Debian bullseye gateway failure due to outdated exchange

[EugenMayer]

I'am trying to connect to a (latest patches) debian bullseye server (lets call in target) via a (latest patches) debian bullseye (lets call it bastion). I can connect directly to the target (from a latest manjaro), but not via the bastion. The connection via the bastion worked without issue beforehand.

hosts:
  target:
    User: root
    Hostname: <redacted-target-ip>
    Port: 22
    Gateways:
      - bastion
   :
    Hostname: <redacted>
    Port: 22

Looking at the targets sshd logs / auth logs i see

DEBUG	generated ssh config file	{"buffer": "Host target\n  ChallengeResponseAuthentication yes\n  CheckHostIP yes\n  ControlMaster auto\n  ControlPath ~/.ssh/sockets/%h-%p-%r.sock\n  ControlPersist yes\n  IdentityFile ~/.ssh/id_ed25519\n  PasswordAuthentication no\n  Port 22\n  PubkeyAuthentication yes\n  ServerAliveCountMax 3\n  ServerAliveInterval 15\n  TCPKeepAlive yes\n  User root\n  # HostName: <redacted>\n  # Gateways: [bastion]\n"}
DEBUG	Host	{"host": "{\"ChallengeResponseAuthentication\":\"yes\",\"CheckHostIP\":\"yes\",\"ControlMaster\":\"auto\",\"ControlPath\":\"~/.ssh/sockets/%h-%p-%r.sock\",\"ControlPersist\":\"yes\",\"IdentityFile\":[\"~/.ssh/id_ed25519\"],\"PasswordAuthentication\":\"no\",\"Port\":\"22\",\"PubkeyAuthentication\":\"yes\",\"ServerAliveCountMax\":3,\"ServerAliveInterval\":15,\"TCPKeepAlive\":\"yes\",\"User\":\"root\",\"HostName\":\"<redacted>\",\"Gateways\":[\"bastion\"],\"Hooks\":{}}"}
DEBUG	Proxying
DEBUG	Trying gateways	{"gateways": "bastion"}
2023/02/21 09:00:39 bastion
DEBUG	getHostByName direct matching	{"name": "bastion"}
DEBUG	Using gateway	{"gateway": "bastion", "command": "ssh -W <redacted-target-ip>:22 %name"}
DEBUG	ProxyCommand	{"command": "ssh -W <redacted-target-ip>:22 bastion"}
Stdio forwarding request failed: Session open refused by peer
ERROR	Failed to use 'bastion' gateway with error:	{"error": "exit status 255"}
Error: no such available gateway
Usage:
  assh connect [flags]

Examples:
Argument is a host.

Did something in assh change?

assh:

assh info
Debug mode (client): false
CLI Path: /usr/bin/assh
Go version: go1.16
OS/Arch: linux/amd64
Version: v2.11.3 (281772c0)

    (*) General options:
        ChallengeResponseAuthentication: yes
        CheckHostIP: yes
        ControlMaster: auto
        ControlPath: ~/.ssh/sockets/%h-%p-%r.sock
        ControlPersist: yes
        IdentityFile: ~/.ssh/<redacted>
        PasswordAuthentication: no
        Port: 22
        PubkeyAuthentication: yes
        ServerAliveCountMax: 3
        ServerAliveInterval: 15
        TCPKeepAlive: yes

Do i miss anything obvious? Sorry if it is just a layer8 - just wondering .. it just used to work about 3 weeks ago.

[EugenMayer]

Any chance to get this moving?

e.g. i can use

ssh -J bastian-alias user@remote-ip

without any issues.

i cannot use

ssh -J bastian-alias remote-alias

But i assume this is expected.

Since the former works without issues, i expect this to be somewhat of an assh issue. Thanks!