[Bug 2090] New: SSH/SSHD hang with a Match User setting in sshd_config .

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Apr 15 21:08:46 EST 2013


https://bugzilla.mindrot.org/show_bug.cgi?id=2090

            Bug ID: 2090
           Summary: SSH/SSHD hang with a Match User setting in sshd_config
                    .
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 6.1p1
          Hardware: Other
                OS: AIX
            Status: NEW
          Severity: critical
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: vikas.uit10 at gmail.com

Created attachment 2243
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2243&action=edit
Detailed Debug info.

Problem Description - 
======================

SSH/SSHD hang when SSHD is configured to allow only sftp connection
requests from a particular user 
( Match User setting in sshd_config ).


Steps to reproduce - 
=====================
NOTE- These steps are for recreating the scenario only to a localhost(
which acts as both Client & Server) and similar steps can be used 
to recreate it for a Client & Server ( different machines ).

1. Create a local user say "test" .Also,define a password for user
"test" .

2. Set-up the password less( public key ) authentication for user
"test" ,
   i.e Copy /home/test/.ssh/id_rsa.pub to 
/home/test/.ssh/authorized_keys ( So, I don't need to type the test's
password every time).

3. Edit the sshd_config file to include the Match User setting, so that
user "test"  can do only sftp to this server ( i.e localhost )- 

   # Example of overriding settings on a per-user basis
   #Match User anoncvs
   #       X11Forwarding no
   #       AllowTcpForwarding no
   #       ForceCommand cvs server
   Match User test
        ForceCommand internal-sftp

4. Restart SSHD .

5. Try to login using sftp (should be OK as
   expected):                                


   $ sftp test at localhost                                                

   Connecting to localhost...                                           

   test at localhost's password:                                           

   sftp>  

6. Try to ssh to the localhost (Here is the issue . It will hang.):  

   SSH hangs after random number of repeated login requests ( see the
infinite while loop used to send repeated login
   requests . Also ,Since Public key authentication has been configured
for user "test" , it will not ask for its password ).

(0) root @ ic15: 7.1.0.0: /
# su test

(0) test @ ic15: 7.1.0.0: /
# while
> true
> do
> ssh localhost
> done
This service allows sftp connections only.
Connection to localhost closed.
This service allows sftp connections only.
Connection to localhost closed.
This service allows sftp connections only.
Connection to localhost closed.
This service allows sftp connections only.
Connection to localhost closed.
This service allows sftp connections only.
Connection to localhost closed.
This service allows sftp connections only.
Connection to localhost closed.               <== It hangs here after a
random number of login requests.


The below SSHD processes are active at the same time - 

(0) root @ ic15: 7.1.0.0: /
# ps -ef | grep sshd
    root 5111844 9502940   0 15:24:49      -  0:00 sshd: test [priv]
    test 9175114 5111844   0 15:24:50      -  0:00 sshd: test at pts/7
    root 9502940 3604646   0 15:17:24      -  0:00 /usr/sbin/sshd

I believe, there is some Communication problem between the monitor sshd
process (5111844) and its child 9175114.
(Some signal is being missed from either side ).

Looks like, both Client (ssh) & Server (sshd) are waiting for each
other and a deadlock kind of scenario is being created.
Please check the attached .txt file for detailed debugging information.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list