ssh to qemu authorization failure

[Glickman, Claudio]

Hi all,

 

Trying to run on Ubuntu 17. The ssh to qemu fails with the following error:

sudo ssh -v -i /home/claudiog/.ssh/id_rsa -p 10021 -o "StrictHostKeyChecking no" -o "IdentitiesOnly yes" root@localhost
OpenSSH_7.5p1 Ubuntu-10ubuntu0.1, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 10021.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/claudiog/.ssh/id_rsa type 1
*debug1: key_load_public: No such file or directory
**debug1: identity file /home/claudiog/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5p1 Ubuntu-10ubuntu0.1
ssh_exchange_identification: read: Connection reset by peer

I exported the host id_rsa.pub to qemu ~/.ssh/authorization_keys.
I assume I'm missing something regarding to ssh-keygen - **certificates?
Anybody can help?

 

Thanks.

 

 

---------------------------------------------------------------------
Intel Israel (74) Limited

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

[Andrey Konovalov]

On Wed, Feb 21, 2018 at 7:49 AM, Glickman, Claudio
<claudio....@intel.com> wrote:
> Hi all,
>
>
>
> Trying to run on Ubuntu 17. The ssh to qemu fails with the following error:
>
>
> sudo ssh -v -i /home/claudiog/.ssh/id_rsa -p 10021 -o "StrictHostKeyChecking
> no" -o "IdentitiesOnly yes" root@localhost
> OpenSSH_7.5p1 Ubuntu-10ubuntu0.1, OpenSSL 1.0.2g 1 Mar 2016
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to localhost [127.0.0.1] port 10021.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: identity file /home/claudiog/.ssh/id_rsa type 1
> *debug1: key_load_public: No such file or directory
> **debug1: identity file /home/claudiog/.ssh/id_rsa-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.5p1 Ubuntu-10ubuntu0.1
> ssh_exchange_identification: read: Connection reset by peer
>
> I exported the host id_rsa.pub to qemu ~/.ssh/authorization_keys.
> I assume I'm missing something regarding to ssh-keygen - **certificates?
> Anybody can help?

Hi!

What kind of image do you use for the vm?

Does /etc/ssh/sshd_config have PermitRootLogin set to yes?
Does /etc/ssh/sshd_config have PubkeyAuthentication set to yes?
Does /etc/ssh/sshd_config have AuthorizedKeysFile point to
~/.ssh/authorization_keys?

>
>
>
> Thanks.
>
>
>
>
>
> ---------------------------------------------------------------------
> Intel Israel (74) Limited
>
> This e-mail and any attachments may contain confidential material for
> the sole use of the intended recipient(s). Any review or distribution
> by others is strictly prohibited. If you are not the intended
> recipient, please contact the sender and delete all copies.
>

> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Dmitry Vyukov]

FWIW we have a working sshd config at the bottom of vm/qemu/qemu.go

[Glickman, Claudio]

I'm running qemu with parameters from /docs/linux/Ubuntu - with ssh port forwarding 22 -> 10021.

> sudo ssh -v -i /home/claudiog/.ssh/id_rsa -p 10021 -o
> "StrictHostKeyChecking no" -o "IdentitiesOnly yes" root@localhost

qemu-system-x86_64 \
-kernel $KERNEL/arch/x86/boot/bzImage \
-append "console=ttyS0 root=/dev/sda debug earlyprintk=serial slub_debug=QUZ"\
-hda $IMAGE/wheezy.img \
-net user,hostfwd=tcp::10021-:22 -net nic \
-enable-kvm \
-nographic \
-m 2G \
-smp 2 \
-pidfile vm.pid \
2>&1 | tee vm.log

Sshd_config is ok.

[Dmitry Vyukov]

On Sun, Feb 25, 2018 at 2:16 PM, Glickman, Claudio
<claudio....@intel.com> wrote:
>
> I'm running qemu with parameters from /docs/linux/Ubuntu - with ssh port forwarding 22 -> 10021.
>
>> sudo ssh -v -i /home/claudiog/.ssh/id_rsa -p 10021 -o
>> "StrictHostKeyChecking no" -o "IdentitiesOnly yes" root@localhost
>
> qemu-system-x86_64 \
> -kernel $KERNEL/arch/x86/boot/bzImage \
> -append "console=ttyS0 root=/dev/sda debug earlyprintk=serial slub_debug=QUZ"\
> -hda $IMAGE/wheezy.img \
> -net user,hostfwd=tcp::10021-:22 -net nic \
> -enable-kvm \
> -nographic \
> -m 2G \
> -smp 2 \
> -pidfile vm.pid \
> 2>&1 | tee vm.log
>
> Sshd_config is ok.

Your sshd rejects the connection, so sshd config is probably not OK.
Why do you think it is OK?
As I wrote in the issue, I would suggest to enable debug in sshd
config, then you can see the exact reason it rejected the connection
in sshd log.

[Glickman, Claudio]

I meant sshd_config parameters include all listed in qemu.go and ssh pubkey authorization works fine with the file between two Linux machines.
Got nothing from logs on both port 22/11021:

debug1: sshd version OpenSSH_6.0p1 Debian-4+deb7u4
debug1: read PEM private key done: type RSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-e'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 127.0.0.1.
Server listening on 127.0.0.1 port 22.

-----Original Message-----
From: Dmitry Vyukov [mailto:dvy...@google.com]
Sent: Sunday, February 25, 2018 15:29
To: Glickman, Claudio <claudio....@intel.com>
Cc: Andrey Konovalov <andre...@google.com>; syzk...@googlegroups.com
Subject: Re: ssh to qemu authorization failure

[Dmitry Vyukov]

On Sun, Feb 25, 2018 at 4:49 PM, Glickman, Claudio
<claudio....@intel.com> wrote:
> I meant sshd_config parameters include all listed in qemu.go and ssh pubkey authorization works fine with the file between two Linux machines.

Then what's different when it works and when it does not work?

> Got nothing from logs on both port 22/11021:
>
> debug1: sshd version OpenSSH_6.0p1 Debian-4+deb7u4
> debug1: read PEM private key done: type RSA
> debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
> debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
> debug1: private host key: #0 type 1 RSA
> debug1: read PEM private key done: type DSA
> debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
> debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
> debug1: private host key: #1 type 2 DSA
> debug1: read PEM private key done: type ECDSA
> debug1: Checking blacklist file /usr/share/ssh/blacklist.ECDSA-256
> debug1: Checking blacklist file /etc/ssh/blacklist.ECDSA-256
> debug1: private host key: #2 type 3 ECDSA
> debug1: rexec_argv[0]='/usr/sbin/sshd'
> debug1: rexec_argv[1]='-ddd'
> debug1: rexec_argv[2]='-e'
> Set /proc/self/oom_score_adj from 0 to -1000
> debug1: Bind to port 22 on 127.0.0.1.
> Server listening on 127.0.0.1 port 22.

Since ssh connects to the machine:

debug1: Connecting to localhost [127.0.0.1] port 10021.
debug1: Connection established.

there must be something in sshd logs on max debug level, no?

[Glickman, Claudio]

Works on real LAN, doesn't work host to VM.

[Dmitry Vyukov]

/\/\/\/\/\/\/\/\/\/\/\/\/\/\

Looking at this part, are you sure you have network up in the vm? What
does ifconfig say? What's full kernel boot output?

[Glickman, Claudio]

I have lo link up on vm with IP 127.0.0.1 - sshd listening on it but not receiving anything.
Eth0 trial fails on qemu boot: device not found.

Thanks.

-----Original Message-----
From: Dmitry Vyukov [mailto:dvy...@google.com]
Sent: Monday, February 26, 2018 09:00
To: Glickman, Claudio <claudio....@intel.com>
Cc: Andrey Konovalov <andre...@google.com>; syzk...@googlegroups.com
Subject: Re: ssh to qemu authorization failure

[Andrey Konovalov]

On Sun, Mar 4, 2018 at 2:31 PM, Glickman, Claudio
<claudio....@intel.com> wrote:
> I have lo link up on vm with IP 127.0.0.1 - sshd listening on it but not receiving anything.
> Eth0 trial fails on qemu boot: device not found.

lo is a loopback device, it can't accept external connections.

You need to set up eth0, perhaps you're missing the appropriate
drivers, try this:

https://github.com/google/syzkaller/commit/c40895075b442de21dcbf30262c55943f52f81b2

[Andrey Konovalov]

On Mon, Mar 5, 2018 at 3:50 PM, Glickman, Claudio
<claudio....@intel.com> wrote:
> Hi Andrey,
> I enabled eth on qemu but I think I'm still missing some routing configuration for external connection.
>
> Thanks a lot for your help.

You need to ssh to ro...@127.0.0.1, since QEMU is listening on localhost.

>
>
>
> -----Original Message-----
> From: Andrey Konovalov [mailto:andre...@google.com]

[Andrey Konovalov]

On Mon, Mar 5, 2018 at 4:45 PM, Andrey Konovalov <andre...@google.com> wrote:
> On Mon, Mar 5, 2018 at 3:50 PM, Glickman, Claudio
> <claudio....@intel.com> wrote:
>> Hi Andrey,
>> I enabled eth on qemu but I think I'm still missing some routing configuration for external connection.
>>
>> Thanks a lot for your help.
>
> You need to ssh to ro...@127.0.0.1, since QEMU is listening on localhost.

To the correct port (10021), obviously.

[Glickman, Claudio]

Thanks Andrey.
I'm able now to connect ssh to qemu.
It would also be interesting to have access to vm instance during fuzzer running - if possible. Can you pleas instruct me regarding syz-manager qemu vm networking configuration?

[Dmitry Vyukov]

On Thu, Mar 8, 2018 at 3:11 PM, Glickman, Claudio
<claudio....@intel.com> wrote:
> Thanks Andrey.
> I'm able now to connect ssh to qemu.
> It would also be interesting to have access to vm instance during fuzzer running - if possible. Can you pleas instruct me regarding syz-manager qemu vm networking configuration?

Run syz-manager with -debug flags, it will print qemu and ssh command lines.

[Andrey Konovalov]

On Thu, Mar 8, 2018 at 3:11 PM, Glickman, Claudio
<claudio....@intel.com> wrote:
> Thanks Andrey.
> I'm able now to connect ssh to qemu.
> It would also be interesting to have access to vm instance during fuzzer running - if possible. Can you pleas instruct me regarding syz-manager qemu vm networking configuration?

You can also run syz-manager and then "ps -aux | grep qemu" to see the
QEMU instances. You'll see port numbers there and you can just ssh to
these ports from host to connect to each of the instances.

[Aditi Aditi]

Hi all,

I am facing a similar problem. I am trying to ssh from my guest machine (WSL) into a QEMU VM, running linux 5.16.10 with default image from Yocto on aarch64 [image core-image-minimal-dev-qemuarm64.ext4 from http://downloads.yoctoproject.org/releases/yocto/yocto-3.4/machines/qemu/qemuarm64/  ]

I compiled Linux 5.16.10 locally (it had CONFIG_VIRTIO_NET=y CONFIG_E1000=y CONFIG_E1000E=y by default). Here is the command that I'm running: qemu-system-aarch64 -machine virt,mte=on -cpu max -kernel linux-5.16.10/arch/arm64/boot/Image -hda ../../../Downloads/core-image-minimal-dev-qemuarm64.ext4 -m 2G -serial stdio -append "root=/dev/vda" -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22

and then I try to ssh using command "ssh -vvv root@localhost -p5555". Here is the output : [Connection closed by remote host]

On the guest VM, I added my local id_rsa.pub file contents to the VM's /etc/ssh/authorized_keys file. I also manually added a sshd_config file in /etc/ssh folder. I ran 'ps aux | grep ssh' but didn't find anything.

Also ifconfig on the VM only returns "lo" and no ethernet interface.

Lastly, I also tried a slightly different qemu command - 

'qemu-system-aarch64 -machine virt,mte=on -cpu max -kernel linux-5.16.10/arch/arm64/boot/Image -hda ../../../Downloads/core-image-minimal-dev-qemuarm64.ext4 -m 2G -serial stdio -append "root=/dev/vda" -chardev socket,path=/tmp/port1,server=on,wait=off,id=port1-char -device virtio-serial -device virtserialport,id=port1,chardev=port1-char,name=org.fedoraproject.port.0 -net user,hostfwd=tcp::5555-:22 -net nic', but SSH again fails with the same error as above.

It'd be great if you could help me figure out the issue here.

Thanks

Aditi

[Zeshan Ahmed Nobin]

I'm also facing the same problem. I had tried PermitRootLogin yes, PubkeyAuthentication yes. my local host works.

Here's my qemu command:
```
sudo qemu-system-x86_64   -kernel /linux_work/linux_latest/arch/x86/boot/bzImage   -append "console=ttyS0 root=/dev/sda debug earlyprintk=serial slub_debug=QUZ"  -hda /linux_work/linux_latest/bullseye.img   -net user,hostfwd=tcp::10021-:22 -net nic   -enable-kvm   -nographic   -m 2G   -smp 2   -pidfile vm.pid   2>&1 | tee vm.log
```
It gives the shell `root@syzkaller`

Here's the ssh command:
```
pegasus@pegasus:~$ sudo ssh -i /linux_work/linux_latest/bullseye.id_rsa -p 10021 -o "StrictHostKeyChecking no" -v root@localhost
[sudo] password for pegasus:
OpenSSH_9.0p1 Ubuntu-1ubuntu8.2, OpenSSL 3.0.8 7 Feb 2023

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *

debug1: Connecting to localhost [127.0.0.1] port 10021.
debug1: Connection established.

debug1: identity file /linux_work/linux_latest/bullseye.id_rsa type 0
debug1: identity file /linux_work/linux_latest/bullseye.id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0p1 Ubuntu-1ubuntu8.2
kex_exchange_identification: read: Connection reset by peer
Connection reset by 127.0.0.1 port 10021
```

How to resolve it?
My host machine is amd64.