[Bug 2090] New: SSH/SSHD hang with a Match User setting in sshd_config .
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Apr 15 21:08:46 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2090
Bug ID: 2090
Summary: SSH/SSHD hang with a Match User setting in sshd_config
.
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.1p1
Hardware: Other
OS: AIX
Status: NEW
Severity: critical
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: vikas.uit10 at gmail.com
Created attachment 2243
--> https://bugzilla.mindrot.org/attachment.cgi?id=2243&action=edit
Detailed Debug info.
Problem Description -
======================
SSH/SSHD hang when SSHD is configured to allow only sftp connection
requests from a particular user
( Match User setting in sshd_config ).
Steps to reproduce -
=====================
NOTE- These steps are for recreating the scenario only to a localhost(
which acts as both Client & Server) and similar steps can be used
to recreate it for a Client & Server ( different machines ).
1. Create a local user say "test" .Also,define a password for user
"test" .
2. Set-up the password less( public key ) authentication for user
"test" ,
i.e Copy /home/test/.ssh/id_rsa.pub to
/home/test/.ssh/authorized_keys ( So, I don't need to type the test's
password every time).
3. Edit the sshd_config file to include the Match User setting, so that
user "test" can do only sftp to this server ( i.e localhost )-
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
Match User test
ForceCommand internal-sftp
4. Restart SSHD .
5. Try to login using sftp (should be OK as
expected):
$ sftp test at localhost
Connecting to localhost...
test at localhost's password:
sftp>
6. Try to ssh to the localhost (Here is the issue . It will hang.):
SSH hangs after random number of repeated login requests ( see the
infinite while loop used to send repeated login
requests . Also ,Since Public key authentication has been configured
for user "test" , it will not ask for its password ).
(0) root @ ic15: 7.1.0.0: /
# su test
(0) test @ ic15: 7.1.0.0: /
# while
> true
> do
> ssh localhost
> done
This service allows sftp connections only.
Connection to localhost closed.
This service allows sftp connections only.
Connection to localhost closed.
This service allows sftp connections only.
Connection to localhost closed.
This service allows sftp connections only.
Connection to localhost closed.
This service allows sftp connections only.
Connection to localhost closed.
This service allows sftp connections only.
Connection to localhost closed. <== It hangs here after a
random number of login requests.
The below SSHD processes are active at the same time -
(0) root @ ic15: 7.1.0.0: /
# ps -ef | grep sshd
root 5111844 9502940 0 15:24:49 - 0:00 sshd: test [priv]
test 9175114 5111844 0 15:24:50 - 0:00 sshd: test at pts/7
root 9502940 3604646 0 15:17:24 - 0:00 /usr/sbin/sshd
I believe, there is some Communication problem between the monitor sshd
process (5111844) and its child 9175114.
(Some signal is being missed from either side ).
Looks like, both Client (ssh) & Server (sshd) are waiting for each
other and a deadlock kind of scenario is being created.
Please check the attached .txt file for detailed debugging information.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list