Andreas M. Kirchwitz
2005-Mar-10 12:41 UTC
OpenSSH 4.0p1 segfaults on keyboard-interactive login
Hi folks,
I've compiled the new OpenSSH 4.0p1 on my Linux box running
Fedora Core 2 (kernel 2.6.10) the same way as I did with 3.9p1
and all previous versions.
Key-based login works fine, but if I login from a host that
require me to enter my login password (keyboard-interactive),
then the sshd child process segfaults.
Don't know if this is specific to my system or to Linux in
general. On Solaris 9 SPARC, everything works fine.
The last lines displayed by "sshd -D -d -d -d -4" are:
[...]
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=fubar devs debug1: kbdint_alloc: devices
''
debug2: auth2_challenge_start: devices
Failed keyboard-interactive for fubar from 127.0.0.1 port 51264 ssh2
debug3: Trying to reverse map address 127.0.0.1.
debug1: do_cleanup
And "strace -f sshd -D -4" says:
[...]
[pid 13387] getpeername(3, {sa_family=AF_INET, sin_port=htons(51261),
sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
[pid 13387] open("/etc/protocols", O_RDONLY) = -1 ENOENT (No such
file or directory)
[pid 13387] getsockopt(3, SOL_IP, IP_OPTIONS, "", [0]) = 0
[pid 13387] socket(PF_FILE, SOCK_STREAM, 0) = 6
[pid 13387] connect(6, {sa_family=AF_FILE,
path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or
directory)
[pid 13387] close(6) = 0
[pid 13387] gettimeofday({1110457920, 91151}, NULL) = 0
[pid 13387] open("/etc/resolv.conf", O_RDONLY) = -1 ENOENT (No such
file or directory)
[pid 13387] uname({sys="Linux", node="myhost.example",
...}) = 0
[pid 13387] open("/etc/host.conf", O_RDONLY) = -1 ENOENT (No such
file or directory)
[pid 13387] open("/etc/hosts", O_RDONLY) = -1 ENOENT (No such file or
directory)
[pid 13387] open("/etc/ld.so.cache", O_RDONLY) = -1 ENOENT (No such
file or directory)
[pid 13387] open("/lib/tls/i686/sse2/libnss_dns.so.2", O_RDONLY) = -1
ENOENT (No such file or directory)
[pid 13387] stat64("/lib/tls/i686/sse2", 0xbff271fc) = -1 ENOENT (No
such file or directory)
(... lot of library stuff follows ...)
[pid 13387] open("/usr/lib/libnss_dns.so.2", O_RDONLY) = -1 ENOENT
(No such file or directory)
[pid 13387] stat64("/usr/lib", 0xbff271fc) = -1 ENOENT (No such file
or directory)
[pid 13387] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
Process 13387 detached
Any ideas what's wrong on my system?
Greetings, Andreas
Andreas M. Kirchwitz wrote:> Hi folks, > > I've compiled the new OpenSSH 4.0p1 on my Linux box running > Fedora Core 2 (kernel 2.6.10) the same way as I did with 3.9p1 > and all previous versions. > > Key-based login works fine, but if I login from a host that > require me to enter my login password (keyboard-interactive), > then the sshd child process segfaults. > > Don't know if this is specific to my system or to Linux in > general. On Solaris 9 SPARC, everything works fine.I believe this is something relating to glibc and nameservice lookups in a chroot. It looks like libc tries to dynamically load some nameservice modules then blows up when it fails (because they don't exist in the chroot). If you can get a gdb backtrace of it I think you'll find it's inside libc when it dies. Try - "UseDNS no" in sshd_config. - cp -a /lib /var/empty (or wherever your sshd chroot is). You won't need all of the libraries, though. - create an /etc/nsswitch.conf inside the chroot that has only "hosts: files". -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.