Bug 91298

Summary: sshd unceremoniously drops connections during login
Product: [Retired] Red Hat Linux Reporter: Owen Jacobson <ojacobson.rh>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: xenophon
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-02-04 15:15:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Log of connection attempt using ssh -v
none
GDB output for sshd (Red Hat Linux 8, openssh-server-3.4p1-4)
none
GDB output for sshd (Red Hat Linux 9, openssh-server-3.5p1-6.9) none

Description Owen Jacobson 2003-05-20 23:28:43 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0; H010818)

Description of problem:
After updating openssl (bug #86112) sshd no longer allows users to log in.

Version-Release number:
OpenSSH_3.4p1
Comment 1 Owen Jacobson 2003-05-20 23:31:27 UTC 
Created attachment 91853 [details]
Log of connection attempt using ssh -v

Added an example login attempt as an attachment.
Comment 2 Economou, Matthew 2003-08-06 18:35:20 UTC 
I started having this problem after up2date upgraded openssh et al to 3.4p1-4 
(from 3.4p1-2).  Note that my system configuration did NOT change during this 
upgrade.  Prior to the upgrade, OpenSSH worked as expected.  After the upgrade, 
attempting to login with a non-root account resulted in the behavior described 
above (SSH encryption negotiated, then a disconnect before keyboard-interactive 
authentication, with an error like "sshd(pam_unix): authentication failure; 
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=jrluser.domain.com  
user=foobar" in /var/log/messages and nothing in /var/log/secure).

Note also that my system is configured to use Kerberos 5 authentication.  If I 
disable Kerberos authentication with authtool, without restarting the SSH 
server, the new version of OpenSSH starts working properly again (i.e. 
prompting me for the user's password instead of unceremoniously disconnecting 
the connection).  Of course, I can't log in to any of my user accounts now, as 
credentials are stored at the KDC, so this workaround has limited utility.

I'm seeing the exact same problem in Red Hat Linux 9 with openssh version 3.5p1-
6.9, where when I have Kerberos 5 authentication enabled, ssh clients are 
disconnected, bypassing keyboard-interactive authentication.
Comment 3 Economou, Matthew 2003-08-06 19:15:30 UTC 
The connection is disconnected because the SSH server is crashing with a 
segmentation fault.  I'm seeing the same error on both Red Hat Linux 8 (openssh-
server-3.4p1-4) and Red Hat Linux 9 (openssh-server-3.5p1-6.9).

I am attaching debugger output for both versions in the hope that it will prove 
useful to the package maintainer.  If you're playing along at home, enable 
Kerberos 5 authentication and use the following commands to start sshd under 
gdb:

    # gdb `which sshd`
    (gdb) run -ddd -p 2022

Now log into this special instance with the following command (typed in another 
virtual console or xterm on the same system):

    # ssh -p 2022 user@localhost

GDB will intercept the SIGSEGV and leave you at the (gdb) prompt, where you can 
enter the command "backtrace" to see where you are in the stack.
Comment 4 Economou, Matthew 2003-08-06 19:18:45 UTC 
Created attachment 93452 [details]
GDB output for sshd (Red Hat Linux 8, openssh-server-3.4p1-4)
Comment 5 Economou, Matthew 2003-08-06 19:20:01 UTC 
Created attachment 93453 [details]
GDB output for sshd (Red Hat Linux 9, openssh-server-3.5p1-6.9)
Comment 6 Tomas Mraz 2005-02-04 15:15:53 UTC 
RHL 8.0 is no longer supported.