in uart-console, we get the below logs as "CLOSE_WAIT" for netstat. root@tiogapass:~# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:60516 CLOSE_WAIT tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:34652 CLOSE_WAIT tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:58700 CLOSE_WAIT Could anyone please provide comments on this? Thanks, Jayashree ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ [-- Attachment #2: Type: text/html, Size: 4909 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* RE: Connection issue in OpenBMC image 2020-09-11 11:18 Connection issue in OpenBMC image Jayashree D @ 2020-09-14 9:32 ` Jayashree D 2020-09-14 10:47 ` Konstantin Klubnichkin 0 siblings, 1 reply; 14+ messages in thread From: Jayashree D @ 2020-09-14 9:32 UTC (permalink / raw) To: openbmc [-- Attachment #1: Type: text/plain, Size: 2366 bytes --] Classification: HCL Internal Hi Team, In the latest openbmc build, after flashing the image in the target, we are not able to connect the tiogapass and yosemitev2 through SSH. Is this due to any latest changes in the commit ? Regards, Jayashree From: Jayashree D Sent: Friday, September 11, 2020 4:49 PM To: openbmc@lists.ozlabs.org Subject: Connection issue in OpenBMC image Classification: HCL Internal Hi Team, In openbmc build, after flashing the latest image (September first week) we are not able to connect tiogapass and yosemitev2 through SSH. We tried flashing old image (August last week) in tiogapass & yosemitev2 and we are able to connect both. After flashing latest image, in uart-console, we get the below logs as "CLOSE_WAIT" for netstat. root@tiogapass:~# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:60516 CLOSE_WAIT tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:34652 CLOSE_WAIT tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:58700 CLOSE_WAIT Could anyone please provide comments on this? Thanks, Jayashree ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ [-- Attachment #2: Type: text/html, Size: 6547 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Connection issue in OpenBMC image 2020-09-14 9:32 ` Jayashree D @ 2020-09-14 10:47 ` Konstantin Klubnichkin 2020-09-15 13:12 ` Jayashree D 0 siblings, 1 reply; 14+ messages in thread From: Konstantin Klubnichkin @ 2020-09-14 10:47 UTC (permalink / raw) To: Jayashree D, openbmc [-- Attachment #1: Type: text/html, Size: 8089 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* RE: Connection issue in OpenBMC image 2020-09-14 10:47 ` Konstantin Klubnichkin @ 2020-09-15 13:12 ` Jayashree D 2020-09-15 14:49 ` Konstantin Klubnichkin 0 siblings, 1 reply; 14+ messages in thread From: Jayashree D @ 2020-09-15 13:12 UTC (permalink / raw) To: openbmc; +Cc: Konstantin Klubnichkin [-- Attachment #1: Type: text/plain, Size: 5874 bytes --] Classification: HCL Internal Thanks Konstantin Klubnichkin for your response. I have tried this changes in my build, but it is not working. I have tried “-v” and the below logs are shown but it is not going to password prompt and also not throwing any error. OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 Regards, Jayashree From: Konstantin Klubnichkin <kitsok@yandex-team.ru> Sent: Monday, September 14, 2020 4:18 PM To: Jayashree D <jayashree-d@hcl.com>; openbmc@lists.ozlabs.org Subject: Re: Connection issue in OpenBMC image [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] Hello Jayashree! I've faced issue in dropbear and public key authentication. To investigate further I've added "-v" to ssh client. The connection is closed and a message about Non-matching signing type appears in OpenBMC log, I can't find it now. I've found solution somewhere in Github issues, can't find the page, but here is my patch to dropbear: =================================================================== diff --git a/signkey.c b/signkey.c index 92fe6a2..206a886 100644 --- a/signkey.c +++ b/signkey.c @@ -657,8 +657,11 @@ int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype, sigtype = signature_type_from_name(type_name, type_name_len); m_free(type_name); - if (expect_sigtype != sigtype) { - dropbear_exit("Non-matching signing type"); + if (sigtype == DROPBEAR_SIGNATURE_NONE) { + dropbear_exit("No signature type"); + } + if ((expect_sigtype != DROPBEAR_SIGNATURE_RSA_SHA256) && (expect_sigtype != sigtype)) { + dropbear_exit("Non-matching signing type"); } keytype = signkey_type_from_signature(sigtype); -- 2.7.4 =================================================================== Hope this may help. 14.09.2020, 12:34, "Jayashree D" <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>>: Classification: HCL Internal Hi Team, In the latest openbmc build, after flashing the image in the target, we are not able to connect the tiogapass and yosemitev2 through SSH. Is this due to any latest changes in the commit ? Regards, Jayashree From: Jayashree D Sent: Friday, September 11, 2020 4:49 PM To: openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org> Subject: Connection issue in OpenBMC image Classification: HCL Internal Hi Team, In openbmc build, after flashing the latest image (September first week) we are not able to connect tiogapass and yosemitev2 through SSH. We tried flashing old image (August last week) in tiogapass & yosemitev2 and we are able to connect both. After flashing latest image, in uart-console, we get the below logs as “CLOSE_WAIT” for netstat. root@tiogapass<mailto:root@tiogapass>:~# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:60516 CLOSE_WAIT tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:34652 CLOSE_WAIT tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:58700 CLOSE_WAIT Could anyone please provide comments on this? Thanks, Jayashree ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ -- Best regards, Konstantin Klubnichkin, lead firmware engineer, server hardware R&D group, Yandex Moscow office. tel: +7-903-510-33-33 [-- Attachment #2: Type: text/html, Size: 22374 bytes --] ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: Connection issue in OpenBMC image 2020-09-15 13:12 ` Jayashree D @ 2020-09-15 14:49 ` Konstantin Klubnichkin 2020-09-16 11:35 ` Jayashree D 0 siblings, 1 reply; 14+ messages in thread From: Konstantin Klubnichkin @ 2020-09-15 14:49 UTC (permalink / raw) To: Jayashree D, openbmc [-- Attachment #1: Type: text/html, Size: 25492 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* RE: Connection issue in OpenBMC image 2020-09-15 14:49 ` Konstantin Klubnichkin @ 2020-09-16 11:35 ` Jayashree D 2020-09-17 15:45 ` Patrick Williams 0 siblings, 1 reply; 14+ messages in thread From: Jayashree D @ 2020-09-16 11:35 UTC (permalink / raw) To: Konstantin Klubnichkin, openbmc [-- Attachment #1: Type: text/plain, Size: 9557 bytes --] Classification: HCL Internal Hi, In UART console, I have tried the below command, but there is no response and also reboot command is not working. root@tiogapass:~# systemctl -a | grep -i dropbear Failed to list units: Connection timed out root@tiogapass:~# journalctl | grep dropbear Jan 01 00:00:21 tiogapass systemd[1]: Listening on dropbear.socket. In working image, I got the below logs. root@tiogapass:~# systemctl -a | grep -i dropbear * dropbear.service not-found inactive dead dropbear.service dropbear@2-10.0.128.108:22-10.0.0.1:50456.service loaded active running SSH Per-Connection Server (10.0.0.1:50456) dropbearkey.service loaded active exited SSH Key Generation system-dropbear.slice loaded active active system-dropbear.slice dropbear.socket loaded active listening dropbear.socket root@tiogapass:~# journalctl | grep drop Jan 01 00:00:37 tiogapass systemd[1]: Listening on dropbear.socket. Jan 01 00:01:00 tiogapass avahi-daemon[294]: Successfully dropped root privileges. Jan 01 00:01:01 tiogapass avahi-daemon[294]: Successfully dropped remaining capabilities. Jan 01 00:15:26 tiogapass systemd[1]: Created slice system-dropbear.slice. Jan 01 00:15:26 tiogapass dropbear[2670]: Child connection from ::ffff:10.0.0.1:51810 Jan 01 00:15:28 tiogapass dropbear[2670]: Exit before auth (user 'root', 0 fails): Exited normally Jan 01 00:15:28 tiogapass systemd[1]: dropbear@0-10.0.128.108:22-10.0.0.1:51810.service: Succeeded. Jan 01 00:15:44 tiogapass dropbear[2753]: Child connection from ::ffff:10.0.0.1:51944 Jan 01 00:15:50 tiogapass dropbear[2753]: PAM password auth succeeded for 'root' from ::ffff:10.0.0.1:51944 When “top” command is run, there is no keygen running. Regards, Jayashree From: Konstantin Klubnichkin <kitsok@yandex-team.ru> Sent: Tuesday, September 15, 2020 8:19 PM To: Jayashree D <jayashree-d@hcl.com>; openbmc@lists.ozlabs.org Subject: Re: Connection issue in OpenBMC image [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] Hello! If I understand correctly, TCP connection is established, but SSH handshake is not performed, right? I've also observed this issue. The connection is established to dropbear.socket (actually systemd) but dropbear service is not started as it's dependencies are not met. The most obvious reason is dropbearkey.service not finished yet or failed. If you can connect to target BMC using UART console, check status of all services containing "dropbear" in their names: systemctl -a | grep -i dropbear Also run "top" and see if keygen is there and running. In my system after full flash upgrade (i.e. keys need to be re-generated) it takes several minutes. Hope this will help. 15.09.2020, 16:12, "Jayashree D" <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>>: Classification: HCL Internal Thanks Konstantin Klubnichkin for your response. I have tried this changes in my build, but it is not working. I have tried “-v” and the below logs are shown but it is not going to password prompt and also not throwing any error. OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 Regards, Jayashree From: Konstantin Klubnichkin <kitsok@yandex-team.ru<mailto:kitsok@yandex-team.ru>> Sent: Monday, September 14, 2020 4:18 PM To: Jayashree D <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org> Subject: Re: Connection issue in OpenBMC image [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] Hello Jayashree! I've faced issue in dropbear and public key authentication. To investigate further I've added "-v" to ssh client. The connection is closed and a message about Non-matching signing type appears in OpenBMC log, I can't find it now. I've found solution somewhere in Github issues, can't find the page, but here is my patch to dropbear: =================================================================== diff --git a/signkey.c b/signkey.c index 92fe6a2..206a886 100644 --- a/signkey.c +++ b/signkey.c @@ -657,8 +657,11 @@ int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype, sigtype = signature_type_from_name(type_name, type_name_len); m_free(type_name); - if (expect_sigtype != sigtype) { - dropbear_exit("Non-matching signing type"); + if (sigtype == DROPBEAR_SIGNATURE_NONE) { + dropbear_exit("No signature type"); + } + if ((expect_sigtype != DROPBEAR_SIGNATURE_RSA_SHA256) && (expect_sigtype != sigtype)) { + dropbear_exit("Non-matching signing type"); } keytype = signkey_type_from_signature(sigtype); -- 2.7.4 =================================================================== Hope this may help. 14.09.2020, 12:34, "Jayashree D" <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>>: Classification: HCL Internal Hi Team, In the latest openbmc build, after flashing the image in the target, we are not able to connect the tiogapass and yosemitev2 through SSH. Is this due to any latest changes in the commit ? Regards, Jayashree From: Jayashree D Sent: Friday, September 11, 2020 4:49 PM To: openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org> Subject: Connection issue in OpenBMC image Classification: HCL Internal Hi Team, In openbmc build, after flashing the latest image (September first week) we are not able to connect tiogapass and yosemitev2 through SSH. We tried flashing old image (August last week) in tiogapass & yosemitev2 and we are able to connect both. After flashing latest image, in uart-console, we get the below logs as “CLOSE_WAIT” for netstat. root@tiogapass<mailto:root@tiogapass>:~# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:60516 CLOSE_WAIT tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:34652 CLOSE_WAIT tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:58700 CLOSE_WAIT Could anyone please provide comments on this? Thanks, Jayashree ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ -- Best regards, Konstantin Klubnichkin, lead firmware engineer, server hardware R&D group, Yandex Moscow office. tel: +7-903-510-33-33 -- Best regards, Konstantin Klubnichkin, lead firmware engineer, server hardware R&D group, Yandex Moscow office. tel: +7-903-510-33-33 [-- Attachment #2: Type: text/html, Size: 34301 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Connection issue in OpenBMC image 2020-09-16 11:35 ` Jayashree D @ 2020-09-17 15:45 ` Patrick Williams 2020-09-18 9:47 ` Jayashree D 0 siblings, 1 reply; 14+ messages in thread From: Patrick Williams @ 2020-09-17 15:45 UTC (permalink / raw) To: Jayashree D; +Cc: Konstantin Klubnichkin, openbmc [-- Attachment #1: Type: text/plain, Size: 2804 bytes --] Hello Jayashree, I saw an output `ssh -v` from you earlier, but there really wasn't any useful information there. It looked like the connection was being made and keys were exchanged and then the log just stopped abruptly. This tells me it likely isn't a networking issue but an issue in the handshake between the ssh-client (your computer) and ssh-server (dropbear). You can continue to add '-v' parameters up to `ssh -vvv` and you'll get increasingly more information. Joseph Reynolds recently posted a reminder about dropbear disabling weak ciphers[1]. Is it possible that your client is using an old cipher? On Wed, Sep 16, 2020 at 11:35:28AM +0000, Jayashree D wrote: > root@tiogapass:~# journalctl | grep drop ... > Jan 01 00:15:28 tiogapass systemd[1]: dropbear@0-10.0.128.108:22-10.0.0.1:51810.service: Succeeded. > Jan 01 00:15:44 tiogapass dropbear[2753]: Child connection from ::ffff:10.0.0.1:51944 > Jan 01 00:15:50 tiogapass dropbear[2753]: PAM password auth succeeded for 'root' from ::ffff:10.0.0.1:51944 This looks like a valid connection was established. > 15.09.2020, 16:12, "Jayashree D" <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>>: > > OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 58: Applying options for * > debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.4 This is the log that also looks like a good connection. Identity files were attempted to be exchanged. Version strings were exchanged. And then the log just abruptly stops. Was the connection dropped? Is it hung? 1. https://lists.ozlabs.org/pipermail/openbmc/2020-September/023071.html -- Patrick Williams [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* RE: Connection issue in OpenBMC image 2020-09-17 15:45 ` Patrick Williams @ 2020-09-18 9:47 ` Jayashree D 2020-09-25 4:59 ` Jayashree D 0 siblings, 1 reply; 14+ messages in thread From: Jayashree D @ 2020-09-18 9:47 UTC (permalink / raw) To: Patrick Williams, openbmc; +Cc: Konstantin Klubnichkin Classification: HCL Internal Hello Patrick, I saw the post about dropbear, but that commit was updated on July16 and my target is connecting till August last week image. I don't think that will be an issue. Also on working image, I tried with 'ssh -vvv ' and I got below information. OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug2: resolving "10.0.128.108" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version dropbear_2020.80 debug1: no match: dropbear_2020.80 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.0.128.108:22 as 'root' debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,kexguess2@matt.ucc.asn.au debug2: host key algorithms: rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: MACs ctos: hmac-sha1,hmac-sha2-256 debug2: MACs stoc: hmac-sha1,hmac-sha2-256 debug2: compression ctos: zlib@openssh.com,none debug2: compression stoc: zlib@openssh.com,none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:3WwhPmIIxzrw0+cm/0vN3hifY4kh9sJhClVNw6zrJ7Y debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug1: Host '10.0.128.108' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:68 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /root/.ssh/id_rsa (0x558ea3ad3640), agent debug2: key: /root/.ssh/id_rsa ((nil)) debug2: key: /root/.ssh/id_dsa ((nil)) debug2: key: /root/.ssh/id_ecdsa ((nil)) debug2: key: /root/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,ssh-rsa,ssh-dss> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_rsa debug3: sign_and_send_pubkey: RSA SHA256:YfteufmWUV8W7EQEycZ+38skgUWGDTYFHw93a7SwwLM debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password In non-working image, the logs are stopped after below lines and it is not providing any errors. debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 Also one more observation in UART-Console, after flashing latest image. 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I can able to ping the ip address but scp is not working. Thanks, Jayashree -----Original Message----- From: Patrick Williams <patrick@stwcx.xyz> Sent: Thursday, September 17, 2020 9:16 PM To: Jayashree D <jayashree-d@hcl.com> Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru>; openbmc@lists.ozlabs.org Subject: Re: Connection issue in OpenBMC image Hello Jayashree, I saw an output `ssh -v` from you earlier, but there really wasn't any useful information there. It looked like the connection was being made and keys were exchanged and then the log just stopped abruptly. This tells me it likely isn't a networking issue but an issue in the handshake between the ssh-client (your computer) and ssh-server (dropbear). You can continue to add '-v' parameters up to `ssh -vvv` and you'll get increasingly more information. Joseph Reynolds recently posted a reminder about dropbear disabling weak ciphers[1]. Is it possible that your client is using an old cipher? On Wed, Sep 16, 2020 at 11:35:28AM +0000, Jayashree D wrote: > root@tiogapass:~# journalctl | grep drop ... > Jan 01 00:15:28 tiogapass systemd[1]: dropbear@0-10.0.128.108:22-10.0.0.1:51810.service: Succeeded. > Jan 01 00:15:44 tiogapass dropbear[2753]: Child connection from > ::ffff:10.0.0.1:51944 Jan 01 00:15:50 tiogapass dropbear[2753]: PAM > password auth succeeded for 'root' from ::ffff:10.0.0.1:51944 This looks like a valid connection was established. > 15.09.2020, 16:12, "Jayashree D" <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>>: > > OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 58: Applying options for * > debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.4 This is the log that also looks like a good connection. Identity files were attempted to be exchanged. Version strings were exchanged. And then the log just abruptly stops. Was the connection dropped? Is it hung? 1. https://lists.ozlabs.org/pipermail/openbmc/2020-September/023071.html -- Patrick Williams ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ ^ permalink raw reply [flat|nested] 14+ messages in thread
* RE: Connection issue in OpenBMC image 2020-09-18 9:47 ` Jayashree D @ 2020-09-25 4:59 ` Jayashree D 2020-10-02 9:53 ` Jayashree D 2020-10-05 8:29 ` Jayashree D 0 siblings, 2 replies; 14+ messages in thread From: Jayashree D @ 2020-09-25 4:59 UTC (permalink / raw) To: openbmc; +Cc: geissonator, Vijay Khemka, Konstantin Klubnichkin [-- Attachment #1: Type: text/plain, Size: 14687 bytes --] Classification: HCL Internal Hi Team, In the latest openbmc build, after image upgradation in the target, not able to connect the target through SSH but able to ping the IP Address. After analysing the latest commits, reverted the below commit in the latest build and checked by flashing the image. Now the target is connecting through SSH. Please help us on fixing this issue. Commit Link - https://github.com/openbmc/openbmc/commit/635e0e4637e40ba03f69204265427550fd404f4c Observation on UART-console after flashing latest image without any changes: 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I tried "ssh -vvv <ip>" and logs are attached for working and non-working image. 4. From controller, I tried to upgrade image using redfish and image is being copied and following logs shown. root@tiogapass:~# journalctl | grep image Jan 01 00:00:37 tiogapass phosphor-image-updater[246]: Error in mapper GetSubTreePath Jan 01 10:43:59 tiogapass phosphor-image-updater[246]: BMC image activating - BMC reboots are disabled. 5. Using Rest API command, [root@odc ]# curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X PUT -d '{"data":"xyz.openbmc_project.Software.Activation.RequestedActivations.Active"}' https://${bmc}/xyz/openbmc_project/software/a77348be/attr/RequestedActivation { "data": { "description": "org.freedesktop.DBus.Error.NoReply" }, "message": "Method call timed out", "status": "error" } Regards, Jayashree -----Original Message----- From: Jayashree D Sent: Friday, September 18, 2020 3:18 PM To: Patrick Williams <patrick@stwcx.xyz>; openbmc@lists.ozlabs.org Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru> Subject: RE: Connection issue in OpenBMC image Classification: HCL Internal Hello Patrick, I saw the post about dropbear, but that commit was updated on July16 and my target is connecting till August last week image. I don't think that will be an issue. Also on working image, I tried with 'ssh -vvv ' and I got below information. OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug2: resolving "10.0.128.108" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version dropbear_2020.80 debug1: no match: dropbear_2020.80 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.0.128.108:22 as 'root' debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,kexguess2@matt.ucc.asn.au debug2: host key algorithms: rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: MACs ctos: hmac-sha1,hmac-sha2-256 debug2: MACs stoc: hmac-sha1,hmac-sha2-256 debug2: compression ctos: zlib@openssh.com,none debug2: compression stoc: zlib@openssh.com,none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:3WwhPmIIxzrw0+cm/0vN3hifY4kh9sJhClVNw6zrJ7Y debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug1: Host '10.0.128.108' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:68 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /root/.ssh/id_rsa (0x558ea3ad3640), agent debug2: key: /root/.ssh/id_rsa ((nil)) debug2: key: /root/.ssh/id_dsa ((nil)) debug2: key: /root/.ssh/id_ecdsa ((nil)) debug2: key: /root/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,ssh-rsa,ssh-dss> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_rsa debug3: sign_and_send_pubkey: RSA SHA256:YfteufmWUV8W7EQEycZ+38skgUWGDTYFHw93a7SwwLM debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password In non-working image, the logs are stopped after below lines and it is not providing any errors. debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 Also one more observation in UART-Console, after flashing latest image. 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I can able to ping the ip address but scp is not working. Thanks, Jayashree -----Original Message----- From: Patrick Williams <patrick@stwcx.xyz> Sent: Thursday, September 17, 2020 9:16 PM To: Jayashree D <jayashree-d@hcl.com> Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru>; openbmc@lists.ozlabs.org Subject: Re: Connection issue in OpenBMC image Hello Jayashree, I saw an output `ssh -v` from you earlier, but there really wasn't any useful information there. It looked like the connection was being made and keys were exchanged and then the log just stopped abruptly. This tells me it likely isn't a networking issue but an issue in the handshake between the ssh-client (your computer) and ssh-server (dropbear). You can continue to add '-v' parameters up to `ssh -vvv` and you'll get increasingly more information. Joseph Reynolds recently posted a reminder about dropbear disabling weak ciphers[1]. Is it possible that your client is using an old cipher? On Wed, Sep 16, 2020 at 11:35:28AM +0000, Jayashree D wrote: > root@tiogapass:~# journalctl | grep drop ... > Jan 01 00:15:28 tiogapass systemd[1]: dropbear@0-10.0.128.108:22-10.0.0.1:51810.service: Succeeded. > Jan 01 00:15:44 tiogapass dropbear[2753]: Child connection from > ::ffff:10.0.0.1:51944 Jan 01 00:15:50 tiogapass dropbear[2753]: PAM > password auth succeeded for 'root' from ::ffff:10.0.0.1:51944 This looks like a valid connection was established. > 15.09.2020, 16:12, "Jayashree D" <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>>: > > OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 58: Applying options for * > debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.4 This is the log that also looks like a good connection. Identity files were attempted to be exchanged. Version strings were exchanged. And then the log just abruptly stops. Was the connection dropped? Is it hung? 1. https://lists.ozlabs.org/pipermail/openbmc/2020-September/023071.html -- Patrick Williams ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ [-- Attachment #2: ssh_connection.txt --] [-- Type: text/plain, Size: 10871 bytes --] Working logs: OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug2: resolving "10.0.128.108" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version dropbear_2020.80 debug1: no match: dropbear_2020.80 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.0.128.108:22 as 'root' debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,kexguess2@matt.ucc.asn.au debug2: host key algorithms: rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: MACs ctos: hmac-sha1,hmac-sha2-256 debug2: MACs stoc: hmac-sha1,hmac-sha2-256 debug2: compression ctos: zlib@openssh.com,none debug2: compression stoc: zlib@openssh.com,none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:3WwhPmIIxzrw0+cm/0vN3hifY4kh9sJhClVNw6zrJ7Y debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug1: Host '10.0.128.108' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:68 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /root/.ssh/id_rsa (0x558ea3ad3640), agent debug2: key: /root/.ssh/id_rsa ((nil)) debug2: key: /root/.ssh/id_dsa ((nil)) debug2: key: /root/.ssh/id_ecdsa ((nil)) debug2: key: /root/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,ssh-rsa,ssh-dss> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_rsa debug3: sign_and_send_pubkey: RSA SHA256:YfteufmWUV8W7EQEycZ+38skgUWGDTYFHw93a7SwwLM debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password Non working logs: OpenSSH_8.0p1, OpenSSL 1.1.1c FIPS 28 May 2019 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 20: Applying options for * debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug2: checking match for 'final all' host 10.0.128.108 originally 10.0.128.108 debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final' debug2: match not found debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only) debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-] debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1] debug1: configuration requests final Match pass debug2: resolve_canonicalize: hostname 10.0.128.108 is address debug1: re-parsing configuration debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 20: Applying options for * debug3: /etc/ssh/ssh_config line 51: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug2: checking match for 'final all' host 10.0.128.108 originally 10.0.128.108 debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final' debug2: match found debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-] debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1] debug2: ssh_connect_direct debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. debug1: Connection established. debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: identity file /root/.ssh/id_xmss type -1 debug1: identity file /root/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.0 ^ permalink raw reply [flat|nested] 14+ messages in thread
* RE: Connection issue in OpenBMC image 2020-09-25 4:59 ` Jayashree D @ 2020-10-02 9:53 ` Jayashree D 2020-10-05 8:29 ` Jayashree D 1 sibling, 0 replies; 14+ messages in thread From: Jayashree D @ 2020-10-02 9:53 UTC (permalink / raw) To: openbmc Cc: George Keishing, geissonator, Vijay Khemka, Konstantin Klubnichkin Classification: HCL Internal Regarding SSH connection, an issue has been created in openbmc and I also see others having this same issue. From the comments, I have run "dropbear -E -p 5022" in the target (UART-console) and tried to connect the target using "ssh -p 5022 <ip>" and ssh connection established. But, reboot and systemctl commands hangs. Issue - https://github.com/openbmc/openbmc/issues/3701 root@tiogapass:~# dropbear -E -p 5022 [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_dss_host_key [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_ecdsa_host_key [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_ed25519_host_key [349] Jan 01 00:06:48 Running in background [root@odc ~]# ssh -p 5022 root@10.0.128.108 root@10.0.128.108's password: root@tiogapass:~# Hi George, We are facing connection issue in accessing the target after flashing the latest image. In openbmc-test-automation, whether any test cases are present in CI to identify these issues ? Please let us know your comments on this. Regards, Jayashree -----Original Message----- From: Jayashree D Sent: Friday, September 25, 2020 10:29 AM To: openbmc@lists.ozlabs.org Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru>; Vijay Khemka <vijaykhemka@fb.com>; geissonator@yahoo.com; joel@jms.id.au; Patrick Williams <patrick@stwcx.xyz> Subject: RE: Connection issue in OpenBMC image Classification: HCL Internal Hi Team, In the latest openbmc build, after image upgradation in the target, not able to connect the target through SSH but able to ping the IP Address. After analysing the latest commits, reverted the below commit in the latest build and checked by flashing the image. Now the target is connecting through SSH. Please help us on fixing this issue. Commit Link - https://github.com/openbmc/openbmc/commit/635e0e4637e40ba03f69204265427550fd404f4c Observation on UART-console after flashing latest image without any changes: 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I tried "ssh -vvv <ip>" and logs are attached for working and non-working image. 4. From controller, I tried to upgrade image using redfish and image is being copied and following logs shown. root@tiogapass:~# journalctl | grep image Jan 01 00:00:37 tiogapass phosphor-image-updater[246]: Error in mapper GetSubTreePath Jan 01 10:43:59 tiogapass phosphor-image-updater[246]: BMC image activating - BMC reboots are disabled. 5. Using Rest API command, [root@odc ]# curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X PUT -d '{"data":"xyz.openbmc_project.Software.Activation.RequestedActivations.Active"}' https://${bmc}/xyz/openbmc_project/software/a77348be/attr/RequestedActivation { "data": { "description": "org.freedesktop.DBus.Error.NoReply" }, "message": "Method call timed out", "status": "error" } Regards, Jayashree -----Original Message----- From: Jayashree D Sent: Friday, September 18, 2020 3:18 PM To: Patrick Williams <patrick@stwcx.xyz>; openbmc@lists.ozlabs.org Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru> Subject: RE: Connection issue in OpenBMC image Classification: HCL Internal Hello Patrick, I saw the post about dropbear, but that commit was updated on July16 and my target is connecting till August last week image. I don't think that will be an issue. Also on working image, I tried with 'ssh -vvv ' and I got below information. OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug2: resolving "10.0.128.108" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version dropbear_2020.80 debug1: no match: dropbear_2020.80 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.0.128.108:22 as 'root' debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,kexguess2@matt.ucc.asn.au debug2: host key algorithms: rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: MACs ctos: hmac-sha1,hmac-sha2-256 debug2: MACs stoc: hmac-sha1,hmac-sha2-256 debug2: compression ctos: zlib@openssh.com,none debug2: compression stoc: zlib@openssh.com,none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:3WwhPmIIxzrw0+cm/0vN3hifY4kh9sJhClVNw6zrJ7Y debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug1: Host '10.0.128.108' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:68 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /root/.ssh/id_rsa (0x558ea3ad3640), agent debug2: key: /root/.ssh/id_rsa ((nil)) debug2: key: /root/.ssh/id_dsa ((nil)) debug2: key: /root/.ssh/id_ecdsa ((nil)) debug2: key: /root/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,ssh-rsa,ssh-dss> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_rsa debug3: sign_and_send_pubkey: RSA SHA256:YfteufmWUV8W7EQEycZ+38skgUWGDTYFHw93a7SwwLM debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password In non-working image, the logs are stopped after below lines and it is not providing any errors. debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 Also one more observation in UART-Console, after flashing latest image. 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I can able to ping the ip address but scp is not working. Thanks, Jayashree -----Original Message----- From: Patrick Williams <patrick@stwcx.xyz> Sent: Thursday, September 17, 2020 9:16 PM To: Jayashree D <jayashree-d@hcl.com> Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru>; openbmc@lists.ozlabs.org Subject: Re: Connection issue in OpenBMC image Hello Jayashree, I saw an output `ssh -v` from you earlier, but there really wasn't any useful information there. It looked like the connection was being made and keys were exchanged and then the log just stopped abruptly. This tells me it likely isn't a networking issue but an issue in the handshake between the ssh-client (your computer) and ssh-server (dropbear). You can continue to add '-v' parameters up to `ssh -vvv` and you'll get increasingly more information. Joseph Reynolds recently posted a reminder about dropbear disabling weak ciphers[1]. Is it possible that your client is using an old cipher? On Wed, Sep 16, 2020 at 11:35:28AM +0000, Jayashree D wrote: > root@tiogapass:~# journalctl | grep drop ... > Jan 01 00:15:28 tiogapass systemd[1]: dropbear@0-10.0.128.108:22-10.0.0.1:51810.service: Succeeded. > Jan 01 00:15:44 tiogapass dropbear[2753]: Child connection from > ::ffff:10.0.0.1:51944 Jan 01 00:15:50 tiogapass dropbear[2753]: PAM > password auth succeeded for 'root' from ::ffff:10.0.0.1:51944 This looks like a valid connection was established. > 15.09.2020, 16:12, "Jayashree D" <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>>: > > OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 58: Applying options for * > debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.4 This is the log that also looks like a good connection. Identity files were attempted to be exchanged. Version strings were exchanged. And then the log just abruptly stops. Was the connection dropped? Is it hung? 1. https://lists.ozlabs.org/pipermail/openbmc/2020-September/023071.html -- Patrick Williams ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ ^ permalink raw reply [flat|nested] 14+ messages in thread
* RE: Connection issue in OpenBMC image 2020-09-25 4:59 ` Jayashree D 2020-10-02 9:53 ` Jayashree D @ 2020-10-05 8:29 ` Jayashree D 2020-10-05 9:29 ` George Keishing [not found] ` <22341601893954@mail.yandex-team.ru> 1 sibling, 2 replies; 14+ messages in thread From: Jayashree D @ 2020-10-05 8:29 UTC (permalink / raw) To: openbmc Cc: George Keishing, geissonator, Vijay Khemka, Konstantin Klubnichkin Classification: HCL Internal Regarding SSH connection, an issue has been created in openbmc and I also see others having this same issue. From the comments, I have run "dropbear -E -p 5022" in the target (UART-console) and tried to connect the target using "ssh -p 5022 <ip>" and ssh connection established. But, reboot and systemctl commands hangs. Issue - https://github.com/openbmc/openbmc/issues/3701 root@tiogapass:~# dropbear -E -p 5022 [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_dss_host_key [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_ecdsa_host_key [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_ed25519_host_key [349] Jan 01 00:06:48 Running in background [root@odc ~]# ssh -p 5022 root@10.0.128.108 root@10.0.128.108's password: root@tiogapass:~# Hi George, We are facing connection issue in accessing the target after flashing the latest image. In openbmc-test-automation, whether any test cases are present in CI to identify these issues ? Please let us know your comments on this. Regards, Jayashree -----Original Message----- From: Jayashree D Sent: Friday, September 25, 2020 10:29 AM To: openbmc@lists.ozlabs.org Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru>; Vijay Khemka <vijaykhemka@fb.com>; geissonator@yahoo.com; joel@jms.id.au; Patrick Williams <patrick@stwcx.xyz> Subject: RE: Connection issue in OpenBMC image Classification: HCL Internal Hi Team, In the latest openbmc build, after image upgradation in the target, not able to connect the target through SSH but able to ping the IP Address. After analysing the latest commits, reverted the below commit in the latest build and checked by flashing the image. Now the target is connecting through SSH. Please help us on fixing this issue. Commit Link - https://github.com/openbmc/openbmc/commit/635e0e4637e40ba03f69204265427550fd404f4c Observation on UART-console after flashing latest image without any changes: 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I tried "ssh -vvv <ip>" and logs are attached for working and non-working image. 4. From controller, I tried to upgrade image using redfish and image is being copied and following logs shown. root@tiogapass:~# journalctl | grep image Jan 01 00:00:37 tiogapass phosphor-image-updater[246]: Error in mapper GetSubTreePath Jan 01 10:43:59 tiogapass phosphor-image-updater[246]: BMC image activating - BMC reboots are disabled. 5. Using Rest API command, [root@odc ]# curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X PUT -d '{"data":"xyz.openbmc_project.Software.Activation.RequestedActivations.Active"}' https://${bmc}/xyz/openbmc_project/software/a77348be/attr/RequestedActivation { "data": { "description": "org.freedesktop.DBus.Error.NoReply" }, "message": "Method call timed out", "status": "error" } Regards, Jayashree -----Original Message----- From: Jayashree D Sent: Friday, September 18, 2020 3:18 PM To: Patrick Williams <patrick@stwcx.xyz>; openbmc@lists.ozlabs.org Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru> Subject: RE: Connection issue in OpenBMC image Classification: HCL Internal Hello Patrick, I saw the post about dropbear, but that commit was updated on July16 and my target is connecting till August last week image. I don't think that will be an issue. Also on working image, I tried with 'ssh -vvv ' and I got below information. OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug2: resolving "10.0.128.108" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version dropbear_2020.80 debug1: no match: dropbear_2020.80 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.0.128.108:22 as 'root' debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,kexguess2@matt.ucc.asn.au debug2: host key algorithms: rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: MACs ctos: hmac-sha1,hmac-sha2-256 debug2: MACs stoc: hmac-sha1,hmac-sha2-256 debug2: compression ctos: zlib@openssh.com,none debug2: compression stoc: zlib@openssh.com,none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:3WwhPmIIxzrw0+cm/0vN3hifY4kh9sJhClVNw6zrJ7Y debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug1: Host '10.0.128.108' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:68 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /root/.ssh/id_rsa (0x558ea3ad3640), agent debug2: key: /root/.ssh/id_rsa ((nil)) debug2: key: /root/.ssh/id_dsa ((nil)) debug2: key: /root/.ssh/id_ecdsa ((nil)) debug2: key: /root/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,ssh-rsa,ssh-dss> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_rsa debug3: sign_and_send_pubkey: RSA SHA256:YfteufmWUV8W7EQEycZ+38skgUWGDTYFHw93a7SwwLM debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password In non-working image, the logs are stopped after below lines and it is not providing any errors. debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 Also one more observation in UART-Console, after flashing latest image. 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I can able to ping the ip address but scp is not working. Thanks, Jayashree -----Original Message----- From: Patrick Williams <patrick@stwcx.xyz> Sent: Thursday, September 17, 2020 9:16 PM To: Jayashree D <jayashree-d@hcl.com> Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru>; openbmc@lists.ozlabs.org Subject: Re: Connection issue in OpenBMC image Hello Jayashree, I saw an output `ssh -v` from you earlier, but there really wasn't any useful information there. It looked like the connection was being made and keys were exchanged and then the log just stopped abruptly. This tells me it likely isn't a networking issue but an issue in the handshake between the ssh-client (your computer) and ssh-server (dropbear). You can continue to add '-v' parameters up to `ssh -vvv` and you'll get increasingly more information. Joseph Reynolds recently posted a reminder about dropbear disabling weak ciphers[1]. Is it possible that your client is using an old cipher? On Wed, Sep 16, 2020 at 11:35:28AM +0000, Jayashree D wrote: > root@tiogapass:~# journalctl | grep drop ... > Jan 01 00:15:28 tiogapass systemd[1]: dropbear@0-10.0.128.108:22-10.0.0.1:51810.service: Succeeded. > Jan 01 00:15:44 tiogapass dropbear[2753]: Child connection from > ::ffff:10.0.0.1:51944 Jan 01 00:15:50 tiogapass dropbear[2753]: PAM > password auth succeeded for 'root' from ::ffff:10.0.0.1:51944 This looks like a valid connection was established. > 15.09.2020, 16:12, "Jayashree D" <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>>: > > OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 58: Applying options for * > debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.4 This is the log that also looks like a good connection. Identity files were attempted to be exchanged. Version strings were exchanged. And then the log just abruptly stops. Was the connection dropped? Is it hung? 1. https://lists.ozlabs.org/pipermail/openbmc/2020-September/023071.html -- Patrick Williams ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ ^ permalink raw reply [flat|nested] 14+ messages in thread
* RE: Connection issue in OpenBMC image 2020-10-05 8:29 ` Jayashree D @ 2020-10-05 9:29 ` George Keishing 2020-10-06 4:26 ` Jayashree D [not found] ` <22341601893954@mail.yandex-team.ru> 1 sibling, 1 reply; 14+ messages in thread From: George Keishing @ 2020-10-05 9:29 UTC (permalink / raw) To: Jayashree D Cc: openbmc, geissonator, openbmc, Konstantin Klubnichkin, Vijay Khemka [-- Attachment #1.1: Type: text/plain, Size: 17667 bytes --] Jayashree, Couple places where it checks for the SSH to BMC and SOL as well, that should catch those in your HW test CI environment Example: https://github.com/openbmc/openbmc-test-automation/blob/master/test_lists/HW_CI#L2 Test_SSH_And_IPMI_Connections https://github.com/openbmc/openbmc-test-automation/blob/master/test_lists/HW_CI#L4 -i Verify_Redfish_Host_PowerOn -i Verify_Redfish_Host_PowerOff Here SOL connection done as part of the above setup/teardown https://github.com/openbmc/openbmc-test-automation/blob/master/redfish/systems/test_power_operations.robot#L87 https://github.com/openbmc/openbmc-test-automation/blob/master/redfish/systems/test_power_operations.robot#L95 Those tests are currently running in upstream community HW Jenkins test CI. So it would have caught those SSH related for generic ports in general and you can use similar in your environment. Thanks and Regards, George Keishing From: Jayashree D <jayashree-d@hcl.com> To: "openbmc@lists.ozlabs.org" <openbmc@lists.ozlabs.org> Cc: George Keishing <gkeishin@in.ibm.com>, "geissonator@yahoo.com" <geissonator@yahoo.com>, Vijay Khemka <vijaykhemka@fb.com>, Konstantin Klubnichkin <kitsok@yandex-team.ru> Date: 05-10-2020 02:09 PM Subject: [EXTERNAL] RE: Connection issue in OpenBMC image Sent by: "openbmc" <openbmc-bounces +gkeishin=in.ibm.com@lists.ozlabs.org> Classification: HCL Internal Regarding SSH connection, an issue has been created in openbmc and I also see others having this same issue. From the comments, I have run "dropbear -E -p 5022" in the target (UART-console) and tried to connect the target using "ssh -p 5022 <ip>" and ssh connection established. But, reboot and systemctl commands hangs. Issue - https://github.com/openbmc/openbmc/issues/3701 root@tiogapass:~# dropbear -E -p 5022 [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_dss_host_key [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_ecdsa_host_key [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_ed25519_host_key [349] Jan 01 00:06:48 Running in background [root@odc ~]# ssh -p 5022 root@10.0.128.108 root@10.0.128.108's password: root@tiogapass:~# Hi George, We are facing connection issue in accessing the target after flashing the latest image. In openbmc-test-automation, whether any test cases are present in CI to identify these issues ? Please let us know your comments on this. Regards, Jayashree -----Original Message----- From: Jayashree D Sent: Friday, September 25, 2020 10:29 AM To: openbmc@lists.ozlabs.org Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru>; Vijay Khemka <vijaykhemka@fb.com>; geissonator@yahoo.com; joel@jms.id.au; Patrick Williams <patrick@stwcx.xyz> Subject: RE: Connection issue in OpenBMC image Classification: HCL Internal Hi Team, In the latest openbmc build, after image upgradation in the target, not able to connect the target through SSH but able to ping the IP Address. After analysing the latest commits, reverted the below commit in the latest build and checked by flashing the image. Now the target is connecting through SSH. Please help us on fixing this issue. Commit Link - https://github.com/openbmc/openbmc/commit/635e0e4637e40ba03f69204265427550fd404f4c Observation on UART-console after flashing latest image without any changes: 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I tried "ssh -vvv <ip>" and logs are attached for working and non-working image. 4. From controller, I tried to upgrade image using redfish and image is being copied and following logs shown. root@tiogapass:~# journalctl | grep image Jan 01 00:00:37 tiogapass phosphor-image-updater[246]: Error in mapper GetSubTreePath Jan 01 10:43:59 tiogapass phosphor-image-updater[246]: BMC image activating - BMC reboots are disabled. 5. Using Rest API command, [root@odc ]# curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X PUT -d '{"data":"xyz.openbmc_project.Software.Activation.RequestedActivations.Active"}' https://$%7Bbmc%7D/xyz/openbmc_project/software/a77348be/attr/RequestedActivation { "data": { "description": "org.freedesktop.DBus.Error.NoReply" }, "message": "Method call timed out", "status": "error" } Regards, Jayashree -----Original Message----- From: Jayashree D Sent: Friday, September 18, 2020 3:18 PM To: Patrick Williams <patrick@stwcx.xyz>; openbmc@lists.ozlabs.org Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru> Subject: RE: Connection issue in OpenBMC image Classification: HCL Internal Hello Patrick, I saw the post about dropbear, but that commit was updated on July16 and my target is connecting till August last week image. I don't think that will be an issue. Also on working image, I tried with 'ssh -vvv ' and I got below information. OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug2: resolving "10.0.128.108" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version dropbear_2020.80 debug1: no match: dropbear_2020.80 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.0.128.108:22 as 'root' debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,kexguess2@matt.ucc.asn.au debug2: host key algorithms: rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr debug2: MACs ctos: hmac-sha1,hmac-sha2-256 debug2: MACs stoc: hmac-sha1,hmac-sha2-256 debug2: compression ctos: zlib@openssh.com,none debug2: compression stoc: zlib@openssh.com,none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:3WwhPmIIxzrw0 +cm/0vN3hifY4kh9sJhClVNw6zrJ7Y debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug1: Host '10.0.128.108' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:68 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /root/.ssh/id_rsa (0x558ea3ad3640), agent debug2: key: /root/.ssh/id_rsa ((nil)) debug2: key: /root/.ssh/id_dsa ((nil)) debug2: key: /root/.ssh/id_ecdsa ((nil)) debug2: key: /root/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,ssh-rsa,ssh-dss> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_rsa debug3: sign_and_send_pubkey: RSA SHA256:YfteufmWUV8W7EQEycZ +38skgUWGDTYFHw93a7SwwLM debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password In non-working image, the logs are stopped after below lines and it is not providing any errors. debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 Also one more observation in UART-Console, after flashing latest image. 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I can able to ping the ip address but scp is not working. Thanks, Jayashree -----Original Message----- From: Patrick Williams <patrick@stwcx.xyz> Sent: Thursday, September 17, 2020 9:16 PM To: Jayashree D <jayashree-d@hcl.com> Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru>; openbmc@lists.ozlabs.org Subject: Re: Connection issue in OpenBMC image Hello Jayashree, I saw an output `ssh -v` from you earlier, but there really wasn't any useful information there. It looked like the connection was being made and keys were exchanged and then the log just stopped abruptly. This tells me it likely isn't a networking issue but an issue in the handshake between the ssh-client (your computer) and ssh-server (dropbear). You can continue to add '-v' parameters up to `ssh -vvv` and you'll get increasingly more information. Joseph Reynolds recently posted a reminder about dropbear disabling weak ciphers[1]. Is it possible that your client is using an old cipher? On Wed, Sep 16, 2020 at 11:35:28AM +0000, Jayashree D wrote: > root@tiogapass:~# journalctl | grep drop ... > Jan 01 00:15:28 tiogapass systemd[1]: dropbear@0-10.0.128.108:22-10.0.0.1:51810.service: Succeeded. > Jan 01 00:15:44 tiogapass dropbear[2753]: Child connection from > ::ffff:10.0.0.1:51944 Jan 01 00:15:50 tiogapass dropbear[2753]: PAM > password auth succeeded for 'root' from ::ffff:10.0.0.1:51944 This looks like a valid connection was established. > 15.09.2020, 16:12, "Jayashree D" <jayashree-d@hcl.com< mailto:jayashree-d@hcl.com>>: > > OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 58: Applying options for * > debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.4 This is the log that also looks like a good connection. Identity files were attempted to be exchanged. Version strings were exchanged. And then the log just abruptly stops. Was the connection dropped? Is it hung? 1. https://lists.ozlabs.org/pipermail/openbmc/2020-September/023071.html -- Patrick Williams ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ [-- Attachment #1.2: Type: text/html, Size: 21292 bytes --] [-- Attachment #2: graycol.gif --] [-- Type: image/gif, Size: 105 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* RE: Connection issue in OpenBMC image 2020-10-05 9:29 ` George Keishing @ 2020-10-06 4:26 ` Jayashree D 0 siblings, 0 replies; 14+ messages in thread From: Jayashree D @ 2020-10-06 4:26 UTC (permalink / raw) To: George Keishing; +Cc: openbmc [-- Attachment #1.1: Type: text/plain, Size: 23176 bytes --] Classification: HCL Internal Thanks George for your response From: George Keishing <gkeishin@in.ibm.com> Sent: Monday, October 5, 2020 2:59 PM To: Jayashree D <jayashree-d@hcl.com> Cc: geissonator@yahoo.com; Konstantin Klubnichkin <kitsok@yandex-team.ru>; openbmc@lists.ozlabs.org; openbmc <openbmc-bounces+gkeishin=in.ibm.com@lists.ozlabs.org>; Vijay Khemka <vijaykhemka@fb.com> Subject: RE: Connection issue in OpenBMC image [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] Jayashree, Couple places where it checks for the SSH to BMC and SOL as well, that should catch those in your HW test CI environment Example: https://github.com/openbmc/openbmc-test-automation/blob/master/test_lists/HW_CI#L2<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenbmc%2Fopenbmc-test-automation%2Fblob%2Fmaster%2Ftest_lists%2FHW_CI%23L2&data=02%7C01%7Cjayashree-d%40hcl.com%7C64f6c97be1904d2aed5708d8691120e7%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637374869600088649&sdata=%2BW2M%2BGilWGr4fr2Y2cf1Gcu8wD1A52kACVgQwtBSfIk%3D&reserved=0> Test_SSH_And_IPMI_Connections https://github.com/openbmc/openbmc-test-automation/blob/master/test_lists/HW_CI#L4<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenbmc%2Fopenbmc-test-automation%2Fblob%2Fmaster%2Ftest_lists%2FHW_CI%23L4&data=02%7C01%7Cjayashree-d%40hcl.com%7C64f6c97be1904d2aed5708d8691120e7%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637374869600088649&sdata=3ZkmIRjTlJsYfbXbJp6GDhwTyhfDw9xasQm3YLlF6wk%3D&reserved=0> -i Verify_Redfish_Host_PowerOn -i Verify_Redfish_Host_PowerOff Here SOL connection done as part of the above setup/teardown https://github.com/openbmc/openbmc-test-automation/blob/master/redfish/systems/test_power_operations.robot#L87<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenbmc%2Fopenbmc-test-automation%2Fblob%2Fmaster%2Fredfish%2Fsystems%2Ftest_power_operations.robot%23L87&data=02%7C01%7Cjayashree-d%40hcl.com%7C64f6c97be1904d2aed5708d8691120e7%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637374869600098644&sdata=WmmJ2jAOxle7QpHlilGDxA5HCCJJ%2FnL2Y2LfwzJ4GOs%3D&reserved=0> https://github.com/openbmc/openbmc-test-automation/blob/master/redfish/systems/test_power_operations.robot#L95<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenbmc%2Fopenbmc-test-automation%2Fblob%2Fmaster%2Fredfish%2Fsystems%2Ftest_power_operations.robot%23L95&data=02%7C01%7Cjayashree-d%40hcl.com%7C64f6c97be1904d2aed5708d8691120e7%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637374869600098644&sdata=g9axW5ZxosCo1sV7RHPYl%2FvhXMFZUBwmzd3BV0Moti4%3D&reserved=0> Those tests are currently running in upstream community HW Jenkins test CI. So it would have caught those SSH related for generic ports in general and you can use similar in your environment. Thanks and Regards, George Keishing [Inactive hide details for Jayashree D ---05-10-2020 02:09:58 PM---Classification: HCL Internal Regarding SSH connection, an iss]Jayashree D ---05-10-2020 02:09:58 PM---Classification: HCL Internal Regarding SSH connection, an issue has been created in openbmc and I al From: Jayashree D <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>> To: "openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>" <openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org>> Cc: George Keishing <gkeishin@in.ibm.com<mailto:gkeishin@in.ibm.com>>, "geissonator@yahoo.com<mailto:geissonator@yahoo.com>" <geissonator@yahoo.com<mailto:geissonator@yahoo.com>>, Vijay Khemka <vijaykhemka@fb.com<mailto:vijaykhemka@fb.com>>, Konstantin Klubnichkin <kitsok@yandex-team.ru<mailto:kitsok@yandex-team.ru>> Date: 05-10-2020 02:09 PM Subject: [EXTERNAL] RE: Connection issue in OpenBMC image Sent by: "openbmc" <openbmc-bounces+gkeishin=in.ibm.com@lists.ozlabs.org<mailto:openbmc-bounces+gkeishin=in.ibm.com@lists.ozlabs.org>> ________________________________ Classification: HCL Internal Regarding SSH connection, an issue has been created in openbmc and I also see others having this same issue. From the comments, I have run "dropbear -E -p 5022" in the target (UART-console) and tried to connect the target using "ssh -p 5022 <ip>" and ssh connection established. But, reboot and systemctl commands hangs. Issue - https://github.com/openbmc/openbmc/issues/3701<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenbmc%2Fopenbmc%2Fissues%2F3701&data=02%7C01%7Cjayashree-d%40hcl.com%7C64f6c97be1904d2aed5708d8691120e7%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637374869600098644&sdata=AY3Z3cuIjzdEPM0%2Bxf92%2BYKUGpP1qNms7PnF3rDERK0%3D&reserved=0> root@tiogapass:~# dropbear -E -p 5022 [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_dss_host_key [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_ecdsa_host_key [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_ed25519_host_key [349] Jan 01 00:06:48 Running in background [root@odc ~]# ssh -p 5022 root@10.0.128.108<mailto:root@10.0.128.108> root@10.0.128.108's<mailto:root@10.0.128.108's> password: root@tiogapass:~# Hi George, We are facing connection issue in accessing the target after flashing the latest image. In openbmc-test-automation, whether any test cases are present in CI to identify these issues ? Please let us know your comments on this. Regards, Jayashree -----Original Message----- From: Jayashree D Sent: Friday, September 25, 2020 10:29 AM To: openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org> Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru<mailto:kitsok@yandex-team.ru>>; Vijay Khemka <vijaykhemka@fb.com<mailto:vijaykhemka@fb.com>>; geissonator@yahoo.com<mailto:geissonator@yahoo.com>; joel@jms.id.au<mailto:joel@jms.id.au>; Patrick Williams <patrick@stwcx.xyz<mailto:patrick@stwcx.xyz>> Subject: RE: Connection issue in OpenBMC image Classification: HCL Internal Hi Team, In the latest openbmc build, after image upgradation in the target, not able to connect the target through SSH but able to ping the IP Address. After analysing the latest commits, reverted the below commit in the latest build and checked by flashing the image. Now the target is connecting through SSH. Please help us on fixing this issue. Commit Link - https://github.com/openbmc/openbmc/commit/635e0e4637e40ba03f69204265427550fd404f4c<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenbmc%2Fopenbmc%2Fcommit%2F635e0e4637e40ba03f69204265427550fd404f4c&data=02%7C01%7Cjayashree-d%40hcl.com%7C64f6c97be1904d2aed5708d8691120e7%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637374869600108639&sdata=BoRXm8TvcInthY6i4ZfU0p%2BM59Hqwvhx8tPIUbGpIMA%3D&reserved=0> Observation on UART-console after flashing latest image without any changes: 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I tried "ssh -vvv <ip>" and logs are attached for working and non-working image. 4. From controller, I tried to upgrade image using redfish and image is being copied and following logs shown. root@tiogapass:~# journalctl | grep image Jan 01 00:00:37 tiogapass phosphor-image-updater[246]: Error in mapper GetSubTreePath Jan 01 10:43:59 tiogapass phosphor-image-updater[246]: BMC image activating - BMC reboots are disabled. 5. Using Rest API command, [root@odc ]# curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X PUT -d '{"data":"xyz.openbmc_project.Software.Activation.RequestedActivations.Active"}' https://$%7Bbmc%7D/xyz/openbmc_project/software/a77348be/attr/RequestedActivation { "data": { "description": "org.freedesktop.DBus.Error.NoReply" }, "message": "Method call timed out", "status": "error" } Regards, Jayashree -----Original Message----- From: Jayashree D Sent: Friday, September 18, 2020 3:18 PM To: Patrick Williams <patrick@stwcx.xyz<mailto:patrick@stwcx.xyz>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org> Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru<mailto:kitsok@yandex-team.ru>> Subject: RE: Connection issue in OpenBMC image Classification: HCL Internal Hello Patrick, I saw the post about dropbear, but that commit was updated on July16 and my target is connecting till August last week image. I don't think that will be an issue. Also on working image, I tried with 'ssh -vvv ' and I got below information. OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug2: resolving "10.0.128.108" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version dropbear_2020.80 debug1: no match: dropbear_2020.80 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.0.128.108:22 as 'root' debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa<mailto:ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa> debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss<mailto:ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss> debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc<mailto:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc> debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc<mailto:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc> debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1<mailto:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1> debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1<mailto:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1> debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,kexguess2@matt.ucc.asn.au debug2: host key algorithms: rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr<mailto:chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr> debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr<mailto:chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr> debug2: MACs ctos: hmac-sha1,hmac-sha2-256 debug2: MACs stoc: hmac-sha1,hmac-sha2-256 debug2: compression ctos: zlib@openssh.com,none<mailto:zlib@openssh.com,none> debug2: compression stoc: zlib@openssh.com,none<mailto:zlib@openssh.com,none> debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com<mailto:chacha20-poly1305@openssh.com> MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com<mailto:chacha20-poly1305@openssh.com> MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:3WwhPmIIxzrw0+cm/0vN3hifY4kh9sJhClVNw6zrJ7Y debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug1: Host '10.0.128.108' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:68 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /root/.ssh/id_rsa (0x558ea3ad3640), agent debug2: key: /root/.ssh/id_rsa ((nil)) debug2: key: /root/.ssh/id_dsa ((nil)) debug2: key: /root/.ssh/id_ecdsa ((nil)) debug2: key: /root/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,ssh-rsa,ssh-dss> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_rsa debug3: sign_and_send_pubkey: RSA SHA256:YfteufmWUV8W7EQEycZ+38skgUWGDTYFHw93a7SwwLM debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password In non-working image, the logs are stopped after below lines and it is not providing any errors. debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 Also one more observation in UART-Console, after flashing latest image. 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I can able to ping the ip address but scp is not working. Thanks, Jayashree -----Original Message----- From: Patrick Williams <patrick@stwcx.xyz<mailto:patrick@stwcx.xyz>> Sent: Thursday, September 17, 2020 9:16 PM To: Jayashree D <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>> Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru<mailto:kitsok@yandex-team.ru>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org> Subject: Re: Connection issue in OpenBMC image Hello Jayashree, I saw an output `ssh -v` from you earlier, but there really wasn't any useful information there. It looked like the connection was being made and keys were exchanged and then the log just stopped abruptly. This tells me it likely isn't a networking issue but an issue in the handshake between the ssh-client (your computer) and ssh-server (dropbear). You can continue to add '-v' parameters up to `ssh -vvv` and you'll get increasingly more information. Joseph Reynolds recently posted a reminder about dropbear disabling weak ciphers[1]. Is it possible that your client is using an old cipher? On Wed, Sep 16, 2020 at 11:35:28AM +0000, Jayashree D wrote: > root@tiogapass:~# journalctl | grep drop ... > Jan 01 00:15:28 tiogapass systemd[1]: dropbear@0-10.0.128.108:22-10.0.0.1:51810.service<mailto:dropbear@0-10.0.128.108:22-10.0.0.1:51810.service>: Succeeded. > Jan 01 00:15:44 tiogapass dropbear[2753]: Child connection from > ::ffff:10.0.0.1:51944 Jan 01 00:15:50 tiogapass dropbear[2753]: PAM > password auth succeeded for 'root' from ::ffff:10.0.0.1:51944 This looks like a valid connection was established. > 15.09.2020, 16:12, "Jayashree D" <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>>: > > OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: /etc/ssh/ssh_config line 58: Applying options for * > debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. > debug1: Connection established. > debug1: permanently_set_uid: 0/0 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_rsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_dsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ecdsa-cert type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519 type -1 > debug1: key_load_public: No such file or directory > debug1: identity file /root/.ssh/id_ed25519-cert type -1 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_7.4 This is the log that also looks like a good connection. Identity files were attempted to be exchanged. Version strings were exchanged. And then the log just abruptly stops. Was the connection dropped? Is it hung? 1. https://lists.ozlabs.org/pipermail/openbmc/2020-September/023071.html<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ozlabs.org%2Fpipermail%2Fopenbmc%2F2020-September%2F023071.html&data=02%7C01%7Cjayashree-d%40hcl.com%7C64f6c97be1904d2aed5708d8691120e7%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637374869600108639&sdata=f42d0%2Bc4ayGr89StD9ws7HdEtO5UT%2F%2BnSZYNh%2BRgqGY%3D&reserved=0> -- Patrick Williams ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ [-- Attachment #1.2: Type: text/html, Size: 33097 bytes --] [-- Attachment #2: image001.gif --] [-- Type: image/gif, Size: 105 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
[parent not found: <22341601893954@mail.yandex-team.ru>]
* RE: Connection issue in OpenBMC image [not found] ` <22341601893954@mail.yandex-team.ru> @ 2020-10-08 7:28 ` Jayashree D 0 siblings, 0 replies; 14+ messages in thread From: Jayashree D @ 2020-10-08 7:28 UTC (permalink / raw) To: Konstantin Klubnichkin, openbmc Cc: George Keishing, geissonator, Vijay Khemka [-- Attachment #1: Type: text/plain, Size: 21349 bytes --] Classification: HCL Internal Hello All, I pulled the latest commit and tested the image in my target and able to access the target through SSH. Also systemctl and reboot command works. Commit - https://github.com/openbmc/openbmc/commit/c3d88e4d9fcc08e1aae7cc9d0337c0261e996c64 Regards, Jayashree From: Konstantin Klubnichkin <kitsok@yandex-team.ru> Sent: Monday, October 5, 2020 4:38 PM To: Jayashree D <jayashree-d@hcl.com>; openbmc@lists.ozlabs.org Cc: Vijay Khemka <vijaykhemka@fb.com>; geissonator@yahoo.com; joel@jms.id.au; Patrick Williams <patrick@stwcx.xyz>; George Keishing <gkeishin@in.ibm.com> Subject: Re: Connection issue in OpenBMC image [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] Hello all! Looks like I'm struggling with the same issue, here is how it looks: After normal reboot BMC replies to pings, connection to port 22 (SSH) is opened but ssh handshake is not passing. Moreover BMC debug console does not respond to input. I'm able to reset SoC by external system, usually it helps and after reboot BMC behaves normally, but sometimes this hang happens again. To investigate this I've detached dropbear from systemd socket, now it's more or less independent from systemd and starts right after network.service, so I can log in to BMC. So I've catched this stall and found that dbus-broker process consumes a lot of CPU, systemctl does not work (just no output), reboot process just stays in a process list. To at least be able to reboot BMC I've killed dbus-broker, then it was restarted and BMC rebooted. I think all this points to a deadlock in dbus. As it doesn't happen each time, I think there is a race condition somewhere. I have no idea yet how to find what causes dbus-broker stall, but will try to dig into it. Thank you! 05.10.2020, 11:30, "Jayashree D" <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>>: Classification: HCL Internal Regarding SSH connection, an issue has been created in openbmc and I also see others having this same issue. From the comments, I have run "dropbear -E -p 5022" in the target (UART-console) and tried to connect the target using "ssh -p 5022 <ip>" and ssh connection established. But, reboot and systemctl commands hangs. Issue - https://github.com/openbmc/openbmc/issues/3701<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenbmc%2Fopenbmc%2Fissues%2F3701&data=02%7C01%7Cjayashree-d%40hcl.com%7C8306510c906e43a333d108d8691ee925%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637374928788166348&sdata=sYnNyjgdISA5l2ECtUeT3wC%2FYeIlmn%2BH1TX8IEHXsSs%3D&reserved=0> root@tiogapass<mailto:root@tiogapass>:~# dropbear -E -p 5022 [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_dss_host_key [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_ecdsa_host_key [348] Jan 01 00:06:48 Failed loading /etc/dropbear/dropbear_ed25519_host_key [349] Jan 01 00:06:48 Running in background [root@odc<mailto:root@odc> ~]# ssh -p 5022 root@10.0.128.108<mailto:root@10.0.128.108> root@10.0.128.108<mailto:root@10.0.128.108>'s password: root@tiogapass<mailto:root@tiogapass>:~# Hi George, We are facing connection issue in accessing the target after flashing the latest image. In openbmc-test-automation, whether any test cases are present in CI to identify these issues ? Please let us know your comments on this. Regards, Jayashree -----Original Message----- From: Jayashree D Sent: Friday, September 25, 2020 10:29 AM To: openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org> Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru<mailto:kitsok@yandex-team.ru>>; Vijay Khemka <vijaykhemka@fb.com<mailto:vijaykhemka@fb.com>>; geissonator@yahoo.com<mailto:geissonator@yahoo.com>; joel@jms.id.au<mailto:joel@jms.id.au>; Patrick Williams <patrick@stwcx.xyz<mailto:patrick@stwcx.xyz>> Subject: RE: Connection issue in OpenBMC image Classification: HCL Internal Hi Team, In the latest openbmc build, after image upgradation in the target, not able to connect the target through SSH but able to ping the IP Address. After analysing the latest commits, reverted the below commit in the latest build and checked by flashing the image. Now the target is connecting through SSH. Please help us on fixing this issue. Commit Link - https://github.com/openbmc/openbmc/commit/635e0e4637e40ba03f69204265427550fd404f4c<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenbmc%2Fopenbmc%2Fcommit%2F635e0e4637e40ba03f69204265427550fd404f4c&data=02%7C01%7Cjayashree-d%40hcl.com%7C8306510c906e43a333d108d8691ee925%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637374928788176343&sdata=tpzZyvAsIDQfnIpEFSK%2F0VCA84dLUhZgV4tpxbLX174%3D&reserved=0> Observation on UART-console after flashing latest image without any changes: 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I tried "ssh -vvv <ip>" and logs are attached for working and non-working image. 4. From controller, I tried to upgrade image using redfish and image is being copied and following logs shown. root@tiogapass<mailto:root@tiogapass>:~# journalctl | grep image Jan 01 00:00:37 tiogapass phosphor-image-updater[246]: Error in mapper GetSubTreePath Jan 01 10:43:59 tiogapass phosphor-image-updater[246]: BMC image activating - BMC reboots are disabled. 5. Using Rest API command, [root@odc<mailto:root@odc> ]# curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X PUT -d '{"data":"xyz.openbmc_project.Software.Activation.RequestedActivations.Active"}' https://${bmc}/xyz/openbmc_project/software/a77348be/attr/RequestedActivation<https://$%7bbmc%7d/xyz/openbmc_project/software/a77348be/attr/RequestedActivation> { "data": { "description": "org.freedesktop.DBus.Error.NoReply" }, "message": "Method call timed out", "status": "error" } Regards, Jayashree -----Original Message----- From: Jayashree D Sent: Friday, September 18, 2020 3:18 PM To: Patrick Williams <patrick@stwcx.xyz<mailto:patrick@stwcx.xyz>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org> Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru<mailto:kitsok@yandex-team.ru>> Subject: RE: Connection issue in OpenBMC image Classification: HCL Internal Hello Patrick, I saw the post about dropbear, but that commit was updated on July16 and my target is connecting till August last week image. I don't think that will be an issue. Also on working image, I tried with 'ssh -vvv ' and I got below information. OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug2: resolving "10.0.128.108" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version dropbear_2020.80 debug1: no match: dropbear_2020.80 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to 10.0.128.108:22 as 'root' debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com<mailto:ssh-rsa-cert-v01@openssh.com>,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org<mailto:curve25519-sha256,curve25519-sha256@libssh.org>,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com<mailto:ssh-rsa-cert-v01@openssh.com>,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com<mailto:ecdsa-sha2-nistp256-cert-v01@openssh.com>,ecdsa-sha2-nistp384-cert-v01@openssh.com<mailto:ecdsa-sha2-nistp384-cert-v01@openssh.com>,ecdsa-sha2-nistp521-cert-v01@openssh.com<mailto:ecdsa-sha2-nistp521-cert-v01@openssh.com>,ssh-ed25519-cert-v01@openssh.com<mailto:ssh-ed25519-cert-v01@openssh.com>,ssh-dss-cert-v01@openssh.com<mailto:ssh-dss-cert-v01@openssh.com>,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss debug2: ciphers ctos: chacha20-poly1305@openssh.com<mailto:chacha20-poly1305@openssh.com>,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com<mailto:aes128-gcm@openssh.com>,aes256-gcm@openssh.com<mailto:aes256-gcm@openssh.com>,aes128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com<mailto:chacha20-poly1305@openssh.com>,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com<mailto:aes128-gcm@openssh.com>,aes256-gcm@openssh.com<mailto:aes256-gcm@openssh.com>,aes128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: umac-64-etm@openssh.com<mailto:umac-64-etm@openssh.com>,umac-128-etm@openssh.com<mailto:umac-128-etm@openssh.com>,hmac-sha2-256-etm@openssh.com<mailto:hmac-sha2-256-etm@openssh.com>,hmac-sha2-512-etm@openssh.com<mailto:hmac-sha2-512-etm@openssh.com>,hmac-sha1-etm@openssh.com<mailto:hmac-sha1-etm@openssh.com>,umac-64@openssh.com<mailto:umac-64@openssh.com>,umac-128@openssh.com<mailto:umac-128@openssh.com>,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com<mailto:umac-64-etm@openssh.com>,umac-128-etm@openssh.com<mailto:umac-128-etm@openssh.com>,hmac-sha2-256-etm@openssh.com<mailto:hmac-sha2-256-etm@openssh.com>,hmac-sha2-512-etm@openssh.com<mailto:hmac-sha2-512-etm@openssh.com>,hmac-sha1-etm@openssh.com<mailto:hmac-sha1-etm@openssh.com>,umac-64@openssh.com<mailto:umac-64@openssh.com>,umac-128@openssh.com<mailto:umac-128@openssh.com>,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com<mailto:none,zlib@openssh.com>,zlib debug2: compression stoc: none,zlib@openssh.com<mailto:none,zlib@openssh.com>,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org<mailto:curve25519-sha256,curve25519-sha256@libssh.org>,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha256,kexguess2@matt.ucc.asn.au<mailto:kexguess2@matt.ucc.asn.au> debug2: host key algorithms: rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com<mailto:chacha20-poly1305@openssh.com>,aes128-ctr,aes256-ctr debug2: ciphers stoc: chacha20-poly1305@openssh.com<mailto:chacha20-poly1305@openssh.com>,aes128-ctr,aes256-ctr debug2: MACs ctos: hmac-sha1,hmac-sha2-256 debug2: MACs stoc: hmac-sha1,hmac-sha2-256 debug2: compression ctos: zlib@openssh.com<mailto:zlib@openssh.com>,none debug2: compression stoc: zlib@openssh.com<mailto:zlib@openssh.com>,none debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com<mailto:chacha20-poly1305@openssh.com> MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com<mailto:chacha20-poly1305@openssh.com> MAC: <implicit> compression: none debug1: kex: curve25519-sha256 need=64 dh_need=64 debug1: kex: curve25519-sha256 need=64 dh_need=64 debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ssh-rsa SHA256:3WwhPmIIxzrw0+cm/0vN3hifY4kh9sJhClVNw6zrJ7Y debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts" debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:68 debug3: load_hostkeys: loaded 1 keys from 10.0.128.108 debug1: Host '10.0.128.108' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:68 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug2: key: /root/.ssh/id_rsa (0x558ea3ad3640), agent debug2: key: /root/.ssh/id_rsa ((nil)) debug2: key: /root/.ssh/id_dsa ((nil)) debug2: key: /root/.ssh/id_ecdsa ((nil)) debug2: key: /root/.ssh/id_ed25519 ((nil)) debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,ssh-rsa,ssh-dss> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_rsa debug3: sign_and_send_pubkey: RSA SHA256:YfteufmWUV8W7EQEycZ+38skgUWGDTYFHw93a7SwwLM debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug1: Trying private key: /root/.ssh/id_dsa debug3: no such identity: /root/.ssh/id_dsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ecdsa debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory debug1: Trying private key: /root/.ssh/id_ed25519 debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password In non-working image, the logs are stopped after below lines and it is not providing any errors. debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 Also one more observation in UART-Console, after flashing latest image. 1. reboot command is not working. 2. systemctl status <service_name> is not providing any status. ( Failed to get properties: Connection timed out) 3. I can able to ping the ip address but scp is not working. Thanks, Jayashree -----Original Message----- From: Patrick Williams <patrick@stwcx.xyz<mailto:patrick@stwcx.xyz>> Sent: Thursday, September 17, 2020 9:16 PM To: Jayashree D <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com>> Cc: Konstantin Klubnichkin <kitsok@yandex-team.ru<mailto:kitsok@yandex-team.ru>>; openbmc@lists.ozlabs.org<mailto:openbmc@lists.ozlabs.org> Subject: Re: Connection issue in OpenBMC image Hello Jayashree, I saw an output `ssh -v` from you earlier, but there really wasn't any useful information there. It looked like the connection was being made and keys were exchanged and then the log just stopped abruptly. This tells me it likely isn't a networking issue but an issue in the handshake between the ssh-client (your computer) and ssh-server (dropbear). You can continue to add '-v' parameters up to `ssh -vvv` and you'll get increasingly more information. Joseph Reynolds recently posted a reminder about dropbear disabling weak ciphers[1]. Is it possible that your client is using an old cipher? On Wed, Sep 16, 2020 at 11:35:28AM +0000, Jayashree D wrote: root@tiogapass<mailto:root@tiogapass>:~# journalctl | grep drop ... Jan 01 00:15:28 tiogapass systemd[1]: dropbear@0-10.0.128.108<mailto:dropbear@0-10.0.128.108>:22-10.0.0.1:51810.service: Succeeded. Jan 01 00:15:44 tiogapass dropbear[2753]: Child connection from ::ffff:10.0.0.1:51944 Jan 01 00:15:50 tiogapass dropbear[2753]: PAM password auth succeeded for 'root' from ::ffff:10.0.0.1:51944 This looks like a valid connection was established. 15.09.2020, 16:12, "Jayashree D" <jayashree-d@hcl.com<mailto:jayashree-d@hcl.com><mailto:jayashree-d@hcl.com>>: OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 58: Applying options for * debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.4 This is the log that also looks like a good connection. Identity files were attempted to be exchanged. Version strings were exchanged. And then the log just abruptly stops. Was the connection dropped? Is it hung? 1. https://lists.ozlabs.org/pipermail/openbmc/2020-September/023071.html<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.ozlabs.org%2Fpipermail%2Fopenbmc%2F2020-September%2F023071.html&data=02%7C01%7Cjayashree-d%40hcl.com%7C8306510c906e43a333d108d8691ee925%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637374928788176343&sdata=DBgtZcOuCLN8VHCE%2BYrh1eS8oaUGu2V4fj1ystV4qEw%3D&reserved=0> -- Patrick Williams ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ -- Best regards, Konstantin Klubnichkin, lead firmware engineer, server hardware R&D group, Yandex Moscow office. tel: +7-903-510-33-33 [-- Attachment #2: Type: text/html, Size: 29975 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2020-10-08 7:39 UTC | newest] Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-09-11 11:18 Connection issue in OpenBMC image Jayashree D 2020-09-14 9:32 ` Jayashree D 2020-09-14 10:47 ` Konstantin Klubnichkin 2020-09-15 13:12 ` Jayashree D 2020-09-15 14:49 ` Konstantin Klubnichkin 2020-09-16 11:35 ` Jayashree D 2020-09-17 15:45 ` Patrick Williams 2020-09-18 9:47 ` Jayashree D 2020-09-25 4:59 ` Jayashree D 2020-10-02 9:53 ` Jayashree D 2020-10-05 8:29 ` Jayashree D 2020-10-05 9:29 ` George Keishing 2020-10-06 4:26 ` Jayashree D [not found] ` <22341601893954@mail.yandex-team.ru> 2020-10-08 7:28 ` Jayashree D
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).