Bug 30562
| Summary: | 7.1RC2 Upgrade openssh has problem with /usr/X11R6/bin/xauth | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | R P Herrold <herrold> |
| Component: | openssh | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.1 | CC: | dr, pekkas |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2002-02-11 02:33:38 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
R P Herrold
2001-03-04 17:34:46 UTC
Here is a bit more -- this is a server install -- and then went to pop an xterm only through the tunnel back to my console ... no xterm ... Note also the connection reset -- I orten get this on a first connectionto a remote host -- just irritating with an interactive console -- ratehr more serious if doing a rsync tunneled freshen ... [couch is the stable RH 7.0 -- dhcp161 is the unit under test] [herrold@couch herrold]$ rpm -qf `which xterm` XFree86-4.0.1-1 [herrold@couch herrold]$ ssh root.33.161 ssh_exchange_identification: read: Connection reset by peer [herrold@couch herrold]$ ssh root.33.161 root.33.161's password: Last login: Sun Mar 4 12:23:27 2001 from couch.basement.net sh: /usr/X11R6/bin/xauth: No such file or directory [root@dhcp161 /root]# rpm -q XFree86 package XFree86 is not installed [root@dhcp161 /root]# This defect considered a show-stopper (MUST-FIX) for Florence GOLD release The message indicates that the client is closing the connection, not the server. Which version of openssh/openssl do you have installed on the client? When you run 'ssh -v root.33.161' on the client, what do you see before the connection is closed unexpectedly? I haven't been able to reproduce with openssl-0.9.5a-14 and openssh-2.3.0p1-16 on the client, talking to openssl-0.9.6-2 and openssh-2.5.1p1-7 on the server end (tried several times -- got the message about xauth not being present, but I always get a shell prompt). In the source host, it looks open the OpenSSH portable of recent vintage [root@pokey /root]# rpm -qa | grep -i open open-1.4-7 openssh-clients-2.3.0p1-1 openssh-2.3.0p1-1 openssh-askpass-2.3.0p1-1 openssh-server-2.3.0p1-1 openssh-askpass-gnome-2.1.1p2-1 openssl-0.9.5a-2.6.x openssl-devel-0.9.5a-2.6.x openldap-1.2.9-6 [root@pokey /root]# rpm -qi openssh Name : openssh Relocations: (not relocateable) Version : 2.3.0p1 Vendor: Owl River Company Release : 1 Build Date: Wed Nov 22 17:39:03 2000Install date: Sun Nov 26 10:35:05 2000 Build Host: swampfox.owlriver.com Group : Applications/Internet Source RPM: openssh-2.3.0p1-1.src.rpm Size : 255769 License: BSD Packager : Damien Miller <djm> URL : http://www.openssh.com/ Summary : OpenSSH free Secure Shell (SSH) implementation Description : Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. [root@pokey /root]# ----------------------- Ask if you need the SRPMs ... nalin, any luck reproducing this one / tracking it down? None as such -- Tim and I can both reproduce the error message, but the unexpected close of the connection isn't happening on my test box, even when I roll back to the 7.0 errata ssh client or server (which are also 2.3.0p1). These are Damien's packages for RHL 6.2, most likely rebuilt against the openssl packages released for 6.2, so there shouldn't be a binary-compatibility issue lurking in there. Herrold, do you have the output of "ssh -v" from the client? hmmm --- local host (couch) is running openssh-portible locally compiled on a 7.0 upgrade host, updated daily ... Note that I get the connection reset on the FIRST connection (warming it up) -- and then immediately retry and get in ... wierd ... [herrold@couch herrold]$ ssh 172.16.33.164 Read from socket failed: Connection reset by peer [herrold@couch herrold]$ ssh 172.16.33.164 The authenticity of host '172.16.33.164 (172.16.33.164)' can't be established. RSA key fingerprint is 42:4d:1e:71:7d:f0:5c:21:fc:69:61:e4:28:ab:dd:95. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.33.164' (RSA) to the list of known hosts. herrold.33.164's password: Read from remote host 172.16.33.164: Connection reset by peer Connection to 172.16.33.164 closed. [herrold@couch herrold]$ rpm -qa | grep openss openssl-python-0.9.5a-14 openssl-devel-0.9.5a-24 Connection to 172.16.33.164 closed. ------------------------------ and on (dhcp164) the QA0309 upgrade from a 7.1RC2 install .. [herrold@couch herrold]$ ssh -v 172.16.33.164 OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f debug: Reading configuration data /etc/ssh/ssh_config debug: Applying options for * debug: ssh_connect: getuid 500 geteuid 0 anon 0 debug: Connecting to 172.16.33.164 [172.16.33.164] port 22. debug: Allocated local port 1022. debug: Connection established. debug: identity file /home/herrold/.ssh/identity type 0 debug: identity file /home/herrold/.ssh/id_dsa type 3 debug: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1 debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug: Local version string SSH-2.0-OpenSSH_2.5.1p1 debug: Seeding random number generator debug: send KEXINIT debug: done debug: wait KEXINIT debug: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug: got kexinit: ssh-dss,ssh-rsa debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc.se debug: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc.se debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 debug: got kexinit: none,zlib debug: got kexinit: none,zlib debug: got kexinit: debug: got kexinit: debug: first kex follow: 0 debug: reserved: 0 debug: done debug: kex: server->client 3des-cbc hmac-sha1 none debug: kex: client->server 3des-cbc hmac-sha1 none debug: Sending SSH2_MSG_KEX_DH_GEX_REQUEST. debug: Wait SSH2_MSG_KEX_DH_GEX_GROUP. debug: Got SSH2_MSG_KEX_DH_GEX_GROUP. debug: bits set: 1017/2049 debug: Sending SSH2_MSG_KEX_DH_GEX_INIT. debug: Wait SSH2_MSG_KEX_DH_GEX_REPLY. debug: Got SSH2_MSG_KEXDH_REPLY. debug: Host '172.16.33.164' is known and matches the RSA host key. debug: Found key in /home/herrold/.ssh/known_hosts2:25 debug: bits set: 1030/2049 debug: ssh_rsa_verify: signature correct debug: Wait SSH2_MSG_NEWKEYS. debug: GOT SSH2_MSG_NEWKEYS. debug: send SSH2_MSG_NEWKEYS. debug: done: send SSH2_MSG_NEWKEYS. debug: done: KEX2. debug: send SSH2_MSG_SERVICE_REQUEST debug: service_accept: ssh-userauth debug: got SSH2_MSG_SERVICE_ACCEPT debug: authentications that can continue: publickey,password,keyboard-interactive debug: next auth method to try is publickey debug: key does not exist: /home/herrold/.ssh/id_dsa debug: next auth method to try is password herrold.33.164's password: debug: ssh-userauth2 successful: method password debug: channel 0: new [client-session] debug: send channel open 0 debug: Entering interactive session. debug: client_init id 0 arg 0 debug: Requesting X11 forwarding with authentication spoofing. debug: channel request 0: shell debug: channel 0: open confirm rwindow 0 rmax 16384 Last login: Wed Mar 14 03:34:34 2001 from couch.basement.net sh: /usr/X11R6/bin/xauth: No such file or directory [herrold@dhcp164 herrold]$ rpm -qa | grep openss openssl-devel-0.9.6-2 openssl-0.9.6-2 openssh-2.5.1p1-7 openssh-server-2.5.1p1-7 openssl095a-0.9.5a-1 openssh-clients-2.5.1p1-7 openssl-perl-0.9.6-2 [herrold@dhcp164 herrold]$ ============================== Going back toward the couch ... [herrold@dhcp164 herrold]$ [herrold@dhcp164 herrold]$ ssh -v couch OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug: Reading configuration data /etc/ssh/ssh_config debug: Applying options for * debug: ssh_connect: getuid 500 geteuid 0 anon 0 debug: Connecting to couch [172.16.33.101] port 22. debug: Allocated local port 1023. debug: Connection established. debug: identity file /home/herrold/.ssh/identity type 3 debug: identity file /home/herrold/.ssh/id_dsa type 3 debug: Remote protocol version 1.5, remote software version OpenSSH_2.5.1p1 debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH debug: Local version string SSH-1.5-OpenSSH_2.5.1p1 debug: Waiting for server public key. debug: Received server public key (768 bits) and host key (1024 bits). The authenticity of host 'couch (172.16.33.101)' can't be established. RSA1 key fingerprint is 38:d4:69:9e:cb:96:81:68:d2:2b:6b:6f:b9:33:c2:39. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'couch,172.16.33.101' (RSA1) to the list of known hosts. debug: Seeding random number generator debug: Encryption type: 3des debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Doing password authentication. herrold@couch's password: debug: Requesting pty. debug: Requesting X11 forwarding with authentication spoofing. debug: Requesting shell. debug: Entering interactive session. Last login: Tue Mar 13 21:41:50 2001 [herrold@couch herrold]$ Hope this sheds some light ... host 'pokey' is at my office, and is a 6.2, updated daily host, but again, with an anticipatory openssh/openssl from the openssh portible site ... The versions at my office machine 'pokey' are also the OpenSSH portible project ones of fairly recent vintage [herrold@pokey herrold]$ rpm -qi openssh Name : openssh Relocations: (not relocateable) Version : 2.3.0p1 Vendor: Owl River Company Release : 1 Build Date: Wed Nov 22 17:39:03 2000 Install date: Sun Nov 26 10:35:05 2000 Build Host: swampfox.owlriver.com Group : Applications/Internet Source RPM: openssh-2.3.0p1-1.src.rp m Size : 255769 License: BSD Packager : Damien Miller <djm> URL : http://www.openssh.com/ Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. [herrold@pokey herrold]$ rpm -qa | grep ^opens openssh-clients-2.3.0p1-1 openssh-2.3.0p1-1 openssh-askpass-2.3.0p1-1 openssh-server-2.3.0p1-1 openssh-askpass-gnome-2.1.1p2-1 openssl-0.9.5a-2.6.x openssl-devel-0.9.5a-2.6.x [herrold@pokey herrold]$ Hope this helps ... Defect down-graded to "Should fix" for Florence release. Still broken in RH 7.1 gold ... bash-2.04$ ssh 172.16.33.163 The authenticity of host '172.16.33.163 (172.16.33.163)' can't be established. RSA key fingerprint is fa:30:ba:f4:ee:74:e1:82:3c:a2:d3:ce:bf:29:e7:db. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.33.163' (RSA) to the list of known hosts. herrold.33.163's password: sh: /usr/X11R6/bin/xauth: No such file or directory [herrold@dhcp163 herrold]$ ls-al /usr/X11R6/bin bash: ls-al: command not found [herrold@dhcp163 herrold]$ ls -al /usr/X11R6/bin total 192 drwxr-xr-x 2 root root 4096 May 2 15:36 . drwxr-xr-x 7 root root 4096 May 2 15:25 .. -rwxr-xr-x 1 root root 26496 Mar 30 21:51 fsinfo -rwxr-xr-x 1 root root 32888 Mar 30 21:51 fslsfonts -rwxr-xr-x 1 root root 31736 Mar 30 21:51 fstobdf -rwxr-xr-x 1 root root 11696 Mar 30 21:51 mkfontdir -rwxr-xr-x 1 root root 72044 Mar 30 21:51 xfs [herrold@dhcp163 herrold]$ rpm -q openssh openssh-2.5.2p2-5 [herrold@dhcp163 herrold]$ rpm -q redhat-release redhat-release-7.1-1 [herrold@dhcp163 herrold]$ This was on a default server install ... perhaps a better solution is to split xauth out into a separate package in building X, and just install it? I've experienced this, on and off. For me, root is also bad. Some versions appear not to have been problematic. Anyway, openssh-2.9p1-2 from rawhide should fix this by disabling X11 forwarding if xauth is missing. This seems to have been solved -- I have not observed it with the last released updated. It may be closed, if you concur; I will re-open if it recurs. -- Russ herrold |