Hi, Chances are this is me stuffing something up, but in cases its not, this is my problem. I've just installed the latest port of OpenSSH on a few Redhat 6.2 machines. That is version 2.2.0p1. Everything compiles ok, and using the supplied init and pam files I got openssh working without to much difficulty. In fact it was easier than the commerical versions. I can use ssh to login to remote machines fine, and it all behaves as expected. However, when i try to use scp between the same hosts, i get the following error on the client side: -------------------- [pbates at shaman pbates] >scp ftp.csv pbates at quicksilver: Enter passphrase for DSA key '/home/pbates/.ssh/id_dsa': pbates at 128.1.3.92's password: select: Bad file descriptor lost connection -------------------- Why does this happen? Both the server and client are configured to only run the version 2 protocol, is this a problem? The only info i could find on the wider web / news groups only mentioned this briefly, and offered no solution. Everything seems to be authenticating properly, as i can ssh to between the same machines, and syslogd reflects a successful login via pam. The config I am running is default with the only change being to remove support for protocol 1, as we don't use it at our site. I also don't have any .rhosts / shosts files, nor hosts.equiv etc. I tried adding these and configuring openssh to look at them, but that made no difference. Included below are the debug dumps from the client, and the server, trying to transfer a single file, without rhosts type files. Thanks for your time, Peter CLIENT ------------------------------- Executing: host quicksilver, user pbates, command scp -v -t . SSH Version OpenSSH_2.2.0p1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /etc/ssh/ssh_config debug: Applying options for * debug: ssh_connect: getuid 500 geteuid 0 anon 0 debug: Connecting to 128.1.3.92 [128.1.3.92] port 22. debug: Seeding random number generator debug: Allocated local port 950. debug: Connection established. debug: Remote protocol version 2.0, remote software version OpenSSH_2.2.0p1 Enabling compatibility mode for protocol 2.0 debug: Local version string SSH-2.0-OpenSSH_2.2.0p1 debug: send KEXINIT debug: done debug: wait KEXINIT debug: got kexinit: diffie-hellman-group1-sha1 debug: got kexinit: ssh-dss debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com debug: got kexinit: zlib,none debug: got kexinit: zlib,none debug: got kexinit: debug: got kexinit: debug: first kex follow: 0 debug: reserved: 0 debug: done debug: kex: server->client 3des-cbc hmac-sha1 none debug: kex: client->server 3des-cbc hmac-sha1 none debug: Sending SSH2_MSG_KEXDH_INIT. debug: bits set: 494/1024 debug: Wait SSH2_MSG_KEXDH_REPLY. debug: Got SSH2_MSG_KEXDH_REPLY. debug: Host '128.1.3.92' is known and matches the DSA host key. debug: bits set: 505/1024 debug: len 55 datafellows 0 debug: dsa_verify: signature correct debug: Wait SSH2_MSG_NEWKEYS. debug: GOT SSH2_MSG_NEWKEYS. debug: send SSH2_MSG_NEWKEYS. debug: done: send SSH2_MSG_NEWKEYS. debug: done: KEX2. debug: send SSH2_MSG_SERVICE_REQUEST debug: service_accept: ssh-userauth debug: got SSH2_MSG_SERVICE_ACCEPT debug: authentications that can continue: publickey,password debug: try pubkey: /home/pbates/.ssh/id_dsa debug: PEM_read_bio_DSAPrivateKey failed debug: read DSA private key done debug: read DSA private key done debug: sig size 20 20 debug: authentications that can continue: publickey,password debug: ssh-userauth2 successfull debug: fd 4 setting O_NONBLOCK debug: fd 5 setting O_NONBLOCK debug: fd 6 setting O_NONBLOCK debug: channel 0: new [client-session] debug: send channel open 0 debug: Entering interactive session. debug: callback start debug: client_init id 0 arg 0 debug: Sending command: scp -v -t . debug: client_set_session_ident: id 0 debug: callback done debug: channel 0: open confirm rwindow 0 rmax 32768 debug: channel 0: rcvd adjust 16384 debug: channel 0: rcvd ext data 44 debug: channel 0: rcvd ext data 137 debug: channel 0: rcvd ext data 29 debug: callback start debug: client_input_channel_req: rtype exit-status reply 0 debug: callback done debug: channel 0: rcvd eof debug: channel 0: output open -> drain debug: channel 0: rcvd close debug: channel 0: input open -> closed debug: channel 0: close_read debug: channel 0: obuf empty debug: channel 0: output drain -> closed debug: channel 0: close_write debug: channel 0: send close debug: channel 0: full closed2 debug: channel_free: channel 0: status: The following connections are open: #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1) select: Bad file descriptor debug: Transferred: stdin 0, stdout 0, stderr 29 bytes in 0.0 seconds debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 1989.4 debug: Exit status 127 lost connection -------------- SERVER --------------------------- debug: sshd version OpenSSH_2.2.0p1 debug: read DSA private key done debug: Seeding random number generator debug: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug: Server will not fork when running in debugging mode. Connection from 128.1.16.62 port 950 debug: Client protocol version 2.0; client software version OpenSSH_2.2.0p1 Enabling compatibility mode for protocol 2.0 debug: Local version string SSH-2.0-OpenSSH_2.2.0p1 debug: send KEXINIT debug: done debug: wait KEXINIT debug: got kexinit: diffie-hellman-group1-sha1 debug: got kexinit: ssh-dss debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc debug: got kexinit: 3des-cbc,blowfish-cbc,arcfour,cast128-cbc debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com debug: got kexinit: none debug: got kexinit: none debug: got kexinit: debug: got kexinit: debug: first kex follow: 0 debug: reserved: 0 debug: done debug: kex: client->server 3des-cbc hmac-sha1 none debug: kex: server->client 3des-cbc hmac-sha1 none debug: Wait SSH2_MSG_KEXDH_INIT. debug: bits set: 505/1024 debug: bits set: 494/1024 debug: sig size 20 20 debug: send SSH2_MSG_NEWKEYS. debug: done: send SSH2_MSG_NEWKEYS. debug: Wait SSH2_MSG_NEWKEYS. debug: GOT SSH2_MSG_NEWKEYS. debug: done: KEX2. debug: userauth-request for user pbates service ssh-connection method none debug: Starting up PAM with username "pbates" Failed none for pbates from 128.1.16.62 port 950 ssh2 debug: userauth-request for user pbates service ssh-connection method publickey DSA authentication refused for pbates: bad ownership or modes for '/home/pbates/.ssh/authorized_keys2'. Failed publickey for pbates from 128.1.16.62 port 950 ssh2 debug: userauth-request for user pbates service ssh-connection method password debug: PAM Password authentication accepted for user "pbates" Could not reverse map address 128.1.16.62. debug: PAM setting rhost to "128.1.16.62" Accepted password for pbates from 128.1.16.62 port 950 ssh2 debug: Entering interactive session for SSH2. debug: server_init_dispatch_20 debug: channel_input_open: ctype session rchan 0 win 65536 max 32768 debug: open session debug: channel 0: new [server-session] debug: session_new: init debug: session_new: session 0 debug: session_open: channel 0 debug: session_open: session 0: link with channel 0 debug: confirm session debug: callback start debug: session_by_channel: session 0 channel 0 debug: session_input_channel_req: session 0 channel 0 request exec reply 0 debug: PAM establishing creds debug: fd 7 setting O_NONBLOCK debug: fd 9 setting O_NONBLOCK debug: callback done debug: channel 0: read 44 from efd 9 debug: channel 0: read 137 from efd 9 debug: channel 0: read 29 from efd 9 debug: Received SIGCHLD. debug: session_by_pid: pid 7647 debug: session_exit_message: session 0 channel 0 pid 7647 debug: session_exit_message: release channel 0 debug: channel 0: write failed debug: channel 0: output open -> closed debug: channel 0: close_write debug: session_free: session 0 pid 7647 debug: channel 0: read<=0 rfd 7 len 0 debug: channel 0: read failed debug: channel 0: input open -> drain debug: channel 0: close_read debug: channel 0: input: no drain shortcut debug: channel 0: ibuf empty debug: channel 0: input drain -> closed debug: channel 0: send eof debug: channel 0: read 0 from efd 9 debug: channel 0: closing efd 9 debug: channel 0: send close Connection closed by remote host. debug: Calling cleanup 0x805826c(0x0) debug: Calling cleanup 0x804e78c(0x0) debug: Calling cleanup 0x805d704(0x0) Peter Bates Unix Systems Administrator Department of Information Technology and Management pbates at lto.nsw.gov.au
After a nights sleep to think about it some more, I've conducted the following extra tests with OpenSSH. I have a test OpenBSD 2.7 machine that I recently built. The only change from defaults I made was to uncomment the config lines in the server and client files to allow protocols 2 and 1. After transferring my keys I was able to use ssh to login between the openssh and redhat boxes. This worked in both directions. When trying scp, I could not connect from OpenBSD to redhat, but scp from the redhat machine to OpenBSD works!! To check the sanity of my configs I then copied the OpenBSD config files to redhat and used those, but this made no difference. Summary as follows SSH: Redhat -> OpenBSD : yes OpenBSD -> Redhat : yes Redhat -> Redhat : yes SCP: Redhat -> OpenBSD : yes OpenBSD -> Redhat : no Redhat -> Redhat : no This seems to point to a problem in my build of the server side of the openssh port in Linux. The build machines are stock redhat 6.2 with most of the errata updates applied. No fatal errors, or any noticeable warnings occurred during the building on openssl or openssh. Peter Bates Unix Systems Administrator Department of Information Technology and Management pbates at lto.nsw.gov.au
I've kind of fixed the problem. I removed the installed files from the src build i did, and installed the rpm versions of openssl and openssh. Scp now works between all machines. This is with exactly the same config and before. The src build didn't seem to fail, and indeed everything but the scp functions worked fine. So if anybody knows what I have to do to manually build the packages I would be greatfull. Thanks Peter Bates Unix Systems Administrator Department of Information Technology and Management pbates at lto.nsw.gov.au
LI Ying Jin -NUCLEAR
2000-Sep-19 14:08 UTC
OpenSSH 2.2.0p1 + Redhat 6.2 - Problem with scp
Peter, I have quoted the following paragraph from FAQ of OpenSSH at website http://www.openssh.com <http://www.openssh.com> . scp must be in the default PATH on both the client and the server. You may need to use the --with-default-path option to specify a custom path to search on the server. This option replaces the default path, so you need to specify all the current directories on your path as well as where you have installed scp. For example: ./configure --with-default-path=/bin:/usr/bin:/usr/local/bin:/path/to/scp I hope that this will help. Michael Li Nuclear Analysis Department, Ontario Power Generation Inc. 700 University Avenue, Toronto, Ontario M5G 1X6, CANADA ---------- From: Peter Bates [SMTP:pbates at lto.nsw.gov.au] Sent: Monday, September 18, 2000 9:26 PM To: Openssh-Unix-Dev (E-mail) Subject: Re: OpenSSH 2.2.0p1 + Redhat 6.2 - Problem with scp After a nights sleep to think about it some more, I've conducted the following extra tests with OpenSSH. I have a test OpenBSD 2.7 machine that I recently built. The only change from defaults I made was to uncomment the config lines in the server and client files to allow protocols 2 and 1. After transferring my keys I was able to use ssh to login between the openssh and redhat boxes. This worked in both directions. When trying scp, I could not connect from OpenBSD to redhat, but scp from the redhat machine to OpenBSD works!! To check the sanity of my configs I then copied the OpenBSD config files to redhat and used those, but this made no difference. Summary as follows SSH: Redhat -> OpenBSD : yes OpenBSD -> Redhat : yes Redhat -> Redhat : yes SCP: Redhat -> OpenBSD : yes OpenBSD -> Redhat : no Redhat -> Redhat : no This seems to point to a problem in my build of the server side of the openssh port in Linux. The build machines are stock redhat 6.2 with most of the errata updates applied. No fatal errors, or any noticeable warnings occurred during the building on openssl or openssh. Peter Bates Unix Systems Administrator Department of Information Technology and Management pbates at lto.nsw.gov.au