<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4522.1800" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>Got a strange
problem here. We have OpenSSH 2.3.0p1 running on a variety of machines and
on one particular Redhat 6.2 machine(all patches applied) we run into a
situation where it will not allow us to start a shell when using bash or
bash2. csh and others work fine. </FONT></SPAN></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>One note...if I
enable PermitRootLogin, the user root IS allowed to login with bash. This
is very strange. I'm guessing it must be some kind of permissions problem,
but I have checked everything I can think of: sshd configs, pam configs,
permissions on user data, permissions on ssh pieces, etc.</FONT></SPAN></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>Here is the debug
report for SSH Protocol 2. (generated using sshd -ddd)</FONT></SPAN></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>When using /bin/bash
(GNU bash, version 1.14.7(1)) as a shell<BR>When using csh it works fine and
allows us to login.</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>debug1: Seeding
random number generator<BR>debug1: read DSA private key done<BR>debug1: Seeding
random number generator<BR>debug1: Bind to port 22 on 0.0.0.0.<BR>Server
listening on 0.0.0.0 port 22.<BR>Generating 768 bit RSA key.<BR>debug1: Seeding
random number generator<BR>debug1: Seeding random number generator<BR>RSA key
generation complete.<BR>debug1: Server will not fork when running in debugging
mode.<BR>Connection from 206.58.180.12 port 3754<BR>debug1: Client protocol
version 2.0; client software version PuTTY<BR>debug1: no match:
PuTTY<BR>Enabling compatibility mode for protocol 2.0<BR>debug1: Local version
string SSH-1.99-OpenSSH_2.3.0p1<BR>debug1: send KEXINIT<BR>debug1:
done<BR>debug1: wait KEXINIT<BR>debug1: got kexinit:
diffie-hellman-group1-sha1<BR>debug1: got kexinit: ssh-dss<BR>debug1: got
kexinit: blowfish-cbc,blowfish-cbc,3des-cbc<BR>debug1: got kexinit:
blowfish-cbc,blowfish-cbc,3des-cbc<BR>debug1: got kexinit:
hmac-sha1,hmac-md5,none<BR>debug1: got kexinit:
hmac-sha1,hmac-md5,none<BR>debug1: got kexinit: none<BR>debug1: got kexinit:
none<BR>debug1: got kexinit:<BR>debug1: got kexinit:<BR>debug1: first kex
follow: 0<BR>debug1: reserved: 0<BR>debug1: done<BR>debug1: kex:
client->server blowfish-cbc hmac-sha1 none<BR>debug1: kex: server->client
blowfish-cbc hmac-sha1 none<BR>debug1: Wait SSH2_MSG_KEXDH_INIT.<BR>debug1: bits
set: 492/1024<BR>debug1: bits set: 522/1024<BR>debug1: sig size 20 20<BR>debug1:
send SSH2_MSG_NEWKEYS.<BR>debug1: done: send SSH2_MSG_NEWKEYS.<BR>debug1: Wait
SSH2_MSG_NEWKEYS.<BR>debug1: GOT SSH2_MSG_NEWKEYS.<BR>debug1: done:
KEX2.<BR>debug1: userauth-request for user cnewbill service ssh-connection
method password<BR>debug1: attempt #1<BR>debug2: input_userauth_request: setting
up authctxt for cnewbill<BR>debug1: Starting up PAM with username
"cnewbill"<BR>debug2: input_userauth_request: try method password<BR>debug1: PAM
Password authentication accepted for user "cnewbill"<BR>debug1: PAM setting
rhost to "cnewbill.onewest.net"<BR>Accepted password for cnewbill from
206.58.180.12 port 3754 ssh2<BR>debug1: Entering interactive session for
SSH2.<BR>debug1: server_init_dispatch_20<BR>debug1: server_input_channel_open:
ctype session rchan 100 win 32768 max 16384<BR>debug1: open session<BR>debug1:
channel 0: new [server-session]<BR>debug1: session_new: init<BR>debug1:
session_new: session 0<BR>debug1: session_open: channel 0<BR>debug1:
session_open: session 0: link with channel 0<BR>debug1: confirm
session<BR>debug2: callback start<BR>debug1: session_by_channel: session 0
channel 0<BR>debug1: session_input_channel_req: session 0 channel 0 request
pty-req reply 1<BR>debug1: session_pty_req: session 0 alloc
/dev/pts/4<BR>debug2: callback done<BR>debug2: callback start<BR>debug1:
session_by_channel: session 0 channel 0<BR>debug1: session_input_channel_req:
session 0 channel 0 request shell reply 1<BR>debug1: PAM setting tty to
"/dev/pts/4"<BR>debug1: PAM establishing creds<BR>debug1: fd 7 setting
O_NONBLOCK<BR>debug1: fd 3 IS O_NONBLOCK<BR>debug2: callback done<BR>debug1:
Setting controlling tty using TIOCSCTTY.<BR>debug2: channel 0: rcvd adjust
315<BR>???debug1: Received SIGCHLD.???<BR>debug1: session_by_pid: pid
4903<BR>debug1: session_exit_message: session 0 channel 0 pid 4903<BR>debug1:
session_exit_message: release channel 0<BR>debug1: channel 0: write
failed<BR>debug1: channel 0: output open -> closed<BR>debug1: channel 0:
close_write<BR>debug1: channel 0: read failed<BR>debug1: channel 0: input open
-> drain<BR>debug1: channel 0: close_read<BR>debug1: channel 0: input: no
drain shortcut<BR>debug1: channel 0: ibuf empty<BR>debug1: channel 0: input
drain -> closed<BR>debug1: channel 0: send eof<BR>debug1:
session_pty_cleanup: session 0 release /dev/pts/4<BR>debug1: session_free:
session 0 pid 4903<BR>debug1: channel 0: send close<BR>debug2: channel 0: rcvd
adjust 7<BR>debug1: channel 0: rcvd close<BR>***fatal: buffer_get: trying to get
more bytes than in buffer***<BR>debug1: Calling cleanup
0x805b6f0(0x0)<BR>debug1: Calling cleanup 0x8050980(0x0)<BR>debug1: Calling
cleanup 0x8061750(0x0)<BR></FONT></SPAN></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>Now for SSH Protocol
1 attempt</FONT></SPAN></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>debug1: sshd version
OpenSSH_2.3.0p1<BR>debug1: Seeding random number generator<BR>debug1: read DSA
private key done<BR>debug1: Seeding random number generator<BR>debug1: Bind to
port 22 on 0.0.0.0.<BR>Server listening on 0.0.0.0 port 22.<BR>Generating 768
bit RSA key.<BR>debug1: Seeding random number generator<BR>debug1: Seeding
random number generator<BR>RSA key generation complete.<BR>debug1: Server will
not fork when running in debugging mode.<BR>Connection from 206.58.180.12 port
3791<BR>debug1: Client protocol version 1.5; client software version
PuTTY<BR>debug1: no match: PuTTY<BR>debug1: Local version string
SSH-1.99-OpenSSH_2.3.0p1<BR>debug1: Sent 768 bit public key and 1024 bit host
key.<BR>debug1: Encryption type: 3des<BR>debug1: Received session key;
encryption turned on.<BR>debug1: Installing crc compensation attack
detector.<BR>debug1: Starting up PAM with username "cnewbill"<BR>debug1:
Attempting authentication for cnewbill.</FONT></SPAN></DIV>
<DIV><SPAN class=484255616-10012001><FONT face=Arial size=2>Accepted password
for cnewbill from 206.58.180.12 port 3791<BR>debug1: PAM setting rhost to
"cnewbill.onewest.net"<BR>debug1: session_new: init<BR>debug1: session_new:
session 0<BR>debug1: Allocating pty.<BR>debug1: PAM setting tty to
"/dev/pts/4"<BR>debug1: PAM establishing creds<BR>debug1: Entering interactive
session.<BR>debug1: fd 3 setting O_NONBLOCK<BR>debug1: fd 7 IS
O_NONBLOCK<BR>debug1: server_init_dispatch_13<BR>debug1:
server_init_dispatch_15<BR>debug1: Setting controlling tty using
TIOCSCTTY.<BR>debug1: tvp!=NULL kid 0 mili 10<BR>debug1: tvp!=NULL kid 0 mili
10<BR>debug1: tvp!=NULL kid 0 mili 10<BR>debug1: Received SIGCHLD.<BR>debug1:
tvp!=NULL kid 1 mili 100<BR>debug1: End of interactive session; stdin 0, stdout
(read 323, sent 323), stderr 0 bytes.<BR>debug1: Command exited with status
0.<BR>debug1: Received exit confirmation.<BR>debug1: session_pty_cleanup:
session 0 release /dev/pts/4<BR>Closing connection to
206.58.180.12<BR></FONT></SPAN><SPAN class=484255616-10012001><FONT face=Arial
size=2></DIV></FONT></SPAN>
<DIV><SPAN class=484255616-10012001><FONT face=Arial
size=2>Thanks,</DIV></FONT></SPAN>
<DIV align=left><FONT face=Tahoma size=2></FONT> </DIV>
<DIV align=left><FONT face=Tahoma size=2>Chris Newbill</FONT></DIV>
<DIV align=left><FONT face=Tahoma size=2>Programmer/Analyst</FONT></DIV>
<DIV align=left><FONT face=Tahoma size=2>OneWest.net Inc.,</FONT></DIV>
<DIV align=left><FONT face=Tahoma size=2>406-449-8056</FONT></DIV>
<P
align=left>------------------------------------------------------------<BR><FONT
face=Tahoma size=2>Ever notice how it's a penny for your thoughts, yet you
put<BR>in your two-cents? Someone is making a penny on the deal.<BR>-----Steven
Wright<BR></FONT>------------------------------------------------------------</P>
<DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML>