Bug 447680

Summary: hostbased authentication fails with "cannot get sockname for fd" (ssh-keysign)
Product: [Fedora] Fedora Reporter: Andrew Schultz <ajschult>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 9   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 5.0p1-3.fc9 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-06-11 00:36:21 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Andrew Schultz 2008-05-21 01:12:16 EDT
Description of problem:
After upgrading to Fedora9, I get the following whenever I try to connect to a
server (which supports hostbased authentication), I get:

cannot get sockname for fd
ssh_keysign: no reply
key_sign failed

hostbased authentication fails.  Adding some print statements to the source, it
seems that getsockname (called from get_socket_address) fails with EBADF (it
thinks the socket is bogus).  "setenforce 0" didn't help.

Version-Release number of selected component (if applicable):
5.0p1-1.fc9

How reproducible:
always

Steps to Reproduce:
1. ssh host (remote host needs to support hostbased auth)
  
Actual results:
hostbased auth fails

Expected results:
hostbased auth works
Comment 1 Fedora Update System 2008-05-21 05:16:15 EDT
openssh-5.0p1-3.fc9 has been submitted as an update for Fedora 9
Comment 2 Tomas Mraz 2008-05-21 06:24:13 EDT
Can you please test the update from testing updates?
Comment 3 Andrew Schultz 2008-05-21 10:09:42 EDT
yum isn't finding an update from the updates-testing repo.  I'm not seeing a new
openssh package in
ftp://download.fedora.redhat.com/pub/fedora/linux/updates/testing/9/i386/
Does it take a while for the package to make it up?
Comment 4 Tomas Mraz 2008-05-21 10:18:39 EDT
Yes, the update has not yet been pushed into the repository, hopefully later
this day or tomorrow. You can find it in koji.fedoraproject.org. You'll also
have to update pam from the last F9 build as well.
Comment 5 Andrew Schultz 2008-05-21 10:50:36 EDT
OK, I grabbed the packages from koji.  This bug seems to be gone with the new
packages.

Thanks.
Comment 6 Fedora Update System 2008-05-22 16:37:44 EDT
openssh-5.0p1-3.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update openssh'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-4356
Comment 7 Fedora Update System 2008-06-11 00:36:17 EDT
openssh-5.0p1-3.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.