bugzilla-daemon at mindrot.org
2003-Sep-17 13:01 UTC
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
http://bugzilla.mindrot.org/show_bug.cgi?id=653
Summary: sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: Alpha
OS/Version: other
Status: NEW
Severity: critical
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: Ole.H.Nielsen at fysik.dtu.dk
I upgraded OpenSSH 3.6.1p2 to 3.7.1p1 on a couple of HP/Compaq Tru64 UNIX
systems.
Version 3.6.1p2 works like a charm !
After restarting the sshd daemon I try to login using ssh from several remote
systems, but the login breaks pretty early on. Nothing seems to be logged
to the syslog.
Details:
OS: HP/Compaq Tru64 UNIX version 5.1A (same problem on Tru64 4.0F)
Compiler: Compaq C V6.4-014 on Compaq Tru64 UNIX V5.1A
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-17 13:05 UTC
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
http://bugzilla.mindrot.org/show_bug.cgi?id=653 ------- Additional Comments From Ole.H.Nielsen at fysik.dtu.dk 2003-09-17 23:05 ------- Created an attachment (id=409) --> (http://bugzilla.mindrot.org/attachment.cgi?id=409&action=view) SSH login attempt verbose log ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-17 18:27 UTC
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
http://bugzilla.mindrot.org/show_bug.cgi?id=653
------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-18 04:27
-------
I have exactly same experience. I compiled now 3.6.1p2 and 3.7.1p1 with same
configure commandline and got same problem. Connectio breaks right after
"SSH2_MSG_KEXINIT sent"
$ ssh -v -v -v -l root -p 443 serow
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x009060af
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to serow [146.107.217.72] port 443.
debug1: Connection established.
debug1: identity file /home/mokrejs/.ssh/identity type 0
debug1: identity file /home/mokrejs/.ssh/id_rsa type 0
debug3: Not a RSA1 key file /home/mokrejs/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/mokrejs/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p1
debug1: match: OpenSSH_3.7.1p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
Connection closed by 146.107.217.72
debug1: Calling cleanup 0x8062440(0x0)
mokrejs at vrapenec$
$ ./configure --prefix=/usr/local --with-tcp-wrappers
--with-ssl-dir=/software/@sys/usr/openssl --with-prngd-socket=/var/run/egd-p
ool
--with-default-path=/software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/afs/bin:/software/@sys/usr/openssl/bin:/usr/local/bin:/us
r/local/sbin:/usr/bin:/bin:/sbin:/usr/sbin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin
--with-xauth=/usr/bin/X11/xauth --with-zlib --with-osfsia
--with-login=/usr/bin/login --without-privsep
The server says:
# ./sshd -p 443 -D -d -d -d
debug2: read_server_config: filename /usr/local/etc/sshd_config
debug1: sshd version OpenSSH_3.7.1p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 443 on 0.0.0.0.
Server listening on 0.0.0.0 port 443.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 146.107.217.207 port 34077
debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.7.1p1
debug2: Network child is on pid 34085
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: privsep user:group 15:22
debug1: permanently_set_uid: 15/22
permanently_set_uid: was able to restore old [e]gid
debug1: Calling cleanup 0x12006ff40(0x0)
#
I suspect inability to read RAND data(below is truss snippet from ./sshd -D -d
-d -d execution).
33868: fork() = 33871
33871: fork() (returning as child ...) = 33871
debug2: Network child is on pid 33871
33868: write(2, " d e b u g 2 : N e t w".., 39) = 39
33871: getsysinfo(67, 0x000000011FFFB0F0, 4, 0x00000000, 0x00000000,
0x00000000) = 1
33868: close(3) = 0
33871: close(7) = 0
debug3: preauth child monitor started
33868: write(2, " d e b u g 3 : p r e a".., 39) = 39
33871: getuid() = 0 [ 0 ]
debug3: mm_request_receive entering
33868: write(2, " d e b u g 3 : m m _ r".., 37) = 37
33871: fstat(0, 0x000000011FFFB0F8) = 0
33871: fstat(1, 0x000000011FFFB0F8) = 0
33871: fstat(2, 0x000000011FFFB0F8) = 0
33871: open("/etc/passwd.pag", O_RDONLY, 00) Err#2 No such
file or
directory
33871: open("/etc/passwd", O_RDONLY, 0666) = 7
33871: fstat(7, 0x000000011FFFB010) = 0
33871: ioctl(7, 0x2000745E, 0x00000000) Err#25 Not a typewriter
33871: read(7, " r o o t : 5 1 A B 3 Y B".., 8192) = 891
33871: lseek(7, 0xFFFFFFFF, SEEK_CUR) = 888
33871: close(7) = 0
33871: fstat(0, 0x000000011FFFB0F8) = 0
33871: fstat(1, 0x000000011FFFB0F8) = 0
33871: fstat(2, 0x000000011FFFB0F8) = 0
33871: chroot("/var/empty") = 0
33871: chdir("/") = 0
debug3: privsep user:group 15:22
33871: write(2, " d e b u g 3 : p r i v".., 34) = 34
33871: setgroups(1, 0x000000011FFFB340) = 0
33871: getuid() = 0 [ 0 ]
33871: getgid() = 1 [ 1 ]
debug1: permanently_set_uid: 15/22
33871: write(2, " d e b u g 1 : p e r m".., 36) = 36
33871: setregid(22, 22) = 0
33871: setreuid(15, 15) = 0
33871: setgid(1) = 0
permanently_set_uid: was able to restore old [e]gid
33871: write(2, " p e r m a n e n t l y _".., 53) = 53
debug1: Calling cleanup 0x12006ff40(0x0)
33871: write(2, " d e b u g 1 : C a l l".., 42) = 42
33871: shutdown(4, SHUT_RDWR) = 0
33871: close(4) = 0
Could the output of sshd and ssh be enhanced so that it tells which EGD is it
using?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-17 18:42 UTC
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
http://bugzilla.mindrot.org/show_bug.cgi?id=653
mmokrejs at natur.cuni.cz changed:
What |Removed |Added
----------------------------------------------------------------------------
OS/Version|other |OSF/1
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-17 18:50 UTC
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
http://bugzilla.mindrot.org/show_bug.cgi?id=653 ------- Additional Comments From mmokrejs at natur.cuni.cz 2003-09-18 04:50 ------- OK, I stole the idea from http://bugzilla.mindrot.org/show_bug.cgi?id=659 Edit openssh-3.7.1p1/config.h to have as follows: /* Define if your platform breaks doing a seteuid before a setuid */ #define SETEUID_BREAKS_SETUID /* Define if your setreuid() is broken */ #define BROKEN_SETREUID /* Define if your setregid() is broken */ #define BROKEN_SETREGID That fixes our problem. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-18 13:34 UTC
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
http://bugzilla.mindrot.org/show_bug.cgi?id=653 ------- Additional Comments From Ole.H.Nielsen at fysik.dtu.dk 2003-09-18 23:34 ------- I have tried Martin Mokrejs' workaround: Edit openssh-3.7.1p1/config.h to have as follows: /* Define if your platform breaks doing a seteuid before a setuid */ #define SETEUID_BREAKS_SETUID /* Define if your setreuid() is broken */ #define BROKEN_SETREUID /* Define if your setregid() is broken */ #define BROKEN_SETREGID This solves the problem on our systems as well (Tru64 UNIX 5.1A and 4.0F) ! One mustn't edit acconfig.h and then run configure; it's required to edit config.h as above *after* the configure step. To the developers: The final bugfix seemingly needs to define the 3 above lines for the OSF/1 operating system (Tru64 UNIX). I wonder why this wasn't necessary prior to version 3.7 ? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-19 11:43 UTC
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
http://bugzilla.mindrot.org/show_bug.cgi?id=653 ------- Additional Comments From dtucker at zip.com.au 2003-09-19 21:43 ------- Created an attachment (id=436) --> (http://bugzilla.mindrot.org/attachment.cgi?id=436&action=view) Add defines to configure for Digital Unix Please try the attached patch. You will need to run "autoconf" to rebuild configure. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-22 01:28 UTC
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
http://bugzilla.mindrot.org/show_bug.cgi?id=653
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From dtucker at zip.com.au 2003-09-22 11:28 -------
Thanks for the report, this has been fixed (in HEAD and the 3.7 branch). Please
test tomorrow's snapshot.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-25 13:52 UTC
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
http://bugzilla.mindrot.org/show_bug.cgi?id=653 ------- Additional Comments From Ole.H.Nielsen at fysik.dtu.dk 2003-09-25 23:52 ------- I downloaded OpenSSH 3.7.1p2 and installed it on Tru64 UNIX v4.0F. I can confirm that this bug is fixed now. Another bug exists (will be reported separately): When sshd should be started from /etc/inittab, no sshd process is running upon a reboot. If I start sshd from the command-line it's OK. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.