Date: Wed, 17 Oct 2001 20:50:17 -0500 From: ryan beasley <ryanb@goddamnbastard.org> To: freebsd-stable@freebsd.org Cc: green@freebsd.org, Matthew L Creech <gte733p@prism.gatech.edu> Subject: Re: sshd core dump Message-ID: <20011017205017.A9625@bjorn.goddamnbastard.org> In-Reply-To: <3BBA7E1E.931F087D@prism.gatech.edu>; from gte733p@prism.gatech.edu on Tue, Oct 02, 2001 at 10:55:26PM -0400 References: <3BBA7E1E.931F087D@prism.gatech.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--azLHFNyN32YCQGCU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Oct 02, 2001 at 10:55:26PM -0400, Matthew L. Creech wrote:
> I looked around for some info. on this subject but couldn't find
> any. I cvsup'ed my system and rebuilt yesterday. Made world,
> installed world, made & installed kernel, everything was flawless.=20
> Today I tried to ssh into my machine and found out I couldn't do
> it. It prompts for a password, but then stops with a "connection
> closed" message. I tried again with ssh -v and got this message,
> which seemed to be where it terminates.
I'm seeing the same behavior. sshd_config was unchanged between
4.3-STABLE-20010709-0000-GMT (w/ a few patches here and there) and
4.4-STABLE-20011001-0000-GMT. Setting UseLogin to no, things appear
to proceed normally.
Anywho, here's some information that will hopefully help some
people. If any more specifics are required, I'm up for any
assistance I could provide.
Weird little quirk:
If I specify a command to execute (ie: ssh hostname
/path/to/command), options.use_login is set to 0, many more
login(1) related things to happen (see session.c), but the login
is happy and I find myself staring at a prompt from the serving
machine. (Note that the behavior is the same regardless of login
as root or a regular user.)
I'm pretty junior when it comes to debugging stuff like this, so if
anyone sees me heading the in the wrong direction, I'd appreciate
polite correction. <grin>
-----BEGIN GDB STUFF-----
> [root@backup /usr/obj/usr/src/secure/usr.sbin/sshd] $ gdb ./sshd
> GNU gdb 4.18
> Copyright 1998 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you =
are
> welcome to change it and/or distribute copies of it under certain conditi=
ons.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for detail=
s.
> This GDB was configured as "i386-unknown-freebsd"...
> (gdb) core-file /sshd.core=20
> Core was generated by `sshd'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /usr/lib/libopie.so.2...done.
> Reading symbols from /usr/lib/libmd.so.2...done.
> Reading symbols from /usr/lib/libcrypt.so.2...done.
> Reading symbols from /usr/lib/libcrypto.so.2...done.
> Reading symbols from /usr/lib/libutil.so.3...done.
> Reading symbols from /usr/lib/libz.so.2...done.
> Reading symbols from /usr/lib/libwrap.so.3...done.
> Reading symbols from /usr/lib/libpam.so.1...done.
> Reading symbols from /usr/lib/libc.so.4...done.
> Reading symbols from /usr/lib/pam_skey.so...done.
> Reading symbols from /usr/lib/libskey.so.2...done.
> Reading symbols from /usr/lib/pam_unix.so...done.
> Reading symbols from /usr/lib/pam_permit.so...done.
> Reading symbols from /usr/libexec/ld-elf.so.1...done.
> #0 0x8056699 in child_set_env (envp=3D0xbfbfeaac, envsizep=3D0xbfbfeab0,=
name=3D0x8074772 "SSH_CLIENT",=20
> value=3D0xbfbff09c "216.80.78.44 4836 22") at /usr/src/secure/usr.sbi=
n/sshd/../../../crypto/openssh/session.c:899
> 899 for (i =3D 0; env[i]; i++)
> (gdb) where
> #0 0x8056699 in child_set_env (envp=3D0xbfbfeaac, envsizep=3D0xbfbfeab0,=
name=3D0x8074772 "SSH_CLIENT",=20
> value=3D0xbfbff09c "216.80.78.44 4836 22") at /usr/src/secure/usr.sbi=
n/sshd/../../../crypto/openssh/session.c:899
> #1 0x8056e35 in do_child (s=3D0x8083e60, command=3D0x0) at /usr/src/secu=
re/usr.sbin/sshd/../../../crypto/openssh/session.c:1173
> #2 0x8056049 in do_exec_pty (s=3D0x8083e60, command=3D0x0) at /usr/src/s=
ecure/usr.sbin/sshd/../../../crypto/openssh/session.c:626
> #3 0x8057e12 in session_shell_req (s=3D0x8083e60) at /usr/src/secure/usr=
.sbin/sshd/../../../crypto/openssh/session.c:1725
> #4 0x8057ffa in session_input_channel_req (id=3D0, arg=3D0x0) at /usr/sr=
c/secure/usr.sbin/sshd/../../../crypto/openssh/session.c:1795
> #5 0x8064909 in channel_input_channel_request ()
> #6 0x805e777 in dispatch_run ()
> #7 0x80518a3 in process_buffered_input_packets () at /usr/src/secure/usr=
.sbin/sshd/../../../crypto/openssh/serverloop.c:444
> #8 0x8051e91 in server_loop2 () at /usr/src/secure/usr.sbin/sshd/../../.=
./crypto/openssh/serverloop.c:714
> #9 0x8058643 in do_authenticated2 (authctxt=3D0x808d2c0) at /usr/src/sec=
ure/usr.sbin/sshd/../../../crypto/openssh/session.c:2007
> #10 0x80553ed in do_authenticated (authctxt=3D0x808d2c0) at /usr/src/secu=
re/usr.sbin/sshd/../../../crypto/openssh/session.c:168
> #11 0x8053543 in do_authentication2 () at /usr/src/secure/usr.sbin/sshd/.=
./../../crypto/openssh/auth2.c:139
> #12 0x804dbc3 in main (ac=3D2, av=3D0xbfbffc10) at /usr/src/secure/usr.sb=
in/sshd/../../../crypto/openssh/sshd.c:1158
> #13 0x804c0c5 in _start ()
> (gdb) print envp
> $1 =3D (char ***) 0xbfbfeaac
> (gdb) print *envp
> $2 =3D (char **) 0x75626564
> (gdb) print **envp
> Cannot access memory at address 0x75626564.
-----END GDB STUFF-----
-----BEGIN CLIENT STUFF-----
> [ryanb@akerfeldt ~] $ ssh -v backup.enteract.com
> SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1=
.5/2.0.
> Compiled with SSL (0x0090601f).
> debug: Reading configuration data /home/ryanb/.ssh/config
> debug: Reading configuration data /etc/ssh/ssh_config
> debug: ssh_connect: getuid 1000 geteuid 1000 anon 1
> debug: Connecting to backup.enteract.com [207.229.143.61] port 22.
> debug: Connection established.
> debug: Remote protocol version 2.0, remote software version OpenSSH_2.9 F=
reeBSD localisations 20010713
> debug: no match: OpenSSH_2.9 FreeBSD localisations 20010713
> Enabling compatibility mode for protocol 2.0
> debug: Local version string SSH-2.0-OpenSSH_2.3.0 green@FreeBSD.org 20010=
321
> debug: send KEXINIT
> debug: done
> debug: wait KEXINIT
> debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro=
up1-sha1
> debug: got kexinit: ssh-dss
> debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour
> debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour
> debug: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open=
ssh.com,hmac-sha1-96,hmac-md5-96
> debug: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open=
ssh.com,hmac-sha1-96,hmac-md5-96
> debug: got kexinit: none,zlib
> debug: got kexinit: none,zlib
> debug: got kexinit:=20
> debug: got kexinit:=20
> debug: first kex follow: 0=20
> debug: reserved: 0=20
> debug: done
> debug: kex: server->client 3des-cbc hmac-sha1 none
> debug: kex: client->server 3des-cbc hmac-sha1 none
> debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
> debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
> debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
> debug: bits set: 1057/2049
> debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
> debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
> debug: Got SSH2_MSG_KEXDH_REPLY.
> debug: Host 'backup.enteract.com' is known and matches the DSA host key.
> debug: bits set: 1025/2049
> debug: len 55 datafellows 0
> debug: dsa_verify: signature correct
> debug: Wait SSH2_MSG_NEWKEYS.
> debug: GOT SSH2_MSG_NEWKEYS.
> debug: send SSH2_MSG_NEWKEYS.
> debug: done: send SSH2_MSG_NEWKEYS.
> debug: done: KEX2.
> debug: send SSH2_MSG_SERVICE_REQUEST
> debug: service_accept: ssh-userauth
> debug: got SSH2_MSG_SERVICE_ACCEPT
> debug: authentications that can continue: publickey,password,keyboard-int=
eractive
> debug: next auth method to try is publickey
> debug: try pubkey: /home/ryanb/.ssh/id_dsa
> debug: PEM_read_bio_DSAPrivateKey failed
> debug: read DSA private key done
> Enter passphrase for DSA key '/home/ryanb/.ssh/id_dsa':=20
> debug: read DSA private key done
> debug: sig size 20 20
> debug: ssh-userauth2 successfull: method publickey
> debug: channel 0: new [client-session]
> debug: send channel open 0
> debug: Entering interactive session.
> debug: client_init id 0 arg 0
> debug: channel request 0: shell
> debug: channel 0: open confirm rwindow 0 rmax 16384
> debug: client_input_channel_req: rtype exit-signal reply 0
> debug: channel 0: rcvd eof
> debug: channel 0: output open -> drain
> debug: channel 0: rcvd close
> debug: channel 0: input open -> closed
> debug: channel 0: close_read
> debug: channel 0: obuf empty
> debug: channel 0: output drain -> closed
> debug: channel 0: close_write
> debug: channel 0: send close
> debug: channel 0: full closed2
> debug: channel_free: channel 0: status: The following connections are ope=
n:
> #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)
>=20
> Connection to backup.enteract.com closed.
> debug: Transferred: stdin 0, stdout 0, stderr 43 bytes in 0.0 seconds
> debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 3166.7
> debug: Exit status -1
-----END CLIENT STUFF-----
( If kernel configs, dmesg output, login.(conf|access) contents,
etc. are actually necessary, just say so. <grin> )
-----BEGIN SERVER STUFF-----
> [root@backup /usr/obj/usr/src/secure/usr.sbin/sshd] $ ./sshd -Dd
> debug1: sshd version OpenSSH_2.9 FreeBSD localisations 20010713
> debug1: private host key: #0 type 0 RSA1
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> debug1: Bind to port 22 on 207.229.143.61.
> Server listening on 207.229.143.61 port 22.
> debug1: Server will not fork when running in debugging mode.
> Connection from akerfeldt.goddamnbastard.org port 4839
> Connection from 216.80.78.44 port 4839
> debug1: Client protocol version 2.0; client software version OpenSSH_2.3.=
0 green@FreeBSD.org 20010321
> debug1: match: OpenSSH_2.3.0 green@FreeBSD.org 20010321 pat ^OpenSSH_2\.3=
\.0
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_2.9 FreeBSD localisations 20=
010713
> debug1: Rhosts Authentication disabled, originating port not trusted.
> debug2: Original cipher proposal: aes128-cbc,3des-cbc,blowfish-cbc,cast12=
8-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndae=
l256-cbc,rijndael-cbc@lysator.liu.se
> debug2: Compat cipher proposal: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour
> debug2: Original cipher proposal: aes128-cbc,3des-cbc,blowfish-cbc,cast12=
8-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndae=
l256-cbc,rijndael-cbc@lysator.liu.se
> debug2: Compat cipher proposal: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour
> debug1: list_hostkey_types: ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hell=
man-group1-sha1
> debug2: kex_parse_kexinit: ssh-dss
> debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour
> debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd1=
60@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd1=
60@openssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit: none,zlib
> debug2: kex_parse_kexinit:=20
> debug2: kex_parse_kexinit:=20
> debug2: kex_parse_kexinit: first_kex_follows 0=20
> debug2: kex_parse_kexinit: reserved 0=20
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hell=
man-group1-sha1
> debug2: kex_parse_kexinit: ssh-dss
> debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes1=
28-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cb=
c,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes1=
28-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cb=
c,rijndael-cbc@lysator.liu.se
> debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com
> debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit: none
> debug2: kex_parse_kexinit:=20
> debug2: kex_parse_kexinit:=20
> debug2: kex_parse_kexinit: first_kex_follows 0=20
> debug2: kex_parse_kexinit: reserved 0=20
> debug2: mac_init: found hmac-sha1
> debug1: kex: client->server 3des-cbc hmac-sha1 none
> debug2: mac_init: found hmac-sha1
> debug1: kex: server->client 3des-cbc hmac-sha1 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug1: dh_gen_key: priv key bits set: 207/384
> debug1: bits set: 1025/2049
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug1: bits set: 1057/2049
> debug1: sig size 20 20
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user ryanb service ssh-connection method none
> debug1: attempt 0 failures 0
> debug2: input_userauth_request: setting up authctxt for ryanb
> debug1: Starting up PAM with username "ryanb"
> debug2: input_userauth_request: try method none
> Failed none for ryanb from 216.80.78.44 port 4839 ssh2
> debug1: userauth-request for user ryanb service ssh-connection method pub=
lickey
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method publickey
> debug1: temporarily_use_uid: 22787/2000 (e=3D0)
> debug1: matching key found: file /home/ryanb/.ssh/authorized_keys2, line 1
> debug1: restore_uid
> debug1: len 55 datafellows 53376
> debug1: ssh_dss_verify: signature correct
> debug2: userauth_pubkey: authenticated 1 pkalg ssh-dss
> debug1: PAM setting rhost to "akerfeldt.goddamnbastard.org"
> Accepted publickey for ryanb from 216.80.78.44 port 4839 ssh2
> debug1: Entering interactive session for SSH2.
> debug1: server_init_dispatch_20
> debug1: server_input_channel_open: ctype session rchan 0 win 32768 max 16=
384
> debug1: input_session_request
> debug1: channel 0: new [server-session]
> debug1: session_new: init
> debug1: session_new: session 0
> debug1: session_open: channel 0
> debug1: session_open: session 0: link with channel 0
> debug1: server_input_channel_open: confirm session
> debug2: callback start
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 channel 0 request pty-req re=
ply 0
> debug1: session_pty_req: session 0 alloc /dev/ttyp1
> debug2: tty_parse_modes: SSH2 n_bytes 0
> debug2: callback done
> debug2: callback start
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 channel 0 request shell repl=
y 0
> debug1: PAM setting tty to "/dev/ttyp1"
> debug1: do_pam_session: euid 0, uid 0
> debug1: PAM establishing creds
> debug1: channel 0: rfd 7 isatty
> debug1: Setting controlling tty using TIOCSCTTY.
> debug1: fd 7 setting O_NONBLOCK
> debug1: Received SIGCHLD.
> fcntl(7, F_SETFL, O_NONBLOCK): Resource temporarily unavailable
> debug1: fd 3 IS O_NONBLOCK
> debug2: callback done
> debug1: session_by_pid: pid 2257
> debug1: session_exit_message: session 0 channel 0 pid 2257
> debug1: session_exit_message: release channel 0
> debug1: channel 0: write failed
> debug1: channel 0: output open -> closed
> debug1: channel 0: close_write
> debug1: session_pty_cleanup: session 0 release /dev/ttyp1
> debug1: session_free: session 0 pid 2257
> debug1: channel 0: read<=3D0 rfd 7 len 0
> debug1: channel 0: read failed
> debug1: channel 0: input open -> drain
> debug1: channel 0: close_read
> debug1: channel 0: input: no drain shortcut
> debug1: channel 0: ibuf empty
> debug1: channel 0: input drain -> closed
> debug1: channel 0: send eof
> debug1: channel 0: send close
> debug2: channel 0: no data after CLOSE
> debug1: channel 0: rcvd close
> debug2: channel 0: no data after CLOSE
> debug1: channel 0: is dead
> debug1: channel_free: channel 0: status: The following connections are op=
en:
> #0 server-session (t4 r0 i8/0 o128/0 fd -1/-1)
>=20
> Connection closed by remote host.
> Closing connection to 216.80.78.44
-----END SERVER STUFF-----
--=20
ryan beasley <ryanb@goddamnbastard.org>
professional fat bastard http://www.goddamnbastard.org
GPG Key ID 0x36321D13 with fingerprint
2074 CEB8 68AD 351A 85E6 98EB 09BA 36D9 3632 1D13
--azLHFNyN32YCQGCU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7zjVYCbo22TYyHRMRAo0LAJ4zBoxGBJEaTmOKPmpSaxJ1lCRbWACfUwjy
kQMPxF6NdhkPc2t/oS4yC1g=
=3VJ2
-----END PGP SIGNATURE-----
--azLHFNyN32YCQGCU--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011017205017.A9625>