I upgraded OpenSSH 3.6.1p2 to 3.7.1p1 on a couple of HP/Compaq Tru64 UNIX systems. Version 3.6.1p2 works like a charm ! After restarting the sshd daemon I try to login using ssh from several remote systems, but the login breaks pretty early on. Nothing seems to be logged to the syslog. Details: OS: HP/Compaq Tru64 UNIX version 5.1A (same problem on Tru64 4.0F) Compiler: Compaq C V6.4-014 on Compaq Tru64 UNIX V5.1A
Created attachment 409 [details] SSH login attempt verbose log
I have exactly same experience. I compiled now 3.6.1p2 and 3.7.1p1 with same configure commandline and got same problem. Connectio breaks right after "SSH2_MSG_KEXINIT sent" $ ssh -v -v -v -l root -p 443 serow OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x009060af debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug2: ssh_connect: needpriv 0 debug1: Connecting to serow [146.107.217.72] port 443. debug1: Connection established. debug1: identity file /home/mokrejs/.ssh/identity type 0 debug1: identity file /home/mokrejs/.ssh/id_rsa type 0 debug3: Not a RSA1 key file /home/mokrejs/.ssh/id_dsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /home/mokrejs/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p1 debug1: match: OpenSSH_3.7.1p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 debug1: SSH2_MSG_KEXINIT sent Connection closed by 146.107.217.72 debug1: Calling cleanup 0x8062440(0x0) mokrejs@vrapenec$ $ ./configure --prefix=/usr/local --with-tcp-wrappers --with-ssl-dir=/software/@sys/usr/openssl --with-prngd-socket=/var/run/egd-p ool --with-default-path=/software/@sys/usr/bin:/software/@sys/usr/sbin:/usr/afs/bin:/software/@sys/usr/openssl/bin:/usr/local/bin:/us r/local/sbin:/usr/bin:/bin:/sbin:/usr/sbin:/usr/opt/svr4/bin:/usr/opt/svr4/sbin --with-xauth=/usr/bin/X11/xauth --with-zlib --with-osfsia --with-login=/usr/bin/login --without-privsep The server says: # ./sshd -p 443 -D -d -d -d debug2: read_server_config: filename /usr/local/etc/sshd_config debug1: sshd version OpenSSH_3.7.1p1 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 443 on 0.0.0.0. Server listening on 0.0.0.0 port 443. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 146.107.217.207 port 34077 debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2 debug1: match: OpenSSH_3.6.1p2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.7.1p1 debug2: Network child is on pid 34085 debug3: preauth child monitor started debug3: mm_request_receive entering debug3: privsep user:group 15:22 debug1: permanently_set_uid: 15/22 permanently_set_uid: was able to restore old [e]gid debug1: Calling cleanup 0x12006ff40(0x0) # I suspect inability to read RAND data(below is truss snippet from ./sshd -D -d -d -d execution). 33868: fork() = 33871 33871: fork() (returning as child ...) = 33871 debug2: Network child is on pid 33871 33868: write(2, " d e b u g 2 : N e t w".., 39) = 39 33871: getsysinfo(67, 0x000000011FFFB0F0, 4, 0x00000000, 0x00000000, 0x00000000) = 1 33868: close(3) = 0 33871: close(7) = 0 debug3: preauth child monitor started 33868: write(2, " d e b u g 3 : p r e a".., 39) = 39 33871: getuid() = 0 [ 0 ] debug3: mm_request_receive entering 33868: write(2, " d e b u g 3 : m m _ r".., 37) = 37 33871: fstat(0, 0x000000011FFFB0F8) = 0 33871: fstat(1, 0x000000011FFFB0F8) = 0 33871: fstat(2, 0x000000011FFFB0F8) = 0 33871: open("/etc/passwd.pag", O_RDONLY, 00) Err#2 No such file or directory 33871: open("/etc/passwd", O_RDONLY, 0666) = 7 33871: fstat(7, 0x000000011FFFB010) = 0 33871: ioctl(7, 0x2000745E, 0x00000000) Err#25 Not a typewriter 33871: read(7, " r o o t : 5 1 A B 3 Y B".., 8192) = 891 33871: lseek(7, 0xFFFFFFFF, SEEK_CUR) = 888 33871: close(7) = 0 33871: fstat(0, 0x000000011FFFB0F8) = 0 33871: fstat(1, 0x000000011FFFB0F8) = 0 33871: fstat(2, 0x000000011FFFB0F8) = 0 33871: chroot("/var/empty") = 0 33871: chdir("/") = 0 debug3: privsep user:group 15:22 33871: write(2, " d e b u g 3 : p r i v".., 34) = 34 33871: setgroups(1, 0x000000011FFFB340) = 0 33871: getuid() = 0 [ 0 ] 33871: getgid() = 1 [ 1 ] debug1: permanently_set_uid: 15/22 33871: write(2, " d e b u g 1 : p e r m".., 36) = 36 33871: setregid(22, 22) = 0 33871: setreuid(15, 15) = 0 33871: setgid(1) = 0 permanently_set_uid: was able to restore old [e]gid 33871: write(2, " p e r m a n e n t l y _".., 53) = 53 debug1: Calling cleanup 0x12006ff40(0x0) 33871: write(2, " d e b u g 1 : C a l l".., 42) = 42 33871: shutdown(4, SHUT_RDWR) = 0 33871: close(4) = 0 Could the output of sshd and ssh be enhanced so that it tells which EGD is it using?
OK, I stole the idea from http://bugzilla.mindrot.org/show_bug.cgi?id=659 Edit openssh-3.7.1p1/config.h to have as follows: /* Define if your platform breaks doing a seteuid before a setuid */ #define SETEUID_BREAKS_SETUID /* Define if your setreuid() is broken */ #define BROKEN_SETREUID /* Define if your setregid() is broken */ #define BROKEN_SETREGID That fixes our problem.
I have tried Martin Mokrejs' workaround: Edit openssh-3.7.1p1/config.h to have as follows: /* Define if your platform breaks doing a seteuid before a setuid */ #define SETEUID_BREAKS_SETUID /* Define if your setreuid() is broken */ #define BROKEN_SETREUID /* Define if your setregid() is broken */ #define BROKEN_SETREGID This solves the problem on our systems as well (Tru64 UNIX 5.1A and 4.0F) ! One mustn't edit acconfig.h and then run configure; it's required to edit config.h as above *after* the configure step. To the developers: The final bugfix seemingly needs to define the 3 above lines for the OSF/1 operating system (Tru64 UNIX). I wonder why this wasn't necessary prior to version 3.7 ?
Created attachment 436 [details] Add defines to configure for Digital Unix Please try the attached patch. You will need to run "autoconf" to rebuild configure.
Thanks for the report, this has been fixed (in HEAD and the 3.7 branch). Please test tomorrow's snapshot.
I downloaded OpenSSH 3.7.1p2 and installed it on Tru64 UNIX v4.0F. I can confirm that this bug is fixed now. Another bug exists (will be reported separately): When sshd should be started from /etc/inittab, no sshd process is running upon a reboot. If I start sshd from the command-line it's OK.
Mass change of RESOLVED bugs to CLOSED