<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4522.1800" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=460370918-10012001>Additional Info, rebuilt OpenSSL 0.9.6(have also tried
0.9.5a) and OpenSSH, no luck.</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=460370918-10012001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=460370918-10012001>Another strange note, if your default shell is set to
/bin/sh (a symlink to /bin/bash) it lets you login!??</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=460370918-10012001></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=460370918-10012001>Thanks,</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN class=460370918-10012001>Chris
Newbill</SPAN></FONT></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Chris Newbill
[mailto:cnewbill@support.onewest.net]<BR><B>Sent:</B> Wednesday, January 10,
2001 10:11 AM<BR><B>To:</B> openssh-unix-dev@mindrot.org<BR><B>Subject:</B>
SSH2/1 Failure when using bash shell, other shells work<BR><BR></FONT></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>Got a strange
problem here. We have OpenSSH 2.3.0p1 running on a variety of machines
and on one particular Redhat 6.2 machine(all patches applied) we run into a
situation where it will not allow us to start a shell when using bash or
bash2. csh and others work fine. </FONT></SPAN></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>One note...if I
enable PermitRootLogin, the user root IS allowed to login with bash.
This is very strange. I'm guessing it must be some kind of permissions
problem, but I have checked everything I can think of: sshd configs, pam
configs, permissions on user data, permissions on ssh pieces,
etc.</FONT></SPAN></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>Here is the debug
report for SSH Protocol 2. (generated using sshd -ddd)</FONT></SPAN></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>When using
/bin/bash (GNU bash, version 1.14.7(1)) as a shell<BR>When using csh it works
fine and allows us to login.</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>debug1: Seeding
random number generator<BR>debug1: read DSA private key done<BR>debug1:
Seeding random number generator<BR>debug1: Bind to port 22 on
0.0.0.0.<BR>Server listening on 0.0.0.0 port 22.<BR>Generating 768 bit RSA
key.<BR>debug1: Seeding random number generator<BR>debug1: Seeding random
number generator<BR>RSA key generation complete.<BR>debug1: Server will not
fork when running in debugging mode.<BR>Connection from 206.58.180.12 port
3754<BR>debug1: Client protocol version 2.0; client software version
PuTTY<BR>debug1: no match: PuTTY<BR>Enabling compatibility mode for protocol
2.0<BR>debug1: Local version string SSH-1.99-OpenSSH_2.3.0p1<BR>debug1: send
KEXINIT<BR>debug1: done<BR>debug1: wait KEXINIT<BR>debug1: got kexinit:
diffie-hellman-group1-sha1<BR>debug1: got kexinit: ssh-dss<BR>debug1: got
kexinit: blowfish-cbc,blowfish-cbc,3des-cbc<BR>debug1: got kexinit:
blowfish-cbc,blowfish-cbc,3des-cbc<BR>debug1: got kexinit:
hmac-sha1,hmac-md5,none<BR>debug1: got kexinit:
hmac-sha1,hmac-md5,none<BR>debug1: got kexinit: none<BR>debug1: got kexinit:
none<BR>debug1: got kexinit:<BR>debug1: got kexinit:<BR>debug1: first kex
follow: 0<BR>debug1: reserved: 0<BR>debug1: done<BR>debug1: kex:
client->server blowfish-cbc hmac-sha1 none<BR>debug1: kex:
server->client blowfish-cbc hmac-sha1 none<BR>debug1: Wait
SSH2_MSG_KEXDH_INIT.<BR>debug1: bits set: 492/1024<BR>debug1: bits set:
522/1024<BR>debug1: sig size 20 20<BR>debug1: send
SSH2_MSG_NEWKEYS.<BR>debug1: done: send SSH2_MSG_NEWKEYS.<BR>debug1: Wait
SSH2_MSG_NEWKEYS.<BR>debug1: GOT SSH2_MSG_NEWKEYS.<BR>debug1: done:
KEX2.<BR>debug1: userauth-request for user cnewbill service ssh-connection
method password<BR>debug1: attempt #1<BR>debug2: input_userauth_request:
setting up authctxt for cnewbill<BR>debug1: Starting up PAM with username
"cnewbill"<BR>debug2: input_userauth_request: try method password<BR>debug1:
PAM Password authentication accepted for user "cnewbill"<BR>debug1: PAM
setting rhost to "cnewbill.onewest.net"<BR>Accepted password for cnewbill from
206.58.180.12 port 3754 ssh2<BR>debug1: Entering interactive session for
SSH2.<BR>debug1: server_init_dispatch_20<BR>debug1: server_input_channel_open:
ctype session rchan 100 win 32768 max 16384<BR>debug1: open session<BR>debug1:
channel 0: new [server-session]<BR>debug1: session_new: init<BR>debug1:
session_new: session 0<BR>debug1: session_open: channel 0<BR>debug1:
session_open: session 0: link with channel 0<BR>debug1: confirm
session<BR>debug2: callback start<BR>debug1: session_by_channel: session 0
channel 0<BR>debug1: session_input_channel_req: session 0 channel 0 request
pty-req reply 1<BR>debug1: session_pty_req: session 0 alloc
/dev/pts/4<BR>debug2: callback done<BR>debug2: callback start<BR>debug1:
session_by_channel: session 0 channel 0<BR>debug1: session_input_channel_req:
session 0 channel 0 request shell reply 1<BR>debug1: PAM setting tty to
"/dev/pts/4"<BR>debug1: PAM establishing creds<BR>debug1: fd 7 setting
O_NONBLOCK<BR>debug1: fd 3 IS O_NONBLOCK<BR>debug2: callback done<BR>debug1:
Setting controlling tty using TIOCSCTTY.<BR>debug2: channel 0: rcvd adjust
315<BR>???debug1: Received SIGCHLD.???<BR>debug1: session_by_pid: pid
4903<BR>debug1: session_exit_message: session 0 channel 0 pid 4903<BR>debug1:
session_exit_message: release channel 0<BR>debug1: channel 0: write
failed<BR>debug1: channel 0: output open -> closed<BR>debug1: channel 0:
close_write<BR>debug1: channel 0: read failed<BR>debug1: channel 0: input open
-> drain<BR>debug1: channel 0: close_read<BR>debug1: channel 0: input: no
drain shortcut<BR>debug1: channel 0: ibuf empty<BR>debug1: channel 0: input
drain -> closed<BR>debug1: channel 0: send eof<BR>debug1:
session_pty_cleanup: session 0 release /dev/pts/4<BR>debug1: session_free:
session 0 pid 4903<BR>debug1: channel 0: send close<BR>debug2: channel 0: rcvd
adjust 7<BR>debug1: channel 0: rcvd close<BR>***fatal: buffer_get: trying to
get more bytes than in buffer***<BR>debug1: Calling cleanup
0x805b6f0(0x0)<BR>debug1: Calling cleanup 0x8050980(0x0)<BR>debug1: Calling
cleanup 0x8061750(0x0)<BR></FONT></SPAN></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>Now for SSH
Protocol 1 attempt</FONT></SPAN></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>debug1: sshd
version OpenSSH_2.3.0p1<BR>debug1: Seeding random number generator<BR>debug1:
read DSA private key done<BR>debug1: Seeding random number
generator<BR>debug1: Bind to port 22 on 0.0.0.0.<BR>Server listening on
0.0.0.0 port 22.<BR>Generating 768 bit RSA key.<BR>debug1: Seeding random
number generator<BR>debug1: Seeding random number generator<BR>RSA key
generation complete.<BR>debug1: Server will not fork when running in debugging
mode.<BR>Connection from 206.58.180.12 port 3791<BR>debug1: Client protocol
version 1.5; client software version PuTTY<BR>debug1: no match:
PuTTY<BR>debug1: Local version string SSH-1.99-OpenSSH_2.3.0p1<BR>debug1: Sent
768 bit public key and 1024 bit host key.<BR>debug1: Encryption type:
3des<BR>debug1: Received session key; encryption turned on.<BR>debug1:
Installing crc compensation attack detector.<BR>debug1: Starting up PAM with
username "cnewbill"<BR>debug1: Attempting authentication for
cnewbill.</FONT></SPAN></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>Accepted password
for cnewbill from 206.58.180.12 port 3791<BR>debug1: PAM setting rhost to
"cnewbill.onewest.net"<BR>debug1: session_new: init<BR>debug1: session_new:
session 0<BR>debug1: Allocating pty.<BR>debug1: PAM setting tty to
"/dev/pts/4"<BR>debug1: PAM establishing creds<BR>debug1: Entering interactive
session.<BR>debug1: fd 3 setting O_NONBLOCK<BR>debug1: fd 7 IS
O_NONBLOCK<BR>debug1: server_init_dispatch_13<BR>debug1:
server_init_dispatch_15<BR>debug1: Setting controlling tty using
TIOCSCTTY.<BR>debug1: tvp!=NULL kid 0 mili 10<BR>debug1: tvp!=NULL kid 0 mili
10<BR>debug1: tvp!=NULL kid 0 mili 10<BR>debug1: Received SIGCHLD.<BR>debug1:
tvp!=NULL kid 1 mili 100<BR>debug1: End of interactive session; stdin 0,
stdout (read 323, sent 323), stderr 0 bytes.<BR>debug1: Command exited with
status 0.<BR>debug1: Received exit confirmation.<BR>debug1:
session_pty_cleanup: session 0 release /dev/pts/4<BR>Closing connection to
206.58.180.12<BR></FONT></SPAN><SPAN class=484255616-10012001><FONT face=Arial
size=2></DIV></FONT></SPAN>
<DIV><SPAN class=484255616-10012001><FONT face=Arial
size=2>Thanks,</DIV></FONT></SPAN>
<DIV align=left><FONT face=Tahoma size=2></FONT> </DIV>
<DIV align=left><FONT face=Tahoma size=2>Chris Newbill</FONT></DIV>
<DIV align=left><FONT face=Tahoma size=2>Programmer/Analyst</FONT></DIV>
<DIV align=left><FONT face=Tahoma size=2>OneWest.net Inc.,</FONT></DIV>
<DIV align=left><FONT face=Tahoma size=2>406-449-8056</FONT></DIV>
<P
align=left>------------------------------------------------------------<BR><FONT
face=Tahoma size=2>Ever notice how it's a penny for your thoughts, yet you
put<BR>in your two-cents? Someone is making a penny on the
deal.<BR>-----Steven
Wright<BR></FONT>------------------------------------------------------------</P>
<DIV><FONT face=Arial size=2></FONT> </DIV></BLOCKQUOTE></BODY></HTML>