Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
bugzilla-daemon at mindrot
Sep 17, 2003, 5:01 AM
Post #1 of 9 (1081 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=653

Summary: sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: Alpha
OS/Version: other
Status: NEW
Severity: critical
Priority: P2
Component: sshd
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: Ole.H.Nielsen@fysik.dtu.dk


I upgraded OpenSSH 3.6.1p2 to 3.7.1p1 on a couple of HP/Compaq Tru64 UNIX systems.
Version 3.6.1p2 works like a charm !
After restarting the sshd daemon I try to login using ssh from several remote
systems, but the login breaks pretty early on. Nothing seems to be logged
to the syslog.
Details:
OS: HP/Compaq Tru64 UNIX version 5.1A (same problem on Tru64 4.0F)
Compiler: Compaq C V6.4-014 on Compaq Tru64 UNIX V5.1A



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) [ In reply to ]
bugzilla-daemon at mindrot
Sep 17, 2003, 5:05 AM
Post #2 of 9 (1057 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=653





------- Additional Comments From Ole.H.Nielsen@fysik.dtu.dk 2003-09-17 23:05 -------
Created an attachment (id=409)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=409&action=view)
SSH login attempt verbose log




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) [ In reply to ]
bugzilla-daemon at mindrot
Sep 17, 2003, 10:27 AM
Post #3 of 9 (1058 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=653





------- Additional Comments From mmokrejs@natur.cuni.cz 2003-09-18 04:27 -------
I have exactly same experience. I compiled now 3.6.1p2 and 3.7.1p1 with same
configure commandline and got same problem. Connectio breaks right after
"SSH2_MSG_KEXINIT sent"


$ ssh -v -v -v -l root -p 443 serow
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x009060af
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to serow [146.107.217.72] port 443.
debug1: Connection established.
debug1: identity file /home/mokrejs/.ssh/identity type 0
debug1: identity file /home/mokrejs/.ssh/id_rsa type 0
debug3: Not a RSA1 key file /home/mokrejs/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /home/mokrejs/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p1
debug1: match: OpenSSH_3.7.1p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
Connection closed by 146.107.217.72
debug1: Calling cleanup 0x8062440(0x0)
mokrejs@vrapenec$



$ ./configure --prefix=/usr/local --with-tcp-wrappers
--with-ssl-dir=/software/@sys/usr/openssl --with-prngd-socket=/var/run/egd-p
ool
--with-default-path=/software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/afs/bin:/software/@sys/usr/openssl/bin:/usr/local/bin:/us
r/local/sbin:/usr/bin:/bin:/sbin:/usr/sbin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin
--with-xauth=/usr/bin/X11/xauth --with-zlib --with-osfsia
--with-login=/usr/bin/login --without-privsep



The server says:

# ./sshd -p 443 -D -d -d -d
debug2: read_server_config: filename /usr/local/etc/sshd_config
debug1: sshd version OpenSSH_3.7.1p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 443 on 0.0.0.0.
Server listening on 0.0.0.0 port 443.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 146.107.217.207 port 34077
debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.7.1p1
debug2: Network child is on pid 34085
debug3: preauth child monitor started
debug3: mm_request_receive entering
debug3: privsep user:group 15:22
debug1: permanently_set_uid: 15/22
permanently_set_uid: was able to restore old [e]gid
debug1: Calling cleanup 0x12006ff40(0x0)
#

I suspect inability to read RAND data(below is truss snippet from ./sshd -D -d
-d -d execution).

33868: fork() = 33871
33871: fork() (returning as child ...) = 33871
debug2: Network child is on pid 33871
33868: write(2, " d e b u g 2 : N e t w".., 39) = 39
33871: getsysinfo(67, 0x000000011FFFB0F0, 4, 0x00000000, 0x00000000,
0x00000000) = 1
33868: close(3) = 0
33871: close(7) = 0
debug3: preauth child monitor started
33868: write(2, " d e b u g 3 : p r e a".., 39) = 39
33871: getuid() = 0 [ 0 ]
debug3: mm_request_receive entering
33868: write(2, " d e b u g 3 : m m _ r".., 37) = 37
33871: fstat(0, 0x000000011FFFB0F8) = 0
33871: fstat(1, 0x000000011FFFB0F8) = 0
33871: fstat(2, 0x000000011FFFB0F8) = 0
33871: open("/etc/passwd.pag", O_RDONLY, 00) Err#2 No such file or
directory
33871: open("/etc/passwd", O_RDONLY, 0666) = 7
33871: fstat(7, 0x000000011FFFB010) = 0
33871: ioctl(7, 0x2000745E, 0x00000000) Err#25 Not a typewriter
33871: read(7, " r o o t : 5 1 A B 3 Y B".., 8192) = 891
33871: lseek(7, 0xFFFFFFFF, SEEK_CUR) = 888
33871: close(7) = 0
33871: fstat(0, 0x000000011FFFB0F8) = 0
33871: fstat(1, 0x000000011FFFB0F8) = 0
33871: fstat(2, 0x000000011FFFB0F8) = 0
33871: chroot("/var/empty") = 0
33871: chdir("/") = 0
debug3: privsep user:group 15:22
33871: write(2, " d e b u g 3 : p r i v".., 34) = 34
33871: setgroups(1, 0x000000011FFFB340) = 0
33871: getuid() = 0 [ 0 ]
33871: getgid() = 1 [ 1 ]
debug1: permanently_set_uid: 15/22
33871: write(2, " d e b u g 1 : p e r m".., 36) = 36
33871: setregid(22, 22) = 0
33871: setreuid(15, 15) = 0
33871: setgid(1) = 0
permanently_set_uid: was able to restore old [e]gid
33871: write(2, " p e r m a n e n t l y _".., 53) = 53
debug1: Calling cleanup 0x12006ff40(0x0)
33871: write(2, " d e b u g 1 : C a l l".., 42) = 42
33871: shutdown(4, SHUT_RDWR) = 0
33871: close(4) = 0


Could the output of sshd and ssh be enhanced so that it tells which EGD is it using?




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) [ In reply to ]
bugzilla-daemon at mindrot
Sep 17, 2003, 10:42 AM
Post #4 of 9 (1056 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=653

mmokrejs@natur.cuni.cz changed:

What |Removed |Added
----------------------------------------------------------------------------
OS/Version|other |OSF/1





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) [ In reply to ]
bugzilla-daemon at mindrot
Sep 17, 2003, 10:50 AM
Post #5 of 9 (1066 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=653





------- Additional Comments From mmokrejs@natur.cuni.cz 2003-09-18 04:50 -------
OK, I stole the idea from http://bugzilla.mindrot.org/show_bug.cgi?id=659

Edit openssh-3.7.1p1/config.h to have as follows:

/* Define if your platform breaks doing a seteuid before a setuid */
#define SETEUID_BREAKS_SETUID

/* Define if your setreuid() is broken */
#define BROKEN_SETREUID

/* Define if your setregid() is broken */
#define BROKEN_SETREGID

That fixes our problem.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) [ In reply to ]
bugzilla-daemon at mindrot
Sep 18, 2003, 5:34 AM
Post #6 of 9 (1062 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=653





------- Additional Comments From Ole.H.Nielsen@fysik.dtu.dk 2003-09-18 23:34 -------
I have tried Martin Mokrejs' workaround:

Edit openssh-3.7.1p1/config.h to have as follows:

/* Define if your platform breaks doing a seteuid before a setuid */
#define SETEUID_BREAKS_SETUID

/* Define if your setreuid() is broken */
#define BROKEN_SETREUID

/* Define if your setregid() is broken */
#define BROKEN_SETREGID

This solves the problem on our systems as well (Tru64 UNIX 5.1A and 4.0F) !
One mustn't edit acconfig.h and then run configure; it's required to edit
config.h as above *after* the configure step.

To the developers:
The final bugfix seemingly needs to define the 3 above lines for the OSF/1
operating system (Tru64 UNIX). I wonder why this wasn't necessary
prior to version 3.7 ?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) [ In reply to ]
bugzilla-daemon at mindrot
Sep 19, 2003, 3:43 AM
Post #7 of 9 (1056 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=653





------- Additional Comments From dtucker@zip.com.au 2003-09-19 21:43 -------
Created an attachment (id=436)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=436&action=view)
Add defines to configure for Digital Unix

Please try the attached patch. You will need to run "autoconf" to rebuild
configure.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) [ In reply to ]
bugzilla-daemon at mindrot
Sep 21, 2003, 5:28 PM
Post #8 of 9 (1055 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=653

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED



------- Additional Comments From dtucker@zip.com.au 2003-09-22 11:28 -------
Thanks for the report, this has been fixed (in HEAD and the 3.7 branch). Please
test tomorrow's snapshot.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) [ In reply to ]
bugzilla-daemon at mindrot
Sep 25, 2003, 5:52 AM
Post #9 of 9 (1068 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=653





------- Additional Comments From Ole.H.Nielsen@fysik.dtu.dk 2003-09-25 23:52 -------
I downloaded OpenSSH 3.7.1p2 and installed it on Tru64 UNIX v4.0F.
I can confirm that this bug is fixed now.

Another bug exists (will be reported separately):
When sshd should be started from /etc/inittab, no sshd process
is running upon a reboot. If I start sshd from the command-line it's OK.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal