<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal" style="margin-bottom:12.0pt">Classification: <b><span style="color:#08298A">HCL Internal</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thanks Konstantin Klubnichkin for your response.<br>
<br>
I have tried this changes in my build, but it is not working.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I have tried “-v” and the below logs are shown but it is not going to password prompt and also not throwing any error.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: Reading configuration data /etc/ssh/ssh_config<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: /etc/ssh/ssh_config line 58: Applying options for *<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: Connecting to 10.0.128.108 [10.0.128.108] port 22.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: Connection established.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: permanently_set_uid: 0/0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: key_load_public: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: identity file /root/.ssh/id_rsa type -1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: key_load_public: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: identity file /root/.ssh/id_rsa-cert type -1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: key_load_public: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: identity file /root/.ssh/id_dsa type -1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: key_load_public: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: identity file /root/.ssh/id_dsa-cert type -1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: key_load_public: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: identity file /root/.ssh/id_ecdsa type -1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: key_load_public: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: identity file /root/.ssh/id_ecdsa-cert type -1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: key_load_public: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: identity file /root/.ssh/id_ed25519 type -1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: key_load_public: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: identity file /root/.ssh/id_ed25519-cert type -1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: Enabling compatibility mode for protocol 2.0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">debug1: Local version string SSH-2.0-OpenSSH_7.4<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Jayashree</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><a name="_____replyseparator"></a><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Konstantin Klubnichkin <kitsok@yandex-team.ru>
<br>
<b>Sent:</b> Monday, September 14, 2020 4:18 PM<br>
<b>To:</b> Jayashree D <jayashree-d@hcl.com>; openbmc@lists.ozlabs.org<br>
<b>Subject:</b> Re: Connection issue in OpenBMC image<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;line-height:12.0pt;background:#FFEB9C">
<span style="font-size:10.0pt;color:red">[CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.]</span><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">Hello Jayashree!<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">I've faced issue in dropbear and public key authentication.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">To investigate further I've added "-v" to ssh client. The connection is closed and a message about Non-matching signing type appears in OpenBMC log, I can't find it now.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">I've found solution somewhere in Github issues, can't find the page, but here is my patch to dropbear:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">===================================================================<o:p></o:p></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal">diff --git a/signkey.c b/signkey.c<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">index 92fe6a2..206a886 100644<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">--- a/signkey.c<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">+++ b/signkey.c<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">@@ -657,8 +657,11 @@ int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">sigtype = signature_type_from_name(type_name, type_name_len);<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">m_free(type_name);<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">- if (expect_sigtype != sigtype) {<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">- dropbear_exit("Non-matching signing type");<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">+ if (sigtype == DROPBEAR_SIGNATURE_NONE) {<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">+ dropbear_exit("No signature type");<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">+ }<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">+ if ((expect_sigtype != DROPBEAR_SIGNATURE_RSA_SHA256) && (expect_sigtype != sigtype)) {<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">+ dropbear_exit("Non-matching signing type");<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">}<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">keytype = signkey_type_from_signature(sigtype);<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">--<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">2.7.4<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal">===================================================================<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal">Hope this may help.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">14.09.2020, 12:34, "Jayashree D" <<a href="mailto:jayashree-d@hcl.com">jayashree-d@hcl.com</a>>:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:0in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Classification: <strong>
<span style="font-family:"Calibri",sans-serif;color:#08298A">HCL Internal</span></strong><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi Team,</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">In the latest openbmc build, after flashing the image in the target, we are not able to connect the tiogapass and yosemitev2 through SSH.
Is this due to any latest changes in the commit ?</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><br>
<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Regards,</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Jayashree</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p style="margin:0in;margin-bottom:.0001pt"><strong><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></strong><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Jayashree D<br>
<strong><span style="font-family:"Calibri",sans-serif">Sent:</span></strong> Friday, September 11, 2020 4:49 PM<br>
<strong><span style="font-family:"Calibri",sans-serif">To:</span></strong> </span>
<a href="mailto:openbmc@lists.ozlabs.org"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">openbmc@lists.ozlabs.org</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><br>
<strong><span style="font-family:"Calibri",sans-serif">Subject:</span></strong> Connection issue in OpenBMC image<o:p></o:p></span></p>
</div>
</div>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:0in">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Classification: <strong>
<span style="font-family:"Calibri",sans-serif;color:#08298A">HCL Internal</span></strong><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Hi Team,<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">In openbmc build, after flashing the latest image (September first week) we are not able to connect tiogapass and yosemitev2 through SSH.<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">We tried flashing old image (August last week) in tiogapass & yosemitev2 and we are able to connect both.<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">After flashing latest image, in uart-console, we get the below logs as “CLOSE_WAIT” for netstat.<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><a href="mailto:root@tiogapass"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">root@tiogapass</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">:~# netstat<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Active Internet connections (w/o servers)<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Proto Recv-Q Send-Q Local Address Foreign Address State <o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:60516 CLOSE_WAIT <o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:34652 CLOSE_WAIT <o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">tcp 22 0 ::ffff:10.0.128.108:ssh controller.fava.net:58700 CLOSE_WAIT<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Could anyone please provide comments on this?<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Thanks,<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Jayashree<o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Arial",sans-serif">::DISCLAIMER::</span>
<o:p></o:p></p>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="100%" align="center">
</div>
<p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Arial",sans-serif">The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or
HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any
email and/or attachments, please check them for viruses and other defects.</span>
<o:p></o:p></p>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="100%" align="center">
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">-- <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Best regards,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Konstantin Klubnichkin,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">lead firmware engineer,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">server hardware R&D group,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Yandex Moscow office.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">tel: +7-903-510-33-33<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
</div>
</body>
</html>