Bug 1344 - DISABLE_FD_PASSING does not work if sshd invoked by inetd
Summary: DISABLE_FD_PASSING does not work if sshd invoked by inetd
Status: CLOSED INVALID
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 4.6p1
Hardware: Other Other
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-07-22 05:20 AEST by Matt Kraai
Modified: 2008-04-04 10:00 AEDT (History)
1 user (show)

See Also:

Attachments
Initialize use_privsep based on DISABLE_FD_PASSING (1.05 KB, patch)
2007-07-22 05:21 AEST, Matt Kraai 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Kraai 2007-07-22 05:20:03 AEST 
If DISABLE_FD_PASSING is defined and sshd is invoked by inetd, the connection is closed immediately.
Comment 1 Matt Kraai 2007-07-22 05:21:58 AEST 
Created attachment 1329 [details]
Initialize use_privsep based on DISABLE_FD_PASSING

The attached patch fixes the problem by initializing use_privsep based on DISABLE_FD_PASSING.
Comment 2 Darren Tucker 2007-07-22 13:06:09 AEST 
(In reply to comment #1)
> Created an attachment (id=1329) [details]
> Initialize use_privsep based on DISABLE_FD_PASSING
> 
> The attached patch fixes the problem by initializing use_privsep based
> on DISABLE_FD_PASSING.

This does not seem to be a general problem: on Linux, at least, an sshd built with DISABLE_FD_PASSING still works with inetd mode.  It would be interesting to know if there's a problem on the other platforms that normally set DISABLE_FD_PASSING.

Could you please provide the debug output from sshd, either by setting "LogLevel debug3" in sshd_config and collecting the messages from wherever syslog puts them, or by running sshd in inetd mode as a proxycommand, eg

   ssh -o "ProxyCommand sudo /usr/local/sbin/sshd -ddde -i" yourserver

Thanks.
Comment 3 Matt Kraai 2007-07-22 14:36:26 AEST 
(In reply to comment #2)
> (In reply to comment #1)
> > Created an attachment (id=1329) [details] [details]
> > Initialize use_privsep based on DISABLE_FD_PASSING
> > 
> > The attached patch fixes the problem by initializing use_privsep based
> > on DISABLE_FD_PASSING.
> 
> This does not seem to be a general problem: on Linux, at least, an sshd
> built with DISABLE_FD_PASSING still works with inetd mode.  It would be
> interesting to know if there's a problem on the other platforms that
> normally set DISABLE_FD_PASSING.
> 
> Could you please provide the debug output from sshd, either by setting
> "LogLevel debug3" in sshd_config and collecting the messages from
> wherever syslog puts them, or by running sshd in inetd mode as a
> proxycommand, eg
> 
>    ssh -o "ProxyCommand sudo /usr/local/sbin/sshd -ddde -i" yourserver

I won't have access to a QNX system until Monday, but I'll check it out then.  Thanks for the help.
Comment 4 Matt Kraai 2007-07-24 16:02:24 AEST 
(In reply to comment #2)
> This does not seem to be a general problem: on Linux, at least, an sshd
> built with DISABLE_FD_PASSING still works with inetd mode.  It would be
> interesting to know if there's a problem on the other platforms that
> normally set DISABLE_FD_PASSING.

You're right, it was user error.  I hadn't created the sshd group and user.  Once I did so (and applied the patch for bug 1343), I was able to log in successfully.  Thanks for the help.
Comment 5 Damien Miller 2008-04-04 10:00:17 AEDT 
Close resolved bugs after release.