Bug 162384

Summary: Openssh protocol version 2 not working
Product: [Fedora] Fedora Reporter: Jacco Logtenberg <jacco>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-07-04 21:15:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jacco Logtenberg 2005-07-03 18:22:51 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
After upgrading some packages (see below) protocol version 2 is broke. When a client tries to connect with version 2, the ssh-daemon complains about a buffer_get_string length. The sshd closes the session. 
Protocol version 1 is still working.

[root@riker log]# date
Sun Jul  3 20:04:45 CEST 2005
[root@riker log]# ssh -2 localhost
Connection closed by 127.0.0.1
[root@riker log]# ssh -1 localhost
root@localhost's password:
Last login: Sun Jul  3 14:17:44 2005 from localhost
[root@riker ~]# tail /var/log/secure
Jul  3 20:04:50 riker sshd[7599]: fatal: buffer_get_string: bad string length 10
64303083
Jul  3 20:05:01 riker sshd[7602]: Accepted password for root from ::ffff:127.0.0
.1 port 58802

I downgraded Openssh to the version supplied on the FC3-DVD => problem stays the same. So it isn't a Openssh-problem, but what could it be?

The problem appears also when connecting to the sshd with a Windows-ssh-client.

The problem appeared after upgrading to the following packages:
binutils-2.15.92.0.2-5.1
eruby-1.0.5-3
eruby-devel-1.0.5-3
eruby-libs-1.0.5-3
gzip-1.3.3-15.fc3
HelixPlayer-1.0.5-0.fc3.2
ipxutils-2.2.4-4.FC3.1
irb-1.8.2-1.fc3.3
ncpfs-2.2.4-4.FC3.1
netpbm-10.27-4.FC3.1
netpbm-devel-10.27-4.FC3.1
netpbm-progs-10.27-4.FC3.1
openssh-3.9p1-8.0.2
openssh-askpass-3.9p1-8.0.2
openssh-askpass-gnome-3.9p1-8.0.2
openssh-clients-3.9p1-8.0.2
openssh-server-3.9p1-8.0.2
ruby-1.8.2-1.fc3.3
ruby-devel-1.8.2-1.fc3.3
ruby-docs-1.8.2-1.fc3.3
ruby-libs-1.8.2-1.fc3.3
ruby-mode-1.8.2-1.fc3.3
ruby-tcltk-1.8.2-1.fc3.3
sudo-1.6.7p5-30.3
util-linux-2.12a-24.3


Version-Release number of selected component (if applicable):
Initial version of openssh supplied with Fedora Core 3 and updates

How reproducible:
Always

Steps to Reproduce:
1. Upgrade to the packages mentioned above
2. Try to connect with ssh protocol version 2
3.
  

Actual Results:  Ssh protocol version 2 was broke

Expected Results:  It should keep on working

Additional info:

Comment 1 Tomas Mraz 2005-07-04 20:44:59 UTC
That is really weird bug. Of course I cannot reproduce it here so the problem is
that I cannot do much with it.

Could you please investigate some more? None of the packages you mention should
have any influence on the communication or processing of the ssh protocol. These
packages mostly aren't libraries or if they are they aren't linked to ssh/d.

Are you sure that you don't have broken hardware or some other
malfunctions/misconfigurations in your system?


Comment 2 Jacco Logtenberg 2005-07-04 21:05:59 UTC
A grep from /var/log/secure. At 12:18:01 ssh v2 worked, at 12:18:58 it didn't
work anymore.
At 12:18 I started upgrading some packages.

Jul  3 12:15:44 riker sshd[21505]: Accepted password for root from
::ffff:192.168.0.2 port 1322 ssh2
Jul  3 12:18:01 riker sshd[21546]: Accepted password for root from
::ffff:192.168.0.2 port 1323 ssh2
Jul  3 12:18:58 riker sshd[21585]: fatal: buffer_get_string: bad string length
1064303083
Jul  3 12:19:03 riker sshd[21587]: fatal: buffer_get_string: bad string length
1064303083
Jul  3 12:19:15 riker sshd[21589]: fatal: buffer_get_string: bad string length
1064303083

--------------------------------------------------------

The differences between te packages (before/after upgrading):
Btw, I upgraded kernel-packages after the ssh-problem, trying to fix it (didn't
help anyway).
Selinux is configured as "permissive"

[root@riker log]# ll rp*
-rw-r--r--  1 root root 51169 Jul  4 04:29 rpmpkgs
-rw-r--r--  1 root root 51145 Jul  2 04:29 rpmpkgs.1
-rw-r--r--  1 root root 51145 Jun 25 04:27 rpmpkgs.2
-rw-r--r--  1 root root 51145 Jun 18 05:14 rpmpkgs.3
-rw-r--r--  1 root root 51133 Jun 11 04:26 rpmpkgs.4
[root@riker log]# diff rpmpkgs rpmpkgs.1
17c17
< HelixPlayer-1.0.5-0.fc3.2.i386.rpm
---
> HelixPlayer-1.0.4-1.0.fc3.1.i386.rpm
169c169
< binutils-2.15.92.0.2-5.1.i386.rpm
---
> binutils-2.15.92.0.2-5.i386.rpm
620c620
< gzip-1.3.3-15.fc3.i386.rpm
---
> gzip-1.3.3-13.i386.rpm
687,688c687,688
< ipxutils-2.2.4-4.FC3.1.i386.rpm
< irb-1.8.2-1.fc3.3.i386.rpm
---
> ipxutils-2.2.4-4.i386.rpm
> irb-1.8.2-1.fc3.2.i386.rpm
781a782
> kernel-2.6.11-1.14_FC3.i686.rpm
783,784c784
< kernel-2.6.11-1.35_FC3.i686.rpm
< kernel-doc-2.6.11-1.35_FC3.noarch.rpm
---
> kernel-doc-2.6.11-1.27_FC3.noarch.rpm
1079c1079
< ncpfs-2.2.4-4.FC3.1.i386.rpm
---
> ncpfs-2.2.4-4.i386.rpm
1096,1098c1096,1098
< netpbm-10.27-4.FC3.1.i386.rpm
< netpbm-devel-10.27-4.FC3.1.i386.rpm
< netpbm-progs-10.27-4.FC3.1.i386.rpm
---
> netpbm-10.27-4.FC3.i386.rpm
> netpbm-devel-10.27-4.FC3.i386.rpm
> netpbm-progs-10.27-4.FC3.i386.rpm
1147,1151c1147,1151
< openssh-3.9p1-8.0.2.i386.rpm
< openssh-askpass-3.9p1-8.0.2.i386.rpm
< openssh-askpass-gnome-3.9p1-8.0.2.i386.rpm
< openssh-clients-3.9p1-8.0.2.i386.rpm
< openssh-server-3.9p1-8.0.2.i386.rpm
---
> openssh-3.9p1-8.0.1.i386.rpm
> openssh-askpass-3.9p1-8.0.1.i386.rpm
> openssh-askpass-gnome-3.9p1-8.0.1.i386.rpm
> openssh-clients-3.9p1-8.0.1.i386.rpm
> openssh-server-3.9p1-8.0.1.i386.rpm
1359,1364c1359,1364
< ruby-1.8.2-1.fc3.3.i386.rpm
< ruby-devel-1.8.2-1.fc3.3.i386.rpm
< ruby-docs-1.8.2-1.fc3.3.i386.rpm
< ruby-libs-1.8.2-1.fc3.3.i386.rpm
< ruby-mode-1.8.2-1.fc3.3.i386.rpm
< ruby-tcltk-1.8.2-1.fc3.3.i386.rpm
---
> ruby-1.8.2-1.fc3.2.i386.rpm
> ruby-devel-1.8.2-1.fc3.2.i386.rpm
> ruby-docs-1.8.2-1.fc3.2.i386.rpm
> ruby-libs-1.8.2-1.fc3.2.i386.rpm
> ruby-mode-1.8.2-1.fc3.2.i386.rpm
> ruby-tcltk-1.8.2-1.fc3.2.i386.rpm
1386,1387c1386,1387
< selinux-policy-targeted-1.17.30-3.15.noarch.rpm
< selinux-policy-targeted-sources-1.17.30-3.15.noarch.rpm
---
> selinux-policy-targeted-1.17.30-3.9.noarch.rpm
> selinux-policy-targeted-sources-1.17.30-3.9.noarch.rpm
1432c1432
< sudo-1.6.7p5-30.3.i386.rpm
---
> sudo-1.6.7p5-30.2.i386.rpm
1551c1551
< util-linux-2.12a-24.3.i386.rpm
---
> util-linux-2.12a-24.2.i386.rpm


I'll try to reproduce the problem in a VM-Ware environment (but that's other
hardware).


Comment 3 Jacco Logtenberg 2005-07-04 21:15:27 UTC
Mmmh, looks like it depends on the user. See /var/log/secure:
Jul  4 23:06:17 riker sshd[20150]: Accepted password for jacco from
::ffff:192.168.0.2 port 1313 ssh2
Jul  4 23:06:28 riker sshd[20179]: fatal: buffer_get_string: bad string length
1064303083

First try (23:06:17): a mortal user (jacco)
Second try (23:06:28): root

Looking further...

I remember I added a new dsa-key to /root/.ssh/authorized_keys.
After removing that key, everything is working again!!!
The key turned out to be a private key instead of a public key.

Problem solved. But it wasn't a very clear message sshd spitted out.
Thanks for your help.

Comment 4 Tomas Mraz 2005-07-04 21:41:02 UTC
You could try to report the problem (non-informative log message) upstream in
http://bugzilla.mindrot.org/.