bugzilla-daemon at mindrot.org
2002-Jun-25 15:20 UTC
[Bug 296] Priv separation does not work on OSF/1
http://bugzilla.mindrot.org/show_bug.cgi?id=296 ------- Additional Comments From bugzilla-openssh at thewrittenword.com 2002-06-26 01:20 ------- Are you sure? I have 3.3p1 running on 4.0D and 5.1 and I can connect as non-root. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Jun-25 15:21 UTC
[Bug 296] Priv separation does not work on OSF/1
http://bugzilla.mindrot.org/show_bug.cgi?id=296 ------- Additional Comments From cmadams at hiwaay.net 2002-06-26 01:21 ------- Are you using Enhanced Security? I think that privsep should work in Base Security (but I don't have a box running Base to test). I am working on getting privsep working in Enhanced. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Jun-25 15:26 UTC
[Bug 296] Priv separation does not work on OSF/1
http://bugzilla.mindrot.org/show_bug.cgi?id=296 ------- Additional Comments From bugzilla-openssh at thewrittenword.com 2002-06-26 01:26 ------- I'm running with base security. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Jun-25 15:41 UTC
[Bug 296] Priv separation does not work on OSF/1
http://bugzilla.mindrot.org/show_bug.cgi?id=296 ------- Additional Comments From Al.Smith at gold.net 2002-06-26 01:41 ------- Yeah, I'm sure that UsePrivilegeSeparation yes is the spanner in the works. Attached is the output from ssh -d -d -d for your perusal. First case is with UsePrivilegeSeparation no, second is with yes. Same results occur with 4.0F, as described earlier. # ./sshd -d -d -d debug3: Seeding PRNG from /sys/inet/ssh/libexec/ssh-rand-helper debug1: sshd version OpenSSH_3.3 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /sys/inet/ssh/etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug3: Not a RSA1 key file /sys/inet/ssh/etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #2 type 1 RSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from 172.20.32.65 port 24513 debug1: Client protocol version 2.0; client software version OpenSSH_3.3 debug1: match: OpenSSH_3.3 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.3 debug1: list_hostkey_types: ssh-dss,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 124/256 debug1: bits set: 1013/2049 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1069/2049 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user ajs service ssh-connection method none debug1: attempt 0 failures 0 debug2: input_userauth_request: setting up authctxt for ajs debug2: input_userauth_request: try method none Failed none for ajs from 172.20.32.65 port 24513 ssh2 debug1: userauth-request for user ajs service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug1: temporarily_use_uid: 1000/1000 (e=0) debug1: trying public key file /u/ajs/.ssh/authorized_keys debug3: secure_filename: checking '/u/ajs/.ssh' debug3: secure_filename: checking '/u/ajs' debug3: secure_filename: terminating check at '/u/ajs' debug1: matching key found: file /u/ajs/.ssh/authorized_keys, line 2 Found matching RSA key: 50:e9:c4:a3:1d:21:6d:97:79:48:54:3d:9a:7e:43:29 debug1: restore_uid debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa Postponed publickey for ajs from 172.20.32.65 port 24513 ssh2 debug1: userauth-request for user ajs service ssh-connection method publickey debug1: attempt 2 failures 1 debug2: input_userauth_request: try method publickey debug1: temporarily_use_uid: 1000/1000 (e=0) debug1: trying public key file /u/ajs/.ssh/authorized_keys debug3: secure_filename: checking '/u/ajs/.ssh' debug3: secure_filename: checking '/u/ajs' debug3: secure_filename: terminating check at '/u/ajs' debug1: matching key found: file /u/ajs/.ssh/authorized_keys, line 2 Found matching RSA key: 50:e9:c4:a3:1d:21:6d:97:79:48:54:3d:9a:7e:43:29 debug1: restore_uid debug1: ssh_rsa_verify: signature correct debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa Accepted publickey for ajs from 172.20.32.65 port 24513 ssh2 debug1: Entering interactive session for SSH2. debug1: fd 3 setting O_NONBLOCK debug1: fd 8 setting O_NONBLOCK debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_pty_req: session 0 alloc /dev/pts/2 debug3: tty_parse_modes: SSH2 n_bytes 266 debug3: tty_parse_modes: ospeed 19200 debug3: tty_parse_modes: ispeed 19200 debug3: tty_parse_modes: 1 3 debug3: tty_parse_modes: 2 28 debug3: tty_parse_modes: 3 8 debug3: tty_parse_modes: 4 21 debug3: tty_parse_modes: 5 4 debug3: tty_parse_modes: 6 0 debug3: tty_parse_modes: 7 0 debug3: tty_parse_modes: 8 17 debug3: tty_parse_modes: 9 19 debug3: tty_parse_modes: 10 26 debug3: tty_parse_modes: 11 0 debug3: tty_parse_modes: 12 18 debug3: tty_parse_modes: 13 23 debug3: tty_parse_modes: 14 22 debug1: Ignoring unsupported tty mode opcode 16 (0x10) debug3: tty_parse_modes: 18 15 debug3: tty_parse_modes: 30 1 debug3: tty_parse_modes: 31 0 debug3: tty_parse_modes: 32 0 debug3: tty_parse_modes: 33 1 debug3: tty_parse_modes: 34 0 debug3: tty_parse_modes: 35 0 debug3: tty_parse_modes: 36 1 debug3: tty_parse_modes: 37 0 debug3: tty_parse_modes: 38 1 debug3: tty_parse_modes: 39 1 debug3: tty_parse_modes: 40 0 debug3: tty_parse_modes: 41 0 debug3: tty_parse_modes: 50 1 debug3: tty_parse_modes: 51 1 debug3: tty_parse_modes: 52 0 debug3: tty_parse_modes: 53 1 debug3: tty_parse_modes: 54 1 debug3: tty_parse_modes: 55 1 debug3: tty_parse_modes: 56 0 debug3: tty_parse_modes: 57 0 debug3: tty_parse_modes: 58 0 debug3: tty_parse_modes: 59 1 debug3: tty_parse_modes: 60 1 debug3: tty_parse_modes: 61 1 debug3: tty_parse_modes: 62 0 debug3: tty_parse_modes: 70 1 debug3: tty_parse_modes: 71 0 debug3: tty_parse_modes: 72 1 debug3: tty_parse_modes: 73 0 debug3: tty_parse_modes: 74 0 debug3: tty_parse_modes: 75 0 debug3: tty_parse_modes: 90 1 debug3: tty_parse_modes: 91 1 debug3: tty_parse_modes: 92 0 debug3: tty_parse_modes: 93 0 debug1: server_input_channel_req: channel 0 request x11-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req x11-req debug1: bind port 6010: Can't assign requested address debug1: fd 11 setting O_NONBLOCK debug2: fd 11 is O_NONBLOCK debug1: channel 1: new [X11 inet listener] debug1: server_input_channel_req: channel 0 request auth-agent-req at openssh.com reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req auth-agent-req at openssh.com debug1: temporarily_use_uid: 1000/1000 (e=0) debug1: restore_uid debug1: fd 12 setting O_NONBLOCK debug2: fd 12 is O_NONBLOCK debug1: channel 2: new [auth socket] debug1: server_input_channel_req: channel 0 request shell reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: fd 5 setting TCP_NODELAY debug1: channel 0: rfd 10 isatty debug1: fd 10 setting O_NONBLOCK debug2: fd 9 is O_NONBLOCK debug1: Setting controlling tty using TIOCSCTTY. debug1: Received SIGCHLD. debug1: session_by_pid: pid 133618 debug1: session_exit_message: session 0 channel 0 pid 133618 debug1: channel request 0: exit-status debug1: session_exit_message: release channel 0 debug1: channel 0: write failed debug1: channel 0: close_write debug1: channel 0: output open -> closed debug1: session_close: session 0 pid 133618 debug1: session_pty_cleanup: session 0 release /dev/pts/2 debug2: notify_done: reading debug1: channel 0: read<=0 rfd 10 len -1 debug1: channel 0: read failed debug1: channel 0: close_read debug1: channel 0: input open -> drain debug1: channel 0: ibuf empty debug1: channel 0: send eof debug1: channel 0: input drain -> closed debug1: channel 0: send close debug3: channel 0: will not send data after close debug1: channel 0: rcvd close debug3: channel 0: will not send data after close debug1: channel 0: is dead debug1: channel 0: garbage collecting debug1: channel_free: channel 0: server-session, nchannels 3 debug3: channel_free: status: The following connections are open: #0 server-session (t4 r0 i3/0 o3/0 fd -1/-1) debug3: channel_close_fds: channel 0: r -1 w -1 e -1 Connection closed by remote host. debug1: channel_free: channel 1: X11 inet listener, nchannels 2 debug3: channel_free: status: The following connections are open: debug3: channel_close_fds: channel 1: r 11 w 11 e -1 debug1: channel_free: channel 2: auth socket, nchannels 1 debug3: channel_free: status: The following connections are open: debug3: channel_close_fds: channel 2: r 12 w 12 e -1 debug1: temporarily_use_uid: 1000/1000 (e=0) debug1: restore_uid Closing connection to 172.20.32.65 # ./sshd -d -d -d debug3: Seeding PRNG from /sys/inet/ssh/libexec/ssh-rand-helper debug1: sshd version OpenSSH_3.3 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /sys/inet/ssh/etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug3: Not a RSA1 key file /sys/inet/ssh/etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #2 type 1 RSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from 172.20.32.65 port 24578 debug1: Client protocol version 2.0; client software version OpenSSH_3.3 debug1: match: OpenSSH_3.3 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.3 debug2: Network child is on pid 133718 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: privsep user:group 903:903 debug1: list_hostkey_types: ssh-dss,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-rsa debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug3: mm_request_send entering: type 0 debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI debug3: mm_request_receive_expect entering: type 1 debug3: mm_request_receive entering debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 2048 8192 debug3: mm_request_send entering: type 1 debug3: mm_choose_dh: remaining 0 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 127/256 debug1: bits set: 1010/2049 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug2: monitor_read: 0 used once, disabling now debug3: mm_request_receive entering debug1: bits set: 1057/2049 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 140053aa0(143) debug3: mm_request_send entering: type 5 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user ajs service ssh-connection method none debug1: attempt 0 failures 0 debug3: mm_getpwnamallow entering debug3: mm_request_send entering: type 6 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_request_receive_expect entering: type 7 debug3: mm_request_receive entering debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_request_receive entering debug2: input_userauth_request: setting up authctxt for ajs debug3: mm_inform_authserv entering debug3: mm_request_send entering: type 3 debug2: input_userauth_request: try method none debug3: mm_auth2_read_banner entering debug3: mm_request_send entering: type 8 debug3: mm_request_receive_expect entering: type 9 debug3: mm_request_receive entering debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, styledebug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug3: monitor_read: checking request 8 debug3: mm_request_send entering: type 9 debug2: monitor_read: 8 used once, disabling now debug3: mm_request_receive entering debug1: userauth_banner: sent debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug3: monitor_read: checking request 10 debug3: mm_answer_authpassword: sending result 0 debug3: mm_request_send entering: type 11 Failed none for ajs from 172.20.32.65 port 24578 ssh2 debug3: mm_request_receive entering debug3: mm_auth_password: user not authenticated Failed none for ajs from 172.20.32.65 port 24578 ssh2 debug1: userauth-request for user ajs service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 21 debug3: mm_request_receive entering debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 14005c080 debug1: temporarily_use_uid: 1000/1000 (e=0) debug1: trying public key file /u/ajs/.ssh/authorized_keys debug3: secure_filename: checking '/u/ajs/.ssh' debug3: secure_filename: checking '/u/ajs' debug3: secure_filename: terminating check at '/u/ajs' debug1: matching key found: file /u/ajs/.ssh/authorized_keys, line 2 Found matching RSA key: 50:e9:c4:a3:1d:21:6d:97:79:48:54:3d:9a:7e:43:29 debug1: restore_uid debug3: mm_answer_keyallowed: key 14005c080 is allowed debug3: mm_request_send entering: type 21 debug3: mm_request_receive entering debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa Postponed publickey for ajs from 172.20.32.65 port 24578 ssh2 debug1: userauth-request for user ajs service ssh-connection method publickey debug1: attempt 2 failures 1 debug2: input_userauth_request: try method publickey debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 21 debug3: mm_request_receive entering debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 14005c1e0 debug1: temporarily_use_uid: 1000/1000 (e=0) debug1: trying public key file /u/ajs/.ssh/authorized_keys debug3: secure_filename: checking '/u/ajs/.ssh' debug3: secure_filename: checking '/u/ajs' debug3: secure_filename: terminating check at '/u/ajs' debug1: matching key found: file /u/ajs/.ssh/authorized_keys, line 2 Found matching RSA key: 50:e9:c4:a3:1d:21:6d:97:79:48:54:3d:9a:7e:43:29 debug1: restore_uid debug3: mm_answer_keyallowed: key 14005c1e0 is allowed debug3: mm_request_send entering: type 21 debug3: mm_request_receive entering debug3: mm_key_verify entering debug3: mm_request_send entering: type 22 debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY debug3: mm_request_receive_expect entering: type 23 debug3: mm_request_receive entering debug3: monitor_read: checking request 22 debug1: ssh_rsa_verify: signature correct debug3: mm_answer_keyverify: key 14004eee0 signature verified debug3: mm_request_send entering: type 23 Accepted hostbased for ajs from 172.20.32.65 port 24578 ssh2 debug1: monitor_child_preauth: ajs has been authenticated by privileged process debug3: mm_get_keystate: Waiting for new keys debug3: mm_request_receive_expect entering: type 24 debug3: mm_request_receive entering debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa Accepted publickey for ajs from 172.20.32.65 port 24578 ssh2 debug3: mm_send_keystate: Sending new keys: 14004ed80 14004ec80 debug3: mm_newkeys_to_blob: converting 14004ed80 debug3: mm_newkeys_to_blob: converting 14004ec80 debug3: mm_send_keystate: New keys have been sent debug3: mm_send_keystate: Sending compression state debug3: mm_request_send entering: type 24 debug3: mm_send_keystate: Finished sending state debug3: mm_newkeys_from_blob: 140054220(122) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Waiting for second key debug3: mm_newkeys_from_blob: 140054040(122) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Getting compression state debug3: mm_get_keystate: Getting Network I/O buffers debug3: mm_share_sync: Share sync debug3: mm_share_sync: Share sync end debug2: User child is on pid 133720 debug3: mm_request_receive entering debug1: newkeys: mode 0 debug1: newkeys: mode 1 debug1: Entering interactive session for SSH2. debug1: fd 8 setting O_NONBLOCK debug1: fd 9 setting O_NONBLOCK debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug3: mm_request_send entering: type 25 debug3: monitor_read: checking request 25 debug3: mm_answer_pty entering debug1: session_new: init debug1: session_new: session 0 debug3: mm_request_send entering: type 26 debug3: Trying to reverse map address 172.20.32.65. debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY debug3: mm_request_receive_expect entering: type 26 debug3: mm_request_receive entering debug1: session_pty_req: session 0 alloc /dev/pts/2 debug3: tty_parse_modes: SSH2 n_bytes 266 debug3: tty_parse_modes: ospeed 19200 debug3: tty_parse_modes: ispeed 19200 debug3: tty_parse_modes: 1 3 debug3: tty_parse_modes: 2 28 debug3: tty_parse_modes: 3 8 debug3: tty_parse_modes: 4 21 debug3: tty_parse_modes: 5 4 debug3: tty_parse_modes: 6 0 debug3: tty_parse_modes: 7 0 debug3: tty_parse_modes: 8 17 debug3: tty_parse_modes: 9 19 debug3: tty_parse_modes: 10 26 debug3: tty_parse_modes: 11 0 debug3: tty_parse_modes: 12 18 debug3: tty_parse_modes: 13 23 debug3: tty_parse_modes: 14 22 debug1: Ignoring unsupported tty mode opcode 16 (0x10) debug3: tty_parse_modes: 18 15 debug3: tty_parse_modes: 30 1 debug3: tty_parse_modes: 31 0 debug3: tty_parse_modes: 32 0 debug3: tty_parse_modes: 33 1 debug3: tty_parse_modes: 34 0 debug3: tty_parse_modes: 35 0 debug3: tty_parse_modes: 36 1 debug3: tty_parse_modes: 37 0 debug3: tty_parse_modes: 38 1 debug3: tty_parse_modes: 39 1 debug3: tty_parse_modes: 40 0 debug3: tty_parse_modes: 41 0 debug3: tty_parse_modes: 50 1 debug3: tty_parse_modes: 51 1 debug3: tty_parse_modes: 52 0 debug3: tty_parse_modes: 53 1 debug3: tty_parse_modes: 54 1 debug3: tty_parse_modes: 55 1 debug3: tty_parse_modes: 56 0 debug3: tty_parse_modes: 57 0 debug3: tty_parse_modes: 58 0 debug3: tty_parse_modes: 59 1 debug3: tty_parse_modes: 60 1 debug3: mm_answer_pty: tty /dev/pts/2 ptyfd 3 debug3: mm_request_receive entering debug3: tty_parse_modes: 61 1 debug3: tty_parse_modes: 62 0 debug3: tty_parse_modes: 70 1 debug3: tty_parse_modes: 71 0 debug3: tty_parse_modes: 72 1 debug3: tty_parse_modes: 73 0 debug3: tty_parse_modes: 74 0 debug3: tty_parse_modes: 75 0 debug3: tty_parse_modes: 90 1 debug3: tty_parse_modes: 91 1 debug3: tty_parse_modes: 92 0 debug3: tty_parse_modes: 93 0 debug1: server_input_channel_req: channel 0 request x11-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req x11-req debug1: bind port 6010: Can't assign requested address debug1: fd 12 setting O_NONBLOCK debug2: fd 12 is O_NONBLOCK debug1: channel 1: new [X11 inet listener] debug1: server_input_channel_req: channel 0 request auth-agent-req at openssh.com reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req auth-agent-req at openssh.com debug1: temporarily_use_uid: 1000/1000 (e=1000) debug1: restore_uid debug1: fd 13 setting O_NONBLOCK debug2: fd 13 is O_NONBLOCK debug1: channel 2: new [auth socket] debug1: server_input_channel_req: channel 0 request shell reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: fd 5 setting TCP_NODELAY debug1: channel 0: rfd 11 isatty debug1: fd 11 setting O_NONBLOCK debug2: fd 10 is O_NONBLOCK debug1: Setting controlling tty using TIOCSCTTY. debug3: monitor_read: checking request 27 debug3: mm_answer_pty_cleanup entering debug1: session_by_tty: session 0 tty /dev/pts/2 debug3: mm_session_close: session 0 pid 133720 debug3: mm_session_close: tty /dev/pts/2 ptyfd 3 debug1: session_pty_cleanup: session 0 release /dev/pts/2 debug3: mm_request_receive entering Connection closed by remote host. debug1: channel_free: channel 0: server-session, nchannels 3 debug3: channel_free: status: The following connections are open: #0 server-session (t4 r0 i0/1037 o0/0 fd 11/10) debug3: channel_close_fds: channel 0: r 11 w 10 e -1 debug1: channel_free: channel 1: X11 inet listener, nchannels 2 debug3: channel_free: status: The following connections are open: debug3: channel_close_fds: channel 1: r 12 w 12 e -1 debug1: channel_free: channel 2: auth socket, nchannels 1 debug3: channel_free: status: The following connections are open: debug3: channel_close_fds: channel 2: r 13 w 13 e -1 debug1: session_close: session 0 pid 133721 debug3: mm_request_send entering: type 27 debug3: monitor_read: checking request 27 debug3: mm_answer_pty_cleanup entering debug1: session_by_tty: unknown tty /dev/pts/2 debug1: dump: used 0 session 0 140040488 channel -1 pid 133720 debug1: dump: used 0 session 0 140040650 channel 0 pid 0 debug1: dump: used 0 session 0 140040818 channel 0 pid 0 debug1: dump: used 0 session 0 1400409e0 channel 0 pid 0 debug1: dump: used 0 session 0 140040ba8 channel 0 pid 0 debug1: dump: used 0 session 0 140040d70 channel 0 pid 0 debug1: dump: used 0 session 0 140040f38 channel 0 pid 0 debug1: dump: used 0 session 0 140041100 channel 0 pid 0 debug1: dump: used 0 session 0 1400412c8 channel 0 pid 0 debug1: dump: used 0 session 0 140041490 channel 0 pid 0 debug3: mm_request_receive entering debug1: Received SIGCHLD. debug1: temporarily_use_uid: 1000/1000 (e=1000) debug1: restore_uid Closing connection to 172.20.32.65 debug3: mm_request_send entering: type 38 debug3: monitor_read: checking request 38 debug3: mm_answer_term: tearing down sessions ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
just a fyi: it seems that fd-passing is broken on DEC OSF/1 DU-4.0d so something like> --- ../openssh-3.3/sshd.c Fri Jun 21 01:05:56 2002 > +++ ./sshd.c Fri Jun 21 21:17:37 2002 > @@ -596,7 +596,11 @@ > /* XXX - Remote port forwarding */ > x_authctxt = authctxt; > > +#ifdef DEC_OSF... > + if (1) { > +#else > if (authctxt->pw->pw_uid == 0 || options.use_login) { > +#endif > /* File descriptor passing is broken or root login */ > monitor_apply_keystate(pmonitor); > use_privsep = 0; >could help (it turns of privsep for post-auth, but you still get protection against a certain class of attacks). -m
bugzilla-daemon at mindrot.org
2002-Jun-25 16:54 UTC
[Bug 296] Priv separation does not work on OSF/1
http://bugzilla.mindrot.org/show_bug.cgi?id=296 ------- Additional Comments From jss at ast.cam.ac.uk 2002-06-26 02:54 ------- I get this too with 4.0F and SSH1. I can log into the server as root (as long as root logins are allowed), but with privsep on I can't log in as other users. The connection just gets closed. Debug ssh client: OpenSSH_3.3, SSH protocols 1.5/2.0, OpenSSL 0x0090602f debug1: Reading configuration data /home/jss/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to xalph2 [131.111.68.136] port 22. debug1: Connection established. debug1: identity file /home/jss/.ssh/identity type 0 debug1: identity file /home/jss/.ssh/id_rsa type -1 debug1: identity file /home/jss/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.3 debug1: match: OpenSSH_3.3 pat OpenSSH* debug1: Local version string SSH-1.5-OpenSSH_3.3 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug1: Host 'xalph2' is known and matches the RSA1 host key. debug1: Found key in /etc/ssh/ssh_known_hosts:150 debug1: Encryption type: blowfish debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Trying RSA authentication with key '/home/jss/.ssh/identity' debug1: Received RSA challenge from server. debug1: Sending response to host key RSA challenge. debug1: Remote: RSA authentication accepted. debug1: RSA authentication accepted by server. debug1: Requesting pty. debug1: Requesting X11 forwarding with authentication spoofing. debug1: fd 3 setting TCP_NODELAY debug1: Requesting shell. debug1: Entering interactive session. Connection to xalph2 closed by remote host. Connection to xalph2 closed. debug1: Transferred: stdin 0, stdout 0, stderr 75 bytes in 0.0 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 15191.4 debug1: Exit status -1 On the server: [root at xalph2 /var]# /usr/sbin/sshd -d debug1: sshd version OpenSSH_3.3 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 131.111.68.219 port 33065 debug1: Client protocol version 1.5; client software version OpenSSH_3.3 debug1: match: OpenSSH_3.3 pat OpenSSH* debug1: Local version string SSH-1.99-OpenSSH_3.3 debug1: Rhosts Authentication disabled, originating port 33065 not trusted. debug1: Sent 768 bit server key and 1024 bit host key. debug1: Encryption type: blowfish debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: Attempting authentication for jss. Failed none for jss from 131.111.68.219 port 33065 debug1: temporarily_use_uid: 914/15 (e=0) debug1: trying public RSA key file /home/jss/.ssh/authorized_keys debug1: restore_uid Accepted rsa for jss from 131.111.68.219 port 33065 debug1: : jss has been authenticated by privileged process Found matching RSA1 key: d3:a3:b2:69:3e:e8:db:21:9a:8d:d0:83:ea:d4:e4:b4 Accepted rsa for jss from 131.111.68.219 port 33065 debug1: session_new: init debug1: session_new: session 0 debug1: Installing crc compensation attack detector. debug1: Allocating pty. debug1: session_new: init debug1: session_new: session 0 debug1: session_pty_req: session 0 alloc /dev/ttyp3 debug1: bind port 6010: Address already in use debug1: bind port 6011: Address already in use debug1: bind port 6012: Address already in use debug1: fd 10 setting O_NONBLOCK debug1: channel 0: new [X11 inet listener] debug1: fd 4 setting TCP_NODELAY debug1: Entering interactive session. debug1: fd 7 setting O_NONBLOCK debug1: fd 12 setting O_NONBLOCK debug1: fd 13 setting O_NONBLOCK debug1: server_init_dispatch_13 debug1: server_init_dispatch_15 debug1: Setting controlling tty using TIOCSCTTY. debug1: session_by_tty: session 0 tty /dev/ttyp3 debug1: session_pty_cleanup: session 0 release /dev/ttyp3 Connection closed by remote host. debug1: Calling cleanup 0x120064bcc(0x0) debug1: channel_free: channel 0: X11 inet listener, nchannels 1 debug1: Calling cleanup 0x12004fab0(0x140030ce8) debug1: Calling cleanup 0x120056f50(0x0) : unpermitted request 27 debug1: Calling cleanup 0x120056f50(0x0) In /var/adm/syslogs.dated/current: Jun 25 17:46:41 xalph2 sshd[13114]: Accepted rsa for jss from 131.111.68.219 port 33087 Jun 25 17:46:42 xalph2 sshd[13120]: audgen(LOGIN): Permission denied Jun 25 17:46:42 xalph2 sshd[13120]: fatal: Couldn't establish session for jss from xpc1.ast.cam.ac.uk Jun 25 17:46:43 xalph2 sshd[13109]: fatal: : unpermitted request 27 Jun 25 17:46:52 xalph2 sshd[13114]: fatal: : unpermitted request 27 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Jun-25 21:01 UTC
[Bug 296] Priv separation does not work on OSF/1
http://bugzilla.mindrot.org/show_bug.cgi?id=296 ------- Additional Comments From benchoff at vt.edu 2002-06-26 07:01 ------- Same thing here. Tru64 4.0F. Same syslog messages, UsePrivilegeSeparation no fixes the problem. openssh-3.3p1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Hi! On Tue, Jun 25, 2002 at 06:49:25PM +0200, Markus Friedl wrote:> just a fyi: > it seems that fd-passing is broken on DEC OSF/1 DU-4.0d > > so something like > > [snip] > > could help (it turns of privsep for post-auth, but > you still get protection against a certain class of attacks).Also FYI: This also makes OpenSSH 3.3p1 work with Linux 2.0.x Thanks for the tip. Ciao Thomas
bugzilla-daemon at mindrot.org
2002-Jun-26 18:28 UTC
[Bug 296] Priv separation does not work on OSF/1
http://bugzilla.mindrot.org/show_bug.cgi?id=296 ------- Additional Comments From lennox at cs.columbia.edu 2002-06-27 04:28 ------- Same problem with 3.4p1. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Jun-26 18:50 UTC
[Bug 296] Priv separation does not work on OSF/1
http://bugzilla.mindrot.org/show_bug.cgi?id=296 ------- Additional Comments From mouring at eviladmin.org 2002-06-27 04:50 ------- The platform was not tagged to set 'BROKEN_FD_PASSING' after ./configure go into config.h and grep for it and set it. It is a temporary work around. Something that was regretfully missed. A full solution needs to be forth coming from the OSF/1 user/developers. Summary of issue: The issue is by time do_child() is ran when PrivSep is enabled it has lost root access and therefor can not set the SIA security information. For this to be correctly fixed one has to pre-allocate the TTY *BEFORE* root privs are dropped. This is a massive hack. And needs someone willing to look at the problem to solve. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Jul-17 21:34 UTC
[Bug 296] Priv separation does not work on OSF/1
http://bugzilla.mindrot.org/show_bug.cgi?id=296
mouring at eviladmin.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |wadelljs at bp.com
------- Additional Comments From mouring at eviladmin.org 2002-07-18 07:34
-------
*** Bug 319 has been marked as a duplicate of this bug. ***
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.