openssh-6.5p1 on Solaris 10 - segmentation fault

mikep at noc.utoronto.ca mikep at noc.utoronto.ca
Fri Feb 14 04:40:04 EST 2014 

I just installed 'openssh-6.5p1' on a Solaris 10 system, and when
attempting to 'ssh' anywhere as anybody from the 'root' account,
I get a segmentation fault.

Debug output as 'root':

kraken:/opt/local/src/security/openssh-6.5p1# ./ssh -vvv mimir
OpenSSH_6.5, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: cipher ok: aes128-cbc [aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc]
debug3: cipher ok: 3des-cbc [aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc]
debug3: cipher ok: aes192-cbc [aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc]
debug3: cipher ok: aes256-cbc [aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc]
debug3: ciphers ok: [aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc]
debug3: kex names ok: [diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
debug1: /etc/ssh/ssh_config line 57: Applying options for *
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 1
debug1: Connecting to mimir [XXX.XXX.XXX.XXX] port 22.
Segmentation fault

Debug as regular user:

kraken:~> /opt/local/src/security/openssh-6.5p1/ssh -vvv mimir
OpenSSH_6.5, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: cipher ok: aes128-cbc [aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc]
debug3: cipher ok: 3des-cbc [aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc]
debug3: cipher ok: aes192-cbc [aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc]
debug3: cipher ok: aes256-cbc [aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc]
debug3: ciphers ok: [aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc]
debug3: kex names ok: [diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1]
debug1: /etc/ssh/ssh_config line 57: Applying options for *
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to nemo [XXX.XXX.XXX.XXX] port 22.
debug1: Connection established.
debug1: could not open key file '/etc/ssh/ssh_host_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_ed25519_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_ed25519_key': Permission denied
debug1: identity file /home/mikep/.ssh/id_rsa type -1
debug1: identity file /home/mikep/.ssh/id_rsa-cert type -1
debug1: identity file /home/mikep/.ssh/id_dsa type -1
debug1: identity file /home/mikep/.ssh/id_dsa-cert type -1
debug1: identity file /home/mikep/.ssh/id_ecdsa type -1
debug1: identity file /home/mikep/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/mikep/.ssh/id_ed25519 type -1
debug1: identity file /home/mikep/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4
debug1: match: OpenSSH_6.4 pat OpenSSH* compat 0x04000000

'ssh' does appear to work as a regular user, but all the Cisco SSH 
connections hang again; haven't had time to investigate what combinations
of ciphers and key exchange methods work with the latest version, if any.
With the new version it hangs at:

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

Version 6.4 shows:

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

Any ideas?

Thanks,
Mike
--
Mike Peterson                            Information Security Analyst - Audit
E-mail: mikep at noc.utoronto.ca                WWW: http://www.noc.utoronto.ca/
Tel: 416-978-5230                                           Fax: 416-978-6620

More information about the openssh-unix-dev mailing list