Chris Newbill
2001-Jan-10 17:11 UTC
SSH2/1 Failure when using bash shell, other shells work
Got a strange problem here. We have OpenSSH 2.3.0p1 running on a variety of machines and on one particular Redhat 6.2 machine(all patches applied) we run into a situation where it will not allow us to start a shell when using bash or bash2. csh and others work fine. One note...if I enable PermitRootLogin, the user root IS allowed to login with bash. This is very strange. I'm guessing it must be some kind of permissions problem, but I have checked everything I can think of: sshd configs, pam configs, permissions on user data, permissions on ssh pieces, etc. Here is the debug report for SSH Protocol 2. (generated using sshd -ddd) When using /bin/bash (GNU bash, version 1.14.7(1)) as a shell When using csh it works fine and allows us to login. debug1: Seeding random number generator debug1: read DSA private key done debug1: Seeding random number generator debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. debug1: Seeding random number generator debug1: Seeding random number generator RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 206.58.180.12 port 3754 debug1: Client protocol version 2.0; client software version PuTTY debug1: no match: PuTTY Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_2.3.0p1 debug1: send KEXINIT debug1: done debug1: wait KEXINIT debug1: got kexinit: diffie-hellman-group1-sha1 debug1: got kexinit: ssh-dss debug1: got kexinit: blowfish-cbc,blowfish-cbc,3des-cbc debug1: got kexinit: blowfish-cbc,blowfish-cbc,3des-cbc debug1: got kexinit: hmac-sha1,hmac-md5,none debug1: got kexinit: hmac-sha1,hmac-md5,none debug1: got kexinit: none debug1: got kexinit: none debug1: got kexinit: debug1: got kexinit: debug1: first kex follow: 0 debug1: reserved: 0 debug1: done debug1: kex: client->server blowfish-cbc hmac-sha1 none debug1: kex: server->client blowfish-cbc hmac-sha1 none debug1: Wait SSH2_MSG_KEXDH_INIT. debug1: bits set: 492/1024 debug1: bits set: 522/1024 debug1: sig size 20 20 debug1: send SSH2_MSG_NEWKEYS. debug1: done: send SSH2_MSG_NEWKEYS. debug1: Wait SSH2_MSG_NEWKEYS. debug1: GOT SSH2_MSG_NEWKEYS. debug1: done: KEX2. debug1: userauth-request for user cnewbill service ssh-connection method password debug1: attempt #1 debug2: input_userauth_request: setting up authctxt for cnewbill debug1: Starting up PAM with username "cnewbill" debug2: input_userauth_request: try method password debug1: PAM Password authentication accepted for user "cnewbill" debug1: PAM setting rhost to "cnewbill.onewest.net" Accepted password for cnewbill from 206.58.180.12 port 3754 ssh2 debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 100 win 32768 max 16384 debug1: open session debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: confirm session debug2: callback start debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 channel 0 request pty-req reply 1 debug1: session_pty_req: session 0 alloc /dev/pts/4 debug2: callback done debug2: callback start debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 channel 0 request shell reply 1 debug1: PAM setting tty to "/dev/pts/4" debug1: PAM establishing creds debug1: fd 7 setting O_NONBLOCK debug1: fd 3 IS O_NONBLOCK debug2: callback done debug1: Setting controlling tty using TIOCSCTTY. debug2: channel 0: rcvd adjust 315 ???debug1: Received SIGCHLD.??? debug1: session_by_pid: pid 4903 debug1: session_exit_message: session 0 channel 0 pid 4903 debug1: session_exit_message: release channel 0 debug1: channel 0: write failed debug1: channel 0: output open -> closed debug1: channel 0: close_write debug1: channel 0: read failed debug1: channel 0: input open -> drain debug1: channel 0: close_read debug1: channel 0: input: no drain shortcut debug1: channel 0: ibuf empty debug1: channel 0: input drain -> closed debug1: channel 0: send eof debug1: session_pty_cleanup: session 0 release /dev/pts/4 debug1: session_free: session 0 pid 4903 debug1: channel 0: send close debug2: channel 0: rcvd adjust 7 debug1: channel 0: rcvd close ***fatal: buffer_get: trying to get more bytes than in buffer*** debug1: Calling cleanup 0x805b6f0(0x0) debug1: Calling cleanup 0x8050980(0x0) debug1: Calling cleanup 0x8061750(0x0) Now for SSH Protocol 1 attempt debug1: sshd version OpenSSH_2.3.0p1 debug1: Seeding random number generator debug1: read DSA private key done debug1: Seeding random number generator debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. debug1: Seeding random number generator debug1: Seeding random number generator RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 206.58.180.12 port 3791 debug1: Client protocol version 1.5; client software version PuTTY debug1: no match: PuTTY debug1: Local version string SSH-1.99-OpenSSH_2.3.0p1 debug1: Sent 768 bit public key and 1024 bit host key. debug1: Encryption type: 3des debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: Starting up PAM with username "cnewbill" debug1: Attempting authentication for cnewbill. Accepted password for cnewbill from 206.58.180.12 port 3791 debug1: PAM setting rhost to "cnewbill.onewest.net" debug1: session_new: init debug1: session_new: session 0 debug1: Allocating pty. debug1: PAM setting tty to "/dev/pts/4" debug1: PAM establishing creds debug1: Entering interactive session. debug1: fd 3 setting O_NONBLOCK debug1: fd 7 IS O_NONBLOCK debug1: server_init_dispatch_13 debug1: server_init_dispatch_15 debug1: Setting controlling tty using TIOCSCTTY. debug1: tvp!=NULL kid 0 mili 10 debug1: tvp!=NULL kid 0 mili 10 debug1: tvp!=NULL kid 0 mili 10 debug1: Received SIGCHLD. debug1: tvp!=NULL kid 1 mili 100 debug1: End of interactive session; stdin 0, stdout (read 323, sent 323), stderr 0 bytes. debug1: Command exited with status 0. debug1: Received exit confirmation. debug1: session_pty_cleanup: session 0 release /dev/pts/4 Closing connection to 206.58.180.12 Thanks, Chris Newbill Programmer/Analyst OneWest.net Inc., 406-449-8056 ------------------------------------------------------------ Ever notice how it's a penny for your thoughts, yet you put in your two-cents? Someone is making a penny on the deal. -----Steven Wright ------------------------------------------------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010110/50c06f78/attachment.html
Chris Newbill
2001-Jan-10 18:10 UTC
SSH2/1 Failure when using bash shell, other shells work
Additional Info, rebuilt OpenSSL 0.9.6(have also tried 0.9.5a) and OpenSSH, no luck. Another strange note, if your default shell is set to /bin/sh (a symlink to /bin/bash) it lets you login!?? Thanks, Chris Newbill -----Original Message----- From: Chris Newbill [mailto:cnewbill at support.onewest.net] Sent: Wednesday, January 10, 2001 10:11 AM To: openssh-unix-dev at mindrot.org Subject: SSH2/1 Failure when using bash shell, other shells work Got a strange problem here. We have OpenSSH 2.3.0p1 running on a variety of machines and on one particular Redhat 6.2 machine(all patches applied) we run into a situation where it will not allow us to start a shell when using bash or bash2. csh and others work fine. One note...if I enable PermitRootLogin, the user root IS allowed to login with bash. This is very strange. I'm guessing it must be some kind of permissions problem, but I have checked everything I can think of: sshd configs, pam configs, permissions on user data, permissions on ssh pieces, etc. Here is the debug report for SSH Protocol 2. (generated using sshd -ddd) When using /bin/bash (GNU bash, version 1.14.7(1)) as a shell When using csh it works fine and allows us to login. debug1: Seeding random number generator debug1: read DSA private key done debug1: Seeding random number generator debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. debug1: Seeding random number generator debug1: Seeding random number generator RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 206.58.180.12 port 3754 debug1: Client protocol version 2.0; client software version PuTTY debug1: no match: PuTTY Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_2.3.0p1 debug1: send KEXINIT debug1: done debug1: wait KEXINIT debug1: got kexinit: diffie-hellman-group1-sha1 debug1: got kexinit: ssh-dss debug1: got kexinit: blowfish-cbc,blowfish-cbc,3des-cbc debug1: got kexinit: blowfish-cbc,blowfish-cbc,3des-cbc debug1: got kexinit: hmac-sha1,hmac-md5,none debug1: got kexinit: hmac-sha1,hmac-md5,none debug1: got kexinit: none debug1: got kexinit: none debug1: got kexinit: debug1: got kexinit: debug1: first kex follow: 0 debug1: reserved: 0 debug1: done debug1: kex: client->server blowfish-cbc hmac-sha1 none debug1: kex: server->client blowfish-cbc hmac-sha1 none debug1: Wait SSH2_MSG_KEXDH_INIT. debug1: bits set: 492/1024 debug1: bits set: 522/1024 debug1: sig size 20 20 debug1: send SSH2_MSG_NEWKEYS. debug1: done: send SSH2_MSG_NEWKEYS. debug1: Wait SSH2_MSG_NEWKEYS. debug1: GOT SSH2_MSG_NEWKEYS. debug1: done: KEX2. debug1: userauth-request for user cnewbill service ssh-connection method password debug1: attempt #1 debug2: input_userauth_request: setting up authctxt for cnewbill debug1: Starting up PAM with username "cnewbill" debug2: input_userauth_request: try method password debug1: PAM Password authentication accepted for user "cnewbill" debug1: PAM setting rhost to "cnewbill.onewest.net" Accepted password for cnewbill from 206.58.180.12 port 3754 ssh2 debug1: Entering interactive session for SSH2. debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 100 win 32768 max 16384 debug1: open session debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: confirm session debug2: callback start debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 channel 0 request pty-req reply 1 debug1: session_pty_req: session 0 alloc /dev/pts/4 debug2: callback done debug2: callback start debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 channel 0 request shell reply 1 debug1: PAM setting tty to "/dev/pts/4" debug1: PAM establishing creds debug1: fd 7 setting O_NONBLOCK debug1: fd 3 IS O_NONBLOCK debug2: callback done debug1: Setting controlling tty using TIOCSCTTY. debug2: channel 0: rcvd adjust 315 ???debug1: Received SIGCHLD.??? debug1: session_by_pid: pid 4903 debug1: session_exit_message: session 0 channel 0 pid 4903 debug1: session_exit_message: release channel 0 debug1: channel 0: write failed debug1: channel 0: output open -> closed debug1: channel 0: close_write debug1: channel 0: read failed debug1: channel 0: input open -> drain debug1: channel 0: close_read debug1: channel 0: input: no drain shortcut debug1: channel 0: ibuf empty debug1: channel 0: input drain -> closed debug1: channel 0: send eof debug1: session_pty_cleanup: session 0 release /dev/pts/4 debug1: session_free: session 0 pid 4903 debug1: channel 0: send close debug2: channel 0: rcvd adjust 7 debug1: channel 0: rcvd close ***fatal: buffer_get: trying to get more bytes than in buffer*** debug1: Calling cleanup 0x805b6f0(0x0) debug1: Calling cleanup 0x8050980(0x0) debug1: Calling cleanup 0x8061750(0x0) Now for SSH Protocol 1 attempt debug1: sshd version OpenSSH_2.3.0p1 debug1: Seeding random number generator debug1: read DSA private key done debug1: Seeding random number generator debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. debug1: Seeding random number generator debug1: Seeding random number generator RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 206.58.180.12 port 3791 debug1: Client protocol version 1.5; client software version PuTTY debug1: no match: PuTTY debug1: Local version string SSH-1.99-OpenSSH_2.3.0p1 debug1: Sent 768 bit public key and 1024 bit host key. debug1: Encryption type: 3des debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: Starting up PAM with username "cnewbill" debug1: Attempting authentication for cnewbill. Accepted password for cnewbill from 206.58.180.12 port 3791 debug1: PAM setting rhost to "cnewbill.onewest.net" debug1: session_new: init debug1: session_new: session 0 debug1: Allocating pty. debug1: PAM setting tty to "/dev/pts/4" debug1: PAM establishing creds debug1: Entering interactive session. debug1: fd 3 setting O_NONBLOCK debug1: fd 7 IS O_NONBLOCK debug1: server_init_dispatch_13 debug1: server_init_dispatch_15 debug1: Setting controlling tty using TIOCSCTTY. debug1: tvp!=NULL kid 0 mili 10 debug1: tvp!=NULL kid 0 mili 10 debug1: tvp!=NULL kid 0 mili 10 debug1: Received SIGCHLD. debug1: tvp!=NULL kid 1 mili 100 debug1: End of interactive session; stdin 0, stdout (read 323, sent 323), stderr 0 bytes. debug1: Command exited with status 0. debug1: Received exit confirmation. debug1: session_pty_cleanup: session 0 release /dev/pts/4 Closing connection to 206.58.180.12 Thanks, Chris Newbill Programmer/Analyst OneWest.net Inc., 406-449-8056 ------------------------------------------------------------ Ever notice how it's a penny for your thoughts, yet you put in your two-cents? Someone is making a penny on the deal. -----Steven Wright ------------------------------------------------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010110/2c4d5618/attachment.html