AuthorizedKeysCommand bug

sshd_config

Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
GatewayPorts no
KbdInteractiveAuthentication yes
KexAlgorithms [email protected],curve25519-sha256,[email protected],diffie-hellman-group-exchange-sha256
LogLevel DEBUG
Macs [email protected],[email protected],[email protected]
PasswordAuthentication no
PermitRootLogin no
UseDns no
X11Forwarding no
UsePAM yes

Banner none

AddressFamily any
Port 22





Subsystem sftp /nix/store/s1xnsm86dy195fr4i4n984ivakrvjv9d-openssh-9.3p1/libexec/sftp-server 

PrintMotd no # handled by pam_motd
AuthorizedKeysFile %h/.ssh/authorized_keys /etc/ssh/authorized_keys.d/%u
AuthorizedKeysCommand /ssh-proxy/authorized_keys_command "%u" "%t" "%k"
AuthorizedKeysCommandUser nobody


HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

sudo journalctl -u sshd -f

Nov 22 11:35:02 bitbop-proxy sshd[32681]: debug1: Forked child 33239.
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Set /proc/self/oom_score_adj to 0
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: inetd sockets after dupping: 4, 4
Nov 22 11:35:02 bitbop-proxy sshd[33239]: Connection from 73.169.190.84 port 49799 on 172.31.36.207 port 22 rdomain ""
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Local version string SSH-2.0-OpenSSH_9.3
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Remote protocol version 2.0, remote software version OpenSSH_9.0
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: compat_banner: match: OpenSSH_9.0 pat OpenSSH* compat 0x04000000
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: permanently_set_uid: 997/997 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-ed25519 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_KEXINIT received [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kex: algorithm: [email protected] [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: rekey out after 134217728 blocks [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Sending SSH2_MSG_EXT_INFO [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: rekey in after 134217728 blocks [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: KEX done [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth-request for user foobar service ssh-connection method none [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: attempt 0 failures 0 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: Invalid user foobar from 73.169.190.84 port 49799
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: PAM: initializing for "foobar"
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: PAM: setting PAM_RHOST to "73.169.190.84"
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: PAM: setting PAM_TTY to "ssh"
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth-request for user foobar service ssh-connection method publickey [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: attempt 1 failures 0 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:2PK51kBO0PK56yA8VNaD3J3gaIiVpNjmKch2aWCu8Hw [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth-request for user foobar service ssh-connection method publickey [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: attempt 2 failures 1 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:MoSX2msdk27hf0OGTFi+ce5G6jIr98SCuW6/X/KNzac [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth-request for user foobar service ssh-connection method keyboard-interactive [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: attempt 3 failures 2 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: keyboard-interactive devs  [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: auth2_challenge: user=foobar devs= [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kbdint_alloc: devices 'pam' [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: auth2_challenge_start: trying authentication method 'pam' [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: error: PAM: Authentication failure for illegal user foobar from 73.169.190.84
Nov 22 11:35:02 bitbop-proxy sshd[33239]: Failed keyboard-interactive/pam for invalid user foobar from 73.169.190.84 port 49799 ssh2
Nov 22 11:35:02 bitbop-proxy sshd[33239]: Connection closed by invalid user foobar 73.169.190.84 port 49799 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: do_cleanup [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: monitor_read_log: child log fd closed
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: do_cleanup
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: PAM: cleanup
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Killing privsep child 33240