openssh 2.5.2p2/Solaris 5.8 problems

James M Moya moyman at ecn.purdue.edu
Thu Apr 12 08:45:41 EST 2001 

openssh 2.5.2p2 on Solaris 8 has PAM/cron problems. If I build it with PAM
then cron quits working giving "cron audit problem." errors. If I turn
PAM off then cron works but I get kicked out of any session where a password 
is needed (i.e. no .rhosts/.shosts or not using ssh-agent) with the message 
"Connection closed by IP#". I get through if I have a .rhosts/.shosts or use
ssh-agent. The following shows the latter error with debugging turned on for 
both ssh and sshd:

On the server:
terl:/[35]# cat /var/ssh/sshd_config
Port                            22
ListenAddress                   0.0.0.0
HostKey                         /var/ssh/ssh_host_key
HostKey                         /var/ssh/ssh_host_dsa_key
ServerKeyBits                   640
LoginGraceTime                  600
KeyRegenerationInterval         86400
PermitRootLogin                 yes
IgnoreRhosts                    no
StrictModes                     no
X11Forwarding                   yes
X11DisplayOffset                11
PrintMotd                       no
KeepAlive                       yes
SyslogFacility                  AUTH
LogLevel                        INFO
RhostsAuthentication            yes
RhostsRSAAuthentication         yes
RSAAuthentication               yes
PasswordAuthentication          yes
PermitEmptyPasswords            no
CheckMail                       no
UseLogin                        no
Subsystem                       sftp    /opt/openssh/libexec/sftp-server
MaxStartups                     10:30:60

terl:/[36]# /opt/openssh/sbin/sshd -b 640 -f /var/ssh/sshd_config -h /var/ssh/ssh_host_key -d -d -d 
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.5.2p2
debug1: load_private_key_autodetect: type 0 RSA1
debug1: load_private_key_autodetect: type 0 RSA1
debug3: Bad RSA1 key file /var/ssh/ssh_host_dsa_key.
debug1: read SSH2 private key done: name dsa w/o comment success 1
debug1: load_private_key_autodetect: type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 640 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 128.46.154.96 port 51943
debug1: Client protocol version 1.5; client software version OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH
debug1: Local version string SSH-1.99-OpenSSH_2.5.2p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: Sent 640 bit server key and 768 bit host key.
debug1: Encryption type: blowfish
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for root.
debug1: Trying rhosts with RSA host authentication for client user root
debug1: Trying to reverse map address 128.46.154.96.
debug1: Rhosts RSA authentication: canonical host tsunami.ecn.purdue.edu
Rhosts with RSA host authentication accepted for root, root on tsunami.ecn.purdue.edu.
Accepted rhosts-rsa for ROOT from 128.46.154.96 port 51943 ruser root
debug1: session_new: init
debug1: session_new: session 0
debug1: Allocating pty.
debug1: Received request for X11 forwarding with auth spoofing.
debug2: SSH_PROTOFLAG_SCREEN_NUMBER: 1
debug1: bind port 6011: Address already in use
debug1: fd 10 setting O_NONBLOCK
debug1: fd 10 IS O_NONBLOCK
debug1: channel 0: new [X11 inet listener]
debug1: Received authentication agent forwarding request.
debug1: fd 11 setting O_NONBLOCK
debug1: fd 11 IS O_NONBLOCK
debug1: channel 1: new [auth socket]
debug1: Entering interactive session.
debug1: fd 8 setting O_NONBLOCK
debug1: fd 9 IS O_NONBLOCK
debug1: server_init_dispatch_13
debug1: server_init_dispatch_15
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug3: tvp!=NULL kid 0 mili 10
debug1: End of interactive session; stdin 5, stdout (read 614, sent 614), stderr 0 bytes.
debug1: Received SIGCHLD.
debug1: channel_free: channel 0: status: The following connections are open:

debug1: channel_free: channel 1: status: The following connections are open:

debug1: Command exited with status 0.
debug1: Received exit confirmation.
debug1: session_pty_cleanup: session 0 release /dev/pts/7
debug1: xauthfile_cleanup_proc called
Closing connection to 128.46.154.96

**************************************************************

On the client:
tsunami:/[42] cat /var/ssh/ssh_config
Host *
  ForwardAgent                   yes
  ForwardX11                     yes
  RhostsAuthentication           yes
  RhostsRSAAuthentication        yes
  RSAAuthentication              yes
  PasswordAuthentication         yes
  FallBackToRsh                  yes
  UseRsh                         no
  BatchMode                      no
  CheckHostIP                    yes
  StrictHostKeyChecking          no
  GlobalKnownHostsFile           /var/ssh/ssh_known_hosts
  IdentityFile                   ~/.ssh/identity
  Port                           22
  Protocol                       1,2
  Cipher                         blowfish
  EscapeChar                     ~
  KeepAlive                      yes 
  NumberOfPasswordPrompts        3
tsunami:/[43] ssh -v -l root terl
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: getuid 19350 geteuid 0 anon 1
debug1: Connecting to terl [128.46.200.119] port 22.
debug1: Connection established.
debug1: identity file /home/golfer/a/moyman/.ssh/identity type 0
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_2.5.2p2
debug1: Waiting for server public key.
debug1: Received server public key (640 bits) and host key (768 bits).
debug1: Host 'terl' is known and matches the RSA1 host key.
debug1: Found key in /var/ssh/ssh_known_hosts:696
debug1: Encryption type: blowfish
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
debug1: Server refused our rhosts authentication or host key.
debug1: Trying RSA authentication via agent with 'moyman at golfer.ecn.purdue.edu'
debug1: Server refused our key.
debug1: RSA authentication using agent refused.
debug1: Trying RSA authentication with key 'moyman at golfer.ecn.purdue.edu'
debug1: Server refused our key.
debug1: Doing password authentication.
root at terl's password: 
Connection closed by 128.46.200.119
debug1: Calling cleanup 0x1000472e0(0x0)

Here is how openssh was built:

harbor:/usr/src/local/openssh-2.5.2p2[381]# cat ecn
rm config.cache
./configure \
        --prefix=/opt/openssh \
        --sysconfdir=/var/ssh \
        --with-rsh=/usr/local/etc/rsh \
        --with-ipv4-default \
        --with-ssl-dir=/usr/local/ssl \
        --with-lastlog=/usr/adm/lastlog \
        --with-pid-dir=/var/ssh

Other Solaris problems I have, no /etc/default/login support, no /etc/nologin
support.
--mike

More information about the openssh-unix-dev mailing list