portable OpenSSH bugs.

Soren Spies sspies at apple.com
Fri Apr 6 08:38:43 EST 2001


On Thursday, April 5, 2001, at 02:09 , Theo de Raadt wrote:

> please mail details about the bugs asap.

The first bug I sent (pending/1759: 2.5.2p2 can't connect using protocol 
2 to a 2.3.0p1 server), got sent back as "fixed in current" so hopefully 
that is taken care of (details at the bottom of this message).  I'm 
happy to try and repro / debug these if necessary.

The others may have been caught by now:
2) the timeout for initial server replies appears small so sometimes
    the ssh client will give up before the server has a chance to wake up
    and reply.  ssh -v will show
    debug1: Trying again...
    debug1: Trying again...
    debug1: Trying again...
    in quick sucesssion.
    The timeouts for retries under OpenBSD (portable OpenSSH) as suggested
    by observing bug #3 suggest this is probably a problem there too.
    This bug has occurred under OS X in 2.3.0p1, 2.5.1p2, & 2.5.2p2, but 
doesn't
    happen every time.  I see the problem most often ssh'ing to bigw.org, 
which
    is a 20 MHz microSparc:

boris:~/src=> ssh -v bigw.org		# see ssh fail
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug1: Seeded RNG with 28 bytes from programs
debug1: Seeded RNG with 3 bytes from system calls
debug1: Rhosts Authentication disabled, originating port will not be 
trusted.
debug1: ssh_connect: getuid 1001 geteuid 1001 anon 1
debug1: Trying again...
debug1: Trying again...
debug1: Trying again...
Secure connection to bigw.org refused.
debug1: writing PRNG seed to file /Users/soren/.ssh/prng_seed
boris:~/src=> telnet bigw.org 22
Trying 128.2.156.111...
Connected to bigw.org.
Escape character is '^]'.
<there is a pause before this comes out>SSH-1.5-1.2.27
^]
telnet> q
Connection closed.
boris:~/src=> ssh bigw.org   		# see ssh work b/c the server is awake?
sspies at bigw.org's password:

    My theory is that the kernel accept()'s the connection but then sshd 
is
    swapped out and takes a bit of time to reply.  The trouble with this 
theory
    is that I have to do the telnet <host> 22 from each client I want to 
connect
    to.  This is inside of Apple's firewall ... so there may be some extra
    delay induced by it.

3) Under OS X, if you try to ssh to a host that has no DNS entry:
boris:~/src=> ssh -v aoeu
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug1: Seeded RNG with 28 bytes from programs
debug1: Seeded RNG with 3 bytes from system calls
debug1: Rhosts Authentication disabled, originating port will not be 
trusted.
debug1: ssh_connect: getuid 1001 geteuid 1001 anon 1
debug1: Trying again...
debug1: Trying again...
debug1: Trying again...
Secure connection to aoeu refused.
debug1: writing PRNG seed to file /Users/soren/.ssh/prng_seed
boris:~/src=> uname -a
Darwin localhost 1.3 Darwin Kernel Version 1.3: Thu Mar  1 06:56:40 PST 
2001; root:xnu/xnu-123.5.obj~1/RELEASE_PPC  Power Macintosh powerpc

3.5)
    Same repeat dialing if the connection is refused.
    Reproducible on OS X and with 2.5.2p2 on an OpenBSD 2.8 system:
tofu:/home/soren/dev/openssh-2.5.2p2=> ./ssh -v -p 5555 localhost
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be 
trusted.
debug1: ssh_connect: getuid 1003 geteuid 1003 anon 1
debug1: Connecting to localhost [127.0.0.1] port 5555.
debug1: connect: Connection refused
debug1: Trying again...
debug1: Connecting to localhost [127.0.0.1] port 5555.
debug1: connect: Connection refused
debug1: Trying again...
debug1: Connecting to localhost [127.0.0.1] port 5555.
debug1: connect: Connection refused
debug1: Trying again...
debug1: Connecting to localhost [127.0.0.1] port 5555.
debug1: connect: Connection refused
Secure connection to localhost on port 5555 refused.
tofu:/home/soren/dev/openssh-2.5.2p2=> uname -a
OpenBSD tofu 2.8 TOFU#0 i386

Don't see any of these problems with a native OpenBSD's ssh.  All of the
problems seem to be in the portable client & server (in the case of
2.3.0p1) implementations, versions as noted.

Here's my notes of the first bug:

> 3) if you connect with protocol version 2 to a server running OpenSSH 
> 2.3.0p1,
>    You will get the following message instead of a password prompt:
>    debug1: send SSH2_MSG_SERVICE_REQUEST
>    b5 e8 37 62 5e 16 5e 03 b0 8f 99 7a d6 9a 03 af
>    Disconnecting: Bad packet length -1243072670.
>    This only seems to happen with OpenSSH 2.5.2p2, not 2.5.1p2
>    but is reproducible running 2.5.2p2 on an OpenBSD 2.8 system.
>

--
Soren Spies
Apple Computer, Inc.



More information about the openssh-unix-dev mailing list