openssh unix dev - Nov 2005 - 4.2 and the 'last' command

We've run into an interesting dilemma regarding last log information and
ssh 4.2p1.  In 3.8, we didn't see this problem, but now has cropped up
in 4.2.
 
When a user logs in, sshd seems to call 'last' to get the last log
information.  'last' then opens the /var/log/wtmp file and processes the
information.  On some systems, this file can be quite large, and we're
seeing login times of upwards around a minute while 'last' pegs the
system resources.
 
My question:  I can't find in the source where 'last' is explicitly
called, so is there an API call that was added between these versions
that would refer the system to 'last'?  I've noticed a function
'login_get_lastlog' that seems to get the information with it's own
algo, but I didn't see an option in the config to turn that on.  I only
found the option to turn last log information completely off, and
unfortunately that's not an option.
 
Anybody have any other ideas on where to go to find where 'last' is
being called, or any other ideas on how to optimize it?  Thanks!
 
Jason

Jason.C.Burns at wellsfargo.com wrote:
> My question:  I can't find in the source where 'last' is
explicitly
> called, so is there an API call that was added between these versions
> that would refer the system to 'last'? 
Depends.  What platform are you running, and which build and run-time 
options have you enabled?

AFAIK sshd doesn't exec "last" itself, although it's possible
that
something it calls does under the covers.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

> Jason.C.Burns at wellsfargo.com wrote:
> > My question:  I can't find in the source where 'last' is
explicitly
> > called, so is there an API call that was added between 
> these versions 
> > that would refer the system to 'last'?
> 
> Depends.  What platform are you running, and which build and 
> run-time options have you enabled?
> 
> AFAIK sshd doesn't exec "last" itself, although it's
possible
> that something it calls does under the covers.
Thanks for the reply Darren.

The main system I can see the problem is HP-UX, 11.00 and 11i.

The build options are:
--with-pam
--disable-suid-ssh
--without-rsh
--with-ssl-dir--with-kerberos5--with-tcp-wrappers--with-zlib--with-default-path--with-superuser-path--without-privsep-user
--without-privsep-path
--prefix--sysconfdir--with-libs="-L/lib -L/usr/lib -L/usr/local/lib"
--with-rand-helper
--with-random=/dev/urandom
--with-ldflags=-ldld

Run time:
ssh:
ForwardX11 yes
GSSAPIDelegateCredentials yes
GSSAPIAuthentication yes

sshd:
ChallengeResponseAuthentication yes
KerberosAuthentication no
GSSAPIAuthentication yes
UsePAM yes
X11Forwarding yes
UsePrivilegeSeparation no
MaxStartups 30
Subsystem       sftp    /usr/libexec/sftp-server


I agree.  From what I've looked at, I can't see 'last' being
called
explicitly.  Using process monitoring tools, I don't even see last being
called on Linux and Solaris systems, but it could be running too fast to
catch.  I'm still looking to see anything where sshd asks the system for
the last login information and last is implicitly called, but any
information you might be able to provide would be much appreciated!

Jason

On Wed, Nov 23, 2005 at 05:23:46PM -0600, Jason.C.Burns at wellsfargo.com
wrote:
> > I'll bet PAM calls "last" to generate its "last
logged in at"
> > messages.
> > Do you see "last" running if you run sshd with UsePAM set to
"no"?
> 
> Yes.  Running sshd without GSSAPI, PAM, or Login, last is still called.
> 
> This is the debug output from sshd:
> debug3: send_rexec_state: entering fd = 7 config len 379
> debug3: ssh_msg_send: type 0
> debug3: send_rexec_state: done
> debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
> <This is where last is running, hanging the process for ~1-2
minutes.>
> debug1: inetd sockets after dupping: 3, 3
> Connection from xx.xx.xx.xx port 36540
Ah, ok.  That makes sense now.  It's the entropy gatherer
(ssh-random-helper) that's running "last", not sshd, and it's
being
run when sshd reexecs itself for each connection.

ssh-random-helper will attempt to kill off programs that run more than
a couple of seconds, though it uses SIGTERM so a process can ignore it.

I can see 4 options for resolving this.

1) remove the "last" calls from ssh_prngd_cmds.

2) install prngd, which will obviate the need for sshd to run
ssh-random-helper.

3) run sshd with the (undocumented) -r option to disable reexec.

4) apply the following patch, which will be in OpenSSH 4.3.

The latter 2 will still mean "last" will probably be run at startup of
both sshd and ssh but not when sshd accepts a new connection.

And now the patch, against 4.2p1:

 - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
   process when sshd relies on ssh-random-helper.  Should result in faster
   logins on systems without a real random device or prngd.  ok djm@

Index: entropy.c
==================================================================RCS file:
/usr/local/src/security/openssh/cvs/openssh_cvs/entropy.c,v
retrieving revision 1.49
diff -u -p -r1.49 entropy.c
--- entropy.c	17 Jul 2005 07:26:44 -0000	1.49
+++ entropy.c	24 Nov 2005 02:15:59 -0000
@@ -26,6 +26,7 @@
 
 #include <openssl/rand.h>
 #include <openssl/crypto.h>
+#include <openssl/err.h>
 
 #include "ssh.h"
 #include "misc.h"
@@ -33,6 +34,8 @@
 #include "atomicio.h"
 #include "pathnames.h"
 #include "log.h"
+#include "buffer.h"
+#include "bufaux.h"
 
 /*
  * Portable OpenSSH PRNG seeding:
@@ -152,3 +155,30 @@ init_rng(void)
 #endif
 }
 
+#ifndef OPENSSL_PRNG_ONLY
+void
+rexec_send_rng_seed(Buffer *m)
+{
+	u_char buf[RANDOM_SEED_SIZE];
+
+	if (RAND_bytes(buf, sizeof(buf)) <= 0) {
+		error("Couldn't obtain random bytes (error %ld)",
+		    ERR_get_error());
+		buffer_put_string(m, "", 0);
+	} else 
+		buffer_put_string(m, buf, sizeof(buf));
+}
+
+void
+rexec_recv_rng_seed(Buffer *m)
+{
+	char *buf;
+	u_int len;
+
+	buf = buffer_get_string_ret(m, &len);
+	if (buf != NULL) {
+		debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len);
+		RAND_add(buf, len, len);
+	}
+}
+#endif
Index: entropy.h
==================================================================RCS file:
/usr/local/src/security/openssh/cvs/openssh_cvs/entropy.h,v
retrieving revision 1.4
diff -u -p -r1.4 entropy.h
--- entropy.h	9 Feb 2001 01:55:36 -0000	1.4
+++ entropy.h	24 Nov 2005 02:15:59 -0000
@@ -22,12 +22,17 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/* $Id: entropy.h,v 1.4 2001/02/09 01:55:36 djm Exp $ */
+/* $Id: entropy.h,v 1.5 2005/09/27 12:46:32 dtucker Exp $ */
 
 #ifndef _RANDOMS_H
 #define _RANDOMS_H
 
+#include "buffer.h"
+
 void seed_rng(void);
 void init_rng(void);
 
+void rexec_send_rng_seed(Buffer *);
+void rexec_recv_rng_seed(Buffer *);
+
 #endif /* _RANDOMS_H */
Index: sshd.c
==================================================================RCS file:
/usr/local/src/security/openssh/cvs/openssh_cvs/sshd.c,v
retrieving revision 1.313
diff -u -p -r1.313 sshd.c
--- sshd.c	26 Jul 2005 11:54:56 -0000	1.313
+++ sshd.c	24 Nov 2005 02:15:59 -0000
@@ -800,6 +800,7 @@ send_rexec_state(int fd, Buffer *conf)
 	 *	bignum	iqmp			"
 	 *	bignum	p			"
 	 *	bignum	q			"
+	 *	string rngseed		(only if OpenSSL is not self-seeded)
 	 */
 	buffer_init(&m);
 	buffer_put_cstring(&m, buffer_ptr(conf));
@@ -816,6 +817,10 @@ send_rexec_state(int fd, Buffer *conf)
 	} else
 		buffer_put_int(&m, 0);
 
+#ifndef OPENSSL_PRNG_ONLY
+	rexec_send_rng_seed(&m);
+#endif
+
 	if (ssh_msg_send(fd, 0, &m) == -1)
 		fatal("%s: ssh_msg_send failed", __func__);
 
@@ -858,6 +863,11 @@ recv_rexec_state(int fd, Buffer *conf)
 		rsa_generate_additional_parameters(
 		    sensitive_data.server_key->rsa);
 	}
+
+#ifndef OPENSSL_PRNG_ONLY
+	rexec_recv_rng_seed(&m);
+#endif
+
 	buffer_free(&m);
 
 	debug3("%s: done", __func__);
@@ -1051,8 +1061,6 @@ main(int ac, char **av)
 	drop_cray_privs();
 #endif
 
-	seed_rng();
-
 	sensitive_data.server_key = NULL;
 	sensitive_data.ssh1_host_key = NULL;
 	sensitive_data.have_ssh1_key = 0;
@@ -1071,6 +1079,8 @@ main(int ac, char **av)
 	if (!rexec_flag)
 		buffer_free(&cfg);
 
+	seed_rng();
+
 	/* Fill in default values for those options not explicitly set. */
 	fill_default_server_options(&options);
 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.