Using openssh-SNAP-20001016 all of our problems with hanging connections have gone away (woohoo!), and it seems to be working flawlessly, but I am seeing messages like this in syslog: Oct 24 16:57:48 dhumb301 sshd[17752]: error: channel 0: internal error: we do not read, but chan_read_failed for istate 8 Oct 24 16:57:59 dhumb301 sshd[17771]: error: select: Bad file descriptor Oct 24 16:58:30 dhumb301 sshd[17876]: error: channel 0: internal error: we do not read, but chan_read_failed for istate 8 This is FreeBSD 3.4... Any ideas? Also, FYI, I had a problem connecting from the latest SNAP to 2.2.0p1 using DSA keys; on most machines (18 of 20) it wouldn't use key verification. Debug printed out: debug: len 55 datafellows 0 debug: dsa_verify: signature incorrect while the working machines would print: debug: len 55 datafellows 0 debug: dsa_verify: signature correct Upgrading both ends to the latest SNAP solved the problem with no key changes on either end. -Rob
On Tue, 24 Oct 2000, Rob Hagopian wrote:> Using openssh-SNAP-20001016 all of our problems with hanging connections > have gone away (woohoo!), and it seems to be working flawlessly, but I am > seeing messages like this in syslog: > > Oct 24 16:57:48 dhumb301 sshd[17752]: error: channel 0: internal error: we > do not read, but chan_read_failed for istate 8 > Oct 24 16:57:59 dhumb301 sshd[17771]: error: select: Bad file descriptor > Oct 24 16:58:30 dhumb301 sshd[17876]: error: channel 0: internal error: we > do not read, but chan_read_failed for istate 8 > > This is FreeBSD 3.4... Any ideas?I'm getting the similar messages on my Red Hat Linux 6.2 w/ the same snapshot: Oct 24 17:02:36 otso sshd[31975]: error: channel 0: internal error: we do not read, but chan_read_failed for istate 8 And also: Oct 24 16:18:28 otso sshd[31644]: WARNING: /etc/ssh/primes does not exist, using old prime -- Pekka Savola "Tell me of difficulties surmounted, Pekka.Savola at netcore.fi not those you stumble over and fall"
On Tue, Oct 24, 2000 at 01:37:42PM -0400, Rob Hagopian wrote:> Using openssh-SNAP-20001016 all of our problems with hanging connections > have gone away (woohoo!), and it seems to be working flawlessly, but I am > seeing messages like this in syslog: > > Oct 24 16:57:48 dhumb301 sshd[17752]: error: channel 0: internal error: we > do not read, but chan_read_failed for istate 8 > Oct 24 16:57:59 dhumb301 sshd[17771]: error: select: Bad file descriptor > Oct 24 16:58:30 dhumb301 sshd[17876]: error: channel 0: internal error: we > do not read, but chan_read_failed for istate 8 > > This is FreeBSD 3.4... Any ideas?i need a full trace for this. please start 'sshd -d -p 1234' and connect with 'ssh -v -p 1234 host'.
Hi,
I finally found time today to start hacking SNAP-20001016 on AIX 4.3.3
today, and my findings are mixed.
configure works fine (finds zlib, openssl 0.9.5a) and is happy:
OpenSSH configured has been configured with the following options.
User binaries: /gnu/bin
User binaries: /gnu/bin
System binaries: /gnu/sbin
Configuration files: /etc
Askpass program: /gnu/libexec/ssh-askpass
Manual pages: /gnu/man/catX
PID file: /etc
Random number collection: EGD (/dtmp/egd.entropy)
Manpage format: cat
PAM support: no
KerberosIV support: no
AFS support: no
S/KEY support: no
TCP Wrappers support: no
MD5 password support: no
IP address in $DISPLAY hack: no
Use IPv4 by default hack: no
Translate v4 in v6 hack: no
Host: rs6000-ibm-aix4.3.3.0
Compiler: gcc
Compiler flags: -g -O2 -Wall -I. -I. -I/usr/local/include -I/gnu/include
Linker flags: -L/usr/local/lib -L/gnu/lib -L/gnu
Libraries: -lnsl -lz -lcrypto
Unfortunately, compilation then fails in auth2.c, because "user" is
not defined here:
userauth_reply(Authctxt *authctxt, int authenticated)
{
/* XXX todo: check if multiple auth methods are needed */
if (authenticated == 1) {
#ifdef WITH_AIXAUTHENTICATE
/* We don't have a pty yet, so just label the line as
"ssh" */
if (loginsuccess(user, get_canonical_hostname(),
"ssh",
&aixloginmsg) < 0)
aixloginmsg = NULL;
#endif /* WITH_AIXAUTHENTICATE */
looking what "user" should be here, I find worse things in the other
place related to AIXAUTHENTICATE:
input_userauth_request(int type, int plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
Authmethod *m = NULL;
char *user, *service, *method;
int authenticated = 0;
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
if (authctxt->attempt++ >= AUTH_FAIL_MAX) {
#ifdef WITH_AIXAUTHENTICATE
loginfailed(user,get_canonical_hostname(),"ssh");
#endif /* WITH_AIXAUTHENTICATE */
packet_disconnect("too many failed
userauth_requests");
}
user = packet_get_string(NULL);
service = packet_get_string(NULL);
method = packet_get_string(NULL);
without really knowing what the "packet_get_string" function does, I
can
definitely say that the code is wrong here - loginfailed() expects the
current user name to update lastlog accordingly, and "user" is just
a dangling pointer :-(
So someone (who understands these functions) should really look into this.
I will, for the time being, try without WITH_AiXAUTHENTICATE, and then
report again...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at
greenie.muc.de
fax: +49-89-35655025 gert.doering at
physik.tu-muenchen.de