1164061 – [Build 20200215] openQA test fails in sshd with a connection to localhost being terminated when the host key is expected

Bug 1164061 - [Build 20200215] openQA test fails in sshd with a connection to localhost being terminated when the host key is expected

Summary: [Build 20200215] openQA test fails in sshd with a connection to localhost bei...

Status:	NEW

Alias:	None

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Basesystem (show other bugs)
Version:	Current
Hardware:	i586 Other

Priority:	P5 - None Severity: Critical (vote)
Target Milestone:	---
Assignee:	Hans Petter Jansson
QA Contact:	E-mail List

URL:	https://openqa.opensuse.org/tests/117...
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-02-18 08:51 UTC by Oliver Kurz
Modified:	2023-05-30 10:41 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	Yes
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Oliver Kurz 2020-02-18 08:51:07 UTC

## Observation

openQA test in scenario opensuse-Tumbleweed-GNOME-Live-i686-gnome-live@32bit fails in
[sshd](https://openqa.opensuse.org/tests/1176124/modules/sshd/steps/28)
with:

```
# Result:

[1msusetest:~ #[m(B ssh -v -l sshboy localhost -t
OpenSSH_8.1p1, OpenSSL 1.1.1d  10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: SELinux support disabled
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1
debug1: match: OpenSSH_8.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'sshboy'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by ::1 port 22
[1msusetest:~ #[m(B 
```

## Test suite description
Maintainer: okurz@suse.de, dimstar@opensuse.org

Test for openSUSE GNOME Next Live-Media

EXCLUDE_MODULES is a workaround for https://bugzilla.opensuse.org/show_bug.cgi?id=1138401#c10


## Reproducible

Fails since Build [20200215](https://openqa.opensuse.org/tests/1176124) and is clearly reproducible as visible in https://openqa.opensuse.org/tests/1176124#next_previous


## Expected result

Last good: [20200214](https://openqa.opensuse.org/tests/1175446) (or more recent)

showing:

```
# Result:

[1msusetest:~ #[m(B ssh -v -l sshboy localhost -t
OpenSSH_8.1p1, OpenSSL 1.1.1d  10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: SELinux support disabled
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1
debug1: match: OpenSSH_8.1 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'sshboy'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:BnuMBULOEc9AclvwLTkDorTXxlVrERdzS9snyp6cGG4

The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:BnuMBULOEc9AclvwLTkDorTXxlVrERdzS9snyp6cGG4.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
```

with the test handling this and subsequently passing.


## Further details

Always latest result in this scenario: [latest](https://openqa.opensuse.org/tests/latest?arch=i686&distri=opensuse&flavor=GNOME-Live&machine=32bit&test=gnome-live&version=Tumbleweed)

Comment 1 Oliver Kurz 2020-02-18 08:59:05 UTC

https://openqa.opensuse.org/factory-package-news/diff/20200215 shows all related product changes, IMHO most likely culprit:

```
==== glibc ====
Version update (2.30 -> 2.31)
Subpackages: glibc-32bit glibc-devel glibc-extra glibc-info glibc-locale glibc-locale-base nscd

- fix-locking-in-_IO_cleanup.patch: update to latest version
- Update to glibc 2.31
  * The GNU C Library now supports a feature test macro _ISOC2X_SOURCE to
    enable features from the draft ISO C2X standard
  * The <math.h> functions that round their results to a narrower type now
    have corresponding type-generic macros in <tgmath.h>
  * The function pthread_clockjoin_np has been added, enabling join with a
    terminated thread with a specific clock
  * New locale added: mnw_MM (Mon language spoken in Myanmar).
  * The DNS stub resolver will optionally send the AD (authenticated data) bit
    in queries if the trust-ad option is set via the options directive in
    /etc/resolv.conf (or if RES_TRUSTAD is set in _res.options)
  * The totalorder and totalordermag functions, and the corresponding
    functions for other floating-point types, now take pointer arguments to
    avoid signaling NaNs possibly being converted to quiet NaNs in argument
    passing
  * The obsolete function stime is no longer available to newly linked
    binaries, and its declaration has been removed from <time.h>
  * The gettimeofday function no longer reports information about a
    system-wide time zone
  * If a lazy binding failure happens during dlopen, during the execution of
    an ELF constructor, the process is now terminated
- malloc-info-whitespace.patch, riscv-vfork.patch,
  prefer-map-32bit-exec.patch, backtrace-powerpc.patch,
  ldconfig-dynstr.patch: Removed.
- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC
  (bsc#1158996, BZ #25423)
- Drop support for pluggable gconv modules (bsc#1159851)
```