[Bug 429] New: SSH 3.4p1 problems on Tru64 V4.0D & Tru64 V4.0F

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Nov 7 08:38:16 EST 2002 

http://bugzilla.mindrot.org/show_bug.cgi?id=429

           Summary: SSH 3.4p1 problems on Tru64 V4.0D & Tru64 V4.0F
           Product: Portable OpenSSH
           Version: 3.4p1
          Platform: Alpha
        OS/Version: OSF/1
            Status: NEW
          Severity: major
          Priority: P2
         Component: ssh
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: avi.koski at comverse.com


We worked with no problems, with the following versions: openssh-3.0.2p1 , 
openssl-0.9.6b , zlib-1.1.3 

We try to upgrade SSH to the new version openssh-3.4p1 (with the previous 
openssl and zlib versions, or with openssl-0.9.6g and same zlib version).

Problem description: ssh works for root and no one else. 

If we try to ssh from another machine or from the Tru64 machine itself to any 
user, the connection is closed, after we enter the password.

Example (ssh from another of from the same machine - no debug) 
$ssh -l avi168 10.119.50.168 
avi168 at 10.119.50.168's password:xxxxxxxxxx 
Connection to 10.119.50.168 closed by remote host. 
Connection to 10.119.50.168 closed. 

and in the /var/adm/syslog.dated/05-Nov-16:53/auth.log file I get the following 
messages: 

Nov  6 11:29:30 trm61 sshd[24723]: Could not reverse map address 10.119.55.210. 
Nov  6 11:29:30 trm61 sshd[24723]: Accepted password for avi168 from 
10.119.55.210 port 34450 ssh2 
Nov  6 11:29:30 trm61 sshd[24733]: audgen(LOGIN): Permission denied 
Nov  6 11:29:30 trm61 sshd[24733]: fatal: Couldn't establish session for avi168 
from 10.119.55.210 



Example (with debug) 

$ ssh -vvv -l avi168 10.119.50.168 
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090605f 
debug1: Reading configuration data /usr/local/etc/ssh_config 
debug1: Rhosts Authentication disabled, originating port will not be trusted. 
debug1: ssh_connect: needpriv 0 
debug1: Connecting to 10.119.50.168 [10.119.50.168] port 22. 
debug1: Connection established. 
debug1: identity file /rlu/users/rluc/.ssh/identity type 0 
debug1: identity file /rlu/users/rluc/.ssh/id_rsa type -1 
debug1: identity file /rlu/users/rluc/.ssh/id_dsa type -1 
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 
debug1: match: OpenSSH_3.4p1 pat OpenSSH* 
Enabling compatibility mode for protocol 2.0 
debug1: Local version string SSH-2.0-OpenSSH_3.4p1 
debug1: SSH2_MSG_KEXINIT sent 
debug1: SSH2_MSG_KEXINIT received 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-
group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none 
debug2: kex_parse_kexinit: none 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-
group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss 
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blM-^?%M-&towfish-cbc,cast128-
cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc at lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,zlib 
debug2: kex_parse_kexinit: none,zlib 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5 
debug1: kex: server->client aes128-cbc hmac-md5 none 
debug2: mac_init: found hmac-md5 
debug1: kex: client->server aes128-cbc hmac-md5 none 
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP 
debug1: dh_gen_key: priv key bits set: 140/256 
debug1: bits set: 1622/3191 
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent 
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY 
debug3: check_host_in_hostfile: filename /rlu/usM-^?%M-
&ters/rluc/.ssh/known_hosts 
debug3: check_host_in_hostfile: match line 2 
debug1: Host '10.119.50.168' is known and matches the RSA host key. 
debug1: Found key in /rlu/users/rluc/.ssh/known_hosts:2 
debug1: bits set: 1596/3191 
debug1: ssh_rsa_verify: signature correct 
debug1: kex_derive_keys 
debug1: newkeys: mode 1 
debug1: SSH2_MSG_NEWKEYS sent 
debug1: waiting for SSH2_MSG_NEWKEYS 
debug1: newkeys: mode 0 
debug1: SSH2_MSG_NEWKEYS received 
debug1: done: ssh_kex2. 
debug1: send SSH2_MSG_SERVICE_REQUEST 
debug1: service_accept: ssh-userauth 
debug1: got SSH2_MSG_SERVICE_ACCEPT 
debug1: authentications that can continue: publickey,password,keyboard-
interactive 
debug3: start over, passed a different list publickey,password,keyboard-
interactive 
debug3: preferred publickey,keyboard-interactive,password 
debug3: authmethod_lookup publickey 
debug3: remaining preferred: keyboard-interactive,password 
debug3: authmethod_is_enabled publickey 
debug1: next auth method to try is publickey 
M-^?%M-&tdebug1: try privkey: /rlu/users/rluc/.ssh/id_rsa 
debug3: no such identity: /rlu/users/rluc/.ssh/id_rsa 
debug1: try privkey: /rlu/users/rluc/.ssh/id_dsa 
debug3: no such identity: /rlu/users/rluc/.ssh/id_dsa 
debug2: we did not send a packet, disable method 
debug3: authmethod_lookup keyboard-interactive 
debug3: remaining preferred: password 
debug3: authmethod_is_enabled keyboard-interactive 
debug1: next auth method to try is keyboard-interactive 
debug2: userauth_kbdint 
debug2: we sent a keyboard-interactive packet, wait for reply 
debug1: authentications that can continue: publickey,password,keyboard-
interactive 
debug3: userauth_kbdint: disable: no info_req_seen 
debug2: we did not send a packet, disable method 
debug3: authmethod_lookup password 
debug3: remaining preferred: 
debug3: authmethod_is_enabled password 
debug1: next auth method to try is password 
avi168 at 10.119.50.168's password: 
debug3: packet_send2: adding 48 (len 61 padlen 19 extra_pad 64) 
debug2: we sent a passwM-^?%M-&tord packet, wait for reply 
debug1: ssh-userauth2 successful: method password 
debug1: channel 0: new [client-session] 
debug3: ssh_session2_open: channel_new: 0 
debug1: send channel open 0 
debug1: Entering interactive session. 
debug2: callback start 
debug1: ssh_session2_setup: id 0 
debug1: channel request 0: pty-req 
debug3: tty_make_modes: ospeed 38400 
debug3: tty_make_modes: ispeed 0 
debug3: tty_make_modes: 1 3 
debug3: tty_make_modes: 2 28 
debug3: tty_make_modes: 3 127 
debug3: tty_make_modes: 4 21 
debug3: tty_make_modes: 5 4 
debug3: tty_make_modes: 6 0 
debug3: tty_make_modes: 7 0 
debug3: tty_make_modes: 8 17 
debug3: tty_make_modes: 9 19 
debug3: tty_make_modes: 10 26 
debug3: tty_make_modes: 11 25 
debug3: tty_make_modes: 12 18 
debug3: tty_make_modes: 13 23 
debug3: tty_make_modes: 14 22 
debug3: tty_make_modes: 16 0 
debug3: tty_make_modes: 18 15 
debug3: tty_make_modes: 30 1 
debug3: tty_make_modes: 31 0 
debug3: tty_make_modes: 32 0 
debug3: tty_make_modes: 33 1 
debug3: tty_make_mM-^?%M-&todes: 34 0 
debug3: tty_make_modes: 35 0 
debug3: tty_make_modes: 36 1 
debug3: tty_make_modes: 37 0 
debug3: tty_make_modes: 38 1 
debug3: tty_make_modes: 39 0 
debug3: tty_make_modes: 40 0 
debug3: tty_make_modes: 41 1 
debug3: tty_make_modes: 50 1 
debug3: tty_make_modes: 51 1 
debug3: tty_make_modes: 52 0 
debug3: tty_make_modes: 53 1 
debug3: tty_make_modes: 54 1 
debug3: tty_make_modes: 55 1 
debug3: tty_make_modes: 56 0 
debug3: tty_make_modes: 57 0 
debug3: tty_make_modes: 58 0 
debug3: tty_make_modes: 59 1 
debug3: tty_make_modes: 60 1 
debug3: tty_make_modes: 61 1 
debug3: tty_make_modes: 62 0 
debug3: tty_make_modes: 70 1 
debug3: tty_make_modes: 71 0 
debug3: tty_make_modes: 72 1 
debug3: tty_make_modes: 73 0 
debug3: tty_make_modes: 74 0 
debug3: tty_make_modes: 75 0 
debug3: tty_make_modes: 90 1 
debug3: tty_make_modes: 91 1 
debug3: tty_make_modes: 92 0 
debug3: tty_make_modes: 93 0 
debug1: channel request 0: shell 
debug1: fd 4 setting TCP_NODELAY 
debug2: callback done 
debug1: channel 0: opM-^?%M-&t^Ben confirm rwindow 0 rmax 32768 
debug2: channel 0: rcvd adjust 131072 
debug1: channel_free: channel 0: client-session, nchannels 1 
debug3: channel_free: status: The following connections are open: 
  #0 client-session (t4 r0 i0/0 o0/0 fd 5/6) 

debug3: channel_close_fds: channel 0: r 5 w 6 e 7 
Connection to 10.119.50.168 closed by remote host. 
Connection to 10.119.50.168 closed. 
debug1: Transferred: stdin 0, stdout 0, stderr 89 bytes in 0.0 seconds 
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 3187.2 
debug1: Exit status -1 
$ exit 

Additional info: 
User sshd have been added an it belongs to group sshd (SSH 3.4 request). 

/etc/passwd entry : sshd:*:27:27:sshd privsep:/var/empty:/bin/false 
/etc/group entry    : sshd:*:27: 

The configuration file /usr/etc/ssh_config have not been modified and we use 
the default file (that includes only commented lines).

Questions: 
Do you know if this version of SSH 3.4p1 have been installed with no such 
problems on Tru64 V4.0D / V4.0F ? 
If yes, what is wrong with our usage? 

Thanks and regards, 

Avi Koski



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list