weird DH problems

Darren Tucker dtucker at zip.com.au
Tue Sep 19 16:56:10 EST 2006


Girish Venkatachalam wrote:
> On Tue, Sep 19, 2006 at 03:02:07PM +1000, Darren Tucker wrote:
[...]
> |Does the problem occur with a vanilla OpenSSH built from the source on 
> |openssh.com?  I'm pretty sure FreeBSD make a number of changes but I 
> |don't know what they are.  They should be the first point of call for 
> |problems with the binaries they supply.
> 
> In that case let us just move on. I could not run sshd in debug mode
> since I tried something and ended up killing it and getting myself
> locked out. Since it is not my machine I am also scared to just hack things.

Did sshd on the server log anything when the connection died, or leave a 
core dump?  You can run sshd on another port without affecting the 
production one on port 22 (eg "/path/to/sshd -p 222").

You can also bump the debug level while leaving it running as a daemon 
as long as you're careful (use sshd -t to check your config, then send 
the running master sshd process a SIGHUP).

[...]
> But I wouldnt think they would diddle around with DH fields and
> stuff. Remote chance.

It might be something only loosely related to ssh.  Last time I saw 
symptoms such as you describe, the root cause was a problem in OpenSSL's 
SPARC bignum assembler routine that caused intermittent segfaults (hence 
my questions earlier about what the platform was).  In that particular 
case, rebuilding OpenSSL without assembler optimization resolved the 
problem.

Another somewhat similar ocurrence during kbdint was caused by glibc 
attempting to write to a segment mapped read-only when a process tried 
to do a name lookup in a chroot and there was no "lib" directory in the 
chroot.

In these e

[from earlier]
 > You are right in the stance that FreeBSD owes an explanation.

It's not that they owe you anything (indeed, unless you're paying them 
for support they don't) but they are in a much better position to be 
able to track down and/or reproduce this than we are.

If you or they have indications that it really is a problem with OpenSSH 
then we'll do what we can to help.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.



More information about the openssh-unix-dev mailing list