After update to new helper some jump connections fail


(Alberto Soguero) #1

Hi,

I have updated core helper as requested for the new version of Core Shell and Core Tunnel just this morning and some jump connections are not working any more. Previously they worked fine. These are the logs of the session. Seems like core helper crashes…

> 10:01:27 debug1: Authenticating to 192.168.142.117:22 as ‘user’

> 10:01:27 The Core Helper process exited or crashed.

> 10:01:27 [centos] The Core Helper process exited or crashed.

> 10:01:27 The Core Helper connection has terminated.

> 10:01:27 Abnormal Disconnect

> 10:01:27 [centos] The Core Helper connection has terminated.


(Yang.Y) #2

Hi Alberto, could you please set log level to Debug3 and paste the log again?


(Alberto Soguero) #3

> 16:30:13 ----------------------------------------

> 16:30:13 Equivalent Command: ssh -tt -i “/Users/albertosoguero/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/privatekey/id_rsa” -J asoguero@Centos -vvv -o TCPKeepAlive=no -o ExitOnForwardFailure=yes -o ProxyUseFdpass=yes -o ServerAliveInterval=15 -o EnableSSHKeysign=no -o PubkeyAuthentication=yes user@192.168.142.117

> 16:30:13 Connecting…

> 16:30:13 OpenSSH_7.9p1, OpenSSL 1.0.2q 20 Nov 2018

> 16:30:13 debug1: Reading configuration data /etc/ssh/ssh_config

> 16:30:13 debug1: /etc/ssh/ssh_config line 48: Applying options for *

> 16:30:13 debug2: resolve_canonicalize: hostname 192.168.142.117 is address

> 16:30:13 debug1: Setting implicit ProxyCommand from ProxyJump: ssh -l asoguero -vvv -W ‘[%h]:%p’ Centos

> 16:30:13 debug1: Executing proxy xpc

> 16:30:13 debug1: identity file /Users/albertosoguero/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/privatekey/id_rsa type -1

> 16:30:13 debug1: identity file /Users/albertosoguero/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/privatekey/id_rsa-cert type -1

> 16:30:13 Jumping…

> 16:30:13 debug1: Local version string SSH-2.0-OpenSSH_7.9

> 16:30:13 OpenSSH_7.9p1, OpenSSL 1.0.2q 20 Nov 2018

> 16:30:13 debug1: Reading configuration data /etc/ssh/ssh_config

> 16:30:13 debug1: /etc/ssh/ssh_config line 48: Applying options for *

> 16:30:13 debug2: resolving “centos” port 22

> 16:30:18 [centos] debug2: ssh_connect_direct

> 16:30:18 [centos] debug1: Connecting to centos [10.30.142.110] port 22.

> 16:30:18 [centos] debug1: Connection established.

> 16:30:18 [centos] debug1: identity file /Users/albertosoguero/.ssh/id_rsa type 0

> 16:30:18 [centos] debug1: identity file /Users/albertosoguero/.ssh/id_rsa-cert type -1

> 16:30:18 [centos] debug1: identity file /Users/albertosoguero/.ssh/id_dsa type 1

> 16:30:18 [centos] debug1: identity file /Users/albertosoguero/.ssh/id_dsa-cert type -1

> 16:30:18 [centos] debug1: identity file /Users/albertosoguero/.ssh/id_ecdsa type 2

> 16:30:18 [centos] debug1: identity file /Users/albertosoguero/.ssh/id_ecdsa-cert type -1

> 16:30:18 [centos] debug1: identity file /Users/albertosoguero/.ssh/id_ed25519 type 3

> 16:30:18 [centos] debug1: identity file /Users/albertosoguero/.ssh/id_ed25519-cert type -1

> 16:30:18 [centos] debug1: identity file /Users/albertosoguero/.ssh/id_xmss type -1

> 16:30:18 [centos] debug1: identity file /Users/albertosoguero/.ssh/id_xmss-cert type -1

> 16:30:18 [centos] debug1: Local version string SSH-2.0-OpenSSH_7.9

> 16:30:18 [centos] debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3

> 16:30:18 [centos] debug1: match: OpenSSH_4.3 pat OpenSSH_2*,OpenSSH_3*,OpenSSH_4* compat 0x00000002

> 16:30:18 [centos] debug2: fd 5 setting O_NONBLOCK

> 16:30:18 [centos] debug1: Authenticating to centos:22 as ‘asoguero’

> 16:30:18 [centos] debug3: hostkeys_foreach: reading file “/Users/albertosoguero/.ssh/known_hosts”

> 16:30:18 [centos] debug3: record_hostkey: found key type RSA in file /Users/albertosoguero/.ssh/known_hosts:7

> 16:30:18 [centos] debug3: load_hostkeys: loaded 1 keys from centos

> 16:30:18 [centos] debug3: order_hostkeyalgs: prefer hostkeyalgs: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa

> 16:30:18 [centos] debug3: send packet: type 20

> 16:30:18 [centos] debug1: SSH2_MSG_KEXINIT sent

> 16:30:18 [centos] debug3: receive packet: type 20

> 16:30:18 [centos] debug1: SSH2_MSG_KEXINIT received

> 16:30:18 [centos] debug2: local client KEXINIT proposal

> 16:30:18 [centos] debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c

> 16:30:18 [centos] debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519

> 16:30:18 [centos] debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

> 16:30:18 [centos] debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

> 16:30:18 debug1: Remote protocol version 2.0, remote software version Mocana SSH

> 16:30:18 [centos] debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

> 16:30:18 debug1: no match: Mocana SSH

> 16:30:18 [centos] debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

> 16:30:19 debug2: fd 5 setting O_NONBLOCK

> 16:30:19 The Core Helper process exited or crashed.

> 16:30:19 The Core Helper connection has terminated.

> 16:30:19 [centos] The Core Helper connection has terminated.

> 16:30:19 Abnormal Disconnect


(Yang.Y) #4

Could you please run this command on a local shell, and see what happens:

ssh -tt -i “/Users/albertosoguero/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/privatekey/id_rsa” -J asoguero@Centos -vvv -o TCPKeepAlive=no -o ExitOnForwardFailure=yes -o ProxyUseFdpass=yes -o ServerAliveInterval=15 -o EnableSSHKeysign=no -o PubkeyAuthentication=yes user@192.168.142.117

Thanks!


(Alberto Soguero) #5

Attached is the result
debug.rtf (10.1 KB)


(Yang.Y) #6

Hi Alberto, I'm sorry, the command should be this:

ssh -tt -i "/Users/albertosoguero/Library/Group Containers/E78WKS7W4U.io.coressh.ssh/.ssh/privatekey/id_rsa" -J asoguero@Centos -vvv -o TCPKeepAlive=no -o ExitOnForwardFailure=yes -o ProxyUseFdpass=yes -o ServerAliveInterval=15 -o EnableSSHKeysign=no -o PubkeyAuthentication=yes user@192.168.142.117

The straight quotes " were replaced by curly quotes unexpectedly.


(Alberto Soguero) #7

ok. Here you have.

debug2.rtf (13.5 KB)


(Yang.Y) #8

Thanks a lot for the log. Core Shell version 1.4.5 updates the codebase of embedded OpenSSH XPC component from version 7.5 to 7.9

And there is a potentially incompatible change in OpenSSH 7.6 and later:

Refuse RSA keys <1024 bits in length and improve reporting for keys
that do not meet this requirement.

And this line in your log:

ssh_dispatch_run_fatal: Connection to UNKNOWN port 65535: Invalid key length

Which indicates your private key length < 1024, the only workaround is re-generate your RSA key, with a size of 1024 bits or larger.


(Alberto Soguero) #9

Ok. I have checked also some internet conversations about the problem...

Thanks for the support.

Regards,

Alberto


(Yang.Y) #10

You're welcome :smiley: