1162620 – fatal: monitor_read: unsupported request: 82 on server while attempting GSSAPI key exchange

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1162620 - fatal: monitor_read: unsupported request: 82 on server while attempting GSSAPI key exchange

Summary: fatal: monitor_read: unsupported request: 82 on server while attempting GSSAP...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	openssh
Sub Component:
Version:	7.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Petr Lautrbach
QA Contact:	Stanislav Zidek
Docs Contact:
URL:
Whiteboard:
Depends On:	1118005
Blocks:
TreeView+	depends on / blocked

Reported:	2014-11-11 11:36 UTC by Stanislav Zidek
Modified:	2015-03-05 09:28 UTC (History)
CC List:	8 users (show)
Fixed In Version:	openssh-6.6.1p1-7.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1118005
Environment:
Last Closed:	2015-03-05 09:28:42 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0425	0	normal	SHIPPED_LIVE	Moderate: openssh security, bug fix and enhancement update	2015-03-05 14:26:20 UTC

Description Stanislav Zidek 2014-11-11 11:36:42 UTC

I just found similar issue in RHEL-7.1 candidate.

$ rpm -q openssh
openssh-6.6.1p1-4.el7.x86_64

ssh_config:
Host *
	GSSAPIKeyExchange yes

sshd_config:
GSSAPIKeyExchange yes

client:
$ ssh tester@<IP>

Connection closed by <IP>

server (/var/log/secure):
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3795]: debug1: Forked child 3798.
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: Set /proc/self/oom_score_adj to 0
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: inetd sockets after dupping: 3, 3
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: Connection from <IP> port 47624 on 10.16.44.133 port 22
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: Enabling compatibility mode for protocol 2.0
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: Local version string SSH-2.0-OpenSSH_6.6.1
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: SELinux support enabled [preauth]
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: permanently_set_uid: 74/74 [preauth]
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: SSH2_MSG_KEXINIT received [preauth]
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: kex: client->server aes128-ctr hmac-md5-etm none [preauth]
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: kex: server->client aes128-ctr hmac-md5-etm none [preauth]
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: Doing group exchange [preauth]
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: Wait SSH2_MSG_GSSAPI_INIT [preauth]
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: Got no client credentials
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: fatal: monitor_read: unsupported request: 82
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: do_cleanup
Nov 11 06:33:36 intel-sugarbay-dh-03 sshd[3798]: debug1: Killing privsep child 3799


+++ This bug was initially created as a clone of Bug #1118005 +++

Description of problem:
Since updating to openssh-6.6.1p1-1.fc21, access fails when I try to log in using GSSAPI key exhange.  The server disconnects the client and logs:

  fatal: monitor_read: unsupported request: 82

Disabling the GSSAPIKeyExchange option on the client allows the login to succeed.

Version-Release number of selected component (if applicable):
  openssh-6.6.1p1-1.fc21.x86_64.rpm

How reproducible:
Always

Steps to Reproduce:

1. Set up a server on F21 with a keytab, say as an IPA server.
2. Use kinit on the server to get a TGT.
3. Try to ssh to the server with the client's GSSAPIAuthentication, GSSAPIDelegateCredentials, and GSSAPIKeyExchange options enabled.

Actual results:
OpenSSH_6.6.1, OpenSSL 1.0.1h-fips 5 Jun 2014
debug1: Reading configuration data /home/nalin/.ssh/config
debug1: /home/nalin/.ssh/config line 75: Applying options for blade
debug1: /home/nalin/.ssh/config line 154: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /home/nalin/.ssh/config
debug1: /home/nalin/.ssh/config line 75: Applying options for blade.bos.redhat.com
debug1: /home/nalin/.ssh/config line 125: Applying options for *.bos.redhat.com
debug1: /home/nalin/.ssh/config line 154: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to blade.bos.redhat.com [10.18.57.10] port 22.
debug1: Connection established.
debug1: identity file /home/nalin/.ssh/id_rsa type 1
debug1: identity file /home/nalin/.ssh/id_rsa-cert type -1
debug1: identity file /home/nalin/.ssh/id_dsa type 2
debug1: identity file /home/nalin/.ssh/id_dsa-cert type -1
debug1: identity file /home/nalin/.ssh/id_ecdsa type -1
debug1: identity file /home/nalin/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/nalin/.ssh/id_ed25519 type -1
debug1: identity file /home/nalin/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Offering GSSAPI proposal: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01,ssh-rsa-cert-v00,ssh-rsa,ecdsa-sha2-nistp256-cert-v01,ecdsa-sha2-nistp384-cert-v01,ecdsa-sha2-nistp521-cert-v01,ssh-ed25519-cert-v01,ssh-dss-cert-v01,ssh-dss-cert-v00,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss,null
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm,aes256-gcm,chacha20-poly1305,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm,aes256-gcm,chacha20-poly1305,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se
debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib,zlib
debug2: kex_parse_kexinit: none,zlib,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm,aes256-gcm,chacha20-poly1305,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm,aes256-gcm,chacha20-poly1305,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se
debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm,hmac-sha1-etm,umac-64-etm,umac-128-etm,hmac-sha2-256-etm,hmac-sha2-512-etm,hmac-ripemd160-etm,hmac-sha1-96-etm,hmac-md5-96-etm,hmac-md5,hmac-sha1,umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: setup hmac-md5-etm
debug1: kex: server->client aes128-ctr hmac-md5-etm none
debug2: mac_setup: setup hmac-md5-etm
debug1: kex: client->server aes128-ctr hmac-md5-etm none
debug1: Doing group exchange

debug2: bits set: 1514/3072
debug1: Calling gss_init_sec_context
debug1: Delegating credentials
Connection closed by 10.18.57.10

Expected results:
Login succeeds.

Additional info:
Downgrading the server back to 6.4p1-4.fc21 works around it.

--- Additional comment from Petr Lautrbach on 2014-07-10 13:57:36 EDT ---

Thanks for the report.

I'm not sure if I'm able to reproduce the same issue but I'm able to login using openssh-6.6.1p1-1.1.fc20.1 [1] on f20 and I can't do the same with the same package or with openssh-6.4p1-4.fc21.x86_64 on rawhide. But my rawhide host could be mis-configured since I get "wrong principal" error message. 

The patch with gsskex support hasn't changed at all between 6.4 and 6.6 so it could be some change in rebase package or in used libraries.

I'll try to setup clean environments and try to investigate it more.

[1] http://koji.fedoraproject.org/koji/taskinfo?taskID=7125711

Comment 4 errata-xmlrpc 2015-03-05 09:28:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0425.html

Note You need to log in before you can comment on or make changes to this bug.