Bug 1824974

Summary: SSH client fails to connect via jumphost
Product: [Fedora] Fedora Reporter: Dmitri Smirnov <cserpentis>
Component: opensshAssignee: Jakub Jelen <jjelen>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 32CC: crypto-team, dwalsh, jfch, jjelen, lkundrak, mattias.ellert, plautrba, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-19 14:02:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitri Smirnov 2020-04-16 18:38:34 UTC 
Description of problem:


kex_exchange_identification: banner line contains invalid characters

is displayed whenever I attempt to use -J option for SSH client to connect to a machine via a jump-host


How reproducible:


Steps to Reproduce:
1. execute ssh -vvv -J $JUMPHOST $TARGETHOST with any machines that you have access to

Actual results:
kex_exchange_identification: banner line 0: \033[H\033[JSSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
kex_exchange_identification: banner line contains invalid characters

Expected results:
Access to target host

Additional info:
SSH client version:
OpenSSH_8.2p1, OpenSSL 1.1.1d FIPS  10 Sep 2019

Package version:
8.2p1-3.fc32, but also reproducible with 8.2p1-2.fc32

This seems to resemble the issue in openssh 8.1p1 mentioned here:
https://superuser.com/questions/1510997/ssh-proxyjump-on-macos-catalina-is-not-working/1528640#1528640

With patch applied here: https://github.com/openssh/openssh-portable/commit/2ab335712d084d9ccaf3f53afc3fa9535329da87#diff-5bfa45f3fb322e569a8101399c9c551cR1395
Comment 1 Jakub Jelen 2020-04-16 19:28:07 UTC 
The patch you linked is already in Fedora 32 (as OpenSSH 8.2p1 is in). We already run some tests with ProxyJump and this did not pop up so some more specific information will be needed (at least a debug log).
Comment 2 Dmitri Smirnov 2020-04-16 20:02:14 UTC 
That's whay I've figured, but I'm able to reproduce it with multiple hosts with different ubuntu version, with both -J option and ProxyCommand option. What useful logs could I provide?
Comment 3 Dmitri Smirnov 2020-04-17 08:41:45 UTC 
So, after further testing I can confirm that I cannot reproduce it with clean install in VM for Fedora 32,

The determening factor is running ssh -J command in fish shell with custom config. I will try to pinpoint which configuration breaks the SSH client and add it as a comment here for discoverability, but this does not look like a ssh issue in any way.
Comment 4 Dmitri Smirnov 2020-04-17 10:11:29 UTC 
The cause if the issue was "clear;" directive in fish config. I'm quite sure that this used to work in the past, but can't pinpoint the time it broke. I'm also not sure whether it's expected that this breaks ssh client functionality or not, so I leave it to your discretion to close this or reassign it, sorry for the disturbance.
Comment 5 Jakub Jelen 2020-11-19 14:02:44 UTC 
Running `clear` sends terminal control characters as you can see in the log:

  \033[H -- Set Cursor Position to top left 
  \033[J -- Erase in Display

https://en.wikipedia.org/wiki/ANSI_escape_code#Terminal_output_sequences

This is not a bug in Fedora, but a configuration issue.