Date: Wed, 17 Oct 2001 20:50:17 -0500 From: ryan beasley <ryanb@goddamnbastard.org> To: freebsd-stable@freebsd.org Cc: green@freebsd.org, Matthew L Creech <gte733p@prism.gatech.edu> Subject: Re: sshd core dump Message-ID: <20011017205017.A9625@bjorn.goddamnbastard.org> In-Reply-To: <3BBA7E1E.931F087D@prism.gatech.edu>; from gte733p@prism.gatech.edu on Tue, Oct 02, 2001 at 10:55:26PM -0400 References: <3BBA7E1E.931F087D@prism.gatech.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 02, 2001 at 10:55:26PM -0400, Matthew L. Creech wrote: > I looked around for some info. on this subject but couldn't find > any. I cvsup'ed my system and rebuilt yesterday. Made world, > installed world, made & installed kernel, everything was flawless.=20 > Today I tried to ssh into my machine and found out I couldn't do > it. It prompts for a password, but then stops with a "connection > closed" message. I tried again with ssh -v and got this message, > which seemed to be where it terminates. I'm seeing the same behavior. sshd_config was unchanged between 4.3-STABLE-20010709-0000-GMT (w/ a few patches here and there) and 4.4-STABLE-20011001-0000-GMT. Setting UseLogin to no, things appear to proceed normally. Anywho, here's some information that will hopefully help some people. If any more specifics are required, I'm up for any assistance I could provide. Weird little quirk: If I specify a command to execute (ie: ssh hostname /path/to/command), options.use_login is set to 0, many more login(1) related things to happen (see session.c), but the login is happy and I find myself staring at a prompt from the serving machine. (Note that the behavior is the same regardless of login as root or a regular user.) I'm pretty junior when it comes to debugging stuff like this, so if anyone sees me heading the in the wrong direction, I'd appreciate polite correction. <grin> -----BEGIN GDB STUFF----- > [root@backup /usr/obj/usr/src/secure/usr.sbin/sshd] $ gdb ./sshd > GNU gdb 4.18 > Copyright 1998 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you = are > welcome to change it and/or distribute copies of it under certain conditi= ons. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for detail= s. > This GDB was configured as "i386-unknown-freebsd"... > (gdb) core-file /sshd.core=20 > Core was generated by `sshd'. > Program terminated with signal 11, Segmentation fault. > Reading symbols from /usr/lib/libopie.so.2...done. > Reading symbols from /usr/lib/libmd.so.2...done. > Reading symbols from /usr/lib/libcrypt.so.2...done. > Reading symbols from /usr/lib/libcrypto.so.2...done. > Reading symbols from /usr/lib/libutil.so.3...done. > Reading symbols from /usr/lib/libz.so.2...done. > Reading symbols from /usr/lib/libwrap.so.3...done. > Reading symbols from /usr/lib/libpam.so.1...done. > Reading symbols from /usr/lib/libc.so.4...done. > Reading symbols from /usr/lib/pam_skey.so...done. > Reading symbols from /usr/lib/libskey.so.2...done. > Reading symbols from /usr/lib/pam_unix.so...done. > Reading symbols from /usr/lib/pam_permit.so...done. > Reading symbols from /usr/libexec/ld-elf.so.1...done. > #0 0x8056699 in child_set_env (envp=3D0xbfbfeaac, envsizep=3D0xbfbfeab0,= name=3D0x8074772 "SSH_CLIENT",=20 > value=3D0xbfbff09c "216.80.78.44 4836 22") at /usr/src/secure/usr.sbi= n/sshd/../../../crypto/openssh/session.c:899 > 899 for (i =3D 0; env[i]; i++) > (gdb) where > #0 0x8056699 in child_set_env (envp=3D0xbfbfeaac, envsizep=3D0xbfbfeab0,= name=3D0x8074772 "SSH_CLIENT",=20 > value=3D0xbfbff09c "216.80.78.44 4836 22") at /usr/src/secure/usr.sbi= n/sshd/../../../crypto/openssh/session.c:899 > #1 0x8056e35 in do_child (s=3D0x8083e60, command=3D0x0) at /usr/src/secu= re/usr.sbin/sshd/../../../crypto/openssh/session.c:1173 > #2 0x8056049 in do_exec_pty (s=3D0x8083e60, command=3D0x0) at /usr/src/s= ecure/usr.sbin/sshd/../../../crypto/openssh/session.c:626 > #3 0x8057e12 in session_shell_req (s=3D0x8083e60) at /usr/src/secure/usr= .sbin/sshd/../../../crypto/openssh/session.c:1725 > #4 0x8057ffa in session_input_channel_req (id=3D0, arg=3D0x0) at /usr/sr= c/secure/usr.sbin/sshd/../../../crypto/openssh/session.c:1795 > #5 0x8064909 in channel_input_channel_request () > #6 0x805e777 in dispatch_run () > #7 0x80518a3 in process_buffered_input_packets () at /usr/src/secure/usr= .sbin/sshd/../../../crypto/openssh/serverloop.c:444 > #8 0x8051e91 in server_loop2 () at /usr/src/secure/usr.sbin/sshd/../../.= ./crypto/openssh/serverloop.c:714 > #9 0x8058643 in do_authenticated2 (authctxt=3D0x808d2c0) at /usr/src/sec= ure/usr.sbin/sshd/../../../crypto/openssh/session.c:2007 > #10 0x80553ed in do_authenticated (authctxt=3D0x808d2c0) at /usr/src/secu= re/usr.sbin/sshd/../../../crypto/openssh/session.c:168 > #11 0x8053543 in do_authentication2 () at /usr/src/secure/usr.sbin/sshd/.= ./../../crypto/openssh/auth2.c:139 > #12 0x804dbc3 in main (ac=3D2, av=3D0xbfbffc10) at /usr/src/secure/usr.sb= in/sshd/../../../crypto/openssh/sshd.c:1158 > #13 0x804c0c5 in _start () > (gdb) print envp > $1 =3D (char ***) 0xbfbfeaac > (gdb) print *envp > $2 =3D (char **) 0x75626564 > (gdb) print **envp > Cannot access memory at address 0x75626564. -----END GDB STUFF----- -----BEGIN CLIENT STUFF----- > [ryanb@akerfeldt ~] $ ssh -v backup.enteract.com > SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1= .5/2.0. > Compiled with SSL (0x0090601f). > debug: Reading configuration data /home/ryanb/.ssh/config > debug: Reading configuration data /etc/ssh/ssh_config > debug: ssh_connect: getuid 1000 geteuid 1000 anon 1 > debug: Connecting to backup.enteract.com [207.229.143.61] port 22. > debug: Connection established. > debug: Remote protocol version 2.0, remote software version OpenSSH_2.9 F= reeBSD localisations 20010713 > debug: no match: OpenSSH_2.9 FreeBSD localisations 20010713 > Enabling compatibility mode for protocol 2.0 > debug: Local version string SSH-2.0-OpenSSH_2.3.0 green@FreeBSD.org 20010= 321 > debug: send KEXINIT > debug: done > debug: wait KEXINIT > debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro= up1-sha1 > debug: got kexinit: ssh-dss > debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour > debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour > debug: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open= ssh.com,hmac-sha1-96,hmac-md5-96 > debug: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open= ssh.com,hmac-sha1-96,hmac-md5-96 > debug: got kexinit: none,zlib > debug: got kexinit: none,zlib > debug: got kexinit:=20 > debug: got kexinit:=20 > debug: first kex follow: 0=20 > debug: reserved: 0=20 > debug: done > debug: kex: server->client 3des-cbc hmac-sha1 none > debug: kex: client->server 3des-cbc hmac-sha1 none > debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST. > debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP. > debug: Got SSH2_MSG_KEX_DH_GEX_GROUP. > debug: bits set: 1057/2049 > debug: Sending SSH2_MSG_KEX_DH_GEX_INIT. > debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY. > debug: Got SSH2_MSG_KEXDH_REPLY. > debug: Host 'backup.enteract.com' is known and matches the DSA host key. > debug: bits set: 1025/2049 > debug: len 55 datafellows 0 > debug: dsa_verify: signature correct > debug: Wait SSH2_MSG_NEWKEYS. > debug: GOT SSH2_MSG_NEWKEYS. > debug: send SSH2_MSG_NEWKEYS. > debug: done: send SSH2_MSG_NEWKEYS. > debug: done: KEX2. > debug: send SSH2_MSG_SERVICE_REQUEST > debug: service_accept: ssh-userauth > debug: got SSH2_MSG_SERVICE_ACCEPT > debug: authentications that can continue: publickey,password,keyboard-int= eractive > debug: next auth method to try is publickey > debug: try pubkey: /home/ryanb/.ssh/id_dsa > debug: PEM_read_bio_DSAPrivateKey failed > debug: read DSA private key done > Enter passphrase for DSA key '/home/ryanb/.ssh/id_dsa':=20 > debug: read DSA private key done > debug: sig size 20 20 > debug: ssh-userauth2 successfull: method publickey > debug: channel 0: new [client-session] > debug: send channel open 0 > debug: Entering interactive session. > debug: client_init id 0 arg 0 > debug: channel request 0: shell > debug: channel 0: open confirm rwindow 0 rmax 16384 > debug: client_input_channel_req: rtype exit-signal reply 0 > debug: channel 0: rcvd eof > debug: channel 0: output open -> drain > debug: channel 0: rcvd close > debug: channel 0: input open -> closed > debug: channel 0: close_read > debug: channel 0: obuf empty > debug: channel 0: output drain -> closed > debug: channel 0: close_write > debug: channel 0: send close > debug: channel 0: full closed2 > debug: channel_free: channel 0: status: The following connections are ope= n: > #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1) >=20 > Connection to backup.enteract.com closed. > debug: Transferred: stdin 0, stdout 0, stderr 43 bytes in 0.0 seconds > debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 3166.7 > debug: Exit status -1 -----END CLIENT STUFF----- ( If kernel configs, dmesg output, login.(conf|access) contents, etc. are actually necessary, just say so. <grin> ) -----BEGIN SERVER STUFF----- > [root@backup /usr/obj/usr/src/secure/usr.sbin/sshd] $ ./sshd -Dd > debug1: sshd version OpenSSH_2.9 FreeBSD localisations 20010713 > debug1: private host key: #0 type 0 RSA1 > debug1: read PEM private key done: type DSA > debug1: private host key: #1 type 2 DSA > debug1: Bind to port 22 on 207.229.143.61. > Server listening on 207.229.143.61 port 22. > debug1: Server will not fork when running in debugging mode. > Connection from akerfeldt.goddamnbastard.org port 4839 > Connection from 216.80.78.44 port 4839 > debug1: Client protocol version 2.0; client software version OpenSSH_2.3.= 0 green@FreeBSD.org 20010321 > debug1: match: OpenSSH_2.3.0 green@FreeBSD.org 20010321 pat ^OpenSSH_2\.3= \.0 > Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_2.9 FreeBSD localisations 20= 010713 > debug1: Rhosts Authentication disabled, originating port not trusted. > debug2: Original cipher proposal: aes128-cbc,3des-cbc,blowfish-cbc,cast12= 8-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndae= l256-cbc,rijndael-cbc@lysator.liu.se > debug2: Compat cipher proposal: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour > debug2: Original cipher proposal: aes128-cbc,3des-cbc,blowfish-cbc,cast12= 8-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndae= l256-cbc,rijndael-cbc@lysator.liu.se > debug2: Compat cipher proposal: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour > debug1: list_hostkey_types: ssh-dss > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hell= man-group1-sha1 > debug2: kex_parse_kexinit: ssh-dss > debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour > debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd1= 60@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd1= 60@openssh.com,hmac-sha1-96,hmac-md5-96 > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit: none,zlib > debug2: kex_parse_kexinit:=20 > debug2: kex_parse_kexinit:=20 > debug2: kex_parse_kexinit: first_kex_follows 0=20 > debug2: kex_parse_kexinit: reserved 0=20 > debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hell= man-group1-sha1 > debug2: kex_parse_kexinit: ssh-dss > debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes1= 28-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cb= c,rijndael-cbc@lysator.liu.se > debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes1= 28-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cb= c,rijndael-cbc@lysator.liu.se > debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com > debug2: kex_parse_kexinit: hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com > debug2: kex_parse_kexinit: none > debug2: kex_parse_kexinit: none > debug2: kex_parse_kexinit:=20 > debug2: kex_parse_kexinit:=20 > debug2: kex_parse_kexinit: first_kex_follows 0=20 > debug2: kex_parse_kexinit: reserved 0=20 > debug2: mac_init: found hmac-sha1 > debug1: kex: client->server 3des-cbc hmac-sha1 none > debug2: mac_init: found hmac-sha1 > debug1: kex: server->client 3des-cbc hmac-sha1 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received > debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent > debug1: dh_gen_key: priv key bits set: 207/384 > debug1: bits set: 1025/2049 > debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT > debug1: bits set: 1057/2049 > debug1: sig size 20 20 > debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent > debug1: kex_derive_keys > debug1: newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: waiting for SSH2_MSG_NEWKEYS > debug1: newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug1: userauth-request for user ryanb service ssh-connection method none > debug1: attempt 0 failures 0 > debug2: input_userauth_request: setting up authctxt for ryanb > debug1: Starting up PAM with username "ryanb" > debug2: input_userauth_request: try method none > Failed none for ryanb from 216.80.78.44 port 4839 ssh2 > debug1: userauth-request for user ryanb service ssh-connection method pub= lickey > debug1: attempt 1 failures 1 > debug2: input_userauth_request: try method publickey > debug1: temporarily_use_uid: 22787/2000 (e=3D0) > debug1: matching key found: file /home/ryanb/.ssh/authorized_keys2, line 1 > debug1: restore_uid > debug1: len 55 datafellows 53376 > debug1: ssh_dss_verify: signature correct > debug2: userauth_pubkey: authenticated 1 pkalg ssh-dss > debug1: PAM setting rhost to "akerfeldt.goddamnbastard.org" > Accepted publickey for ryanb from 216.80.78.44 port 4839 ssh2 > debug1: Entering interactive session for SSH2. > debug1: server_init_dispatch_20 > debug1: server_input_channel_open: ctype session rchan 0 win 32768 max 16= 384 > debug1: input_session_request > debug1: channel 0: new [server-session] > debug1: session_new: init > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: server_input_channel_open: confirm session > debug2: callback start > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 channel 0 request pty-req re= ply 0 > debug1: session_pty_req: session 0 alloc /dev/ttyp1 > debug2: tty_parse_modes: SSH2 n_bytes 0 > debug2: callback done > debug2: callback start > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 channel 0 request shell repl= y 0 > debug1: PAM setting tty to "/dev/ttyp1" > debug1: do_pam_session: euid 0, uid 0 > debug1: PAM establishing creds > debug1: channel 0: rfd 7 isatty > debug1: Setting controlling tty using TIOCSCTTY. > debug1: fd 7 setting O_NONBLOCK > debug1: Received SIGCHLD. > fcntl(7, F_SETFL, O_NONBLOCK): Resource temporarily unavailable > debug1: fd 3 IS O_NONBLOCK > debug2: callback done > debug1: session_by_pid: pid 2257 > debug1: session_exit_message: session 0 channel 0 pid 2257 > debug1: session_exit_message: release channel 0 > debug1: channel 0: write failed > debug1: channel 0: output open -> closed > debug1: channel 0: close_write > debug1: session_pty_cleanup: session 0 release /dev/ttyp1 > debug1: session_free: session 0 pid 2257 > debug1: channel 0: read<=3D0 rfd 7 len 0 > debug1: channel 0: read failed > debug1: channel 0: input open -> drain > debug1: channel 0: close_read > debug1: channel 0: input: no drain shortcut > debug1: channel 0: ibuf empty > debug1: channel 0: input drain -> closed > debug1: channel 0: send eof > debug1: channel 0: send close > debug2: channel 0: no data after CLOSE > debug1: channel 0: rcvd close > debug2: channel 0: no data after CLOSE > debug1: channel 0: is dead > debug1: channel_free: channel 0: status: The following connections are op= en: > #0 server-session (t4 r0 i8/0 o128/0 fd -1/-1) >=20 > Connection closed by remote host. > Closing connection to 216.80.78.44 -----END SERVER STUFF----- --=20 ryan beasley <ryanb@goddamnbastard.org> professional fat bastard http://www.goddamnbastard.org GPG Key ID 0x36321D13 with fingerprint 2074 CEB8 68AD 351A 85E6 98EB 09BA 36D9 3632 1D13 --azLHFNyN32YCQGCU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7zjVYCbo22TYyHRMRAo0LAJ4zBoxGBJEaTmOKPmpSaxJ1lCRbWACfUwjy kQMPxF6NdhkPc2t/oS4yC1g= =3VJ2 -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011017205017.A9625>