Openssh installation only works for user root

GOMA, Frank frank.goma at atosorigin.com
Sat May 22 00:30:41 EST 2004


Darren,

Thanks for your response and apologies for the late reply.

BROKEN_SETREUID and BROKEN_SETREGID are defined. 

Please see below the output from the debug. ( I have removed the real ip and
replaced it with X.X.X.X for security reasons. )

YYYY: root@/>sshd -ddd -p 22

debug2: read_server_config: filename /usr/local/etc/sshd_config
debug1: sshd version OpenSSH_3.8p1
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from X.X.X.X port 4669
debug1: Client protocol version 1.5; client software version
PuTTY-Release-0.52
debug1: no match: PuTTY-Release-0.52
debug1: Local version string SSH-1.99-OpenSSH_3.8p1
debug3: privsep user:group 141:106
debug1: permanently_set_uid: 141/106
debug1: Sent 768 bit server key and 1024 bit host key.
debug2: Network child is on pid 10766
debug3: preauth child monitor started
debug3:  entering
debug1: Encryption type: blowfish
debug3:  entering: type 28
debug3: : checking request 28
debug3:  entering: type 29
debug3:  entering
debug3:  entering: type 29
debug2: : 28 used once, disabling now
debug3:  entering
debug3:  entering
debug3:  entering: type 30
debug3: : checking request 30
debug3:  entering
debug2: : 30 used once, disabling now
debug3:  entering
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug3:  entering
debug3:  entering: type 6
debug3: : waiting for MONITOR_ANS_PWNAM
debug3:  entering: type 7
debug3:  entering
debug3: : checking request 6
debug3:
debug3: : today 12559 sp_expire -1 days left -12560
debug3: account expiration disabled
debug3: : sending MONITOR_ANS_PWNAM: 1
debug3:  entering: type 7
debug2: : 6 used once, disabling now
debug3:  entering
debug1: Attempting authentication for FGoma.
debug3:  entering
debug3:  entering: type 10
debug3: : waiting for MONITOR_ANS_AUTHPASSWORD
debug3: : checking request 10
debug3:  entering: type 11
debug3: : sending result 0
debug3:  entering: type 11
debug3:  entering
debug3: : user not authenticated
Failed none for FGoma from X.X.X.X port 4669
debug3:  entering
debug3:  entering
debug3:  entering: type 10
debug3: : waiting for MONITOR_ANS_AUTHPASSWORD
debug3: : checking request 10
debug3:  entering: type 11
debug3:  entering
debug3: : today 12559 sp_lstchg 12559 sp_max 168
debug3: : sending result 1
debug3:  entering: type 11
debug3: : user authenticated
Accepted password for FGoma from X.X.X.X port 4669
debug1: : FGoma has been authenticated by privileged process
Accepted password for FGoma from X.X.X.X port 4669
debug3: : Waiting for new keys
debug3:  entering: type 24
debug3:  entering
debug3: : Sending ssh1 KEY+IV
debug3: : Sending compression state
debug3:  entering: type 24
debug3: : Finished sending state
debug3: : Getting compression state
debug3: : Getting Network I/O buffers
debug3: : Share sync
debug3: : Share sync end
debug2: User child is on pid 10774
debug3:  entering
debug1: permanently_set_uid: 143/103
debug1: session_new: init
debug1: session_new: session 0
debug1: Installing crc compensation attack detector.
debug1: Allocating pty.
debug3:  entering: type 25
debug3: : checking request 25
debug3:  entering
debug1: session_new: init
debug1: session_new: session 0
debug3: : waiting for MONITOR_ANS_PTY
debug3:  entering: type 26
debug3:  entering
debug3:  entering: type 26
: recvmsg: expected received 1 got 0
debug1: do_cleanup
: sendmsg(11): Invalid argument
debug1: do_cleanup
debug1: session_pty_cleanup: session 0 release /dev/pts/5



-----Original Message-----
From: Darren Tucker [mailto:dtucker at zip.com.au]
Sent: 10 May 2004 00:52
To: GOMA, Frank
Cc: 'openssh-unix-dev at mindrot.org'
Subject: Re: Openssh installation only works for user root


GOMA, Frank wrote:
> I have recently compiled a copy of OpenSSH for use on Reliant Unix ( Sinix
)
> version 5.45. My installation works okay for user root. When I try to log
on
> as another user I get prompted for the user password. When I type this in
> OpenSSH throws me out each time. I have been able to see any errors.
> 
> My version is OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar
> 2004. I am using Putty Release 0.52.

That sounds a bit like the broken uid/gid swapping, but a fix for that 
on Reliant Unix should be in 3.8p1.

Check config.h after running configure, BROKEN_SETREUID and 
BROKEN_SETREGID should be defined.  If they're not, add #define's for 
them and recompile and retest.

If that doesn't help, you will need to run the server in debug mode to 
figure out what's going on.  Log in as root then run ssh on another port 
(eg "/path/to/sshd -ddd -p 222"), connect as a normal user ("ssh -p 222 
yourserver") then post the debug log here.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


___________________________________________________________________________

This e-mail and the documents attached are confidential and intended solely
for the addressee; it may also be privileged. If you receive this e-mail in
error, please notify the sender immediately and destroy it. As its integrity
cannot be secured on the Internet, the Atos Origin group liability cannot be
triggered for the message content. Although the sender endeavours to maintain
a computer virus-free network, the sender does not warrant that this
transmission is virus-free and will not be liable for any damages resulting
from any virus transmitted. 
___________________________________________________________________________




More information about the openssh-unix-dev mailing list