Bug 1824974 - SSH client fails to connect via jumphost
Summary: SSH client fails to connect via jumphost
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 32
Hardware: x86_64
OS: Linux
low
low
Target Milestone: ---
Assignee: Jakub Jelen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-16 18:38 UTC by Dmitri Smirnov
Modified: 2020-11-19 14:02 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2020-11-19 14:02:44 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Dmitri Smirnov 2020-04-16 18:38:34 UTC 
Description of problem:


kex_exchange_identification: banner line contains invalid characters

is displayed whenever I attempt to use -J option for SSH client to connect to a machine via a jump-host


How reproducible:


Steps to Reproduce:
1. execute ssh -vvv -J $JUMPHOST $TARGETHOST with any machines that you have access to

Actual results:
kex_exchange_identification: banner line 0: \033[H\033[JSSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
kex_exchange_identification: banner line contains invalid characters

Expected results:
Access to target host

Additional info:
SSH client version:
OpenSSH_8.2p1, OpenSSL 1.1.1d FIPS  10 Sep 2019

Package version:
8.2p1-3.fc32, but also reproducible with 8.2p1-2.fc32

This seems to resemble the issue in openssh 8.1p1 mentioned here:
https://superuser.com/questions/1510997/ssh-proxyjump-on-macos-catalina-is-not-working/1528640#1528640

With patch applied here: https://github.com/openssh/openssh-portable/commit/2ab335712d084d9ccaf3f53afc3fa9535329da87#diff-5bfa45f3fb322e569a8101399c9c551cR1395
Comment 1 Jakub Jelen 2020-04-16 19:28:07 UTC 
The patch you linked is already in Fedora 32 (as OpenSSH 8.2p1 is in). We already run some tests with ProxyJump and this did not pop up so some more specific information will be needed (at least a debug log).
Comment 2 Dmitri Smirnov 2020-04-16 20:02:14 UTC 
That's whay I've figured, but I'm able to reproduce it with multiple hosts with different ubuntu version, with both -J option and ProxyCommand option. What useful logs could I provide?
Comment 3 Dmitri Smirnov 2020-04-17 08:41:45 UTC 
So, after further testing I can confirm that I cannot reproduce it with clean install in VM for Fedora 32,

The determening factor is running ssh -J command in fish shell with custom config. I will try to pinpoint which configuration breaks the SSH client and add it as a comment here for discoverability, but this does not look like a ssh issue in any way.
Comment 4 Dmitri Smirnov 2020-04-17 10:11:29 UTC 
The cause if the issue was "clear;" directive in fish config. I'm quite sure that this used to work in the past, but can't pinpoint the time it broke. I'm also not sure whether it's expected that this breaks ssh client functionality or not, so I leave it to your discretion to close this or reassign it, sorry for the disturbance.
Comment 5 Jakub Jelen 2020-11-19 14:02:44 UTC 
Running `clear` sends terminal control characters as you can see in the log:

  \033[H -- Set Cursor Position to top left 
  \033[J -- Erase in Display

https://en.wikipedia.org/wiki/ANSI_escape_code#Terminal_output_sequences

This is not a bug in Fedora, but a configuration issue.
Note You need to log in before you can comment on or make changes to this bug.