Bug 447680

Summary: hostbased authentication fails with "cannot get sockname for fd" (ssh-keysign)
Product: [Fedora] Fedora Reporter: Andrew Schultz <ajschult784>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 9   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 5.0p1-3.fc9 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-06-11 04:36:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrew Schultz 2008-05-21 05:12:16 UTC
Description of problem:
After upgrading to Fedora9, I get the following whenever I try to connect to a
server (which supports hostbased authentication), I get:

cannot get sockname for fd
ssh_keysign: no reply
key_sign failed

hostbased authentication fails.  Adding some print statements to the source, it
seems that getsockname (called from get_socket_address) fails with EBADF (it
thinks the socket is bogus).  "setenforce 0" didn't help.

Version-Release number of selected component (if applicable):
5.0p1-1.fc9

How reproducible:
always

Steps to Reproduce:
1. ssh host (remote host needs to support hostbased auth)
  
Actual results:
hostbased auth fails

Expected results:
hostbased auth works

Comment 1 Fedora Update System 2008-05-21 09:16:15 UTC
openssh-5.0p1-3.fc9 has been submitted as an update for Fedora 9

Comment 2 Tomas Mraz 2008-05-21 10:24:13 UTC
Can you please test the update from testing updates?


Comment 3 Andrew Schultz 2008-05-21 14:09:42 UTC
yum isn't finding an update from the updates-testing repo.  I'm not seeing a new
openssh package in
ftp://download.fedora.redhat.com/pub/fedora/linux/updates/testing/9/i386/
Does it take a while for the package to make it up?

Comment 4 Tomas Mraz 2008-05-21 14:18:39 UTC
Yes, the update has not yet been pushed into the repository, hopefully later
this day or tomorrow. You can find it in koji.fedoraproject.org. You'll also
have to update pam from the last F9 build as well.


Comment 5 Andrew Schultz 2008-05-21 14:50:36 UTC
OK, I grabbed the packages from koji.  This bug seems to be gone with the new
packages.

Thanks.

Comment 6 Fedora Update System 2008-05-22 20:37:44 UTC
openssh-5.0p1-3.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update openssh'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-4356

Comment 7 Fedora Update System 2008-06-11 04:36:17 UTC
openssh-5.0p1-3.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.