Package: libcurl4 Version: 7.72.0-1 Severity: normal Dear maintainer
The version of libcurl4 in testing (7.72.0-1) fails to successfully negotiate public key authentication and closes the connection early. I have tested using the attached script against both stable and testing versions of openssh-server (1:7.9p1-10+deb10u2 and 1:8.3p1-1). Testing with the same script and the stable version of libcurl4 (7.64.0-4+deb10u1) is successful so this looks like a regression? I have attached openssh-server logs from a machine running openssh-server 1:8.3p1-1, showing success from "old" libcurl4 and "failure" from new libcurl4. (Note that the stable version was tested using a TCP connection to localhost so the IPs of server and client are the same in that case.) Not sure what the next diagnostic / debugging steps are here but happy to provide any assistance? Many thanks, Sam Kemp -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-3-amd64 (SMP w/4 CPU threads) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libcurl4 depends on: ii libbrotli1 1.0.9-2 ii libc6 2.31-3 ii libgssapi-krb5-2 1.17-10 ii libidn2-0 2.3.0-1 ii libldap-2.4-2 2.4.53+dfsg-1 ii libnghttp2-14 1.41.0-3 ii libpsl5 0.21.0-1.1 ii librtmp1 2.4+20151223.gitfa8646d.1-2+b2 ii libssh2-1 1.8.0-2.1 ii libssl1.1 1.1.1g-1 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages libcurl4 recommends: ii ca-certificates 20200601 libcurl4 suggests no packages. -- no debconf information
debug3: oom_adjust_restore debug1: Set /proc/self/oom_score_adj to 0 debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from [CLIENT IP] port [CLIENT PORT] on [SERVER IP] port 22 debug1: Client protocol version 2.0; client software version libssh2_1.8.0 debug1: no match: libssh2_1.8.0 debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2 debug2: fd 3 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing seccomp filter sandbox debug2: Network child is on pid 20979 debug3: preauth child monitor started debug3: privsep user:group 106:65534 [preauth] debug1: permanently_set_uid: 106/65534 [preauth] debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug3: send packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug3: receive packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug2: local server KEXINIT proposal [preauth] debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth] debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug2: ciphers ctos: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com [preauth] debug2: ciphers stoc: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com [preauth] debug2: MACs ctos: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: MACs stoc: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: compression ctos: none,z...@openssh.com [preauth] debug2: compression stoc: none,z...@openssh.com [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug2: peer client KEXINIT proposal [preauth] debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] debug2: host key algorithms: ssh-rsa,ssh-dss [preauth] debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth] debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth] debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd...@openssh.com [preauth] debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd...@openssh.com [preauth] debug2: compression ctos: none [preauth] debug2: compression stoc: none [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth] debug1: kex: host key algorithm: ssh-rsa [preauth] debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth] debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth] debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth] debug3: receive packet: type 34 [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] debug3: mm_request_send entering: type 0 [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 2048 2048 2048 debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth] debug3: mm_request_receive_expect entering: type 1 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_choose_dh: remaining 0 [preauth] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] debug3: send packet: type 31 [preauth] debug2: bits set: 1044/2048 [preauth] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] debug3: receive packet: type 32 [preauth] debug2: bits set: 1048/2048 [preauth] debug3: mm_sshkey_sign entering [preauth] debug3: mm_request_send entering: type 6 [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_sign debug3: mm_answer_sign: hostkey proof signature 0x55e62ee3f810(271) debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth] debug3: mm_request_receive_expect entering: type 7 [preauth] debug3: mm_request_receive entering [preauth] debug3: send packet: type 33 [preauth] debug3: send packet: type 21 [preauth] debug2: set_newkeys: mode 1 [preauth] debug1: rekey after 4294967296 blocks [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug3: receive packet: type 21 [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug2: set_newkeys: mode 0 [preauth] debug1: rekey after 4294967296 blocks [preauth] debug1: KEX done [preauth] debug3: receive packet: type 5 [preauth] debug3: send packet: type 6 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user [USER] service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug3: mm_getpwnamallow entering [preauth] debug3: mm_request_send entering: type 8 [preauth] debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] debug3: mm_request_receive_expect entering: type 9 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 8 debug3: mm_answer_pwnamallow debug2: parse_server_config: config reprocess config len 340 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 9 debug2: monitor_read: 8 used once, disabling now debug2: input_userauth_request: setting up authctxt for [USER] [preauth] debug3: mm_start_pam entering [preauth] debug3: mm_request_send entering: type 100 [preauth] debug3: mm_inform_authserv entering [preauth] debug3: mm_request_send entering: type 4 [preauth] debug2: input_userauth_request: try method none [preauth] debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 6.615ms, delaying 2.300ms (requested 8.916ms) [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 100 debug1: PAM: initializing for "[USER]" debug1: PAM: setting PAM_RHOST to "[CLIENT IP]" debug1: PAM: setting PAM_TTY to "ssh" debug2: monitor_read: 100 used once, disabling now debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth] debug3: send packet: type 51 [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_authserv: service=ssh-connection, style=, role= debug2: monitor_read: 4 used once, disabling now debug3: receive packet: type 50 [preauth] debug1: userauth-request for user [USER] service ssh-connection method publickey [preauth] debug1: attempt 1 failures 0 [preauth] debug2: input_userauth_request: try method publickey [preauth] debug1: userauth_pubkey: test pkalg ssh-rsa pkblob RSA SHA256:[FINGERPRINT] [preauth] debug3: mm_key_allowed entering [preauth] debug3: mm_request_send entering: type 22 [preauth] debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth] debug3: mm_request_receive_expect entering: type 23 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 22 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x55e62ee4b960 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /[HOME]/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: /[HOME]/.ssh/authorized_keys:2: matching key found: RSA SHA256:[FINGERPRINT] debug1: /[HOME]/.ssh/authorized_keys:2: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Accepted key RSA SHA256:[FINGERPRINT] found at /[HOME]/.ssh/authorized_keys:2 debug1: restore_uid: 0/0 debug3: mm_answer_keyallowed: publickey authentication test: RSA key is allowed debug3: mm_request_send entering: type 23 debug3: send packet: type 60 [preauth] debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth] debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 4.852ms, delaying 4.064ms (requested 8.916ms) [preauth] Postponed publickey for [USER] from [CLIENT IP] port [CLIENT PORT] ssh2 [preauth] Connection closed by authenticating user [USER] [CLIENT IP] port [CLIENT PORT] [preauth] debug1: do_cleanup [preauth] debug3: PAM: sshpam_thread_cleanup entering [preauth] debug1: monitor_read_log: child log fd closed debug3: mm_request_receive entering debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering debug1: Killing privsep child 20979 debug1: audit_event: unhandled event 12
debug3: oom_adjust_restore debug1: Set /proc/self/oom_score_adj to 0 debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from [SERVER IP] port [CLIENT PORT] on [SERVER IP] port 22 debug1: Client protocol version 2.0; client software version libssh2_1.8.0 debug1: no match: libssh2_1.8.0 debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2 debug2: fd 3 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing seccomp filter sandbox debug2: Network child is on pid 20953 debug3: preauth child monitor started debug3: privsep user:group 106:65534 [preauth] debug1: permanently_set_uid: 106/65534 [preauth] debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] debug3: ssh_sandbox_child: attaching seccomp filter program [preauth] debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug3: send packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] debug3: receive packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug2: local server KEXINIT proposal [preauth] debug2: KEX algorithms: curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth] debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug2: ciphers ctos: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com [preauth] debug2: ciphers stoc: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com [preauth] debug2: MACs ctos: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: MACs stoc: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth] debug2: compression ctos: none,z...@openssh.com [preauth] debug2: compression stoc: none,z...@openssh.com [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug2: peer client KEXINIT proposal [preauth] debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] debug2: host key algorithms: ssh-rsa,ssh-dss [preauth] debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth] debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-...@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc [preauth] debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd...@openssh.com [preauth] debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd...@openssh.com [preauth] debug2: compression ctos: none [preauth] debug2: compression stoc: none [preauth] debug2: languages ctos: [preauth] debug2: languages stoc: [preauth] debug2: first_kex_follows 0 [preauth] debug2: reserved 0 [preauth] debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth] debug1: kex: host key algorithm: ssh-rsa [preauth] debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth] debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none [preauth] debug1: expecting SSH2_MSG_KEX_DH_GEX_REQUEST [preauth] debug3: receive packet: type 34 [preauth] debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth] debug3: mm_request_send entering: type 0 [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 2048 2048 2048 debug3: mm_request_send entering: type 1 debug2: monitor_read: 0 used once, disabling now debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth] debug3: mm_request_receive_expect entering: type 1 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_choose_dh: remaining 0 [preauth] debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] debug3: send packet: type 31 [preauth] debug2: bits set: 1023/2048 [preauth] debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] debug3: receive packet: type 32 [preauth] debug2: bits set: 1047/2048 [preauth] debug3: mm_sshkey_sign entering [preauth] debug3: mm_request_send entering: type 6 [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_sign debug3: mm_answer_sign: hostkey proof signature 0x56374f6ea810(271) debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_sshkey_sign: waiting for MONITOR_ANS_SIGN [preauth] debug3: mm_request_receive_expect entering: type 7 [preauth] debug3: mm_request_receive entering [preauth] debug3: send packet: type 33 [preauth] debug3: send packet: type 21 [preauth] debug2: set_newkeys: mode 1 [preauth] debug1: rekey after 4294967296 blocks [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug3: receive packet: type 21 [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug2: set_newkeys: mode 0 [preauth] debug1: rekey after 4294967296 blocks [preauth] debug1: KEX done [preauth] debug3: receive packet: type 5 [preauth] debug3: send packet: type 6 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user [USER] service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug3: mm_getpwnamallow entering [preauth] debug3: mm_request_send entering: type 8 [preauth] debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth] debug3: mm_request_receive_expect entering: type 9 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 8 debug3: mm_answer_pwnamallow debug2: parse_server_config: config reprocess config len 340 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 9 debug2: monitor_read: 8 used once, disabling now debug2: input_userauth_request: setting up authctxt for [USER] [preauth] debug3: mm_start_pam entering [preauth] debug3: mm_request_send entering: type 100 [preauth] debug3: mm_inform_authserv entering [preauth] debug3: mm_request_send entering: type 4 [preauth] debug2: input_userauth_request: try method none [preauth] debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 2.386ms, delaying 6.530ms (requested 8.916ms) [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 100 debug1: PAM: initializing for "[USER]" debug1: PAM: setting PAM_RHOST to "[SERVER IP]" debug1: PAM: setting PAM_TTY to "ssh" debug2: monitor_read: 100 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_authserv: service=ssh-connection, style=, role= debug2: monitor_read: 4 used once, disabling now debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth] debug3: send packet: type 51 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user [USER] service ssh-connection method publickey [preauth] debug1: attempt 1 failures 0 [preauth] debug2: input_userauth_request: try method publickey [preauth] debug1: userauth_pubkey: test pkalg ssh-rsa pkblob RSA SHA256:[FINGERPRINT] [preauth] debug3: mm_key_allowed entering [preauth] debug3: mm_request_send entering: type 22 [preauth] debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth] debug3: mm_request_receive_expect entering: type 23 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 22 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x56374f6f6910 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /[HOME]/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: /[HOME]/.ssh/authorized_keys:5: matching key found: RSA SHA256:[FINGERPRINT] debug1: /[HOME]/.ssh/authorized_keys:5: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Accepted key RSA SHA256:[FINGERPRINT] found at /[HOME]/.ssh/authorized_keys:5 debug1: restore_uid: 0/0 debug3: mm_answer_keyallowed: publickey authentication test: RSA key is allowed debug3: mm_request_send entering: type 23 debug3: send packet: type 60 [preauth] debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa [preauth] debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 8.431ms, delaying 0.485ms (requested 8.916ms) [preauth] Postponed publickey for [USER] from [SERVER IP] port [CLIENT PORT] ssh2 [preauth] debug3: receive packet: type 50 [preauth] debug1: userauth-request for user [USER] service ssh-connection method publickey [preauth] debug1: attempt 2 failures 0 [preauth] debug2: input_userauth_request: try method publickey [preauth] debug3: userauth_pubkey: have ssh-rsa signature for RSA SHA256:[FINGERPRINT] [preauth] debug3: mm_key_allowed entering [preauth] debug3: mm_request_send entering: type 22 [preauth] debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth] debug3: mm_request_receive_expect entering: type 23 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 22 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x56374f6f6910 debug1: temporarily_use_uid: 1000/1000 (e=0/0) debug1: trying public key file /[HOME]/.ssh/authorized_keys debug1: fd 4 clearing O_NONBLOCK debug1: /[HOME]/.ssh/authorized_keys:5: matching key found: RSA SHA256:[FINGERPRINT] debug1: /[HOME]/.ssh/authorized_keys:5: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding Accepted key RSA SHA256:[FINGERPRINT] found at /[HOME]/.ssh/authorized_keys:5 debug1: restore_uid: 0/0 debug3: mm_answer_keyallowed: publickey authentication: RSA key is allowed debug3: mm_request_send entering: type 23 debug3: mm_sshkey_verify entering [preauth] debug3: mm_request_send entering: type 24 [preauth] debug3: mm_sshkey_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth] debug3: mm_request_receive_expect entering: type 25 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 24 debug3: mm_answer_keyverify: publickey 0x56374f6f6c90 signature verified debug1: auth_activate_options: setting new authentication options debug3: mm_request_send entering: type 25 debug3: mm_request_receive_expect entering: type 102 debug3: mm_request_receive entering debug1: do_pam_account: called debug2: do_pam_account: auth information in SSH_AUTH_INFO_0 debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success) debug3: mm_request_send entering: type 103 Accepted publickey for [USER] from [SERVER IP] port [CLIENT PORT] ssh2: RSA SHA256:[FINGERPRINT] debug1: monitor_child_preauth: [USER] has been authenticated by privileged process debug3: mm_get_keystate: Waiting for new keys debug3: mm_request_receive_expect entering: type 26 debug3: mm_request_receive entering debug3: mm_get_keystate: GOT new keys debug1: auth_activate_options: setting new authentication options [preauth] debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa [preauth] debug3: user_specific_delay: user specific delay 0.000ms [preauth] debug3: ensure_minimum_time_since: elapsed 6.077ms, delaying 2.839ms (requested 8.916ms) [preauth] debug3: mm_do_pam_account entering [preauth] debug3: mm_request_send entering: type 102 [preauth] debug3: mm_request_receive_expect entering: type 103 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_do_pam_account returning 1 [preauth] debug3: send packet: type 52 [preauth] debug3: mm_request_send entering: type 26 [preauth] debug3: mm_send_keystate: Finished sending state [preauth] debug1: monitor_read_log: child log fd closed debug3: ssh_sandbox_parent_finish: finished debug1: PAM: establishing credentials debug3: PAM: opening session debug2: do_pam_session: auth information in SSH_AUTH_INFO_0 pam_unix(sshd:session): session opened for user [USER] by (uid=0) debug3: PAM: sshpam_store_conv called with 1 messages debug3: PAM: sshpam_store_conv called with 1 messages User child is on pid 20960 debug3: mm_request_receive entering debug3: monitor_read: checking request 113 debug3: mm_answer_audit_command entering debug3: mm_request_receive entering debug1: do_cleanup debug1: PAM: cleanup debug1: PAM: closing session pam_unix(sshd:session): session closed for user [USER] debug1: PAM: deleting credentials debug3: PAM: sshpam_thread_cleanup entering debug1: audit_event: unhandled event 12
#!/usr/bin/perl use strict; use warnings; use utf8; use open qw/:std :utf8/; my $server = $ARGV[0]; # server to try is passed as argument use WWW::Curl::Easy; my $scp = WWW::Curl::Easy->new; $scp->setopt(CURLOPT_URL, sprintf 'sftp://%s/~/curltest', $server); $scp->setopt(CURLOPT_USERNAME, '[abc123]'); $scp->setopt(CURLOPT_SSH_PUBLIC_KEYFILE, '[fq path to pubkey]'); $scp->setopt(CURLOPT_SSH_PRIVATE_KEYFILE, '[fq path to privkey]'); $scp->setopt(CURLOPT_SSH_AUTH_TYPES, CURLSSH_AUTH_PUBLICKEY); $scp->setopt(CURLOPT_READDATA, *STDOUT); $scp->setopt(CURLOPT_VERBOSE, 1); $scp->perform or die "Curl error: ", $scp->errbuf;