Hi,
I am running a relay and other servers. Sometimes doing SSHD over Tor via a hidden service in a VPS in openbsd.amsterdam. In all my other setups, in other providers, I do not see this problem happening.
Upon connecting for the first time, I do get a "banner line contains invalid characters" error, and the connection is terminated. (MSG1) Upon connecting for the second time, everything goes smooth. (MSG2)
Problem is happening on my 2 servers in openbsd.amsterdam.
Any directions into debugging this problem? Both via Tor or via SSHD?
Is it possible a bad guard is logging the IPs first connecting, then dropping the connection, and then allowing the connection to succeed later?
Any directions would be appreciated to solve the problem.
System: uname -a OpenBSD xxxx.yyyy.com 7.6 GENERIC#501 amd64 Tor version: Tor version 0.4.8.13.
MSG1 (BAD):
localhost:~# torify ssh -v ams02 OpenSSH_9.9p1, OpenSSL 3.3.2 3 Sep 2024 debug1: Reading configuration data /root/.ssh/config debug1: /root/.ssh/config line 284: Applying options for ams02 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: Connecting to ngbjd5vpxamy5d63hcflinghioo2qa5e75uiysscmo4ml5qd4rpaobid.onion [127.42.42.0] port 60113. debug1: Connection established. debug1: identity file /root/.ssh/oams002_2 type 0 debug1: identity file /root/.ssh/oams002_2-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.9 kex_exchange_identification: banner line contains invalid characters banner exchange: Connection to 127.42.42.0 port 60113: invalid format
MSG2 (OK):
localhost:~# torify ssh -v ams02 OpenSSH_9.9p1, OpenSSL 3.3.2 3 Sep 2024 debug1: Reading configuration data /root/.ssh/config localhost:~# torify ssh -v ams02 OpenSSH_9.9p1, OpenSSL 3.3.2 3 Sep 2024 debug1: Reading configuration data /root/.ssh/config debug1: /root/.ssh/config line 284: Applying options for ams02 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: Connecting to ngbjd5vpxamy5d63hcflinghioo2qa5e75uiysscmo4ml5qd4rpaobid.onion [127.42.42.0] port 60113. debug1: Connection established. debug1: identity file /root/.ssh/oams002_2 type 0 debug1: identity file /root/.ssh/oams002_2-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_9.9 debug1: compat_banner: match: OpenSSH_9.9 pat OpenSSH* compat 0x04000000 debug1: Authenticating to ngbjd5vpxamy5d63hcflinghioo2qa5e75uiysscmo4ml5qd4rpaobid.onion:60113 as 'xxxxxxxxxx' debug1: load_hostkeys: fopen /root/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: sntrup761x25519-sha512 debug1: kex: host key algorithm: ssh-ed25519 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
--x9p