OpenSSH 2.5.0p1

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Sun Feb 18 03:05:13 EST 2001 

This really need to be tested in the current snapshot.  Because of the
following:

try:  

ssh site 'echo $PATH'

then

ssh site 'echo $PATH; sleep 1;

The latter will work, but the former will not show anything.  This is due
to a work around that was removed in development that cause the data
channel to prematurely close with data still in it.

- Ben

On Sun, 18 Feb 2001, Ishikawa wrote:

> mouring at etoh.eviladmin.org wrote:
> 
> > Known issues:
> >
> >
> > 7) Solaris '$PATH' issue -- ?? (Unfixable before 2.5.0?)  [I'm getting
> > more reports of this.  I'll present them when they get their facts
> > together]
> 
> Attached is a memo that contains the debug output
> when the problem is reproduced locally on our office machines.
> 
> I think the afffected systems are at least solaris 7 and solaris 8 from
> what I gather from the post. The log below
> is generated when I tried the command against sshd
> 2.3.0p1 on a solaris 7 for x86 host.
> (without "-2", the command works.)
> 
> "ssh -2 host 'echo $PATH' doesn't work against sshd on solaris7 for x86"
> 
> ***
> *** server is solaris 7 for x86. We used sun cc compiler.
> *** for the server compilation.
> ***
> *** I think the key factors are solaris 7 and 8 from what
> *** I gathered by reading the posts.
> 
> 
> (The following log is a little complicated since
>  the ssh connection is passed by a tcp-level gateway to
>  a final sshd server on a remote host.
>  But I have observed the same problem WITHOUT
>  such proxy before.)
> 
> First example.
> ***
> *** ssh -2 -v -v -v targethost 'echo $PATH' doesn't work.
> ***
> *** server is solaris 7 for x86. We used sun cc compiler.
> *** for the server compilation.
> ***
> ***
> 
> ssh is invoked from a solaris 2.5.1 host.
> 
> ishikawa at u45$ conn-www.sh -2 -v -v -v 'echo $PATH'
> #
> # host sun11
> # -p 999   gateway to www-reserved.
> #
> echo "Timeout is 2 mins."
> ++ echo 'Timeout is 2 mins.'
> Timeout is 2 mins.
> ssh sun11.example.co.jp -p 999 -C -l gnu $*
> ++ ssh sun11.example.co.jp -p 999 -C -l gnu -2 -v -v -v echo '$PATH'
> SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
> Compiled with SSL (0x0090600f).
> debug: Reading configuration data /usr/local/etc/ssh_config
> debug: ssh_connect: getuid 12 geteuid 0 anon 0
> debug: Connecting to sun11.example.co.jp [192.168.1.11] port 999.
> debug: Reading output from 'ls -alni /var/log'
> debug: Time elapsed: 27 msec
> debug: Got 1.61 bytes of entropy from 'ls -alni /var/log'
> debug: Reading output from 'ls -alni /var/adm'
> debug: Time elapsed: 29 msec
>        ...
>        ... lines from entropy gathering daemon.
>        ...
> debug: Reading output from 'tail -200 /var/log/syslog'
> debug: Time elapsed: 7 msec
> debug: Got 0.00 bytes of entropy from 'tail -200 /var/log/syslog'
> debug: Reading output from 'tail -200 /var/adm/messages'
> debug: Time elapsed: 39 msec
> debug: Got 0.46 bytes of entropy from 'tail -200 /var/adm/messages'
> debug: Seeded RNG with 40 bytes from programs
> debug: Seeded RNG with 3 bytes from system calls
> debug: Allocated local port 663.
> debug: Connection established.
> debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1
> debug: no match: OpenSSH_2.3.0p1
> Enabling compatibility mode for protocol 2.0
> debug: Local version string SSH-2.0-OpenSSH_2.3.0p1
> debug: send KEXINIT
> debug: done
> debug: wait KEXINIT
> debug: got kexinit:
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
> debug: got kexinit: ssh-dss
> debug: got kexinit:
> 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
> 
> debug: got kexinit:
> 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
> 
> debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
> debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160 at openssh.com
> debug: got kexinit: none,zlib
> debug: got kexinit: none,zlib
> debug: got kexinit:
> debug: got kexinit:
> debug: first kex follow: 0
> debug: reserved: 0
> debug: done
> debug: kex: server->client 3des-cbc hmac-sha1 zlib
> debug: kex: client->server 3des-cbc hmac-sha1 zlib
> debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
> debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
> debug: Got SSH2_MSG_KEX_DH_GEX_GROUP.
> debug: bits set: 515/1024
> debug: Sending SSH2_MSG_KEX_DH_GEX_INIT.
> debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
> debug: Got SSH2_MSG_KEXDH_REPLY.
> debug: Host 'sun11.example.co.jp' is known and matches the DSA host key.
> debug: bits set: 498/1024
> debug: len 55 datafellows 0
> debug: dsa_verify: signature correct
> debug: Wait SSH2_MSG_NEWKEYS.
> debug: Enabling compression at level 6.
> debug: GOT SSH2_MSG_NEWKEYS.
> debug: send SSH2_MSG_NEWKEYS.
> debug: done: send SSH2_MSG_NEWKEYS.
> debug: done: KEX2.
> debug: send SSH2_MSG_SERVICE_REQUEST
> debug: service_accept: ssh-userauth
> debug: got SSH2_MSG_SERVICE_ACCEPT
> debug: authentications that can continue: publickey,password
> debug: start over, passed a different list
> debug: authmethod_lookup publickey
> debug: authmethod_is_enabled publickey
> debug: next auth method to try is publickey
> debug: key does not exist: /usr2/ishikawa/.ssh/id_dsa
> debug: we did not send a packet, disable method
> debug: authmethod_lookup publickey
> debug: authmethod_lookup password
> debug: authmethod_is_enabled password
> debug: next auth method to try is password
> gnu at sun11.example.co.jp's password:
> debug: we sent a password packet, wait for reply
> debug: ssh-userauth2 successfull: method password
> debug: channel 0: new [client-session]
> debug: send channel open 0
> debug: Entering interactive session.            <=== But no echo $PATH
> debug: callback start                                output follows...
> debug: client_init id 0 arg 0
> debug: Sending command: echo $PATH
> debug: client_set_session_ident: id 0
> debug: callback done
> debug: channel 0: open confirm rwindow 0 rmax 16384
> debug: channel 0: rcvd adjust 32768
> debug: callback start
> debug: client_input_channel_req: rtype exit-status reply 0
> debug: callback done
> debug: channel 0: rcvd eof
> debug: channel 0: output open -> drain
> debug: channel 0: rcvd close
> debug: channel 0: input open -> closed
> debug: channel 0: close_read
> debug: channel 0: obuf empty
> debug: channel 0: output drain -> closed
> debug: channel 0: close_write
> debug: channel 0: send close
> debug: channel 0: full closed2
> debug: channel_free: channel 0: status: The following connections are open:
>   #0 client-session (t4 r0 i8/0 o128/0 fd -1/-1)
> 
> debug: !channel_still_open.
> debug: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds
> debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
> debug: Exit status 0
> debug: compress outgoing: raw data 157, compressed 122, factor 0.78
> debug: compress incoming: raw data 103, compressed 95, factor 0.92
> debug: writing PRNG seed to file /usr2/ishikawa/.ssh/prng_seed
> 
> 
> I repeated the above one more time before attempting
> the fallback (no -2) connection.
> 
> *************************
> *** No -2
> ***
> *** ssh -v -v -v targethost 'echo $PATH' DOES WORK.
> ***
> *** server is solaris 7 for x86. We used sun cc compiler.
> *** for the server compilation.
> ***
> ***
> *************************
> ishikawa at u45$ conn-www.sh -v -v -v 'echo $PATH'
> #
> # host sun11
> # -p 999   gateway to www-reserved.
> #
> echo "Timeout is 2 mins."
> ++ echo 'Timeout is 2 mins.'
> Timeout is 2 mins.
> ssh sun11.example.co.jp -p 999 -C -l gnu $*
> ++ ssh sun11.example.co.jp -p 999 -C -l gnu -v -v -v echo '$PATH'
> SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
> Compiled with SSL (0x0090600f).
> debug: Reading configuration data /usr/local/etc/ssh_config
> debug: Reading output from 'ls -alni /var/log'
> debug: Time elapsed: 59 msec
> debug: Got 1.61 bytes of entropy from 'ls -alni /var/log'
>        ...
>        ...
>        ...
> debug: Got 0.00 bytes of entropy from 'tail -200 /var/log/syslog'
> debug: Reading output from 'tail -200 /var/adm/messages'
> debug: Time elapsed: 28 msec
> debug: Got 0.46 bytes of entropy from 'tail -200 /var/adm/messages'
> debug: Seeded RNG with 35 bytes from programs
> debug: Seeded RNG with 3 bytes from system calls
> debug: Allocated local port 670.
> debug: Connection established.
> debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1
> debug: no match: OpenSSH_2.3.0p1
> debug: Local version string SSH-1.5-OpenSSH_2.3.0p1
> debug: Waiting for server public key.
> debug: Received server public key (768 bits) and host key (1024 bits).
> debug: Host 'sun11.example.co.jp' is known and matches the RSA host key.
> Warning: the RSA host key for 'sun11.example.co.jp' differs
> ***from the key for the IP address '192.168.1.11'
> debug: Reading output from 'ls -alni /var/log'
> debug: Time elapsed: 27 msec
> debug: Got 1.61 bytes of entropy from 'ls -alni /var/log'
>        ...
>        ...
>        ...
> debug: Got 0.00 bytes of entropy from 'tail -200 /var/log/syslog'
> debug: Reading output from 'tail -200 /var/adm/messages'
> debug: Time elapsed: 28 msec
> debug: Got 0.46 bytes of entropy from 'tail -200 /var/adm/messages'
> debug: Seeded RNG with 35 bytes from programs
> debug: Seeded RNG with 3 bytes from system calls
> debug: Encryption type: 3des
> debug: Sent encrypted session key.
> debug: Installing crc compensation attack detector.
> debug: Received encrypted confirmation.
> debug: Doing password authentication.
> gnu at sun11.example.co.jp's password:
> debug: Requesting compression at level 6.
> debug: Enabling compression at level 6.
> debug: Sending command: echo $PATH
> debug: Entering interactive session.
> /usr/sbin:/usr/bin:/usr/local/bin       <=== echo $PATH output!
> debug: Transferred: stdin 0, stdout 34, stderr 0 bytes in 0.2 seconds
> debug: Bytes per second: stdin 0.0, stdout 174.0, stderr 0.0
> debug: Exit status 0
> debug: compress outgoing: raw data 16, compressed 23, factor 1.44
> debug: compress incoming: raw data 44, compressed 37, factor 0.84
> debug: writing PRNG seed to file /usr2/ishikawa/.ssh/prng_seed
> 
> 
> On the server side.
> 
> The log recoreded showed two "-2" connection attempts and
> then "NO -2" connection.
> 
> Feb 17 19:37:07 www-reserved sshd[27487]: info(NOTICE): Accepted password for
> gnu from 192.168.2.10 port 58108 ssh2
> Feb 17 19:37:07 www-reserved sshd[27487]: info(NOTICE): Accepted password for
> gnu from 192.168.2.10 port 58108 ssh2
> Feb 17 19:37:08 www-reserved sshd[27487]: verbose(INFO): Connection closed by
> remote host.
> Feb 17 19:38:18 www-reserved sshd[27497]: verbose(INFO): Connection from
> 192.168.2.10 port 58111
> Feb 17 19:38:18 www-reserved sshd[27497]: verbose(INFO): Enabling
> compatibility mode for protocol 2.0
> Feb 17 19:38:18 www-reserved sshd[27497]: info(NOTICE): WARNING:
> /usr/local/etc/primes does not exist, using old prime
> Feb 17 19:38:18 www-reserved sshd[27497]: info(NOTICE): WARNING:
> /usr/local/etc/primes does not exist, using old prime
> Feb 17 19:38:21 www-reserved sshd[27497]: verbose(INFO): Failed none for gnu
> from 192.168.2.10 port 58111 ssh2
> Feb 17 19:38:31 www-reserved sshd[27497]: info(NOTICE): Accepted password for
> gnu from 192.168.2.10 port 58111 ssh2
> Feb 17 19:38:31 www-reserved sshd[27497]: info(NOTICE): Accepted password for
> gnu from 192.168.2.10 port 58111 ssh2
> Feb 17 19:38:31 www-reserved sshd[27497]: verbose(INFO): Connection closed by
> remote host.
> Feb 17 19:38:54 www-reserved sshd[27499]: verbose(INFO): Connection from
> 192.168.2.10 port 58112
> Feb 17 19:38:54 www-reserved sshd[27499]: verbose(INFO): Enabling
> compatibility mode for protocol 2.0
> Feb 17 19:38:54 www-reserved sshd[27499]: info(NOTICE): WARNING:
> /usr/local/etc/primes does not exist, using old prime
> Feb 17 19:38:54 www-reserved sshd[27499]: info(NOTICE): WARNING:
> /usr/local/etc/primes does not exist, using old prime
> Feb 17 19:38:57 www-reserved sshd[27499]: verbose(INFO): Failed none for gnu
> from 192.168.2.10 port 58112 ssh2
> Feb 17 19:39:00 www-reserved sshd[27499]: info(NOTICE): Accepted password for
> gnu from 192.168.2.10 port 58112 ssh2
> Feb 17 19:39:00 www-reserved sshd[27499]: info(NOTICE): Accepted password for
> gnu from 192.168.2.10 port 58112 ssh2
> Feb 17 19:39:00 www-reserved sshd[27499]: verbose(INFO): Connection closed by
> remote host.
> 
>     Above are "-2" connections.
>     Below is the "No -2" connection.
> 
> Feb 17 19:39:13 www-reserved sshd[27519]: verbose(INFO): Connection from
> 192.168.2.10 port 58113
> Feb 17 19:39:18 www-reserved sshd[27519]: info(NOTICE): Accepted password for
> gnu from 192.168.2.10 port 58113
> Feb 17 19:39:18 www-reserved sshd[27519]: info(NOTICE): Accepted password for
> gnu from 192.168.2.10 port 58113
> Feb 17 19:39:18 www-reserved sshd[27519]: verbose(INFO): Closing connection
> to 192.168.2.10
> 
> 
> 
> Happy Hacking,
> 
> Chiaki
> 
>

More information about the openssh-unix-dev mailing list