Bug 1344

Summary:

DISABLE_FD_PASSING does not work if sshd invoked by inetd

Product:

Portable OpenSSH

Reporter:

Matt Kraai <kraai>

Component:

sshd

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED INVALID

Severity:

normal

CC:

dtucker

Priority:

Version:

4.6p1

Hardware:

Other

OS:

Other

Attachments:

Description	Flags
Initialize use_privsep based on DISABLE_FD_PASSING	none

Description Matt Kraai 2007-07-22 05:20:03 AEST

If DISABLE_FD_PASSING is defined and sshd is invoked by inetd, the connection is closed immediately.

Comment 1 Matt Kraai 2007-07-22 05:21:58 AEST

Created attachment 1329 [details]
Initialize use_privsep based on DISABLE_FD_PASSING

The attached patch fixes the problem by initializing use_privsep based on DISABLE_FD_PASSING.

Comment 2 Darren Tucker 2007-07-22 13:06:09 AEST

(In reply to comment #1)
> Created an attachment (id=1329) [details]
> Initialize use_privsep based on DISABLE_FD_PASSING
> 
> The attached patch fixes the problem by initializing use_privsep based
> on DISABLE_FD_PASSING.

This does not seem to be a general problem: on Linux, at least, an sshd built with DISABLE_FD_PASSING still works with inetd mode.  It would be interesting to know if there's a problem on the other platforms that normally set DISABLE_FD_PASSING.

Could you please provide the debug output from sshd, either by setting "LogLevel debug3" in sshd_config and collecting the messages from wherever syslog puts them, or by running sshd in inetd mode as a proxycommand, eg

   ssh -o "ProxyCommand sudo /usr/local/sbin/sshd -ddde -i" yourserver

Thanks.

Comment 3 Matt Kraai 2007-07-22 14:36:26 AEST

(In reply to comment #2)
> (In reply to comment #1)
> > Created an attachment (id=1329) [details] [details]
> > Initialize use_privsep based on DISABLE_FD_PASSING
> > 
> > The attached patch fixes the problem by initializing use_privsep based
> > on DISABLE_FD_PASSING.
> 
> This does not seem to be a general problem: on Linux, at least, an sshd
> built with DISABLE_FD_PASSING still works with inetd mode.  It would be
> interesting to know if there's a problem on the other platforms that
> normally set DISABLE_FD_PASSING.
> 
> Could you please provide the debug output from sshd, either by setting
> "LogLevel debug3" in sshd_config and collecting the messages from
> wherever syslog puts them, or by running sshd in inetd mode as a
> proxycommand, eg
> 
>    ssh -o "ProxyCommand sudo /usr/local/sbin/sshd -ddde -i" yourserver

I won't have access to a QNX system until Monday, but I'll check it out then.  Thanks for the help.

Comment 4 Matt Kraai 2007-07-24 16:02:24 AEST

(In reply to comment #2)
> This does not seem to be a general problem: on Linux, at least, an sshd
> built with DISABLE_FD_PASSING still works with inetd mode.  It would be
> interesting to know if there's a problem on the other platforms that
> normally set DISABLE_FD_PASSING.

You're right, it was user error.  I hadn't created the sshd group and user.  Once I did so (and applied the patch for bug 1343), I was able to log in successfully.  Thanks for the help.

Comment 5 Damien Miller 2008-04-04 10:00:17 AEDT

Close resolved bugs after release.