mouring at etoh.eviladmin.org wrote:
> Known issues:
>
>
> 7) Solaris '$PATH' issue -- ?? (Unfixable before 2.5.0?) [I'm
getting
> more reports of this. I'll present them when they get their facts
> together]
Attached is a memo that contains the debug output
when the problem is reproduced locally on our office machines.
I think the afffected systems are at least solaris 7 and solaris 8 from
what I gather from the post. The log below
is generated when I tried the command against sshd
2.3.0p1 on a solaris 7 for x86 host.
(without "-2", the command works.)
"ssh -2 host 'echo $PATH' doesn't work against sshd on solaris7
for x86"
***
*** server is solaris 7 for x86. We used sun cc compiler.
*** for the server compilation.
***
*** I think the key factors are solaris 7 and 8 from what
*** I gathered by reading the posts.
(The following log is a little complicated since
the ssh connection is passed by a tcp-level gateway to
a final sshd server on a remote host.
But I have observed the same problem WITHOUT
such proxy before.)
First example.
***
*** ssh -2 -v -v -v targethost 'echo $PATH' doesn't work.
***
*** server is solaris 7 for x86. We used sun cc compiler.
*** for the server compilation.
***
***
ssh is invoked from a solaris 2.5.1 host.
ishikawa at u45$ conn-www.sh -2 -v -v -v 'echo $PATH'
#
# host sun11
# -p 999 gateway to www-reserved.
#
echo "Timeout is 2 mins."
++ echo 'Timeout is 2 mins.'
Timeout is 2 mins.
ssh sun11.example.co.jp -p 999 -C -l gnu $*
++ ssh sun11.example.co.jp -p 999 -C -l gnu -2 -v -v -v echo '$PATH'
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /usr/local/etc/ssh_config
debug: ssh_connect: getuid 12 geteuid 0 anon 0
debug: Connecting to sun11.example.co.jp [192.168.1.11] port 999.
debug: Reading output from 'ls -alni /var/log'
debug: Time elapsed: 27 msec
debug: Got 1.61 bytes of entropy from 'ls -alni /var/log'
debug: Reading output from 'ls -alni /var/adm'
debug: Time elapsed: 29 msec
...
... lines from entropy gathering daemon.
...
debug: Reading output from 'tail -200 /var/log/syslog'
debug: Time elapsed: 7 msec
debug: Got 0.00 bytes of entropy from 'tail -200 /var/log/syslog'
debug: Reading output from 'tail -200 /var/adm/messages'
debug: Time elapsed: 39 msec
debug: Got 0.46 bytes of entropy from 'tail -200 /var/adm/messages'
debug: Seeded RNG with 40 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Allocated local port 663.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1
debug: no match: OpenSSH_2.3.0p1
Enabling compatibility mode for protocol 2.0
debug: Local version string SSH-2.0-OpenSSH_2.3.0p1
debug: send KEXINIT
debug: done
debug: wait KEXINIT
debug: got kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug: got kexinit: ssh-dss
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
debug: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc
at lysator.liu.se
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
debug: got kexinit: none,zlib
debug: got kexinit: none,zlib
debug: got kexinit:
debug: got kexinit:
debug: first kex follow: 0
debug: reserved: 0
debug: done
debug: kex: server->client 3des-cbc hmac-sha1 zlib
debug: kex: client->server 3des-cbc hmac-sha1 zlib
debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug: bits set: 515/1024
debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug: Got SSH2_MSG_KEXDH_REPLY.
debug: Host 'sun11.example.co.jp' is known and matches the DSA host key.
debug: bits set: 498/1024
debug: len 55 datafellows 0
debug: dsa_verify: signature correct
debug: Wait SSH2_MSG_NEWKEYS.
debug: Enabling compression at level 6.
debug: GOT SSH2_MSG_NEWKEYS.
debug: send SSH2_MSG_NEWKEYS.
debug: done: send SSH2_MSG_NEWKEYS.
debug: done: KEX2.
debug: send SSH2_MSG_SERVICE_REQUEST
debug: service_accept: ssh-userauth
debug: got SSH2_MSG_SERVICE_ACCEPT
debug: authentications that can continue: publickey,password
debug: start over, passed a different list
debug: authmethod_lookup publickey
debug: authmethod_is_enabled publickey
debug: next auth method to try is publickey
debug: key does not exist: /usr2/ishikawa/.ssh/id_dsa
debug: we did not send a packet, disable method
debug: authmethod_lookup publickey
debug: authmethod_lookup password
debug: authmethod_is_enabled password
debug: next auth method to try is password
gnu at sun11.example.co.jp's password:
debug: we sent a password packet, wait for reply
debug: ssh-userauth2 successfull: method password
debug: channel 0: new [client-session]
debug: send channel open 0
debug: Entering interactive session. <=== But no echo $PATH
debug: callback start output follows...
debug: client_init id 0 arg 0
debug: Sending command: echo $PATH
debug: client_set_session_ident: id 0
debug: callback done
debug: channel 0: open confirm rwindow 0 rmax 16384
debug: channel 0: rcvd adjust 32768
debug: callback start
debug: client_input_channel_req: rtype exit-status reply 0
debug: callback done
debug: channel 0: rcvd eof
debug: channel 0: output open -> drain
debug: channel 0: rcvd close
debug: channel 0: input open -> closed
debug: channel 0: close_read
debug: channel 0: obuf empty
debug: channel 0: output drain -> closed
debug: channel 0: close_write
debug: channel 0: send close
debug: channel 0: full closed2
debug: channel_free: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)
debug: !channel_still_open.
debug: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds
debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug: Exit status 0
debug: compress outgoing: raw data 157, compressed 122, factor 0.78
debug: compress incoming: raw data 103, compressed 95, factor 0.92
debug: writing PRNG seed to file /usr2/ishikawa/.ssh/prng_seed
I repeated the above one more time before attempting
the fallback (no -2) connection.
*************************
*** No -2
***
*** ssh -v -v -v targethost 'echo $PATH' DOES WORK.
***
*** server is solaris 7 for x86. We used sun cc compiler.
*** for the server compilation.
***
***
*************************
ishikawa at u45$ conn-www.sh -v -v -v 'echo $PATH'
#
# host sun11
# -p 999 gateway to www-reserved.
#
echo "Timeout is 2 mins."
++ echo 'Timeout is 2 mins.'
Timeout is 2 mins.
ssh sun11.example.co.jp -p 999 -C -l gnu $*
++ ssh sun11.example.co.jp -p 999 -C -l gnu -v -v -v echo '$PATH'
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /usr/local/etc/ssh_config
debug: Reading output from 'ls -alni /var/log'
debug: Time elapsed: 59 msec
debug: Got 1.61 bytes of entropy from 'ls -alni /var/log'
...
...
...
debug: Got 0.00 bytes of entropy from 'tail -200 /var/log/syslog'
debug: Reading output from 'tail -200 /var/adm/messages'
debug: Time elapsed: 28 msec
debug: Got 0.46 bytes of entropy from 'tail -200 /var/adm/messages'
debug: Seeded RNG with 35 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Allocated local port 670.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1
debug: no match: OpenSSH_2.3.0p1
debug: Local version string SSH-1.5-OpenSSH_2.3.0p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'sun11.example.co.jp' is known and matches the RSA host key.
Warning: the RSA host key for 'sun11.example.co.jp' differs
***from the key for the IP address '192.168.1.11'
debug: Reading output from 'ls -alni /var/log'
debug: Time elapsed: 27 msec
debug: Got 1.61 bytes of entropy from 'ls -alni /var/log'
...
...
...
debug: Got 0.00 bytes of entropy from 'tail -200 /var/log/syslog'
debug: Reading output from 'tail -200 /var/adm/messages'
debug: Time elapsed: 28 msec
debug: Got 0.46 bytes of entropy from 'tail -200 /var/adm/messages'
debug: Seeded RNG with 35 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Doing password authentication.
gnu at sun11.example.co.jp's password:
debug: Requesting compression at level 6.
debug: Enabling compression at level 6.
debug: Sending command: echo $PATH
debug: Entering interactive session.
/usr/sbin:/usr/bin:/usr/local/bin <=== echo $PATH output!
debug: Transferred: stdin 0, stdout 34, stderr 0 bytes in 0.2 seconds
debug: Bytes per second: stdin 0.0, stdout 174.0, stderr 0.0
debug: Exit status 0
debug: compress outgoing: raw data 16, compressed 23, factor 1.44
debug: compress incoming: raw data 44, compressed 37, factor 0.84
debug: writing PRNG seed to file /usr2/ishikawa/.ssh/prng_seed
On the server side.
The log recoreded showed two "-2" connection attempts and
then "NO -2" connection.
Feb 17 19:37:07 www-reserved sshd[27487]: info(NOTICE): Accepted password for
gnu from 192.168.2.10 port 58108 ssh2
Feb 17 19:37:07 www-reserved sshd[27487]: info(NOTICE): Accepted password for
gnu from 192.168.2.10 port 58108 ssh2
Feb 17 19:37:08 www-reserved sshd[27487]: verbose(INFO): Connection closed by
remote host.
Feb 17 19:38:18 www-reserved sshd[27497]: verbose(INFO): Connection from
192.168.2.10 port 58111
Feb 17 19:38:18 www-reserved sshd[27497]: verbose(INFO): Enabling
compatibility mode for protocol 2.0
Feb 17 19:38:18 www-reserved sshd[27497]: info(NOTICE): WARNING:
/usr/local/etc/primes does not exist, using old prime
Feb 17 19:38:18 www-reserved sshd[27497]: info(NOTICE): WARNING:
/usr/local/etc/primes does not exist, using old prime
Feb 17 19:38:21 www-reserved sshd[27497]: verbose(INFO): Failed none for gnu
from 192.168.2.10 port 58111 ssh2
Feb 17 19:38:31 www-reserved sshd[27497]: info(NOTICE): Accepted password for
gnu from 192.168.2.10 port 58111 ssh2
Feb 17 19:38:31 www-reserved sshd[27497]: info(NOTICE): Accepted password for
gnu from 192.168.2.10 port 58111 ssh2
Feb 17 19:38:31 www-reserved sshd[27497]: verbose(INFO): Connection closed by
remote host.
Feb 17 19:38:54 www-reserved sshd[27499]: verbose(INFO): Connection from
192.168.2.10 port 58112
Feb 17 19:38:54 www-reserved sshd[27499]: verbose(INFO): Enabling
compatibility mode for protocol 2.0
Feb 17 19:38:54 www-reserved sshd[27499]: info(NOTICE): WARNING:
/usr/local/etc/primes does not exist, using old prime
Feb 17 19:38:54 www-reserved sshd[27499]: info(NOTICE): WARNING:
/usr/local/etc/primes does not exist, using old prime
Feb 17 19:38:57 www-reserved sshd[27499]: verbose(INFO): Failed none for gnu
from 192.168.2.10 port 58112 ssh2
Feb 17 19:39:00 www-reserved sshd[27499]: info(NOTICE): Accepted password for
gnu from 192.168.2.10 port 58112 ssh2
Feb 17 19:39:00 www-reserved sshd[27499]: info(NOTICE): Accepted password for
gnu from 192.168.2.10 port 58112 ssh2
Feb 17 19:39:00 www-reserved sshd[27499]: verbose(INFO): Connection closed by
remote host.
Above are "-2" connections.
Below is the "No -2" connection.
Feb 17 19:39:13 www-reserved sshd[27519]: verbose(INFO): Connection from
192.168.2.10 port 58113
Feb 17 19:39:18 www-reserved sshd[27519]: info(NOTICE): Accepted password for
gnu from 192.168.2.10 port 58113
Feb 17 19:39:18 www-reserved sshd[27519]: info(NOTICE): Accepted password for
gnu from 192.168.2.10 port 58113
Feb 17 19:39:18 www-reserved sshd[27519]: verbose(INFO): Closing connection
to 192.168.2.10
Happy Hacking,
Chiaki